Loading...
Please wait, while we are loading the content...
Similar Documents
Methods and Systems for Bootstrapping
| Content Provider | The Lens |
|---|---|
| Abstract | The disclosure is directed to securely bootstrapping devices in a network environment. Methods and systems include hardware and/or operations for receiving, based on an identifier provisioned at a relying entity, instances of a security credential of an information system, wherein the instances are associated with respective certifying entities. The operations also include verifying the authenticity of the instances of the security credential using information of the certifying entities provisioned at the relying entity. The operations further includes determining matches between the instances of the security credential. Additionally, the operations include determining based on the matches that a first instance of the security credential satisfies a policy provisioned at the relying entity. Further, the operations include verifying the authenticity of information requested from the information system using the first instance of the security credential. In various implementations, the information system may be the domain name system. |
| Related Links | https://www.lens.org/lens/patent/010-673-104-971-266/frontpage |
| Language | English |
| Publisher Date | 2017-03-23 |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Patent |
| Jurisdiction | United States of America |
| Date Applied | 2015-09-22 |
| Applicant | Verisign Inc |
| Application No. | 201514860885 |
| Claim | A method for bootstrapping a relying entity comprising: receiving, based on a identifier provisioned at the relying entity, a plurality of instances of a security credential of an information system, the plurality of instances of the security credential being associated, respectively, with a plurality of certifying entities; verifying, by a processor, authenticity of the plurality of instances of the security credential using information of the plurality of certifying entities provisioned at the relying entity; determining, by the processor, matches between the plurality of instances of the security credential; determining, by the processor, based on the matches, that a first instance of the security credential in the plurality of instances of the security credential satisfies a policy provisioned at the relying entity; and verifying, by the processor, authenticity of information requested from the information system using the first instance of the security credentia The method of claim 1 , further comprising sending a bootstrapping request including the identifier to the information system. The method of claim 1 , further comprising reporting to the information system a non-matching instance of the security credential in the plurality of instances of the security credentia The method of claim 1 , wherein the information system is the Domain Name System (DNS) and the security credential is a Domain Name System Security Extensions root key. The method of claim 1 , wherein the information of the plurality of certifying entities comprises identifiers of the plurality of certifying entities and cryptographic keys of the plurality of certifying entities. The method of claim 5 , wherein the plurality of certifying entities are trusted third party certificate authorities and the keys of the plurality of certifying entities comprise public keys of the trusted third party certificate authorities. The method of claim 1 , wherein the plurality of the certifying entities are independent of one another. The method of claim 1 , wherein the policy comprises a Byzantine fault tolerance policy. The method of claim 1 , wherein the identifier of the relying entity unambiguously identifies the relying entity in the information system. A system for bootstrapping a relying entity comprising a processor, a data storage device, and program instruction stored on the data storage device that, when executed by the processor, control the system to perform operations comprising: receiving, based on a identifier provisioned at the relying entity, a plurality of instances of a security credential of an information system, the plurality of instances of the security credential being associated, respectively, with a plurality of certifying entities; verifying authenticity of the plurality of instances of the security credential using information of the plurality of certifying entities provisioned at the relying entity; determining matches between the plurality of instances of the security credential; determining, based on the matches, that a first instance of the security credential of the plurality of instances of the security credential satisfies a policy provisioned at the relying entity based on the matches; and verifying authenticity of information requested from the information system using the first instance of the security credentia The system of claim 10 , wherein the operations further comprise sending a bootstrapping request including the identifier to the information system. The system of claim 10 , wherein the operations further comprise reporting a non-matching instance of the security credential of the plurality of instances of the security credential to the information system. The system of claim 10 , wherein the information system is the Domain Name System (DNS) and the security credential is a Domain Name System Security Extensions (DNSSEC) root key. The system of claim 10 , wherein the information of the plurality of certifying entities comprises identifiers of the plurality of certifying entities and cryptographic keys of the plurality of certifying entities. The system of claim 14 , wherein the plurality of certifying entities are trusted third party certificate authorities and the keys of the plurality of certifying entities comprise public keys of the trusted third party certificate authorities. The system of claim 10 , wherein the plurality of the certifying entities are independent of one another. The system of claim 10 , wherein the policy comprises a Byzantine fault tolerance policy. The system of claim 10 , wherein the identifier of the relying entity unambiguously identifies the relying entity in the information system. An information system that performs operations comprising: maintaining one or more lookup tables associating an identifier of a relying entity with a plurality of instances of a security credential of the information system, the plurality of instances of the security credential being cryptographically signed by a respective plurality of certifying entities; and providing, using the one or more lookup tables, the relying entity the plurality of instances of the security credential in response receiving the unique identifier of the relying entity in a bootstrapping request from the relying entity. The information system of claim 19 , wherein: the information system is the Domain Name System (DNS) of the Internet; the relying entity is an Internet-enabled device; the identifier of the relying entity unambiguously identifies the relying entity in the DNS; the plurality of instances of the security credential of the information system are a plurality of instances of a Domain Name System Security Extensions root key; and the certifying entities are trusted third party certificate authorities operated independently of each other and independently of the DNS. |
| CPC Classification | TRANSMISSION OF DIGITAL INFORMATION; e.g. TELEGRAPHIC COMMUNICATION |
| Extended Family | 012-412-424-995-512 010-673-104-971-266 |
| Patent ID | 20170085380 |
| Inventor/Author | Pandrangi Ramakant Osterweil Eric Livesay Paul |
| IPC | H04L9/32 H04L29/06 |
| Status | Active |
| Owner | Verisign Inc |
| Simple Family | 012-412-424-995-512 010-673-104-971-266 |
| CPC (with Group) | H04L63/20 H04L61/4511 H04L63/126 H04L9/321 H04L9/3263 H04L63/123 |
| Issuing Authority | United States Patent and Trademark Office (USPTO) |
| Kind | Patent Application Publication |
