Patents by Inventor Burton S. Kaliski, Jr.

Burton S. Kaliski, Jr. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11329821
    Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: May 10, 2022
    Assignee: VeriSign, Inc.
    Inventors: Burton S. Kaliski, Jr., Scott Hollenbeck
  • Publication number: 20210273779
    Abstract: Techniques for signing internet data are disclosed. The techniques include accessing a plurality of internet data records. The techniques also include generating, using at least one electronic processor, leaf nodes from the plurality of internet data records, and constructing a recursive hash tree from the plurality of leaf nodes. The techniques also include deriving information sufficient to validate the root node, and publishing, in an internet public key infrastructure (PKI) as a synthesized public key, the information sufficient to validate the root node. The techniques also include providing, through the internet and as a signature on at least one of the plurality of internet data records, validation data including sibling path data from the recursive hash tree, such that an internet client validates the at least one of the internet data records using at least the validation data and the synthesized public key.
    Type: Application
    Filed: February 16, 2021
    Publication date: September 2, 2021
    Inventor: Burton S. Kaliski, JR.
  • Patent number: 11082392
    Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: August 3, 2021
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Shumon Huque
  • Publication number: 20210234696
    Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.
    Type: Application
    Filed: April 12, 2021
    Publication date: July 29, 2021
    Inventors: Burton S. Kaliski, JR., Scott Hollenbeck
  • Publication number: 20210185028
    Abstract: In one aspect, authentication information is received from a first processing device in a second processing device, and a digital signature is generated in the second processing device by signing data that incorporates at least a portion of the received authentication information. The received authentication information is generated at least in part from a secret seed stored in the first processing device. The received authentication information may be combined with the digital signature generated by the second processing device to form a joint signature that is transmitted to an authentication server. In an illustrative embodiment, the received authentication information comprises a tokencode and the digital signature is generated by signing data that incorporates the tokencode. The data that is signed to generate the digital signature may comprise an electronic document having the tokencode appended thereto.
    Type: Application
    Filed: February 5, 2021
    Publication date: June 17, 2021
    Inventors: Daniel V. Bailey, John G. Brainard, Ari Juels, Burton S. Kaliski, JR.
  • Patent number: 11032127
    Abstract: In one embodiment, a resolution resiliency application performs robust domain name system (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server that is responsible for a domain name specified in a DNS query is unavailable. In response to determining that the authoritative name server is unavailable, the resolution resiliency application performs operation(s) that modify one or more DNS records stored in a cache based on one or more resiliency policies associated with the authoritative name server. The resolution resiliency application then generates a DNS response to the DNS query based on a DNS record stored in the modified cache. Notably, unlike conventional techniques that may generate inaccurate DNS responses based on stale DNS records, the disclosed techniques increase the likelihood of providing clients with DNS responses that accurately provide requested information.
    Type: Grant
    Filed: June 26, 2017
    Date of Patent: June 8, 2021
    Assignee: VERISIGN, INC.
    Inventors: Shumon Huque, Burton S. Kaliski, Jr., Eric Osterweil, Frank Scalzo, Glen Wiley
  • Patent number: 11025407
    Abstract: Techniques for signing internet data are disclosed. The techniques include accessing a plurality of internet data records. The techniques also include generating, using at least one electronic processor, leaf nodes from the plurality of internet data records, and constructing a recursive hash tree from the plurality of leaf nodes. The techniques also include deriving information sufficient to validate the root node, and publishing, in an internet public key infrastructure (PKI) as a synthesized public key, the information sufficient to validate the root node. The techniques also include providing, through the internet and as a signature on at least one of the plurality of internet data records, validation data including sibling path data from the recursive hash tree, such that an internet client validates the at least one of the internet data records using at least the validation data and the synthesized public key.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: June 1, 2021
    Assignee: VERISIGN, INC.
    Inventor: Burton S. Kaliski, Jr.
  • Patent number: 11025482
    Abstract: In one embodiment, a resolution resiliency application modifies domain name service (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server has begun recovering from a degraded state or receives a flush list update from the authoritative name server. In response, the resolution resiliency application performs operation(s) that modify a query rate and/or a cache. The query rate specifies a frequency associated with DNS queries transmitted to the first authoritative name server. The cache stores DNS record(s) received from the first authoritative name server. Finally, the resolution resiliency application generates a DNS response to a DNS query based on the modified query rate and/or the modified cache.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: June 1, 2021
    Assignee: VERISIGN, INC.
