| 发明名称 | DNSSEC signing server | ||
| 摘要 | Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application. | ||
| 申请公布号 | US9130917(B2) | 申请公布日期 | 2015.09.08 |
| 申请号 | US201113098940 | 申请日期 | 2011.05.02 |
| 申请人 | VERISIGN, INC. | 发明人 | Smith David;Gould James;Lavu Ramana;Deshpande Deepak |
| 分类号 | H04L29/06;H04L29/12 | 主分类号 | H04L29/06 |
| 代理机构 | MH2 Technology Law Group, LLP | 代理人 | MH2 Technology Law Group, LLP |
| 主权项 | 1. A Domain Name System Security Extensions (DNSSEC) signing server configured to interact with at least one DNSSEC client application and one or more digital signature modules that are configured to be executed by a processor, the DNSSEC signing server comprising: a processor implemented in hardware; and a storage device including computer readable code that, when executed by the hardware processor, causes the DNSSEC signing server to act as an authoritative server to: receive a signing request from the at least one DNSSEC client application to digitally sign a first data included in the signing request, the first data includes domain name system (DNS) data, and the one or more digital signature modules are configured to sign certain parts of the DNS data according to a DNSSEC protocol, without signing an entire zone; determine a type of signing function from among a plurality of signing functions based on the signing request; determine at least one of an active Key Signing Key (KSK) and an active Zone Signing Key (ZSK) from among one or more keys to digitally sign the first data based on the type that is determined; transmit the first data to one of the plurality of digital signature modules to be digitally signed; use the at least one of active KSK and active ZSK to digitally sign the first data in response to receiving the first data; receive a digital signature based on the first data from one of the one or more digital signature modules; and provide the digital signature based on the first data to the at least one DNSSEC client application. | ||
| 地址 | Reston VA US | ||