User authenticated encrypted communication link

US 9,521,130 B2
Filed: 09/25/2013
Issued: 12/13/2016
Est. Priority Date: 09/25/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for establishing an encrypted communication link between a first device and a second device, the method comprising:

accessing, from a storage, identification information of a user of the first device;

receiving, at a domain name server, a Domain Name Service (DNS) request from the first device requesting a network address corresponding to a domain name associated with the second device, the domain name being used to establish the encrypted communication link to the second device;

authenticating, at the domain name server, the user based on the user identification information, the user identification information including biometric information of the user; and

transmitting the network address in response to the DNS request based on a determination that the user has been authenticated at the domain name server using the biometric information of the user,wherein the encrypted communication link between the first device and the second device is established based on the network address;

wherein the step of authenticating the user includes receiving, from the first device, a first hash value generated based on the user identification information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for establishing an encrypted communication link between a first device and a second device. One exemplary computer-implemented method includes accessing, from a storage, identification information of a user of the first device. The method further includes receiving, at a domain name server, a Domain Name Service (DNS) request from the first device requesting a network address corresponding to a domain name associated with the second device, the domain name being used to establish the encrypted communication link to the second device. The method further includes authenticating the user based on the user identification information, the user identification information including biometric information of the user. The method also includes transmitting network address in response to the DNS request based on a determination that the user has been authenticated at the domain name server using the biometric information of the user. The encrypted communication link between the first device and the second device is established based on the network address.

Citations

21 Claims

1. A computer-implemented method for establishing an encrypted communication link between a first device and a second device, the method comprising:
- accessing, from a storage, identification information of a user of the first device;
  
  receiving, at a domain name server, a Domain Name Service (DNS) request from the first device requesting a network address corresponding to a domain name associated with the second device, the domain name being used to establish the encrypted communication link to the second device;
  
  authenticating, at the domain name server, the user based on the user identification information, the user identification information including biometric information of the user; and
  
  transmitting the network address in response to the DNS request based on a determination that the user has been authenticated at the domain name server using the biometric information of the user,wherein the encrypted communication link between the first device and the second device is established based on the network address;
  
  wherein the step of authenticating the user includes receiving, from the first device, a first hash value generated based on the user identification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein the step of authenticating the user further includes:
    - comparing the first hash value to a second hash value;
      
      sending an accept notification to the first device when the first hash value matches the second hash value; and
      
      sending a reject notification to the first device when the first hash value does not match the second hash value.
  - 3. The computer-implemented method of claim 2, wherein receiving the first hash value includes:
    - retrieving, by the domain name server, a random vector and a random hash key;
      
      sending the retrieved random vector and random hash key to the first device;
      
      receiving, from the first device, the first hash value, the first hash value being generated by;
      
      generating a user vector by combining the random vector and the user identification information; and
      
      performing a hashing operation on the user vector using the random hash key.
  - 4. The computer-implemented method of claim 3, further comprising:
    - receiving a user name for the user from the first device;
      
      accessing a database that stores second hash values in association with user names; and
      
      retrieving the second hash value corresponding to the user name from the database.
  - 5. The computer-implemented method of claim 4, wherein the user name comprises the domain name of the first device.
  - 6. The computer-implemented method of claim 4, wherein the DNS request includes the user name.
  - 7. The computer-implemented method of claim 1, further comprising:
    - authenticating, in addition to the user, the first device; and
      
      transmitting the network address in response to the DNS request based on a determination that the user has been authenticated and also that the first device has been authenticated.
  - 8. The computer-implemented method of claim 1, further comprising:
    - determining whether the first device is enabled for biometric authentication of the user; and
      
      performing the accessing and authentication steps based on a determination that the first device is enabled for biometric authentication of the user.

