Abstract: Systems and methods for out-of-band communications in the domain name system (DNS) are disclosed. Embodiments include a system for negotiating DNS services in the DNS. The system includes an in-band communication channel connecting a first party and a second party, and one or more out-of-band communication channels connecting the first party and the second party. The first party performs messaging for the DNS services with the second party using the in-band communication channel. Further, the first party advertises terms of the DNS service offered by the second party using the one or more out-of-band communication channels.

Abstract: A method, system, and computer-readable memory containing instructions include requesting a tokenizing authority to provide a tokenized string that represents a domain name, using the tokenized domain name string to perform a lookup against a database of registered tokenized domain name strings, determining whether the tokenized domain name string exists in the database, and returning results based on the existence of tokenized domain name strings and optionally variants thereof. The method, system, and computer-readable memory may further include returning an encryption key corresponding to an encrypted record of information related to the domain name corresponding to the tokenized domain name string.

Abstract: A method, system, and computer-readable memory containing instructions include employing a tokenizing authority to obtain a tokenized query term that represents a query term, using the tokenized query term to perform a lookup against a tokenized term database, determining whether the tokenized query term exists in the database. The method, system, and computer-readable memory may further include returning an encryption or decryption key corresponding to an encrypted record of information associated with the query term and corresponding to the tokenized query term.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for detecting double signing in one-time use signature schemes by receiving a first message, where the first message includes a signature generated using a one-time use private key of a one-time use public/private key pair, determining a one-time use public key of the public/private key pair based on the first message, adding the one-time use public key to a list of public keys, receiving a second message, where the second message includes a signature generated using the one-time use private key of the one-time use public/private key pair, determining the one-time use public key of the public/private key pair based on the second message, determining that the one-time use public/private key pair was used more than once based on the list of public keys; and generating an alert based on determining that the one-time use public/private key pair was used more than once.

Abstract: Techniques for providing authentication functionality in a gaming system are disclosed. In one aspect, a gaming system is configured such that, at a given point during a current session of a game in progress that involves at least one user previously granted access by the system to participate in the current session, information available from an authentication token associated with the user is obtained prior to allowing the user to take a particular action in the game. A determination is made as to whether or not the user will be allowed to take the particular action in the game, based on the obtained information. The obtained information may comprise, for example, at least a portion of a one-time password generated by a hardware or software authentication token.

Abstract: Techniques for provisioning a smart navigation service are presented. The provisioning can be performed by a name owner, by the smart navigation service itself, or by a third-party keyword service. The provisioned information can include an entity name, a keyword, and possibly other data correlated to at least one network locator. The navigation service electronically stores in navigation service persistent memory a rule correlating the entity name, the keyword, and, if used, the other data, to the at least one network locator, such that when the navigation service receives, from a client computer communicatively coupled to the navigation service, command data that includes the entity name, the keyword, and possibly other data, the navigation service responds to the client computer with the at least one network locator.

Abstract: A method, system, and computer-readable memory containing instructions include employing a tokenizing authority to obtain a tokenized query term that represents a query term, using the tokenized query term to perform a lookup against a tokenized term database, determining whether the tokenized query term exists in the database. The method, system, and computer-readable memory may further include returning an encryption or decryption key corresponding to an encrypted record of information associated with the query term and corresponding to the tokenized query term.

Abstract: The present disclosure relates to a computer-implemented method for responding to a query request from a requestor using information supplied by an authoritative name server. The computer-implemented method can include obtaining, by a DNS resolution server, a query for a named resource from a requestor, wherein the query comprises information comprising contextual information related to the requestor. The method can obtain at least a portion of a zone file of a domain name space using the domain name system (DNS), one or more rules, and information on how to access information that is not local to the DNS resolution server from the authoritative name server based on the query obtained from the requestor. An answer can then be provided to the query from requester based on the at least a portion of the zone file, the one or more rules, and the contextual information.

Abstract: A first processing device, which may be, for example, a wireless authentication token or an RFID tag, transmits information in a wireless network in a manner that emulates standard communications of an access point of the wireless network, although the first processing device is not configured to operate as an actual access point of the wireless network. A second processing device, which may be, for example, a computer or other station of the wireless network, receives the transmitted information and is able to determine therefrom that the information originates from an emulated access point rather than an actual access point. The second processing device responds to this condition by utilizing the transmitted information in a manner distinct from its utilization of similar information received from the actual access point of the wireless network.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for managing domain name space collisions by accessing information, such as a domain name string, corresponding to a domain name resolution request and response. Based on at least the domain name string, a type of use value associated with the request can be determined. Based on at least the type of use value, a name collision risk value for the request can be determined. If the name collision risk value indicates there is a specified risk of a domain name string collision, then a domain name collision mitigation strategy can be generated and/or implemented.

