Securing client connections

US 9,083,727 B1
Filed: 04/11/2012
Issued: 07/14/2015
Est. Priority Date: 04/11/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a set of one or more interfaces configured to;

receive input including a second level domain, wherein the second level domain is associated with a particular top level domain; and

obtain a policy associated with the top level domain, wherein the policy includes at least one requirement regarding Domain Name System Security Extensions (DNSSEC);

a processor configured to;

determine whether connection information is consistent with the policy, wherein the at least one requirement includes a requirement that a Domain Name System (DNS) response associated with the connection be DNSSEC signed and wherein the system is configured to send a second request in response to a determination that the response is not signed; and

display content based on the determination; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An input including a second level domain is received. The second level domain is associated with a particular top level domain. A policy associated with the top level domain is obtained. A determination is made as to whether connection information is consistent with the policy. Content is displayed based on the determination.

68 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a set of one or more interfaces configured to;
  
  receive input including a second level domain, wherein the second level domain is associated with a particular top level domain; and
  
  obtain a policy associated with the top level domain, wherein the policy includes at least one requirement regarding Domain Name System Security Extensions (DNSSEC);
  
  a processor configured to;
  
  determine whether connection information is consistent with the policy, wherein the at least one requirement includes a requirement that a Domain Name System (DNS) response associated with the connection be DNSSEC signed and wherein the system is configured to send a second request in response to a determination that the response is not signed; and
  
  display content based on the determination; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1 wherein the policy comprises a default security policy.
  - 3. The system of claim 1 wherein determining whether the connection information is consistent with the policy is performed by a browser application executing on the system.
  - 4. The system of claim 1 wherein the policy includes a requirement regarding a version of Transport Layer Security (TLS).
  - 5. The system of claim 1 wherein the policy includes a requirement regarding an Extended Validation (EV) Certificate.
  - 6. The system of claim 1 wherein the policy includes a requirement regarding the presence of an iframe.
  - 7. The system of claim 1 wherein the policy includes a requirement regarding the presence of a cross-domain include.
  - 8. The system of claim 1 wherein the displayed content includes at least one indicator rendered in a browser address bar.
  - 9. The system of claim 8 wherein the indicator comprises a corporate name.
  - 10. The system of claim 8 wherein the indicator comprises the top level domain being rendered in a manner different from the second level domain.
  - 11. The system of claim 1 wherein obtaining the policy includes determining a resultant policy from a base policy and a received policy.
  - 12. The system of claim 1 wherein the content displayed comprises an indication that the connection is secure.
  - 13. The system of claim 1 wherein the content displayed comprises an error message in the event it is determined that the connection information is not consistent with the policy.
  - 14. The system of claim 1 wherein the processor is further configured to rewrite the input at least in part by substituting a second top level domain for a first top level domain.
  - 15. The system of claim 1 wherein the interface is configured to obtain the policy from an external source.
  - 16. The system of claim 15 wherein obtaining the policy includes transforming the received input into a transformed domain.

17. A method, comprising:
- receiving input including a second level domain, wherein the second level domain is associated with a particular top level domain;
  
  obtaining a policy associated with the top level domain, wherein the policy includes at least one requirement regarding Domain Name System Security Extensions (DNSSEC);
  
  determining whether connection information is consistent with the policy, wherein the at least one requirement includes a requirement that a Domain Name System (DNS) response associated with the connection be DNSSEC signed and wherein the system is configured to send a second request in response to a determination that the response is not signed; and
  
  displaying content based on the determination.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17 wherein determining whether the connection information is consistent with the policy is performed by a browser application.
  - 19. The method of claim 17 wherein the displayed content includes at least one indicator rendered in a browser address bar.

20. A computer program product embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
- receiving input including a second level domain, wherein the second level domain is associated with a particular top level domain;
  
  obtaining a policy associated with the top level domain, wherein the policy includes at least one requirement regarding Domain Name System Security Extensions (DNSSEC);
  
  determining whether connection information is consistent with the policy, wherein the at least one requirement includes a requirement that a Domain Name System (DNS) response associated with the connection be DNSSEC signed and wherein the system is configured to send a second request in response to a determination that the response is not signed; and
  
  displaying content based on the determination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Artemis Internet Inc.
Original Assignee
Artemis Internet Inc.
Inventors
Stamos, Alexander Charles
Primary Examiner(s)
GOODCHILD, WILLIAM J

Application Number

US13/444,225
Time in Patent Office

1,189 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 61/4511   using domain name system [DNS]

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 9/32   including means for verifyi...

Securing client connections

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

68 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing client connections

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links