| 发明名称 |
SECURE AND DELEGATED DISTRIBUTION OF PRIVATE KEYS VIA DOMAIN NAME SERVICE |
| 摘要 |
A third party system generates a public-private key pair, the public key of the key pair being an encryption key, and the private key of the key pair being a decryption key. The third party system publishes the encryption key as a DNS record of a third party system. The third party system receives a request to sign a message on behalf of a domain owner, the message to be sent to a recipient, and accesses an encrypted delegated private key published by the domain owner via a DNS record of the domain owner, the encrypted delegated private key encrypted using the encryption key. The third party system decrypts the encrypted delegated private key using the decryption key, and generates a signature for the message using the delegated private key. The third party system sends the signature and the message to the recipient. |
| 申请公布号 |
US2016373252(A1) |
申请公布日期 |
2016.12.22 |
| 申请号 |
US201615255118 |
申请日期 |
2016.09.01 |
| 申请人 |
ValiMail Inc. |
发明人 |
Goldstein Peter Martin |
| 分类号 |
H04L9/08;H04L9/32 |
主分类号 |
H04L9/08 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A non-transitory computer readable storage medium configured to store instructions, the instructions when executed by a processor cause the processor to:
identify, at a domain owner system, a third party system to delegate signing of messages; access an encryption key published by the third party system at a domain name system (DNS) record of the third party system; generate a public-private key pair, the public key of the key pair being a verifying key, and the private key of the key pair being a delegated private key, the delegated private key to be used by the third party system to sign messages on behalf of a domain owner of the domain owner system; encrypt the delegated private key using the encryption key to generate an encrypted delegated private key; publish the encrypted delegated private key at a DNS record of the domain owner residing on a DNS server; configure the DNS server to respond with the encrypted delegated private key only in response to requests for the encrypted delegated private key from network addresses of the third party system; and publish the verifying key at the DNS record of the domain owner. |
| 地址 |
San Francisco CA US |