    Inventors: Shumon Huque, Burton S. Kaliski, Jr., Eric Osterweil, Frank Scalzo, Duane Wessels, Glen Wiley
  • Patent number: 11005856
    Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: May 11, 2021
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Eric Osterweil
  • Patent number: 10979224
    Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: April 13, 2021
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Scott Hollenbeck
  • Patent number: 10958632
    Abstract: In one aspect, one or more key-encapsulating ciphertexts are generated and stored in a processing device. The processing device receives authentication information from another processing device, and utilizes the authentication information to decrypt at least one of the key-encapsulating ciphertexts to recover an associated key. The authentication information may comprise, for example, a tokencode. In an illustrative embodiment, the authentication information may comprise a plurality of gradually rotating keys with overlapping refresh intervals. As a more particular example, the authentication information may comprise a plurality of hash chains wherein successive ones of the hash chains overlap one another in a designated number of time steps.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: March 23, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Daniel V. Bailey, John G. Brainard, Ari Juels, Burton S. Kaliski, Jr.
  • Publication number: 20210021598
    Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.
    Type: Application
    Filed: October 5, 2020
    Publication date: January 21, 2021
    Inventors: Burton S. Kaliski, JR., Swapneel Sheth, Scott Hollenbeck, Andrew Fregly
  • Patent number: 10867129
    Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: December 15, 2020
    Assignee: VERISIGN, INC.
    Inventors: Andrew Fregly, Burton S. Kaliski, Jr., Swapneel Sheth
  • Patent number: 10862855
    Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, the encoding domain name including an indication of a temporal event and of a target domain name. The technique can also include registering the encoding domain name to a registrant, where the registering the encoding domain name confers to the registrant a right to register the target domain name upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name, and registering the target domain name to the registrant after satisfaction of the specified conditions.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: December 8, 2020
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Joseph Waldron
  • Publication number: 20200358789
    Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.
    Type: Application
    Filed: July 24, 2020
    Publication date: November 12, 2020
    Inventors: Burton S. Kaliski, JR., Eric Osterweil
  • Patent number: 10805190
    Abstract: Embodiments relate to systems, devices, and computer-implemented methods for managing domain name space collisions by accessing information, such as a domain name string, corresponding to a domain name resolution request and response. Based on at least the domain name string, a type of use value associated with the request can be determined. Based on at least the type of use value, a name collision risk value for the request can be determined. If the name collision risk value indicates there is a specified risk of a domain name string collision, then a domain name collision mitigation strategy can be generated and/or implemented.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: October 13, 2020
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Allison Mankin
  • Patent number: 10798093
    Abstract: Provided is a method for providing Registration Data Access Protocol (“RDAP”) responses. The method includes obtaining, at a RDAP client over a network, a RDAP query for RDAP data from a user; providing, by the RDAP client, the RDAP query and a cryptographic credential to a RDAP server, wherein the RDAP server communicates with one or more thick RDAP servers to provide respective thick RDAP answers to the RDAP query, wherein at least one the respective thick RDAP answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the RDAP client; obtaining a consolidated thick RDAP answer to the RDAP query from the RDAP server; decrypting the consolidated thick RDAP answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick RDAP answer that is decrypted to the user.
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: October 6, 2020
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Swapneel Sheth, Scott Hollenbeck, Andrew Fregly
  • Publication number: 20200280549
    Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.
    Type: Application
    Filed: May 19, 2020
    Publication date: September 3, 2020
    Inventors: Burton S. KALISKI, JR., Glen S. WILEY
  • Publication number: 20200258507
    Abstract: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.
    Type: Application
    Filed: April 28, 2020
    Publication date: August 13, 2020
    Inventors: Andrew FREGLY, Burton S. KALISKI, JR., Swapneel SHETH
  • Patent number: 10721117
    Abstract: A resolution resiliency application performs robust domain name system (DNS) resolution. In operation, the resolution resiliency application determines that an authoritative name server that is responsible for a domain name specified in a DNS query is unavailable. In response to determining that the authoritative name server is unavailable, the resolution resiliency application performs operation(s) that modify one or more DNS records stored in a cache based on one or more resiliency policies associated with the authoritative name server. The resolution resiliency application then generates a DNS response to the DNS query based on a DNS record stored in the modified cache. Notably, the disclosed techniques increase the likelihood of providing clients with DNS responses that accurately provide requested information.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: July 21, 2020
    Assignee: VERISIGN, INC.
    Inventors: Burton S. Kaliski, Jr., Shumon Huque, Eric Osterweil, Frank Scalzo, Duane Wessels, Glen Wiley