A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
3.
AUTOMATED AUTHENTICATION AND AUTHORIZATION IN A COMMUNICATION SYSTEM
An application-operating organization may delegate a third-party server to serve as an automated contextual authentication responder and an authorization responder. The third-party server may manage a delegated section of the organization's namespace that includes the public identities of various devices controlled by the organization. The third-party server may also dynamically generate interaction control list that is tailored to a requesting device's context based on the interaction control policies set forth by the organization. The interaction control list may include information that determines the authorization of the requesting device to interact with another device. The third-party server may also automatically determine the role of a new device to which existing policies are inapplicable and provide guided workflow for the organization to set up new interaction control policies in governing the new device. The determination of the roles of devices may be based on an iterative process using external data sources.
A computing server may receive an authorization from a domain owner to gain access to email data of the domain owner. The email data may be hosted by a mailbox service provider on behalf of the domain owner. The computing server may determine email protocol check results of the email data retrieved from the mailbox service provider. The computing server may determine that a sender has a number of failed emails in the email data that fail the email protocol check. The computing server may identify, from the email data, one or more recipients of the domain owner to whom the failed emails intend to be sent. The computing server may notify the domain owner regarding information about the one or more recipients.
Embodiments relate to systems for the distribution of payload in a secure manner. A server may receive a query from a device that includes a subscriber identifier. The server may determine, from confidential information stored, an association between the subscriber identifier and a public key of the device. The server may retrieve the public key of the device. The server may generate a data payload as a response to the query. The server may encrypt the data payload by a symmetric key that is generated randomly. The server may encrypt the symmetric key by the public key of the device. The server may transmit the data payload and the symmetric key that are encrypted to the device for the device to use a private key corresponding to the public key to decrypt the symmetric key and use the symmetric key to decrypt the data payload.
A computing server may receive an authorization from a domain owner to gain access to email data of the domain owner. The email data may be hosted by a mailbox service provider on behalf of the domain owner. The computing server may determine email protocol check results of the email data retrieved from the mailbox service provider. The computing server may determine that a sender has a number of failed emails in the email data that fail the email protocol check. The computing server may identify, from the email data, one or more recipients of the domain owner to whom the failed emails intend to be sent. The computing server may notify the domain owner regarding information about the one or more recipients.
A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.
A computing server may receive an authorization from a domain owner to gain access to email data of the domain owner. The email data may be hosted by a mailbox service provider on behalf of the domain owner. The computing server may determine email protocol check results of the email data retrieved from the mailbox service provider. The computing server may determine that a sender has a number of failed emails in the email data that fail the email protocol check. The computing server may identify, from the email data, one or more recipients of the domain owner to whom the failed emails intend to be sent. The computing server may notify the domain owner regarding information about the one or more recipients.
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
A third-party server may maintain a list of named entity devices that belong to one or more roles in an application environment. The server may receive an authorization query from a policy consuming device. The authorization query may include an identity of a particular named entity device which sent a message to the policy consuming device and contextual metadata associated with the message. The server may determine that the particular named entity device belongs to one of the roles and filter the list based on the contextual metadata. The server may generate an interaction control list that includes the filtered list and transmit the interaction control list to the policy consuming device as a response to the authorization query. The interaction control list causes the policy consuming device to react to the message based on the interaction control list.
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
12.
ENTITY-SEPARATED EMAIL DOMAIN AUTHENTICATION FOR KNOWN AND OPEN SIGN-UP DOMAINS
An email validation system receives an email validation request from a requestor to validate an email, the email validation request indicating at least a sender domain indicating a domain of the sender of the email. The email validation system determines whether the sender domain is in a whitelist of known domains, wherein a known domain is a domain that is linked to an organization whose provenance is known, such that it can be linked to an identifiable entity in the real world. The email validation system generates, in response to determining that the sender domain is not in the list of known domains, a message indicating that the email is not valid. The email validation system generates, in response to determining that the sender domain is in the list of known domains, the message indicating that the email is valid, and transmits the message to the requestor.
H04L 51/212 - Surveillance ou traitement des messages utilisant un filtrage ou un blocage sélectif
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
13.
AUTOMATED DEVICE DISCOVERY AND WORKFLOW ENRICHMENT
A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projetsPlanification d’entreprise ou d’organisationModélisation d’entreprise ou d’organisation
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
16.
Authentication of email senders via authorizing DNS server
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
17.
