Secure resource name resolution using a cache

US 8,429,715 B2
Filed: 08/08/2008
Issued: 04/23/2013
Est. Priority Date: 08/08/2008
Status: Active Grant

First Claim

Patent Images

1. A method of operating a client computing device, comprising:

(A) receiving, at the client computing device, a request to resolve a first identifier of a network resource;

(B) selecting, by the client computing device, a set of resolution parameters from a collection of sets of resolutions parameters, wherein the selected set of resolution parameters are to be used in resolving the first identifier into a second identifier of the network resource, and wherein each set of resolution parameters of the collection defines an associated set of security criteria to be followed during resolution of the first identifier into the second identifier;

(C) resolving the first identifier into the second identifier over an encrypted communication channel that is encrypted according to an encryption protocol specified by at least one resolution parameter of the selected set of resolution parameters; and

(D) locally storing, at the client computing device, the resolved second identifier and an indication of at least one resolution parameter of the selected set of resolution parameters.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for securing name resolution technologies and for ensuring that name resolution technologies can function in modern networks that have a plurality of overlay networks accessible via a single network interface. In accordance with some of the principles described herein, a set of resolution parameters may be implemented by a user to be used during a name resolution process. In some implementations, when an identifier is obtained for a network resource, the identifier may be stored in a cache with resolution parameters that were used in obtaining the identifier. When a new name resolution request is received, the cache may be examined to determine whether a corresponding second identifier is in the cache, and whether resolution parameters used to retrieve the second identifier in the cache match the resolution parameters for the new resolution request. If so, the second identifier may be returned from the cache.

44 Citations

View as Search Results

20 Claims

1. A method of operating a client computing device, comprising:
- (A) receiving, at the client computing device, a request to resolve a first identifier of a network resource;
  
  (B) selecting, by the client computing device, a set of resolution parameters from a collection of sets of resolutions parameters, wherein the selected set of resolution parameters are to be used in resolving the first identifier into a second identifier of the network resource, and wherein each set of resolution parameters of the collection defines an associated set of security criteria to be followed during resolution of the first identifier into the second identifier;
  
  (C) resolving the first identifier into the second identifier over an encrypted communication channel that is encrypted according to an encryption protocol specified by at least one resolution parameter of the selected set of resolution parameters; and
  
  (D) locally storing, at the client computing device, the resolved second identifier and an indication of at least one resolution parameter of the selected set of resolution parameters.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the indication of the at least one resolution parameter comprises the selected set of applicable resolution parameters.
  - 3. The method of claim 1, further comprising:
    - (E) locally storing at the client computing device, a time at which the second identifier was resolved.
  - 4. The method of claim 1, wherein the selecting the set of resolution parameters comprises:
    - (B1) comparing the first identifier of the network resource to patterns associated with respective sets of resolution parameters of the collection; and
      
      (B2) selecting the set of resolution parameters based on the comparison.
  - 5. The method of claim 1, wherein resolving the first identifier into the second identifier comprises:
    - (C1) establishing a communication channel to a resolution resource specified by at least one resolution parameter of the selected set of resolution parameters.
  - 6. The method of claim 1, further comprising:
    - (E) receiving another request to resolve the first identifier;
      
      (F) selecting another set of resolution parameters from the collection;
      
      (G) determining whether a security level associated with the other selected set of resolution parameters is at least as secure as another security level associated with the selected set of resolution parameters; and
      
      (H) if the security level associated with the other selected set of resolution parameters is at least as secure as the other security level associated with the selected set of resolution parameters, returning the locally stored second identifier as a resolution of the first identifier.

7. At least one computer-readable memory storing computer-executable instructions that enable a client computing device to perform operations comprising:
- (A) receiving as input a first identifier of a network resource;
  
  (B) selecting a set of resolution parameters from a collection of sets of resolution parameters, wherein the selected set of resolution parameters are to be used to resolve the first identifier into a second identifier that includes an address of the network resource, and wherein each set of resolution parameters of the collection defines an associated set of criteria for resolving the first identifier into the second identifier;
  
  (C) determining whether the first identifier is associated with a cache entry of a cache of the client computing device, the cache comprising, for each cache entry, an input identifier, a corresponding identifier and at least one resolution parameter that was employed to resolve the input identifier into the corresponding identifier using a remote resolution resource;
  
  (D) if the first identifier is associated with a cache entry, comparing at least one resolution parameter of the selected set of resolution parameters to the at least one cached resolution parameter that was employed to resolve the input identifier, including;
  
  (D1) determining whether a security level associated with the at least one cached resolution parameter is at least as secure as another security level associated with the at least one resolution parameter of the selected set of resolution parameters;
  
  (E) determining, based on the comparison, whether the first identifier can be locally resolved into the second identifier from the cache; and
  
