Abstract: A method of recovering a registry includes accessing a plurality of registry zone files for the registry and archiving, on a first periodic basis, the plurality of registry zone files. Each of the registry zone files includes at least domain names, registrar IDs, and status information represented in a first predetermined format. The method also includes accessing bulk WHOIS data for the registry and archiving, on a second periodic basis, the bulk WHOIS data. The bulk WHOIS data includes at least nameserver server names, IP addresses, and status information represented in a second predetermined format. The method further includes validating one of the plurality of archived registry zone files based on a comparison between the plurality of registry zone files and the bulk WHOIS data, publishing the validated registry zone file to a second registry's nameservers, initiating a root zone change request, and updating authoritative nameservers.
Abstract: Various embodiments of the invention disclosed herein provide techniques for detecting a homograph attack. An IDN collision detection server retrieves a first domain name that includes a punycode element. The IDN collision detection server converts the first domain into a second domain name that includes a Unicode character corresponding to the punycode element. The IDN collision detection server converts the second domain name into an image. The IDN collision detection server performs one or more optical character recognition operations on the image to generate a textual string associated with the image. The IDN collision detection server determines that the textual string matches at least a portion of a third domain name.
Abstract: Improved RDAP systems, RDAP services, and RDAP methods identify users and clients and keep track of their RDAP activities. The RDAP systems, services, and methods analyze the activities of a user (or a client) and detect or determine whether or not the user is engaging in undesirable, malicious, or otherwise abnormal activities. If so, the RDAP systems, services, and methods take action to reduce, eliminate, or otherwise mitigate the undesirable, malicious, or abnormal activities of the user.
Type:
Grant
Filed:
December 28, 2016
Date of Patent:
March 24, 2020
Assignee:
VERISIGN, INC.
Inventors:
Matthew Ward, Andrew Fregly, Swapneel Sheth
Abstract: Various embodiments of the invention disclosed herein provide techniques for transforming and distributing data in a distributed computing system. New data types are created on-demand by deriving, transforming, and aggregating data from already existing data sources. A data transformation engine identifies a first subscription request received from a first subscriber for a first resource included in a plurality of resources. The data transformation engine determines that the first resource is not available from any publisher included in a plurality of publishers. The data transformation engine generates a transformation rule that transforms a set of second resources available from a set of first publishers included in the plurality of publishers into the first resource. The data transformation engine transforms the set of second resources into the first resource based on the inferred transformation rule. The data transformation engine publishes the first resource to the first subscriber.
Abstract: Systems, methods, and apparatuses consistent with the invention relate to protecting namespaces. In one exemplary implementation, the systems, methods, and apparatuses may validate whether or not there is consistency of sponsorship between a first namespace and a second namespace grouped with the first namespace, and perform an action related to the first namespace if there is consistency of sponsorship.
Type:
Grant
Filed:
September 25, 2012
Date of Patent:
February 18, 2020
Assignee:
VERISIGN, INC.
Inventors:
Srikanth Veeramachaneni, William Shorter, James Gould
Abstract: Systems and methods for tracking malware operator behavior patterns in a network environment simulated for an extended period of time include a processor that causes the system to receive organizational data that describes a virtual organization, obtain additional data related to the organizational data, and provide a simulated computer network of the virtual organization based on the organizational data. The process can further cause the system to install at least one malware on the simulated computer network, monitor one or more interactions between the simulated computer network and an operator of the malware, and build a malware operator profile that characterizes the operator of the malware based on the one or more interactions, with which the operator of the malware can be identified in subsequent interactions.
Abstract: In one embodiment, a tokenized list holder enables privacy-preserving querying with denial of existence functionality. Both an information requester and the tokenized list holder access related (or identical) tokenizing algorithms to generate tokenized terms based on original terms. Prior to receiving a query for information based on a tokenized query term, the tokenized list holder generates sorted tokenized data terms that are associated with a database. Upon receiving the query, the tokenized list holder determines that the tokenized query term is not included in the sorted tokenized data terms. The tokenized list holder then generates a signed response that specifies a gap in the sorted tokenized data terms to indicate that the information is not included in the database. Advantageously, because neither the query nor the response includes original (i.e., untokenized) terms, the privacy of both the information requester and the database is preserved.
Abstract: Systems and methods for enhanced monitoring and adaptive management of inter-network Domain Name System (“DNS”) traffic include an information capture device in a monitored network. The information capture device receives a redirected connection request originated by a client machine in the monitored network in response to a modified DNS answer from a recursive name server outside of the monitored network, captures detailed information associated with the redirected connection request that is inaccessible to the recursive name server, and sends the captured information to a data storage accessible to the recursive name server for storage as augmented DNS data associated with the client machine and/or the redirected connection request. The information capture device further provides, in response to the redirected connection request, an adaptive answer generated based on the augmented DNS data to the client machine.