Abstract: The present invention generally relates to a system for, and method of, obtaining, from a first identifier in a first name space, a second identifier in a second name space. The disclosed technique involves obtaining the first identifier in the first name space from a source, applying a rule to the first identifier in the first name space, such that a second identifier in a second name space is obtained, and providing the second identifier, such that the source obtains the second identifier without resolving the first identifier using a domain name system (DNS).

Abstract: A proof of retrievability (POR) mechanism is applicable to a data object for providing assurances of data object possession to a requesting client by transmitting only a portion of the entire data object. The client compares or examines validation values returned from predetermined validation segments of the data object with previously computed validation attributes for assessing the existence of the data object. Since the archive server does not have access to the validation function prior to the request, or challenge, from the client, the archive server cannot anticipate the validation values expected from the validation function. Further, since the validation segments from which the validation attributes, and hence the validation values were derived, are also unknown to the server, the server cannot anticipate which portions of the data object will be employed for validation.

Abstract: Techniques for smart navigation are presented. The techniques can include receiving, at a navigation service and via the internet, a request for a network resource, where the request includes command data provided by a navigation client, and where the command data includes an entity name and a keyword. The techniques can include obtaining, from at least one database of the navigation service, a network locator corresponding to the entity name and the keyword. The techniques can further include providing, in response to the receiving and via the internet, the network locator.

Abstract: A method, system, and computer-readable memory containing instructions include employing a tokenizing authority to obtain a tokenized query term that represents a query term, using the tokenized query term to perform a lookup against a tokenized term database, determining whether the tokenized query term exists in the database. The method, system, and computer-readable memory may further include returning an encryption or decryption key corresponding to an encrypted record of information associated with the query term and corresponding to the tokenized query term.

Abstract: A method, system, and computer-readable memory containing instructions include requesting a tokenizing authority to provide a tokenized string that represents a domain name, using the tokenized domain name string to perform a lookup against a database of registered tokenized domain name strings, determining whether the tokenized domain name string exists in the database, and returning results based on the existence of tokenized domain name strings and optionally variants thereof. The method, system, and computer-readable memory may further include returning an encryption key corresponding to an encrypted record of information related to the domain name corresponding to the tokenized domain name string.

Abstract: In a system comprising a transient storage device (TSD) or other type of peripheral configured for communication with a host device, a first one-time password or other type of code is generated in the peripheral and transmitted to the host device. The first code is presented by the host device to an authentication server for authentication. The host device receives a second one-time password or other type of code from the authentication server and transmits it to the peripheral for authentication.

Abstract: In one aspect, a method comprises the steps of deriving a base point on an elliptic curve in a first processing device, generating authentication information in the first processing device utilizing the base point and a private key of the first processing device, and transmitting the authentication information from the first processing device to a second processing device. The base point on the elliptic curve may be derived, for example, by applying a one-way function to a current time value, or by computation based on a message to be signed.

Abstract: In one aspect, a first processing device, which may be an authentication token, establishes a shared key through a pairing protocol carried out between the first processing device and a second processing device. The pairing protocol also involves communication between the second processing device and an authentication server. As part of the pairing protocol, the first processing device sends identifying information to the second processing device, and the second processing device utilizes the identifying information to obtain the shared key from the authentication server. The first processing device encrypts authentication information utilizing the shared key, and transmits the encrypted authentication information from the first processing device to the second processing device. The second processing device utilizes the shared key to decrypt the encrypted authentication information.

Abstract: An authentication-delegating service implemented in an authentication server or other processing device is configured to receive a request from a relying party for delegated authentication information associated with a particular user, to determine a level of trust associated with the relying party, and to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. The delegated authentication information has the property that the user can be presently authenticated based on such information. The delegated authentication information may comprise, for example, at least one value derived from a one-time password or other authentication credential of the particular user.

Abstract: A proof of retrievability (POR) mechanism is applicable to a file for providing assurances of file possession to a requesting client by transmitting only a portion of the entire file. The client compares or examines validation values returned from predetermined validation segments of the file with previously computed validation attributes for assessing the existence of the file. Since the archive server does not have access to the validation function prior to the request, or challenge, from the client, the archive server cannot anticipate the validation values expected from the validation function. Further, since the validation segments from which the validation attributes, and hence the validation values were derived, are also unknown to the server, the server cannot anticipate which portions of the file will be employed for validation.