Abstract: Techniques for allowing third-party DNS service providers to programmatically initiate changes to DNS resource records using an interface provided by a registrar or registry are disclosed. Further, techniques for validating change requests received at such an interface are disclosed. The disclosed techniques reduce errors and increase convenience.

Abstract: Techniques for allowing third-party DNS service providers to programmatically initiate changes to DNS resource records using an interface provided by a registrar or registry are disclosed. Further, techniques for validating change requests received at such an interface are disclosed. The disclosed techniques reduce errors and increase convenience.

Abstract: The present disclosure relates to a computer-implemented method for responding to a query request from a requestor using information supplied by an authoritative name server. The computer-implemented method can include obtaining, by a DNS resolution server, a query for a named resource from a requestor, wherein the query comprises information comprising contextual information related to the requestor. The method can obtain at least a portion of a zone file of a domain name space using the domain name system (DNS), one or more rules, and information on how to access information that is not local to the DNS resolution server from the authoritative name server based on the query obtained from the requestor. An answer can then be provided to the query from requester based on the at least a portion of the zone file, the one or more rules, and the contextual information.

Abstract: One or more DNS services are provided that are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.

Abstract: Techniques for provisioning a smart navigation service are presented. The provisioning can be performed by a name owner, by the smart navigation service itself, or by a third-party keyword service. The provisioned information can include an entity name, a keyword, and possibly other data correlated to at least one network locator. The navigation service electronically stores in navigation service persistent memory a rule correlating the entity name, the keyword, and, if used, the other data, to the at least one network locator, such that when the navigation service receives, from a client computer communicatively coupled to the navigation service, command data that includes the entity name, the keyword, and possibly other data, the navigation service responds to the client computer with the at least one network locator.

Abstract: A method, system, and computer-readable memory containing instructions include requesting a tokenizing authority to provide a tokenized string that represents a domain name, using the tokenized domain name string to perform a lookup against a database of registered tokenized domain name strings, determining whether the tokenized domain name string exists in the database, and returning results based on the existence of tokenized domain name strings and optionally variants thereof. The method, system, and computer-readable memory may further include returning an encryption key corresponding to an encrypted record of information related to the domain name corresponding to the tokenized domain name string.

Abstract: An apparatus and a non-transitory computer-readable medium may perform a method for providing brand-driven URL keyword navigation. The method may comprise: receiving a user selection of an accepted third party; transmitting third party selection information to the accepted third party, the third party selection information being based on the user selection; and receiving brand-driven keyword data from the accepted third party in response to the transmission of the third party selection information, the brand-driven keyword data mapping a keyword to a particular URL.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: Techniques for provisioning a smart navigation service are presented. The provisioning can be performed by a name owner, by the smart navigation service itself, or by a third-party keyword service. The provisioned information can include an entity name, a keyword, and possibly other data correlated to at least one network locator. The navigation service electronically stores in navigation service persistent memory a rule correlating the entity name, the keyword, and, if used, the other data, to the at least one network locator, such that when the navigation service receives, from a client computer communicatively coupled to the navigation service, command data that includes the entity name, the keyword, and possibly other data, the navigation service responds to the client computer with the at least one network locator.

Abstract: Techniques for signing internet data are disclosed. The techniques include accessing a plurality of internet data records. The techniques also include generating, using at least one electronic processor, leaf nodes from the plurality of internet data records, and constructing a recursive hash tree from the plurality of leaf nodes. The techniques also include deriving information sufficient to validate the root node, and publishing, in an internet public key infrastructure (PKI) as a synthesized public key, the information sufficient to validate the root node. The techniques also include providing, through the internet and as a signature on at least one of the plurality of internet data records, validation data including sibling path data from the recursive hash tree, such that an internet client validates the at least one of the internet data records using at least the validation data and the synthesized public key.

Abstract: In one embodiment, a tokenized list holder enables privacy-preserving querying with denial of existence functionality. Both an information requester and the tokenized list holder access related (or identical) tokenizing algorithms to generate tokenized terms based on original terms. Prior to receiving a query for information based on a tokenized query term, the tokenized list holder generates sorted tokenized data terms that are associated with a database. Upon receiving the query, the tokenized list holder determines that the tokenized query term is not included in the sorted tokenized data terms. The tokenized list holder then generates a signed response that specifies a gap in the sorted tokenized data terms to indicate that the information is not included in the database. Advantageously, because neither the query nor the response includes original (i.e., untokenized) terms, the privacy of both the information requester and the database is preserved.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: Systems and methods for updating a Domain Name System (DNS) registry are disclosed. Embodiments perform operations including maintaining a domain name record of a DNS registrant recorded in a database of the DNS registry by a primary DNS interface. The operations also include receiving a request to update the domain name record of the DNS registrant via a secondary DNS interface. The operations further include modifying the domain name record of the DNS registrant in the DNS database in accordance with the request.

Abstract: Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: A method. system. and computer-readable memory containing instructions include requesting a tokenizing authority to provide a tokenized string that represents a domain name. using the tokenized domain name string to perform a lookup against a database of registered tokenized domain name strings, determining whether the tokenized domain name string exists in the database, and returning results based on the existence of tokenized domain name strings and optionally variants thereof. The method, system, and computer-readable memory may further include returning an encryption key corresponding to an encrypted record of information related to the domain name corresponding to the tokenized domain name string.

Abstract: A method of providing one or more assertions about a subject is provided. The method includes obtaining, at an assertion directory access server and over a network, a first assertion about a first attribute of the subject from a first assertion issuer; obtaining, at the assertion directory access server and over a network, a second assertion about a second attribute of the subject from a second assertion issuer; and providing, from the assertion directory access server, the first assertion and the second assertion to an assertion directory authority server over a network.

Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.