Domain based authentication scheme

US 9,923,882 B2
Filed: 01/07/2014
Issued: 03/20/2018
Est. Priority Date: 11/20/2008
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a user terminal including a processor and a memory storing first domain name stub resolver instructions and second Domain Name Service (DNS) verifier instructions;

wherein the first domain name stub resolver instructions are executable by the processor to;

determine whether a local cache of the user terminal includes a translation for a DNS portion of a Uniform Resource Identifier (URI) of a network call;

responsive to determining that the local cache does not include the translation, send by the user terminal a transmission to a DNS server; and

responsive to determining that the local cache does include the translation or sending the transmission, obtain a domain name to IP address translation;

wherein the second DNS verifier instructions are executable by the processor to;

identify when the processor is provided with a domain name to IP look up request;

responsive to an identification, obtain an IP address from a predetermined remote service that incorporates a public key infrastructure (PKI);

compare the domain name to IP address translation obtained by the processor responsive to execution of the first domain name stub resolver instructions to the IP address obtained from the predetermined remote service;

determine whether to identify a mismatch exception responsive to a result of the comparison; and

responsive to identifying the mismatch exception, force a DNS cache of the user terminal to be dumped.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application.

Citations

18 Claims

1. A system, comprising:
- a user terminal including a processor and a memory storing first domain name stub resolver instructions and second Domain Name Service (DNS) verifier instructions;
  
  wherein the first domain name stub resolver instructions are executable by the processor to;
  
  determine whether a local cache of the user terminal includes a translation for a DNS portion of a Uniform Resource Identifier (URI) of a network call;
  
  responsive to determining that the local cache does not include the translation, send by the user terminal a transmission to a DNS server; and
  
  responsive to determining that the local cache does include the translation or sending the transmission, obtain a domain name to IP address translation;
  
  wherein the second DNS verifier instructions are executable by the processor to;
  
  identify when the processor is provided with a domain name to IP look up request;
  
  responsive to an identification, obtain an IP address from a predetermined remote service that incorporates a public key infrastructure (PKI);
  
  compare the domain name to IP address translation obtained by the processor responsive to execution of the first domain name stub resolver instructions to the IP address obtained from the predetermined remote service;
  
  determine whether to identify a mismatch exception responsive to a result of the comparison; and
  
  responsive to identifying the mismatch exception, force a DNS cache of the user terminal to be dumped.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the second DNS verifier instructions are further executable by the processor to repeat the determining corresponding the first domain name stub resolver instructions and the obtaining corresponding the first domain name stub resolver instructions after the dump.
  - 3. The system of claim 2, wherein the second DNS verifier instructions are further executable by the processor to:
    - compare a next domain name to IP address translation obtained by the processor responsive to the execution of the first domain name stub resolver instructions to the IP address obtained from the predetermined remote service; and
      
      in response to observing a same mismatch of the next domain name to IP address translation and the IP address obtained from the predetermined remote service as a mismatch corresponding to the mismatch exception, generate an error.
  - 4. The system of claim 1, wherein the second DNS verifier instructions are further executable by the processor to:
    - responsive to identifying the mismatch exception, enable a cacheless DNS checking mode;
      
      cause the processor to obtain a next domain name to IP address translation after the enabling.
  - 5. The system of claim 4, wherein the second DNS verifier instructions are further executable by the processor to:
    - compare the next domain name to IP address translation obtained by the processor responsive to the execution of the first domain name stub resolver instructions to the IP address obtained from the predetermined remote service; and
      
      in response to observing a same mismatch of the next domain name to IP address translation and the IP address obtained from the predetermined remote service as a mismatch corresponding to the mismatch exception, generate an error.
  - 6. The system of claim 1, wherein the second DNS verifier instructions are further executable by the processor to:
    - in response to determining to not identify the mismatch exception, determine whether an initiation of a download of content corresponding to the domain name to IP address translation has been deferred or a downloaded portion of the content has been embargoed; and
      
      responsive to determining that the initiation has been deferred or the downloaded portion has been embargoed, initiate the download or release the embargo responsive to a result of the comparison.

7. A method, comprising:
- determining by a domain name stub resolver component of a user terminal whether a local cache of the user terminal includes a translation for a Domain Name Service (DNS) portion of a Uniform Resource Identifier (URI) of a network call;
  
  responsive to determining that the local cache does not include the translation, generating by the domain name stub resolver component a transmission addressed to a DNS server; and
  
  responsive to determining that the local cache does include the translation or sending the generated transmission, obtaining by the domain name stub resolver component a domain name to IP address translation;
  
  identifying when the domain name stub resolver component is provided with a domain name to IP look up request;
  
  responsive to an identification, obtaining an IP address from a predetermined remote service that incorporates a public key infrastructure (PKI);
  
  comparing the domain name to IP address translation to the IP address obtained from the predetermined remote service; and
  