Automated device discovery and workflow enrichment
A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
Embodiments relate to a system that may include a third-party server and a domain name system (DNS). The third-party server may be configured to receive a request for a credential from a named entity device for the named entity device to communicate with an application programming interface (API). The API may be associated with a domain. The third-party server may obtain the credential from the API. The third-party server may encrypt the credential with a public key corresponding to the named entity device to generate an encrypted credential. The DNS may be configured to receive the encrypted credential and publish a DNS record at a namespace of the DNS, the DNS record containing the encrypted credential for the named entity device to retrieve the credential. The named entity device may decrypt the encrypted credential by the private key stored at the device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 67/133 - Protocoles pour les appels de procédure à distance [RPC]
20.
Automated authentication and authorization in a communication system
An application-operating organization may delegate a third-party server to serve as an automated contextual authentication responder and an authorization responder. The third-party server may manage a delegated section of the organization's namespace that includes the public identities of various devices controlled by the organization. The third-party server may also dynamically generate interaction control list that is tailored to a requesting device's context based on the interaction control policies set forth by the organization. The interaction control list may include information that determines the authorization of the requesting device to interact with another device. The third-party server may also automatically determine the role of a new device to which existing policies are inapplicable and provide guided workflow for the organization to set up new interaction control policies in governing the new device. The determination of the roles of devices may be based on an iterative process using external data sources.
A third-party server may maintain a list of named entity devices that belong to one or more roles in an application environment. The server may receive an authorization query from a policy consuming device. The authorization query may include an identity of a particular named entity device which sent a message to the policy consuming device and contextual metadata associated with the message. The server may determine that the particular named entity device belongs to one of the roles and filter the list based on the contextual metadata. The server may generate an interaction control list that includes the filtered list and transmit the interaction control list to the policy consuming device as a response to the authorization query. The interaction control list causes the policy consuming device to react to the message based on the interaction control list.
Embodiments relate to systems for generating identity records (e.g., authentication certificates) at a server for validating broadcast messages. The server may receive a request to generate an identity record, where the request may include a public key of a named entity device that is configured to broadcast messages. The server may generate the identity record using the private key of the server and transmit the generated certificate to a namespace server for storage. A policy consuming device configured to receive a broadcast message, which may be signed using the private key of the named entity device, subsequently accesses the namespace server for the identity record including the public key of the named entity device. The policy consuming device validates the authentication certificate using the server's public key and validates the broadcast message using the named entity device's public key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Embodiments relate to systems for generating identity records (e.g., authentication certificates) at a server for validating broadcast messages. The server may receive a request to generate an identity record, where the request may include a public key of a named entity device that is configured to broadcast messages. The server may generate the identity record using the private key of the server and transmit the generated certificate to a namespace server for storage. A policy consuming device configured to receive a broadcast message, which may be signed using the private key of the named entity device, subsequently accesses the namespace server for the identity record including the public key of the named entity device. The policy consuming device validates the authentication certificate using the server's public key and validates the broadcast message using the named entity device's public key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G01S 19/14 - Récepteurs spécialement adaptés pour des applications spécifiques
Embodiments relate to systems for distribution of cryptographic keys generated with high quality entropy on to new or configurable devices using a centralized entropy provider located at a server and a provisioning device that communicates between the server and the configurable devices. The server may receive a request from a provisioning device for a cryptographic keypair. For example, the provisioning device may be physically connected to a configurable device for bootstrapping and requests the identity keys to install on to the configurable device. The server generates the cryptographic keypair having newly generated public and private keys for the configurable device. The server encrypts the newly generated keypair (e.g., in the form of a private key and a certificate having the public key) using the public key of the provisioning device and transmits the encrypted keypair to the provisioning device for decryption and installation on to the configurable device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
25.
AUTOMATED AUTHENTICATION AND AUTHORIZATION IN A COMMUNICATION SYSTEM
An application-operating organization may delegate a third-party server to serve as an automated contextual authentication responder and an authorization responder. The third-party server may manage a delegated section of the organization's namespace that includes the public identities of various devices controlled by the organization. The third-party server may also dynamically generate interaction control list that is tailored to a requesting device's context based on the interaction control policies set forth by the organization. The interaction control list may include information that determines the authorization of the requesting device to interact with another device. The third-party server may also automatically determine the role of a new device to which existing policies are inapplicable and provide guided workflow for the organization to set up new interaction control policies in governing the new device. The determination of the roles of devices may be based on an iterative process using external data sources.
A third-party server may maintain a list of named entity devices that belong to one or more roles in an application environment. The server may receive an authorization query from a policy consuming device. The authorization query may include an identity of a particular named entity device which sent a message to the policy consuming device and contextual metadata associated with the message. The server may determine that the particular named entity device belongs to one of the roles and filter the list based on the contextual metadata. The server may generate an interaction control list that includes the filtered list and transmit the interaction control list to the policy consuming device as a response to the authorization query. The interaction control list causes the policy consuming device to react to the message based on the interaction control list.