9. A domain name server for establishing an encrypted communication link between a first device and a second device, the domain name server comprising:
- a data storage device storing identification information for a plurality of devices;
  
  a memory storing instructions; and
  
  one or more processors configured to execute the instructions to;
  
  access, from the storage, identification information of a user of the first device;
  
  receive, at the domain name server, a Domain Name Service (DNS) request from the first device requesting a secure network address corresponding to a domain name associated with the second device, the domain name being used to establish the encrypted communication link to the second device;
  
  authenticate, at the domain name server, the user based on the user identification information, the user identification information including biometric information of the user; and
  
  transmit the network address in response to the DNS request based on a determination that the user has been authenticated at the domain name server using the biometric information of the user,wherein the encrypted communication link between the first device and the second device is established based on the network address;
  
  wherein the step of authenticating the user includes receiving, from the first device, a first hash value generated based on the user identification information.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The domain name server of claim 9, wherein, to authenticate the user, the one or more processors are further configured to execute the instructions to:
    - compare the first hash value to a second hash value;
      
      send an accept notification to the first device when the first hash value matches the second hash value; and
      
      send a reject notification to the first device when the first hash value does not match the second hash value.
  - 11. The domain name server of claim 10, wherein, to receive the first hash value, the one or more processors are further configured to execute the instructions to:
    - retrieve a random vector and a random hash key;
      
      send the retrieved random vector and random hash key to the first device;
      
      receive, from the first device, the first hash value, the first hash value being generated by;
      
      generating a user vector by combining the random vector and the user identification information; and
      
      performing a hashing operation on the user vector using the random hash key.
  - 12. The domain name server of claim 11, the one or more processors being further configured to execute the instructions to:
    - receive a user name for the user from the first device;
      
      access a database that stores second hash values in association with user names; and
      
      retrieve the second hash value corresponding to the user name from the database.
  - 13. The domain name server of claim 12, wherein the user name comprises the domain name of the first device.
  - 14. The domain name server of claim 12, wherein the DNS request includes the user name.
  - 15. The domain name server of claim 9, the one or more processors being further configured to execute the instructions to:
    - authenticate, in addition to the user, the first device; and
      
      transmit the network address in response to the DNS request based on a determination that the user has been authenticated and also that the first device has been authenticated.
  - 16. The domain name server of claim 9, the one or more processors being further configured to execute the instructions to:
    - determine whether the first device is enabled for biometric authentication of the user; and
      
      perform the accessing and authentication steps based on a determination that the first device is enabled for biometric authentication of the user.
  - 17. The domain name server of claim 9, wherein the encrypted communication link is a secure communication link.
  - 18. The domain name server of claim 9, wherein the encrypted communication link is a communication link between the first and second devices in a virtual private network.
  - 19. The domain name server of claim 9, wherein the DNS request contains the domain name associated with the second device, the domain name containing a first portion identifying the second device as a device and a second portion identifying a second user associated with the second device.
  - 20. The domain name server of claim 9, wherein the first and second devices are client devices.

21. A computer-implemented method for establishing an encrypted communication link between a first device and a second device, the method comprising:
- determining, by a domain name service, whether the first device is enabled for biometric authentication of a user; and
  
  based on a determination that the first device is enabled for biometric authentication of the user;
  
  accessing, from a storage, identification information of the user of the first device;
  
  receiving, at a domain name server, a Domain Name Service (DNS) request from the first device requesting a network address corresponding to a domain name associated with the second device, the domain name being used to establish the encrypted communication link to the second device;
  
  authenticating, at the domain name server, the user based on the user identification information, the user identification information including biometric information of the user, wherein the authenticating includes receiving, from the first device, a first hash value generated based on the user identification information; and
  
  transmitting the network address in response to the DNS request based on a determination that the user has been authenticated at the domain name server using the biometric information of the user,wherein the encrypted communication link between the first device and the second device is established based on the network address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Inventors
Short, Nathaniel Jackson, Short, Robert Dunham III, Williamson, Michael
Primary Examiner(s)
Goodchild, William

Application Number

US14/037,301
Publication Number

US 20140090042A1
Time in Patent Office

1,175 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

User authenticated encrypted communication link

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

User authenticated encrypted communication link

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links