  identifying a mismatch exception responsive to a result of the comparison; and
  
  responsive to identifying the mismatch exception, forcing a DNS cache of the user terminal to be dumped.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, further comprisingcausing the domain name stub resolver component to repeat the determining and the obtaining after the dump.
  - 9. The method of claim 8, further comprising:
    - comparing a next domain name to IP address translation obtained by the domain name stub resolver component to the IP address obtained from the predetermined remote service; and
      
      in response to observing a same mismatch of the next domain name to IP address translation and the IP address obtained from the predetermined remote service as a previous mismatch corresponding to the mismatch exception, generating an error.
  - 10. The method of claim 7, further comprising:
    - responsive to identifying the mismatch exception, enabling a cacheless DNS checking mode;
      
      causing the domain name stub resolver component to obtain a next domain name to IP address translation after the enabling.
  - 11. The method of claim 10, further comprising:
    - comparing the next domain name to IP address translation obtained by the domain name stub resolver component to the IP address obtained from the predetermined remote service; and
      
      in response to observing a same mismatch of the next domain name to IP address translation and the IP address obtained from the predetermined remote service as a mismatch corresponding to the mismatch exception, generating an error.
  - 12. The method of claim 7, further comprising:
    - in response to determining to not identify the mismatch exception, determining whether an initiation of a download of content corresponding to the domain name to IP address translation has been deferred; and
      
      responsive to determining that the initiation has been deferred, initiating the download responsive to a result of the comparison.
  - 13. The method of claim 7, further comprising:
    - in response to determining to not identify the mismatch exception, determining whether an initiation of a downloaded portion of content corresponding to the domain has been embargoed; and
      
      responsive to determining that the downloaded portion has been embargoed, releasing the embargo responsive to a result of the comparison.

14. An apparatus, comprising:
- a memory comprising;
  
  a user terminal application; and
  
  a local cache to store translation data generated by operation of said user terminal application in communication with one or more remote Domain Name Service (DNS) servers over a first channel; and
  
  a processor configured to access a predetermined remote service that incorporates a public key infrastructure (PKI), said access over a second channel that is different than the first channel; and
  
  the processor configured to access the local cache, the processor to determine whether to identify a mismatch exception based on a result of the access of the local cache and using an IP address obtained from said predetermined remote service;
  
  wherein the processor is further configured to;
  
  determine whether the translation data includes a translation associated with a network call, wherein the translation comprises a DNS portion of a Uniform Resource Identifier (URI) of the network call;
  
  responsive to determining that the translation data does not include the translation, perform first operations including;
  
  send, over the first channel, a transmission to the one or more remote DNS servers to obtain a first domain name to IP address translation;
  
  compare the first domain name to IP address translation to the IP address obtained over the second channel; and
  
  identify the mismatch exception responsive to a result of the comparison of the first domain name to IP address translation and the IP address obtained over the second channel; and
  
  responsive to determining that the translation data includes the translation, wherein the translation comprises a second domain name to IP address translation, perform second operations including;
  
  compare the second domain name to IP address translation to the IP address obtained over the second channel; and
  
  identify the mismatch exception responsive to a result of the comparison of the second domain name to IP address translation and the IP address obtained over the second channel; and
  
  responsive to identifying the mismatch exception, force a DNS cache of the user terminal to be dumped.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The apparatus of claim 14, wherein the processor is further configured to:
    - responsive to identifying the mismatch exception based on the result of the comparison of the second domain name to IP address translation and the IP address obtained over the second channel, obtain a next domain name to IP address translation from the one or more DNS servers over the first channel for comparison to the IP address obtained over the second channel; and
      
      in response to observing a same mismatch of the next domain name to IP address translation and the IP address as a mismatch corresponding to the mismatch exception, generate an error.
  - 16. The apparatus of claim 14, wherein the processor is further configured to:
    - enable a cacheless DNS checking mode;
      
      obtain a next domain name to IP address translation from the one or more DNS servers over the first channel for comparison to the IP address obtained over the second channel using the cacheless DNS checking mode; and
      
      in response to observing a same mismatch of the next domain name to IP address translation and the IP address as a mismatch corresponding to the mismatch exception, generate an error.
  - 17. The apparatus of claim 14, wherein the processor is further configured to:
    - in response to determining to not identify the mismatch exception, determine whether a downloaded portion of content corresponding to at least one of the domain name to IP address translations has been embargoed; and
      
      responsive to determining that the downloaded portion of the content has been embargoed, release the embargo.
  - 18. The apparatus of claim 14, wherein the second channel comprises a secure channel associated with a restricted DNS that is different than any DNS corresponding to the one or more DNS servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
John Francis Mergen, Mark Kevin Shull
Original Assignee
John Francis Mergen, Mark Kevin Shull
Inventors
Shull, Mark Kevin, Mergen, John Francis
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/149,094
Publication Number

US 20140123264A1
Time in Patent Office

1,533 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 67/02 based on web technology, e....

Domain based authentication scheme

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Domain based authentication scheme

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links