| 发明名称 |
Automated secure DNSSEC provisioning system |
| 摘要 |
A system and method that maintains a secure chain of trust from domain name owner to publication by extending the trust placed in existing cryptographic identity systems to the records published in the Internet's Domain Name System (DNS) and secured by its DNS Security Extensions (DNSSEC) infrastructure. Automated validation and processing occur within a secured processing environment to capture and preserve the cryptographic security from the source request. |
| 申请公布号 |
US8782399(B2) |
申请公布日期 |
2014.07.15 |
| 申请号 |
US201213437210 |
申请日期 |
2012.04.02 |
| 申请人 |
|
发明人 |
Lamb Richard |
| 分类号 |
H04L29/06;H04L9/00;H04L9/32;H04L29/12 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. An automated method that extends the trust in established public key identity systems to domain name system (DNS) records by creating a cryptographic trail within an audited Secure Processing Environment (SPE), comprising the steps of:
owner generating a request to add, delete, or modify domain name records digitally signed by the owner's private key and accompanied by corresponding digital certificate; transmission of the request to DNS Security Extensions (DNSSEC) service provider's SPE via the public Internet; cryptographic verification that the request has not been modified in transit inside the SPE; cryptographic validation of the signed request inside SPE against a pre-configured list of trusted certificates that attest to the owner's identity; authorization of the request against a pre-configured list of authorized administrators for a domain name associated with the owner inside the SPE drawn from public records; processing of the request inside SPE to update domain name records; digital signing of the updated records using DNSSEC inside the SPE using DNSSEC private keys associated with the domain name; publication of the updated domain name records outside SPE. |
| 地址 |
|
