Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Domain name resolution method and domain name resolution device

A technology for domain name resolution and encrypted communication, applied in the field of domain name resolution methods and devices, can solve the problems of domain name access failure, access error, domain name hijacking, etc., and achieve the effect of improving security and avoiding the risk of domain name hijacking

Active Publication Date: 2019-03-01
BEIJING QIHOO TECH CO LTD
View PDF8 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, the inventor found in the process of implementing the present invention that the above-mentioned method in the prior art has at least the following defects: since the information transmission between the terminal device and the domain name resolution server is directly carried out in plain text, the problem of domain name hijacking is prone to occur. This leads to domain name access failure or attacks due to accessing the wrong domain name
For example, the attacker launches an attack between the terminal device and the domain name resolution server, and then maliciously replaces the DNS resolution result IP1 corresponding to domain name A with IP2, causing users to fail to access domain name A, or even access unsafe sites

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Domain name resolution method and domain name resolution device
  • Domain name resolution method and domain name resolution device
  • Domain name resolution method and domain name resolution device

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0067] In this example, the handshake verification between the client and the server is mainly based on the random numbers generated by both parties. The client only judges the integrity and legality of the certificate returned by the server, and does not verify whether the server's certificate public key is correct. Specifically include the following steps:

[0068] Step 1: The client generates a first random number, that is, the random number R1, and sends the random number R1 to the server through an encrypted communication request.

[0069] Step 2: The server obtains R1 according to the received encrypted communication request, saves R1 for subsequent use; and generates a second random number, that is, random number R2, and encrypts R2 and the server certificate (including the public key in the certificate) The communication response is sent to the client.

[0070] Step 3: After the client receives the encrypted communication response, it checks the server certificate con...

example 2

[0078] In this example, the client pre-stores the hash value (Hash value) Hp of the server certificate public key of the anti-hijacking DNS server (that is, the local certificate public key information mentioned above) in the application program in a hard-coded manner . Correspondingly, the client and the server not only realize the handshake verification based on the random numbers generated by both parties, but also further verify the identity of the server according to the locally stored certificate public key, which specifically includes the following steps:

[0079] Step 1: The client generates the first random number, that is, the random number R1, and then encrypts it with the Hash value Hp of the public key of the server certificate stored in a hard-coded manner, and obtains the ciphertext R1' corresponding to R1 (that is, the first encrypted random number number). In this embodiment, R1'=SHA256(R1||Hp), and the first encrypted random number R1' is sent to the server ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses a domain name resolution method and a domain name resolution device, wherein the domain name resolution method comprises the steps of: transmitting an encryption communication request to a preset domain name resolution server according to pre-stored local certificate public key information; receiving and obtaining a server certificate public key contained in an encryption communication response corresponding to the encryption communication request; performing handshake authentication with the server returning the encryption communication response according to the server certificate public key and the local certificate public key information; and when the authentication is passed, establishing an encryption communication connection with the server which returns the encryption communication response and obtaining a domain name resolution result through the encryption communication connection. Through adoption of the domain name resolution method of the invention, the encryption communication connection is utilized to perform communication in the communication process, thereby significantly improving security, and effectively avoiding the risk of domainname hijacking.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a domain name resolution method and device. Background technique [0002] Domain name resolution is a service that points the domain name to the web space IP, allowing users to easily access the website through the registered domain name. An IP address is a numerical address that identifies a site on the network. For the convenience of memory, a domain name is used instead of an IP address to identify a site address. Domain name resolution is the process of converting a domain name to an IP address. Usually, the domain name resolution work is completed by a DNS (Domain Name System, domain name system) server, also called a domain name resolution server. In the prior art, a terminal device sends a domain name resolution request to a domain name resolution server allocated by an operator, so as to obtain a domain name resolution result. Moreover, the information transmission b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0428H04L63/0823H04L63/083H04L63/1441H04L61/4511
Inventor 李鹤仙曹阳
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com