An application-operating organization may delegate a third-party server to serve as an automated contextual authentication responder and an authorization responder. The third-party server may manage a delegated section of the organization's namespace that includes the public identities of various devices controlled by the organization. The third-party server may also dynamically generate interaction control list that is tailored to a requesting device's context based on the interaction control policies set forth by the organization. The interaction control list may include information that determines the authorization of the requesting device to interact with another device. The third-party server may also automatically determine the role of a new device to which existing policies are inapplicable and provide guided workflow for the organization to set up new interaction control policies in governing the new device. The determination of the roles of devices may be based on an iterative process using external data sources.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Embodiments relate to systems for distribution of cryptographic keys generated with high quality entropy on to new or configurable devices using a centralized entropy provider located at a server and a provisioning device that communicates between the server and the configurable devices. The server may receive a request from a provisioning device for a cryptographic keypair. For example, the provisioning device may be physically connected to a configurable device for bootstrapping and requests the identity keys to install on to the configurable device. The server generates the cryptographic keypair having newly generated public and private keys for the configurable device. The server encrypts the newly generated keypair (e.g., in the form of a private key and a certificate having the public key) using the public key of the provisioning device and transmits the encrypted keypair to the provisioning device for decryption and installation on to the configurable device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
29.
Interaction control list determination and device adjacency and relative topography
A third-party server may maintain a list of named entity devices that belong to one or more roles in an application environment. The server may receive an authorization query from a policy consuming device. The authorization query may include an identity of a particular named entity device which sent a message to the policy consuming device and contextual metadata associated with the message. The server may determine that the particular named entity device belongs to one of the roles and filter the list based on the contextual metadata. The server may generate an interaction control list that includes the filtered list and transmit the interaction control list to the policy consuming device as a response to the authorization query. The interaction control list causes the policy consuming device to react to the message based on the interaction control list.
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
Embodiments relate to systems for the distribution of payload in a secure manner. A server may receive a query from a device that includes a subscriber identifier. The server may determine, from confidential information stored, an association between the subscriber identifier and a public key of the device. The server may retrieve the public key of the device. The server may generate a data payload as a response to the query. The server may encrypt the data payload by a symmetric key that is generated randomly. The server may encrypt the symmetric key by the public key of the device. The server may transmit the data payload and the symmetric key that are encrypted to the device for the device to use a private key corresponding to the public key to decrypt the symmetric key and use the symmetric key to decrypt the data payload.
Embodiments relate to systems for the distribution of payload in a secure manner. A server may receive a query from a device that includes a subscriber identifier. The server may determine, from confidential information stored, an association between the subscriber identifier and a public key of the device. The server may retrieve the public key of the device. The server may generate a data payload as a response to the query. The server may encrypt the data payload by a symmetric key that is generated randomly. The server may encrypt the symmetric key by the public key of the device. The server may transmit the data payload and the symmetric key that are encrypted to the device for the device to use a private key corresponding to the public key to decrypt the symmetric key and use the symmetric key to decrypt the data payload.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 16/953 - Requêtes, p. ex. en utilisant des moteurs de recherche du Web
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Embodiments relate to a system that may include a third-party server and a domain name system (DNS). The third-party server may be configured to receive a request for a session token from a named entity device for the named entity device to communicate with an application programming interface (API). The API may be associated with a domain. The third-party server may obtain the session token from the API. The third-party server may encrypt the session token with a public key corresponding to the named entity device to generate an encrypted session token. The DNS may be configured to receive the encrypted session token and publish a DNS record at a namespace of the DNS, the DNS record containing the encrypted session token for the named entity device to retrieve the session token. The named entity device may decrypt the encrypted session token by the private key stored at the device.
