Abstract: In one example, an edge server including a processor, memory, and a domain name system (DNS) edge application stored in the memory and executed by the processor is provided. The DNS edge application is configured to: receive a first DNS query requesting a first DNS record; forward the first DNS query to an origin server; receive a response to the first DNS query from the origin server; store the response on the edge server; receive a second DNS query requesting a second DNS record; determine that the second DNS record is not stored on the edge server; and generate a new response to the second DNS query based on the stored response. The first DNS query and the second DNS query may be the same DNS query, and the second DNS query is not forwarded to the origin server.

Abstract: Techniques are provided for the caching of content prior to the content being requested. A request for desired content may be received from a client application at a caching server. The request may also indicate additional content related to the desired content that may be subsequently requested by the client application. The indicated additional content (and the desired content, if not already cached) is retrieved from an origin server. The desired content is transmitted to the client application at the user device, and the additional content is cached at the caching server. Subsequently, a second request may be received from the client application that includes a request for the additional content. The additional content, which is now cached at the caching server, is served to the client application by the caching server in response to the second request (rather than being retrieved from the origin server).

Abstract: In one example, an edge server including a processor, memory, and a domain name system (DNS) edge application stored in the memory and executed by the processor is provided. The DNS edge application is configured to: receive a first DNS query requesting a first DNS record; forward the first DNS query to an origin server; receive a response to the first DNS query from the origin server; store the response on the edge server; receive a second DNS query requesting a second DNS record; determine that the second DNS record is not stored on the edge server; and generate a new response to the second DNS query based on the stored response. The first DNS query and the second DNS query may be the same DNS query, and the second DNS query is not forwarded to the origin server.

Abstract: A method includes receiving, at a server, a request from a DNS client. The request identifies a domain name to be resolved that is not able to be resolved by the server. The method includes identifying a hash of the domain name as being part of a set of hashes. The hash of the domain name identified at the server was computed using a first cryptographic technique. However, the hash can be computed by an external system using a second cryptographic technique. The first cryptographic technique is able to compute the hash in substantially fewer or substantially less complex operations than the operations required to compute the hash using the second cryptographic technique. The method further includes returning a result indicating that the domain name cannot be resolved, including returning an indicator identifying the set of hashes.

Abstract: Techniques are provided for the caching of content prior to the content being requested. A request for desired content may be received from a client application at a caching server. The request may also indicate additional content related to the desired content that may be subsequently requested by the client application. The indicated additional content (and the desired content, if not already cached) is retrieved from an origin server. The desired content is transmitted to the client application at the user device, and the additional content is cached at the caching server. Subsequently, a second request may be received from the client application that includes a request for the additional content. The additional content, which is now cached at the caching server, is served to the client application by the caching server in response to the second request (rather than being retrieved from the origin server).

Abstract: Techniques are provided for the caching of content prior to the content being requested. A request for desired content may be received from a client application at a caching server. The request may also indicate additional content related to the desired content that may be subsequently requested by the client application. The indicated additional content (and the desired content, if not already cached) is retrieved from an origin server. The desired content is transmitted to the client application at the user device, and the additional content is cached at the caching server. Subsequently, a second request may be received from the client application that includes a request for the additional content. The additional content, which is now cached at the caching server, is served to the client application by the caching server in response to the second request (rather than being retrieved from the origin server).

Abstract: Embodiments are directed to establishing caches that provide authoritative domain name system (DNS) answers to DNS requests. In one scenario, a computer system establishes a cache that stores authoritative DNS answers to DNS queries. The cache corresponds to a specified DNS zone that includes authoritative DNS answers for a subset of DNS queries. The cache is configured to store the authoritative DNS answers for at least a specified period of time during which the authoritative DNS answers are updatable. The cache then receives an update indicating that at least one cached DNS answer is out-of-date and the computer system purges the out-of-date DNS answer from the cache, ensuring that the cache continually provides authoritative DNS answers for DNS queries assigned to the specified DNS zone.

Abstract: A method includes receiving, at a server, a request from a DNS client. The request identifies a domain name to be resolved that is not able to be resolved by the server. The method includes identifying a hash of the domain name as being part of a set of hashes. The hash of the domain name identified at the server was computed using a first cryptographic technique. However, the hash can be computed by an external system using a second cryptographic technique. The first cryptographic technique is able to compute the hash in substantially fewer or substantially less complex operations than the operations required to compute the hash using the second cryptographic technique. The method further includes returning a result indicating that the domain name cannot be resolved, including returning an indicator identifying the set of hashes.