Abstract: System, apparatus, methods, and computer-readable medium for generating a verification code related to a registry operation request are provided. A verification process may be performed to determine if a verification request related to a registry operation is to be approved. If the request is to be approved, a verification code is generated that includes identifying information of a verification service provider and a code indicating that the request has been verified.
Type:
Grant
Filed:
September 29, 2015
Date of Patent:
February 11, 2020
Assignee:
VERISIGN, INC.
Inventors:
Joseph Waldron, Christopher Klein, James Gould
Abstract: A Domain Name System (“DNS”) package and a method for providing domain name resolution services in a partitioned network are disclosed. The system may include one or more built-in root name servers; one or more built-in top level domain (“TLD”) name servers; and a recursive name server. The recursive name server may be configured to query the one or more built-in root name servers during domain name resolution. Moreover, the one or more built-in root name servers may be configured to provide a network address corresponding to one of the built-in TLD name servers in response to a domain name resolution query sent by the recursive name server.
Abstract: A method of detecting a DDOS attack is disclosed. The method includes obtaining, at an authoritative DNS server, a plurality of DNS query packets from a plurality of DNS requestors over a communications network; analyzing, by an electronic processor, a set of the plurality of DNS query packets; determining, by an electronic processor, that a subset of the plurality of DNS query packets of the set meets a predetermined threshold for a rate of DNS queries; filtering the plurality of DNS query packets based on the determining to produce a filtered number of DNS query packets; and providing, by the authoritative DNS server, a DNS response for the plurality of DNS query packets that were filtered.
Abstract: Embodiments relate to systems, devices, and computer-implemented methods for providing secure access to a shared registration system of a domain name registry by generating authorization information associated with a domain name, storing the authorization information in an archive, receiving, from a non-registrar service provider, a request for access to functionality of a shared registration system of the domain name registry, where the request is associated with the domain name and includes authorization information, determining whether the received authorization information is valid using the archived authorization information, and allowing the non-registrar service provider access to the functionality of the SRS based on a determination that the second authorization information is valid.
Type:
Grant
Filed:
September 3, 2015
Date of Patent:
January 21, 2020
Assignee:
VERISIGN, INC.
Inventors:
James F. Gould, Scott Hollenbeck, Patrick Kane, Joseph Waldron
Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.
Abstract: A method of detecting malicious software (malware) includes receiving a file and storing a memory baseline for a system. The method also includes copying the file to the system, executing the file on the system, terminating operation of the system, and storing a post-execution memory map. The method further includes analyzing the memory baseline and the post-execution memory map and determining that the file includes malware.
Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query to one or more thick RDAP services; obtaining an answer to the RDAP query from the one or more thick RDAP services; and providing the answer to the user.
Type:
Grant
Filed:
September 19, 2016
Date of Patent:
December 31, 2019
Assignee:
VERISIGN, INC.
Inventors:
Patrick Kane, Marc Anderson, Scott Hollenbeck, Swapneel Sheth, Joseph Waldron, James Gould
Abstract: Embodiments relate to systems, devices, and computing-implemented methods for performing and requesting registry operations using reseller profiles. A domain name registry can store or access associations between domain name reseller identifiers and domain name reseller profiles, and, based on receiving a domain name registry operation request from a domain name registrar that includes a domain name reseller identifier, applying domain name registry operation policies associated with the domain name reseller profile when performing registry operations.
Abstract: A system, method, and computer-readable medium for detecting malicious computer code are provided. Instructions, such as HTML or JavaScript instructions may be received from a server, parsed, and executed. During execution of the instructions, one or more functions of a software application, such as a web browser, may be hooked, and an event object may be created for each called function that is hooked, resulting in a collection of event objects. Rules may be matched with event objects of the collection of event objects to detect malicious code. Attributes from the matched event objects may then be used to locate original malicious script or code injected into a web page.
Abstract: Embodiments relate to systems, devices, and computing-implemented methods for providing improved domain data operations by receiving, from a device, a request for domain data associated with a domain name (e.g., RDAP domain data); transmitting a domain data request to a domain data server associated with a domain name registry corresponding to the domain name; receiving a domain data response from the domain data server that includes primary domain data associated with the domain name; obtaining supplementary domain data associated with the domain name; generating merged domain data by merging the primary domain data with the supplementary domain data; and transmitting the merged domain data to the device.
Abstract: Command performance may be monitored. In a monitoring transaction, a product may be selected from a plurality of products in one group of a plurality of groups of products. Execution performance of a command by the selected product may be monitored. The monitored execution performance may be provided for determining compliance with a service level agreement for the product based on the monitored executed performance.
Type:
Grant
Filed:
June 24, 2016
Date of Patent:
November 5, 2019
Assignee:
VERISIGN, INC.
Inventors:
James Gould, Manish Kumar Maheshwari, Sathyabodh Mudhol