Abstract: One embodiment of the present application sets forth a computer-implemented method for establishing trust for handles used to identify digital objects in a digital object architecture (DOA) by associating a first attester identifier with a first attester from a trusted public key infrastructure (PKI), identifying a first digital object public key for a first digital object, generating, by the first attester, a first digital object identity attestation that associates the first digital object public key with a handle identifier for the first digital object, wherein the handle identifier is external to the trusted PKI, and generating a first attester identity attestation attesting that the first attester is authentic, where the first attester identity attestation includes the first attester identifier.

Abstract: Techniques for processing a voice initiated request by a web server are presented. The techniques may include receiving, by a web server, request data representing a voice command to a user device, the request data including an identification of a requested webpage; determining, by the web server, that a response to the request data will continue a voice interaction; and providing, by the web server and to the user device, data for a voice enabled webpage associated with the requested webpage, where the data for the voice enabled webpage is configured to invoke a voice interface for the user device.

Abstract: Provided herein is a method for registering an IoT device with a DNS registry. The method can include obtaining, at a DNS server, an identifier, IP address, and a public key of an asymmetric key pair associated with the IoT device from a network gateway device that is in communication with the IoT device, wherein the asymmetric key pair is provisioned onto the IoT device and an associated private key stored within a memory of the IoT device at a time that IoT device is manufactured or during a predetermined time window after manufacturing; creating at least one DNS record for the IoT device; assigning a domain name associated with the internet protocol (“IP”) address to the IoT device; storing the identifier, IP address, the domain name, and the public key in the at least one DNS record; and providing confirmation of the registration to the IoT device.

Abstract: For digital objects registered via the DOA infrastructure, attribute inheritance is enabled between related objects using naming conventions for the handle IDs or data models for handle data. Each child object of a parent object may automatically inherit at least one predetermined attribute of the parent object. When a retriever machine (local handle registry or client machine) obtains a handle ID for a digital object, the retriever machine may determine that the digital object is a child object of a parent object, determine a handle ID for the parent object, obtain the author attribute from the handle data of the parent object, and associate the author attribute of the parent object with the child object. The retriever machine may determine that the digital object is a child object of the parent object via naming conventions for handle IDs or via data models for the handle data.

Abstract: A method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.

Abstract: Provided herein is a method for registering an IoT device with a DNS registry. The method can include obtaining, at a DNS server, an identifier, IP address, and a public key of an asymmetric key pair associated with the IoT device from a network gateway device that is in communication with the IoT device, wherein the asymmetric key pair is provisioned onto the IoT device and an associated private key stored within a memory of the IoT device at a time that IoT device is manufactured or during a predetermined time window after manufacturing; creating at least one DNS record for the IoT device; assigning a domain name associated with the internet protocol (“IP”) address to the IoT device; storing the identifier, IP address, the domain name, and the public key in the at least one DNS record; and providing confirmation of the registration to the IoT device.

Abstract: Techniques for providing a cross-ecosystem website for applications are presented. The techniques can include storing, by a webserver, multiple website templates in association with a plurality of respective web widgets and a respective Application Program Interface (API), where a plurality of respective back-end services correspond to the plurality of respective web widgets; receiving, from a website developer, a website template selection and a web widget selection; implementing a respective API for the cross-ecosystem website; storing in association with the cross-ecosystem website a manifest indicating services available on the cross-ecosystem website; and interfacing with a plurality of applications in a plurality of application ecosystems, using the API for the cross-ecosystem website.

Abstract: A method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.

Abstract: In one embodiment, a delegation engine automatically provisions a device connected to a network to securely identify and interact with external services. As a device boots in a deployment environment, the delegation engine generates a search domain name based on a manufacturer-supplied domain name and a domain name associated with the deployment environment. The delegation engine then searches a Domain Name System (DNS) to retrieve a delegation record stored at the search domain name. After verifying a manufacturer signature associated with the delegation record, the delegation engine configures the device based on service discovery information included in the delegation record. Because the delegation engine automates the provisioning process, the time required to provision devices is acceptable irrespective of the number of the devices. Further, because the delegation engine verifies the delegation record, the delegation engine does not expose the device to security risks during the provisioning process.

Abstract: Provided is a method of provisioning a named resource in a domain name system (“DNS”) with a registrar while preserving privacy of a registrant. The method includes obtaining, by a server of the registrar over a network, a request, from the registrant, to provision the named resource; determining, by at least one hardware processor of the server of the registrar, that the request requires additional handling by a privacy provider based on information in the request or information from the registrar; determining, by at least one hardware processor of the server of the registrar, a privacy provider from one or more privacy providers located in different geographic locations to service the request based on a location of the registrant; forwarding the request to the privacy provider; obtaining a cloaked identifier from the privacy provider; and provisioning the named resource in a database of a DNS registry using the cloaked identifier.

Abstract: A technique for verifying an origin of a digital object in a digital object architecture is described. The technique includes the steps of receiving, from a handle registry, handle information for a digital object that includes an attestation that references the handle identification value for the handle and origin identification information; verifying the authenticity of the attestation; after verifying the authenticity of the attestation, using the origin information in determining authorizations applicable to the digital object.

Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: One embodiment of the present application sets forth a computer-implemented method for establishing trust for handles used to identify digital objects in a digital object architecture (DOA) by associating a first attester identifier with a first attester from a trusted public key infrastructure (PKI), identifying a first digital object public key for a first digital object, generating, by the first attester, a first digital object identity attestation that associates the first digital object public key with a handle identifier for the first digital object, wherein the handle identifier is external to the trusted PKI, and generating a first attester identity attestation attesting that the first attester is authentic, where the first attester identity attestation includes the first attester identifier.

Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: Systems and methods for automating client-side synchronization and discovery of public keys and certificates of external contacts include a key synchronizer at a client device. The key synchronizer obtains, from the client device, an external contact associated with an external domain outside of a local domain of the client device and then identifies, based on the external domain, a public key registry outside of the local domain. The key synchronizer obtains, from the public key registry, a registry-supplied public key or digital certificate for the external contact and then stores the registry-supplied key as a locally-stored key in the local key store such that the client device can obtain and apply the locally-stored key to secure an email targeting the external contact as a recipient of the email.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process.

Abstract: Improved RDAP systems, RDAP services, and RDAP methods identify users and clients and keep track of their RDAP activities. The RDAP systems, services, and methods analyze the activities of a user (or a client) and detect or determine whether or not the user is engaging in undesirable, malicious, or otherwise abnormal activities. If so, the RDAP systems, services, and methods take action to reduce, eliminate, or otherwise mitigate the undesirable, malicious, or abnormal activities of the user.