Embodiments relate to a system that may include a third-party server and a domain name system (DNS). The third-party server may be configured to receive a request for a session token from a named entity device for the named entity device to communicate with an application programming interface (API). The API may be associated with a domain. The third-party server may obtain the session token from the API. The third-party server may encrypt the session token with a public key corresponding to the named entity device to generate an encrypted session token. The DNS may be configured to receive the encrypted session token and publish a DNS record at a namespace of the DNS, the DNS record containing the encrypted session token for the named entity device to retrieve the session token. The named entity device may decrypt the encrypted session token by the private key stored at the device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
A delivering email system is configured to receive a request to send an email to a recipient, identify an authentication method of a sender account for the email, modify email headers of the email to include an indication of the authentication method, generate digital signatures for the email that include the email headers within a scope of the digital signatures, modify the email such that an email header of the email includes the digital signatures, and transmit the email, including the indication of the authentication method and the digital signatures, to the recipient at a receiving email system. The receiving email system is configured to receive the email, determine that the email headers are unaltered by validating the digital signatures against a public key of the sender domain, determine whether the authentication method indicated meets a criteria, and execute a security response against the email if not.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p. ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Software as a service (SAAS); design and development of computer software; computer security services; cloud computing services; design and development of software for cloud computing; rental of cloud computing software; providing temporary use of online non-downloadable cloud computing software; providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protecting, email authentication and visibility into cloud-based email issues; rental of cloud computing software for providing improved deliverability of email services, anti-phishing protecting, email authentication and visibility into cloud-based email issues; computer security services in the nature of providing user authentication for data and email security; computer services, namely, detecting, blocking and automating the removal of computer network intrusions, viruses and threats, encrypting and authenticating data, preventing data-loss, recovering data, securing networks and emails, and detecting, filtering, analysing, managing and blocking electronic communications; computer services, namely filtering of unwanted e-mails; online services, namely technical support services in the fields of computer, data, email, web and network security; monitoring of network and email systems for technical and computer security purposes; Software as a service (SAAS), namely, hosting software for use by others for detecting, blocking, and automating the removal of computer network and email intrusions, malware, viruses and threats, encrypting and authenticating data, preventing data-loss, recovering data, securing networks, and detecting, filtering, analyzing, managing and blocking electronic communications; Software as a service (SAAS), namely software that provides monitoring, analysis, auditing, user behaviour analytics, security forensics, risk and data management, data loss prevention, cloud data protection and threat detection, as well as classifying, reporting and securing sensitive information on computers and mobile applications and platforms, and presenting such sensitive information in a user interface; Software as a service (SAAS), namely, hosting software for use by others for data and email security purposes by providing authentication; computer security services, namely, enforcing, restricting and controlling access privileges of users of cloud computing resources based on assigned credentials; computer security services, namely, restricting access to and by computer networks to and of undesired websites and media; computer virus protection services; monitoring of computer systems for security purposes; providing security threat management systems, namely, monitoring and tracking of security vulnerabilities and problems in computer software and email products, the Internet, and computer networks; computer network, email and Internet security services; providing information in the field of computer network, email and Internet security.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
38.
Signed message header storing sender account authentication method
A delivering email system is configured to receive a request to send an email to a recipient, identify an authentication method of a sender account for the email, modify email headers of the email to include an indication of the authentication method, generate digital signatures for the email that include the email headers within a scope of the digital signatures, modify the email such that an email header of the email includes the digital signatures, and transmit the email, including the indication of the authentication method and the digital signatures, to the recipient at a receiving email system. The receiving email system is configured to receive the email, determine that the email headers are unaltered by validating the digital signatures against a public key of the sender domain, determine whether the authentication method indicated meets a criteria, and execute a security response against the email if not.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
An email validation system receives an email validation request from a requestor to validate an email, the email validation request indicating at least a sender domain indicating a domain of the sender of the email. The email validation system determines whether the sender domain is in a whitelist of known domains, wherein a known domain is a domain that is linked to an organization whose provenance is known, such that it can be linked to an identifiable entity in the real world. The email validation system generates, in response to determining that the sender domain is not in the list of known domains, a message indicating that the email is not valid. The email validation system generates, in response to determining that the sender domain is in the list of known domains, the message indicating that the email is valid, and transmits the message to the requestor.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
40.
Entity-separated email domain authentication for known and open sign-up domains
An email validation system receives an email validation request from a requestor to validate an email, the email validation request indicating at least a sender domain indicating a domain of the sender of the email. The email validation system determines whether the sender domain is in a whitelist of known domains, wherein a known domain is a domain that is linked to an organization whose provenance is known, such that it can be linked to an identifiable entity in the real world. The email validation system generates, in response to determining that the sender domain is not in the list of known domains, a message indicating that the email is not valid. The email validation system generates, in response to determining that the sender domain is in the list of known domains, the message indicating that the email is valid, and transmits the message to the requestor.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 51/00 - Messagerie d'utilisateur à utilisateur dans des réseaux à commutation de paquets, transmise selon des protocoles de stockage et de retransmission ou en temps réel, p. ex. courriel
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
41.
Centralized validation of email senders via EHLO name and IP address targeting
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud
computing software for providing improved deliverability of
email services, anti-phishing protection, email
authentication and visibility into cloud-based email issues.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
54.