Abstract: This invention generally relates methods, computer program code, data processing apparatus, and signals for certifying data, in particular by means of an electronic signature. Embodiments of the invention can be implemented on a user terminal without the need for dedicated hardware or software and may be termed “zero-footprint” data certification methods. A method of providing an electronic signature to-a-server; the method including receiving data for said server at a proxy system for said server; reading said received data to identify a signature request; obtaining a signature for a portion of said received data associated with said request responsive to said request, and providing said signature from said proxy system to said server. The use of a signature-enabled reverse proxy enables the use of a zero footprint user terminal, that is without the need to add additional functionality to the terminal for the purposes of signature creation in the context of a distributed application architecture.

Abstract: A data certification system and method for signing electronic data with a digital signature in which a central server comprises a signature server and an authentication server. The signature server securely stores the private cryptographic keys of a number of users. The user contacts the central server using a workstation through the secure tunnel which is set up for the purpose. The user supplies a password or other token based on information previously supplied to the user by the authentication server through a separate authentication channel. The authentication server provides the signature server with a derived version of the same information through a permanent secure tunnel between the servers, which is compared with the one supplied by the user. If they match, data received from the user is signed with the user's private key.

Abstract: Techniques are provided for the caching of content prior to the content being requested. A request for desired content may be received from a client application at a caching server. The request may also indicate additional content related to the desired content that may be subsequently requested by the client application. The indicated additional content (and the desired content, if not already cached) is retrieved from an origin server. The desired content is transmitted to the client application at the user device, and the additional content is cached at the caching server. Subsequently, a second request may be received from the client application that includes a request for the additional content. The additional content, which is now cached at the caching server, is served to the client application by the caching server in response to the second request (rather than being retrieved from the origin server).

Abstract: This invention is generally concerned with methods, apparatus and computer program code for a computationally asymmetric hash function, in particular for use with symmetric cryptographic algorithms. We describe a method of determining a computationally asymmetric hash function value, the method including: receiving input data to be hashed; computing an asymmetric value from said input data, said asymmetric value being computable by two methods, a first method employing at least one first parameter and a second method employing at least one second parameter, computation of said asymmetric value by said second method being faster than by said first method; and determining a computationally asymmetric hash function value using said asymmetric value. We also describe methods of providing a computationally asymmetric electronic signature from a symmetric cryptographic signature.

Abstract: A data certification system and method for signing electronic data with a digital signature in which a central server comprises a signature server and an authentication server. The signature server securely stores the private cryptographic keys of a number of users. The user contacts the central server using a workstation through the secure tunnel which is set up for the purpose. The user supplies a password or other token based on information previously supplied to the user by the authentication server through a separate authentication channel. The authentication server provides the signature server with a derived version of the same information through a permanent secure tunnel between the servers, which is compared with the one supplied by the user. If they match, data received from the user is signed with the user's private key.

Abstract: An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, different cryptographic scheme, the apparatus including: a communications interface for communicating with a said device; and a processor coupled to a memory, the memory storing processor control code to control the processor, when running, to: generate a dynamic password according to the first cryptographic scheme; and generate intermediate cryptogram data corresponding to said dynamic password, the intermediate cryptogram data being suitable for outputting to the said device so that, when the said device processes said intermediate cryptogram data according to the second cryptographic scheme, the said device generates data suitable for displaying said dynamic password.

Abstract: An apparatus and method for signing electronic data with a digital signature in which a central server comprises a signature server (110) and an authentication server (120). The signature server (110) securely stores the private cryptographic keys of a number of users (102). The user (102) contacts the central server using a workstation (101) through a secure channel which is setup for the purpose. The user (102) supplies a password or other token (190), based on information previously supplied to the user by the authentication server (120) through a separate authentication channel. The authentication server provides the signature server with a derived version of the same information through a permanent secure channel between the servers, which is compared with the one supplied by the user (102). If they match, data received from the user (102) is signed with the user's private key.

Abstract: This invention is generally concerned with methods, apparatus and computer program code for a computationally asymmetric hash function, in particular for use with symmetric cryptographic algorithms. We describe a method of determining a computationally asymmetric hash function value, the method including: receiving input data to be hashed; computing an asymmetric value from said input data, said asymmetric value being computable by two methods, a first method employing at least one first parameter and a second method employing at least one second parameter, computation of said asymmetric value by said second method being faster than by said first method; and determining a computationally asymmetric hash function value using said asymmetric value. We also describe methods of providing a computationally asymmetric electronic signature from a symmetric cryptographic signature.

Abstract: An apparatus for generating intermediate cryptogram data corresponding to a dynamic password for a first cryptographic scheme, the intermediate cryptogram data being suitable for display using a device designed for a second, different cryptographic scheme, the apparatus including: a communications interface for communicating with a said device; and a processor coupled to a memory, the memory storing processor control code to control the processor, when running, to: generate a dynamic password according to the first cryptographic scheme; and generate intermediate cryptogram data corresponding to said dynamic password, the intermediate cryptogram data being suitable for outputting to the said device so that, when the said device processes said intermediate cryptogram data according to the second cryptographic scheme, the said device generates data suitable for displaying said dynamic password.