Domain-server public-key reference
First Claim
Patent Images
1. A method comprising:
- identifying, by an email client of a sender, a domain from a communication address of a recipient, the domain corresponds to a host name, wherein the client is operating on a computing device;
causing, by the client, resource records of a domain name system (DNS) associated with the host name to be queried for a public key reference stored in the resource records, the public key reference associated with the communication address;
receiving, by the client and in response to the causing the resource records to be queried, the public key reference directed to a subdomain corresponding to a second host name;
causing, by the client, secondary resource records associated with the second host name to be queried for a second public key reference stored in the secondary resource records;
obtaining, by the client and in response to the causing the secondary resource records to be queried for the second public key reference, the second public key reference, the second public key reference including a uniform resource indicator that corresponds to a location of a public key;
causing, by the client, the secondary resource records associated with the second host name to be queried for a third public key reference stored in the secondary resource records;
obtaining, by the client and in response to the causing the secondary resource records to be queried for the third public key reference, the third public key reference, the third public key reference including a digest for verification of the public key, wherein the digest is generated by the recipient from the public key before being provided to the DNS for storage in the third public key reference;
retrieving, by the client and based on the uniform resource indicator, the public key from the location, wherein the location is a key server;
generating, by the client and based on a hashing algorithm, a public key hash sum from the retrieved public key;
comparing, by the client, the digest to the retrieved public key hash sum;
determining, by the client and based on the comparison, the public key is non-matching;
presenting, by the client, a verification error based on the determined non-matching public key, the verification error informing a user that any communication with the communication address is unsecure, the verification error dismissible by the user; and
providing, by the client and based on a dismissal of the verification error, an unencrypted email to the communication address.
1 Assignment
0 Petitions
Accused Products
Abstract
A domain is identified from a communication address. The domain corresponds to a host name. Resource records associated with the host name are caused to be queried for a public key reference. The public key reference is received in response to the caused resource record query. A public key associated with the communication address is identified based on the public key reference.
33 Citations
1 Claim
-
1. A method comprising:
-
identifying, by an email client of a sender, a domain from a communication address of a recipient, the domain corresponds to a host name, wherein the client is operating on a computing device; causing, by the client, resource records of a domain name system (DNS) associated with the host name to be queried for a public key reference stored in the resource records, the public key reference associated with the communication address; receiving, by the client and in response to the causing the resource records to be queried, the public key reference directed to a subdomain corresponding to a second host name; causing, by the client, secondary resource records associated with the second host name to be queried for a second public key reference stored in the secondary resource records; obtaining, by the client and in response to the causing the secondary resource records to be queried for the second public key reference, the second public key reference, the second public key reference including a uniform resource indicator that corresponds to a location of a public key; causing, by the client, the secondary resource records associated with the second host name to be queried for a third public key reference stored in the secondary resource records; obtaining, by the client and in response to the causing the secondary resource records to be queried for the third public key reference, the third public key reference, the third public key reference including a digest for verification of the public key, wherein the digest is generated by the recipient from the public key before being provided to the DNS for storage in the third public key reference; retrieving, by the client and based on the uniform resource indicator, the public key from the location, wherein the location is a key server; generating, by the client and based on a hashing algorithm, a public key hash sum from the retrieved public key; comparing, by the client, the digest to the retrieved public key hash sum; determining, by the client and based on the comparison, the public key is non-matching; presenting, by the client, a verification error based on the determined non-matching public key, the verification error informing a user that any communication with the communication address is unsecure, the verification error dismissible by the user; and providing, by the client and based on a dismissal of the verification error, an unencrypted email to the communication address.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsWingenbach, John C., Doleh, Yaser K., Marzorati, Mauro
-
Primary Examiner(s)LESNIEWSKI, VICTOR D
-
Application NumberUS15/084,580Publication NumberTime in Patent Office426 DaysField of SearchUS Class CurrentCPC Class CodesH04L 51/00 User-to-user messaging in p...H04L 61/4511 using domain name system [DNS]H04L 63/06 for supporting key manageme...H04L 63/062 for key distribution, e.g. ...H04L 63/0823 using certificates cryptogr...H04L 63/0876 based on the identity of th...H04L 63/12 Applying verification of th...H04L 63/126 the source of the received ...H04L 9/006 involving public key infras...H04L 9/0819 Key transport or distributi...H04L 9/083 involving central third par...H04L 9/0894 Escrow, recovery or storing...H04L 9/14 using a plurality of keys o...H04L 9/30 Public key, i.e. encryption...H04L 9/32 including means for verifyi...H04L 9/321 involving a third party or ...H04L 9/3236 using cryptographic hash fu...H04L 9/3242 involving keyed hash functi...