Centralized validation of email senders via EHLO name and IP address targeting
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
A third party system generates a public-private key pair, the public key of the key pair being an encryption key, and the private key of the key pair being a decryption key. The third party system publishes the encryption key as a DNS record of a third party system. The third party system receives a request to sign a message on behalf of a domain owner, the message to be sent to a recipient, and accesses an encrypted delegated private key published by the domain owner via a DNS record of the domain owner, the encrypted delegated private key encrypted using the encryption key. The third party system decrypts the encrypted delegated private key using the decryption key, and generates a signature for the message using the delegated private key. The third party system sends the signature and the message to the recipient.
H04L 9/36 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité avec des moyens pour détecter des caractères non destinés à la transmission
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
56.
Secure and delegated distribution of private keys via domain name service
A third party system generates a public-private key pair, the public key of the key pair being an encryption key, and the private key of the key pair being a decryption key. The third party system publishes the encryption key as a DNS record of a third party system. The third party system receives a request to sign a message on behalf of a domain owner, the message to be sent to a recipient, and accesses an encrypted delegated private key published by the domain owner via a DNS record of the domain owner, the encrypted delegated private key encrypted using the encryption key. The third party system decrypts the encrypted delegated private key using the decryption key, and generates a signature for the message using the delegated private key. The third party system sends the signature and the message to the recipient.
H04L 9/36 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité avec des moyens pour détecter des caractères non destinés à la transmission
H04L 29/12 - Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes caractérisés par le terminal de données
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
57.
Centralized validation of email senders via EHLO name and IP address targeting
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
59.
SECURE AND DELEGATED DISTRIBUTION OF PRIVATE KEYS VIA DOMAIN NAME SERVICE
A third party system generates a public-private key pair, the public key of the key pair being an encryption key, and the private key of the key pair being a decryption key. The third party system publishes the encryption key as a DNS record of a third party system. The third party system receives a request to sign a message on behalf of a domain owner, the message to be sent to a recipient, and accesses an encrypted delegated private key published by the domain owner via a DNS record of the domain owner, the encrypted delegated private key encrypted using the encryption key. The third party system decrypts the encrypted delegated private key using the decryption key, and generates a signature for the message using the delegated private key. The third party system sends the signature and the message to the recipient.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud
computing software for providing improved deliverability of
email services, anti-phishing protection, email
authentication and visibility into cloud-based email issues.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing temporary use of on-line non-downloadable cloud computing software for providing improved deliverability of email services, anti-phishing protection, email authentication and visibility into cloud-based email issues
63.
CENTRALIZED VALIDATION OF EMAIL SENDERS VIA EHLO NAME AND IP ADDRESS TARGETING
A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.
H04L 51/04 - Messagerie en temps réel ou quasi en temps réel, p. ex. messagerie instantanée [IM]
H04L 51/212 - Surveillance ou traitement des messages utilisant un filtrage ou un blocage sélectif
H04L 61/30 - Gestion des noms de réseau, p. ex. utilisation d'alias ou de surnoms
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
64.
AUTOMATED EMAIL PROTOCOL ANALYZER IN A PRIVACY-SAFE ENVIRONMENT
A computing server may receive an authorization from a domain owner to gain access to email data of the domain owner. The email data may be hosted by a mailbox service provider on behalf of the domain owner. The computing server may determine email protocol check results of the email data retrieved from the mailbox service provider. The computing server may determine that a sender has a number of failed emails in the email data that fail the email protocol check. The computing server may identify, from the email data, one or more recipients of the domain owner to whom the failed emails intend to be sent. The computing server may notify the domain owner regarding information about the one or more recipients.
A third party system generates a public-private key pair, the public key of the key pair being an encryption key, and the private key of the key pair being a decryption key. The third party system publishes the encryption key as a DNS record of a third party system. The third party system receives a request to sign a message on behalf of a domain owner, the message to be sent to a recipient, and accesses an encrypted delegated private key published by the domain owner via a DNS record of the domain owner, the encrypted delegated private key encrypted using the encryption key. The third party system decrypts the encrypted delegated private key using the decryption key, and generates a signature for the message using the delegated private key. The third party system sends the signature and the message to the recipient.
An application-operating organization may delegate a third-party server to serve as an automated contextual authentication responder and an authorization responder. The third-party server may manage a delegated section of the organization's namespace that includes the public identities of various devices controlled by the organization. The third-party server may also dynamically generate interaction control list that is tailored to a requesting device's context based on the interaction control policies set forth by the organization. The interaction control list may include information that determines the authorization of the requesting device to interact with another device. The third-party server may also automatically determine the role of a new device to which existing policies are inapplicable and provide guided workflow for the organization to set up new interaction control policies in governing the new device. The determination of the roles of devices may be based on an iterative process using external data sources.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
