公开(公告)号：US20170324724A1

公开(公告)日：2017-11-09

申请号：US15660237

申请日：2017-07-26

Applicant: VERISIGN, INC.

Inventor： David Smith ,  James Gould ,  Ramana Lavu ,  Deepak Deshpande

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/12

CPC classification number: H04L63/08 ,  H04L9/321 ,  H04L9/3247 ,  H04L61/1511 ,  H04L63/0853 ,  H04L63/123

Abstract: Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application.

公开(公告)号：US20150372822A1

公开(公告)日：2015-12-24

申请号：US14841080

申请日：2015-08-31

Applicant: VERISIGN, INC.

Inventor： David Smith ,  James Gould ,  Ramana Lavu ,  Deepak Deshpande

IPC: H04L9/32

CPC classification number: H04L63/08 ,  H04L9/321 ,  H04L9/3247 ,  H04L61/1511 ,  H04L63/0853 ,  H04L63/123

Abstract: Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application.

Abstract translation: 描述了用于执行DNSSEC签名的系统和方法，其中数字签名操作可以由被配置为与单独的客户端应用交互的网络可访问签名服务器来执行。 示例性方法可以包括在客户端应用程序的签名服务器处接收签名请求以签署第一数据。 签名服务器可以确定用于第一数据的活动KSK和/或活动ZSK。 然后，第一数据可以由签名服务器发送到数字签名模块，数字签名模块可以包括例如硬件支持模块或软件签名应用程序。 签名服务器可以从数字签名模块接收第一数据的数字签名版本，并将签名的第一数据提供给客户端应用。

公开(公告)号：US09749307B2

公开(公告)日：2017-08-29

申请号：US14841080

申请日：2015-08-31

Applicant: VERISIGN, INC.

Inventor： David Smith ,  James Gould ,  Ramana Lavu ,  Deepak Deshpande

IPC: H04L29/06 ,  H04L29/12 ,  H04L9/32

CPC classification number: H04L63/08 ,  H04L9/321 ,  H04L9/3247 ,  H04L61/1511 ,  H04L63/0853 ,  H04L63/123

Abstract: Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application.

公开(公告)号：US10158620B2

公开(公告)日：2018-12-18

申请号：US15660237

申请日：2017-07-26

Applicant: VERISIGN, INC.

Inventor： David Smith ,  James Gould ,  Ramana Lavu ,  Deepak Deshpande

IPC: H04L29/06 ,  H04L29/12 ,  H04L9/32

Abstract: Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application.