  (F) if the first identifier can be locally resolved into the second identifier from the cache, returning the second identifier as a resolution of the first identifier.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The at least one computer-readable memory of claim 7, wherein the operations further comprises:
    - (G) if the first identifier cannot be locally resolved into the second identifier, conducting a name resolution process over a network to obtain the second identifier based on the first identifier, wherein the name resolution process is governed by the criteria associated with the selected set of resolution parameters.
  - 9. The at least one computer-readable memory of claim 7, wherein the comparing the at least one resolution parameter of the selected set of resolution parameters to the at least one cached resolution parameter comprises:
    - (D1) determining whether the at least one cached resolution parameter exactly matches the at least one resolution parameter of the selected set of resolution parameters.
  - 10. The at least one computer-readable memory of claim 7, wherein the comparing the at least one resolution parameter of the selected set of resolution parameters to the at least one cached resolution parameter comprises:
    - (D1) determining whether the selected set of resolution parameters has been unchanged since a time at which the second identifier was stored into the cache entry.
  - 11. The at least one computer-readable memory of claim 7, wherein the first identifier is a textual identifier and the second identifier is a numeric identifier.
  - 12. The at least one computer-readable storage medium memory of claim 7, wherein the criteria for resolving the first identifier into the second identifier includes an identification of a encryption protocol for use in resolving the first identifier into the second identifier.

13. At least one computer-readable memory encoded with computer-executable instructions that, when executed, cause a client computing device to perform a method, the method comprising:
- (A) accepting as input a first identifier for a network resource;
  
  (B) consulting a collection of sets of resolution parameters to determine a set of applicable resolution parameters that apply to the first identifier;
  
  (C) reviewing the contents of a cache of identifiers to determine whether a second identifier corresponding to the first identifier is present in the cache, the cache comprising, for each identifier in the cache, a corresponding identifier and stored resolution parameters under which the corresponding identifier was obtained;
  
  (D) when the second identifier corresponding to the first identifier is present in the cache as a corresponding identifier and is associated with stored resolution parameters, comparing the stored resolution parameters under which the second identifier was obtained to the set of applicable resolution parameters, wherein the act (D) of comparing the stored resolution parameters for the second identifier in the cache to the set of applicable resolution parameters comprises;
  
  (D1) determining whether the stored resolution parameters for the second identifier in the cache are at least as secure as the set of applicable resolution parameters; and
  
  (E) when the stored resolution parameters match the set of applicable resolution parameters, returning the second identifier from the cache.

14. A client computing device comprising:
- at least one tangible computer-readable storage medium adapted to store a plurality of instances of a data structure comprising a second identifier of a network resource and at least one indication of a set of resolution parameters that was employed to resolve the second identifier from a first identifier of the network resource; and
  
  at least one processor adapted to execute a name resolution process, the name resolution process comprising;
  
  receiving the first identifier;
  
  selecting a set of resolution parameters that govern security employed for the name resolution process;
  
  determining whether the first identifier is associated with any of the instances of the data structure;
  
  if the first identifier is associated with an instance of the data structure, comparing the at least one indication of the set of resolution parameters employed to resolve the second identifier to the selected set of resolution parameters;
  
  determining, based on the comparison, whether the first identifier can be locally resolved into the second identifier from the associated instance of the data structure, including;
  
  determining whether a security level associated with at least one resolution parameter of the set of resolution parameters that was employed to resolve the second identifier is at least as secure as another security level associated with at least one resolution parameter of the selected set of resolution parameters; and
  
  if the first identifier can be locally resolved into the second identifier from the associated instance of the data structure, returning the second identifier from the associated instance of the data structure.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The client computing device of claim 14, wherein the name resolution process further comprises:
    - if the first identifier cannot be locally resolved into second identifier, conducting a name resolution process, over a network, governed by security criteria of the set of applicable resolution parameters.
  - 16. The client computing device of claim 14, wherein the at least one indication of the set of resolution parameters comprises the set of resolution parameters that was employed to resolve the second identifier stored in the instance of the data structure.
  - 17. The client computing device of claim 14, wherein comparing the at least one at least one indication of the set of resolution parameters employed to resolve the second identifier to the selected set of resolution parameters comprises determining whether the set of resolution parameters employed to resolve the second identifier exactly matches the selected set of resolution parameters.
  - 18. The client computing device of claim 17, wherein determining whether the set of stored resolution parameters employed to resolve the second identifier exactly matches the selected set of resolution parameters comprises determining whether the selected set of resolution parameters has been unchanged since a time at which the second identifier was resolved.
  - 19. The client computing device of claim 14, wherein the first identifier is a textual identifier and the second identifier is an address of the network resource.
  - 20. The client computing device of claim 14, wherein the selected set of resolution parameters that govern security employed for the name resolution process includes at least one resolution parameter that defines an encryption protocol for the name resolution process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Meren, Libby, Trace, Rob M.
Primary Examiner(s)
KIM, TAE K

Application Number

US12/189,065
Publication Number

US 20100034381A1
Time in Patent Office

1,719 Days
Field of Search

713/168, 713/170, 713/171, 713/172, 726/3, 726/4, 726/26, 726/27, 726/30, 709220-222, 709227-229
US Class Current

726/3
CPC Class Codes

H04L 45/742   Route cache; Operation thereof

H04L 61/4511   using domain name system [DNS]

H04L 61/58   Caching of addresses or names

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/164   at the network layer

Secure resource name resolution using a cache

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure resource name resolution using a cache

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links