Abstract: In one aspect, authentication information is received from a first processing device in a second processing device, and a digital signature is generated in the second processing device by signing data that incorporates at least a portion of the received authentication information. The received authentication information is generated at least in part from a secret seed stored in the first processing device. The received authentication information may be combined with the digital signature generated by the second processing device to form a joint signature that is transmitted to an authentication server. In an illustrative embodiment, the received authentication information comprises a tokencode and the digital signature is generated by signing data that incorporates the tokencode. The data that is signed to generate the digital signature may comprise an electronic document having the tokencode appended thereto.

Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.

Abstract: In one embodiment, a zone resiliency application indicates that an authoritative name server is in a degraded state. In operation, the zone resiliency application determines that the authoritative name server is in a degraded state. The zone resiliency application then generates a status record that indicates the degraded state. Subsequently, the zone resiliency application associates the status record with a domain name service (DNS) response to a DNS query. The zone resiliency application then transmits the DNS response and the associated status record to a requester.

Abstract: In one embodiment, a zone resiliency application indicates that an authoritative name server is in a degraded state. In operation, the zone resiliency application determines that the authoritative name server is in a degraded state. The zone resiliency application then generates a status record that indicates the degraded state. Subsequently, the zone resiliency application associates the status record with a domain name service (DNS) response to a DNS query. The zone resiliency application then transmits the DNS response and the associated status record to a requester.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.

Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.

Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Abstract: Techniques for processing a voice initiated request by a web server are presented. The techniques may include receiving, by a web server, request data representing a voice command to a user device, the request data including an identification of a requested webpage; determining, by the web server, that a response to the request data will continue a voice interaction; and providing, by the web server and to the user device, data for a voice enabled webpage associated with the requested webpage, where the data for the voice enabled webpage is configured to invoke a voice interface for the user device.

Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.

Abstract: Techniques for signing internet data are disclosed. The techniques include accessing a plurality of internet data records. The techniques also include generating, using at least one electronic processor, leaf nodes from the plurality of internet data records, and constructing a recursive hash tree from the plurality of leaf nodes. The techniques also include deriving information sufficient to validate the root node, and publishing, in an internet public key infrastructure (PKI) as a synthesized public key, the information sufficient to validate the root node. The techniques also include providing, through the internet and as a signature on at least one of the plurality of internet data records, validation data including sibling path data from the recursive hash tree, such that an internet client validates the at least one of the internet data records using at least the validation data and the synthesized public key.

Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.

Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.