Domain based authentication scheme
First Claim
Patent Images
1. A system, comprising:
- a user terminal including a processor and a memory storing first domain name stub resolver instructions and second Domain Name Service (DNS) verifier instructions;
wherein the first domain name stub resolver instructions are executable by the processor to;
determine whether a local cache of the user terminal includes a translation for a DNS portion of a Uniform Resource Identifier (URI) of a network call;
responsive to determining that the local cache does not include the translation, send by the user terminal a transmission to a DNS server; and
responsive to determining that the local cache does include the translation or sending the transmission, obtain a domain name to IP address translation;
wherein the second DNS verifier instructions are executable by the processor to;
identify when the processor is provided with a domain name to IP look up request;
responsive to an identification, obtain an IP address from a predetermined remote service that incorporates a public key infrastructure (PKI);
compare the domain name to IP address translation obtained by the processor responsive to execution of the first domain name stub resolver instructions to the IP address obtained from the predetermined remote service;
determine whether to identify a mismatch exception responsive to a result of the comparison; and
responsive to identifying the mismatch exception, force a DNS cache of the user terminal to be dumped.
0 Assignments
0 Petitions
Accused Products
Abstract
In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application.
-
Citations
18 Claims
-
1. A system, comprising:
-
a user terminal including a processor and a memory storing first domain name stub resolver instructions and second Domain Name Service (DNS) verifier instructions; wherein the first domain name stub resolver instructions are executable by the processor to; determine whether a local cache of the user terminal includes a translation for a DNS portion of a Uniform Resource Identifier (URI) of a network call; responsive to determining that the local cache does not include the translation, send by the user terminal a transmission to a DNS server; and responsive to determining that the local cache does include the translation or sending the transmission, obtain a domain name to IP address translation; wherein the second DNS verifier instructions are executable by the processor to; identify when the processor is provided with a domain name to IP look up request; responsive to an identification, obtain an IP address from a predetermined remote service that incorporates a public key infrastructure (PKI); compare the domain name to IP address translation obtained by the processor responsive to execution of the first domain name stub resolver instructions to the IP address obtained from the predetermined remote service; determine whether to identify a mismatch exception responsive to a result of the comparison; and responsive to identifying the mismatch exception, force a DNS cache of the user terminal to be dumped. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
determining by a domain name stub resolver component of a user terminal whether a local cache of the user terminal includes a translation for a Domain Name Service (DNS) portion of a Uniform Resource Identifier (URI) of a network call; responsive to determining that the local cache does not include the translation, generating by the domain name stub resolver component a transmission addressed to a DNS server; and responsive to determining that the local cache does include the translation or sending the generated transmission, obtaining by the domain name stub resolver component a domain name to IP address translation; identifying when the domain name stub resolver component is provided with a domain name to IP look up request; responsive to an identification, obtaining an IP address from a predetermined remote service that incorporates a public key infrastructure (PKI); comparing the domain name to IP address translation to the IP address obtained from the predetermined remote service; and identifying a mismatch exception responsive to a result of the comparison; and responsive to identifying the mismatch exception, forcing a DNS cache of the user terminal to be dumped. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
a memory comprising; a user terminal application; and a local cache to store translation data generated by operation of said user terminal application in communication with one or more remote Domain Name Service (DNS) servers over a first channel; and a processor configured to access a predetermined remote service that incorporates a public key infrastructure (PKI), said access over a second channel that is different than the first channel; and the processor configured to access the local cache, the processor to determine whether to identify a mismatch exception based on a result of the access of the local cache and using an IP address obtained from said predetermined remote service; wherein the processor is further configured to; determine whether the translation data includes a translation associated with a network call, wherein the translation comprises a DNS portion of a Uniform Resource Identifier (URI) of the network call; responsive to determining that the translation data does not include the translation, perform first operations including; send, over the first channel, a transmission to the one or more remote DNS servers to obtain a first domain name to IP address translation; compare the first domain name to IP address translation to the IP address obtained over the second channel; and identify the mismatch exception responsive to a result of the comparison of the first domain name to IP address translation and the IP address obtained over the second channel; and responsive to determining that the translation data includes the translation, wherein the translation comprises a second domain name to IP address translation, perform second operations including; compare the second domain name to IP address translation to the IP address obtained over the second channel; and identify the mismatch exception responsive to a result of the comparison of the second domain name to IP address translation and the IP address obtained over the second channel; and responsive to identifying the mismatch exception, force a DNS cache of the user terminal to be dumped. - View Dependent Claims (15, 16, 17, 18)
-
Specification