-
公开(公告)号:US20160248746A1
公开(公告)日:2016-08-25
申请号:US15052751
申请日:2016-02-24
申请人: Verisign, Inc.
发明人: Stephen D. JAMES , Andrew FREGLY , Andrew CATHROW
CPC分类号: G06F21/45 , H04L9/3247 , H04L9/3263 , H04L9/3268 , H04L61/1511 , H04L61/2015 , H04L61/3025 , H04L61/305 , H04L63/0823 , H04L67/04 , H04L67/12 , H04L67/16 , H04W4/70
摘要: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process. Reducing the time and effort required to perform security provisioning increases the number of devices likely to implement security processes that increase the overall security of interacting using the Internet.
摘要翻译: 在一个实施例中,安全提供服务自动建立设备中的信任。 在接收到供应请求时,安全性供应服务识别与供应请求相关联的验证项目。 安全提供服务基于供应请求执行一个或多个验证操作,以确定供应请求是否被授权。 如果供应请求被授权,则供应服务为安全供应服务确保的设备建立可验证的标识,然后执行供应请求。 通过自动执行验证操作以在设备中建立信任,供应服务消除了作为常规安全提供过程的一部分执行的手动识别保证操作。 减少执行安全性配置所需的时间和精力增加了可能实施安全过程的设备数量,从而增加了使用Internet进行互动的整体安全性。
-
2.发明申请公开(公告)号:US20160337181A1
公开(公告)日:2016-11-17
申请号:US15148990
申请日:2016-05-06
申请人: Verisign, Inc.
发明人: Andrew CATHROW , Andrew FREGLY , Stephen D. JAMES
CPC分类号: H04L41/0806 , H04L61/1511 , H04L61/1541 , H04L63/062 , H04L63/08 , H04L63/123 , H04L63/166 , H04L67/16
摘要: In one embodiment, a delegation engine automatically provisions a device connected to a network to securely identify and interact with external services. As a device boots in a deployment environment, the delegation engine generates a search domain name based on a manufacturer-supplied domain name and a domain name associated with the deployment environment. The delegation engine then searches a Domain Name System (DNS) to retrieve a delegation record stored at the search domain name. After verifying a manufacturer signature associated with the delegation record, the delegation engine configures the device based on service discovery information included in the delegation record. Because the delegation engine automates the provisioning process, the time required to provision devices is acceptable irrespective of the number of the devices. Further, because the delegation engine verifies the delegation record, the delegation engine does not expose the device to security risks during the provisioning process.
摘要翻译: 在一个实施例中,委托引擎自动地设置连接到网络的设备以安全地识别和与外部服务交互。 作为在部署环境中引导的设备,委托引擎将根据制造商提供的域名和与部署环境相关联的域名生成搜索域名。 然后,委托引擎搜索域名系统(DNS)以检索存储在搜索域名中的委托记录。 在验证与委托记录相关联的制造商签名之后,委托引擎基于委托记录中包含的服务发现信息配置设备。 由于授权引擎自动化配置过程,所以设置设备所需的时间是可以接受的,而不考虑设备的数量。 此外,由于委托引擎验证委托记录,所以委派引擎在配置过程中不会将设备暴露于安全风险。
-
公开(公告)号:US20200258507A1
公开(公告)日:2020-08-13
申请号:US16860372
申请日:2020-04-28
申请人: VERISIGN, INC.
IPC分类号: G10L15/18 , G06F16/955 , G06F3/16 , G10L15/193
摘要: In one embodiment, a domain-name based framework implemented in a digital assistant ecosystem uses domain names as unique identifiers for request types, requesting entities, responders, and target entities embedded in a natural language request. Further, the framework enables interpreting natural language requests according to domain ontologies associated with different responders. A domain ontology operates as a keyword dictionary for a given responder and defines the keywords and corresponding allowable values to be used for request types and request parameters. The domain-name based framework thus enables the digital assistant to interact with any responder that supports a domain ontology to generate precise and complete responses to natural language based requests.
-
4.发明申请公开(公告)号:US20220255910A1
公开(公告)日:2022-08-11
申请号:US17729883
申请日:2022-04-26
申请人: VeriSign, Inc.
摘要: Provided herein is a method for registering an IoT device with a DNS registry. The method can include obtaining, at a DNS server, an identifier, IP address, and a public key of an asymmetric key pair associated with the IoT device from a network gateway device that is in communication with the IoT device, wherein the asymmetric key pair is provisioned onto the IoT device and an associated private key stored within a memory of the IoT device at a time that IoT device is manufactured or during a predetermined time window after manufacturing; creating at least one DNS record for the IoT device; assigning a domain name associated with the internet protocol (“IP”) address to the IoT device; storing the identifier, IP address, the domain name, and the public key in the at least one DNS record; and providing confirmation of the registration to the IoT device.
-
公开(公告)号:US20190018951A1
公开(公告)日:2019-01-17
申请号:US16122722
申请日:2018-09-05
申请人: Verisign, Inc.
发明人: Stephen D. JAMES , Andrew FREGLY , Andrew CATHROW
摘要: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process. Reducing the time and effort required to perform security provisioning increases the number of devices likely to implement security processes that increase the overall security of interacting using the Internet.
-
-
-
-
搜索结果
5 条记录 (耗时 0.011 秒)
