Secure resource name resolution using a cache
First Claim
1. A method of operating a client computing device, comprising:
- (A) receiving, at the client computing device, a request to resolve a first identifier of a network resource;
(B) selecting, by the client computing device, a set of resolution parameters from a collection of sets of resolutions parameters, wherein the selected set of resolution parameters are to be used in resolving the first identifier into a second identifier of the network resource, and wherein each set of resolution parameters of the collection defines an associated set of security criteria to be followed during resolution of the first identifier into the second identifier;
(C) resolving the first identifier into the second identifier over an encrypted communication channel that is encrypted according to an encryption protocol specified by at least one resolution parameter of the selected set of resolution parameters; and
(D) locally storing, at the client computing device, the resolved second identifier and an indication of at least one resolution parameter of the selected set of resolution parameters.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for securing name resolution technologies and for ensuring that name resolution technologies can function in modern networks that have a plurality of overlay networks accessible via a single network interface. In accordance with some of the principles described herein, a set of resolution parameters may be implemented by a user to be used during a name resolution process. In some implementations, when an identifier is obtained for a network resource, the identifier may be stored in a cache with resolution parameters that were used in obtaining the identifier. When a new name resolution request is received, the cache may be examined to determine whether a corresponding second identifier is in the cache, and whether resolution parameters used to retrieve the second identifier in the cache match the resolution parameters for the new resolution request. If so, the second identifier may be returned from the cache.
44 Citations
20 Claims
-
1. A method of operating a client computing device, comprising:
-
(A) receiving, at the client computing device, a request to resolve a first identifier of a network resource; (B) selecting, by the client computing device, a set of resolution parameters from a collection of sets of resolutions parameters, wherein the selected set of resolution parameters are to be used in resolving the first identifier into a second identifier of the network resource, and wherein each set of resolution parameters of the collection defines an associated set of security criteria to be followed during resolution of the first identifier into the second identifier; (C) resolving the first identifier into the second identifier over an encrypted communication channel that is encrypted according to an encryption protocol specified by at least one resolution parameter of the selected set of resolution parameters; and (D) locally storing, at the client computing device, the resolved second identifier and an indication of at least one resolution parameter of the selected set of resolution parameters. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. At least one computer-readable memory storing computer-executable instructions that enable a client computing device to perform operations comprising:
-
(A) receiving as input a first identifier of a network resource; (B) selecting a set of resolution parameters from a collection of sets of resolution parameters, wherein the selected set of resolution parameters are to be used to resolve the first identifier into a second identifier that includes an address of the network resource, and wherein each set of resolution parameters of the collection defines an associated set of criteria for resolving the first identifier into the second identifier; (C) determining whether the first identifier is associated with a cache entry of a cache of the client computing device, the cache comprising, for each cache entry, an input identifier, a corresponding identifier and at least one resolution parameter that was employed to resolve the input identifier into the corresponding identifier using a remote resolution resource; (D) if the first identifier is associated with a cache entry, comparing at least one resolution parameter of the selected set of resolution parameters to the at least one cached resolution parameter that was employed to resolve the input identifier, including; (D1) determining whether a security level associated with the at least one cached resolution parameter is at least as secure as another security level associated with the at least one resolution parameter of the selected set of resolution parameters; (E) determining, based on the comparison, whether the first identifier can be locally resolved into the second identifier from the cache; and (F) if the first identifier can be locally resolved into the second identifier from the cache, returning the second identifier as a resolution of the first identifier. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. At least one computer-readable memory encoded with computer-executable instructions that, when executed, cause a client computing device to perform a method, the method comprising:
-
(A) accepting as input a first identifier for a network resource; (B) consulting a collection of sets of resolution parameters to determine a set of applicable resolution parameters that apply to the first identifier; (C) reviewing the contents of a cache of identifiers to determine whether a second identifier corresponding to the first identifier is present in the cache, the cache comprising, for each identifier in the cache, a corresponding identifier and stored resolution parameters under which the corresponding identifier was obtained; (D) when the second identifier corresponding to the first identifier is present in the cache as a corresponding identifier and is associated with stored resolution parameters, comparing the stored resolution parameters under which the second identifier was obtained to the set of applicable resolution parameters, wherein the act (D) of comparing the stored resolution parameters for the second identifier in the cache to the set of applicable resolution parameters comprises; (D1) determining whether the stored resolution parameters for the second identifier in the cache are at least as secure as the set of applicable resolution parameters; and (E) when the stored resolution parameters match the set of applicable resolution parameters, returning the second identifier from the cache.
-
-
14. A client computing device comprising:
-
at least one tangible computer-readable storage medium adapted to store a plurality of instances of a data structure comprising a second identifier of a network resource and at least one indication of a set of resolution parameters that was employed to resolve the second identifier from a first identifier of the network resource; and at least one processor adapted to execute a name resolution process, the name resolution process comprising; receiving the first identifier; selecting a set of resolution parameters that govern security employed for the name resolution process; determining whether the first identifier is associated with any of the instances of the data structure; if the first identifier is associated with an instance of the data structure, comparing the at least one indication of the set of resolution parameters employed to resolve the second identifier to the selected set of resolution parameters; determining, based on the comparison, whether the first identifier can be locally resolved into the second identifier from the associated instance of the data structure, including; determining whether a security level associated with at least one resolution parameter of the set of resolution parameters that was employed to resolve the second identifier is at least as secure as another security level associated with at least one resolution parameter of the selected set of resolution parameters; and if the first identifier can be locally resolved into the second identifier from the associated instance of the data structure, returning the second identifier from the associated instance of the data structure. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification