WO2012083314A2 - A computer system - Google Patents

A computer system Download PDF

Info

Publication number
WO2012083314A2
WO2012083314A2 PCT/US2012/023706 US2012023706W WO2012083314A2 WO 2012083314 A2 WO2012083314 A2 WO 2012083314A2 US 2012023706 W US2012023706 W US 2012023706W WO 2012083314 A2 WO2012083314 A2 WO 2012083314A2
Authority
WO
WIPO (PCT)
Prior art keywords
domain name
ethical
top level
applicant
criterion
Prior art date
Application number
PCT/US2012/023706
Other languages
French (fr)
Other versions
WO2012083314A3 (en
Inventor
Stuart O. Goldman
Karl F. Rauscher
Original Assignee
Goldman Stuart O
Rauscher Karl F
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Goldman Stuart O, Rauscher Karl F filed Critical Goldman Stuart O
Priority to PCT/US2012/023706 priority Critical patent/WO2012083314A2/en
Publication of WO2012083314A2 publication Critical patent/WO2012083314A2/en
Publication of WO2012083314A3 publication Critical patent/WO2012083314A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • H04L61/302Administrative registration, e.g. for domain names at internet corporation for assigned names and numbers [ICANN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/30Types of network names
    • H04L2101/355Types of network names containing special suffixes

Definitions

  • the present invention relates to a computer system.
  • Embodiments of the invention described herein address this issue.
  • embodiments of the present inventiondonot actually prevent (or actively attempt to prevent) a cyberspace attack by a belligerent party.
  • Embodiments of the invention relate to an emblem forming part of a domain name that alerts parties about the nature of the intended target.
  • the emblem may be the TLD (top level domain name) or a so-called super TLD as explained further below.
  • the belligerent party has the opportunity to then decide, in view of the emblem or particular domain name, what action to take or not to take. It is envisaged that, by clearly indicating the nature of an intended target in its domain name, that at least some belligerent parties will decide to take no hostile action.
  • the public knowledge that a rigorous vetting process is applied on an applicant for an emblem in the form of a particular domain name is directly correlated with the success of the concept implementation.
  • TLD The difficulty of making a safe harbor emblem in cyberspace in the form of a particular TLD is exacerbated by the large number of TLDs currently in use.
  • the ICANN The Internet Corporation for Assigned Names and Numbers
  • a TLD is a domain at the highest level in the Internet's hierarchical Domain Name System, which effectively translates host names (easy for people to read) to IP (internet protocol) addresses (easy for computers to read).
  • IP Internet protocol
  • a TLD is the last part of the domain name string, that is, the last label of a fully qualified domain name, for example, in the domain name www.test.com, the top-level domain is com.
  • top level domains may give an appearance of a grouping of entities that should not be attacked, but may not be vetted (so anyone can obtain a URL within that top level domain) or the vetting may be based on criteria established only for that domain and thus the extension may be being used by entities that would not be afforded protection under particular ethical criteria (for example, a hospital that does research on chemical warfare weapons, or a church dedicated to Satin.).
  • Other top level domains such as .gov contain both military as well as humanitarian entities so the humanitarian entities would not be identified easily for protection under any particular ethical criteria.
  • Embodiments of the present invention cut across all of the URLs and can be viewed as providing a new level above top level domain name (or super TLD) for the attacker to avoid.
  • the selected level above top level domain name may be unique. That is to say, the level above top level domain name may be identical for all URLs comprising the level above top level domain name. For example, the only level above the top level domain name may be +++. Any entity with this one, unique extension has, in the example described below, met a vigorous vetting process against a publicly posted criteria and thus should not be attacked.
  • a side benefit to both the entities and the public is that any URL within the top level domain or super TLD (or indeed other emblem or identifier) has a degree of legitimacy established by the public knowing that they had been vetted.
  • a charity with such a URL could benefit from greater donations from a public assured that the charity was not a scam of some sort as well as being an indication to discourage cyberspace attack.
  • Any entity could have a URL with a current or future top level domain name followed by a unique super top level domain name embodying the present invention, for example, joe.goodguy.gov.+++ (+++ is being used as one example of the unique super top level domain.
  • the actual designation would be coordinated with ICANN.). It is expected that the first entity with the marker would be recognized at deserving protection while
  • an embodiment of the invention is a super top level domain that is added to the URLs of entities that pass a vetting process.
  • the prior art is the promotion of a proliferation of top level domains rather than a unique super top level domain covering the others for those entities deserving of protection from attack.
  • the application includes information regarding an ethical criterion or ethical criteria of the applicant.
  • the information regarding the ethical criterion or ethical criteria is compared against predetermined publically posted ethical criterion or ethical criteria; such that if the information, once confirmed, meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer and is propagated within the Internet routing function entities.
  • the domain name may include a level above top level domain name. The level above top level domain name may be identical for all applicants.
  • a computer system comprising one or more computers on a network, the one or more computers being configured to: receive an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant;
  • the domain name may include a top level domain name.
  • the top level domain name may be identical for all applicants.
  • the domain name may include a level above top level domain name.
  • the level above top level domain name may be identical for all applicants.
  • the domain name may include a domain name extension.
  • the domain name extension may be identical for all applicants.
  • the ethical criteria comprise one or more from the list comprising: a list of publicly posted necessary attributes, such as an entity performs charitable work; a list of publicly posted fatal attributes, such as that the entity distributes weapons.
  • a computer system comprising: computers on a network, a part of one or more of the computers forming an Internet resource, the Internet resource being identifiable by a URL, the URL containing a level above top level domain name.
  • this arrangement forms a new top level domain name for translation purposes.
  • the level above top level domain name may be identical for all URLs comprising the level above top level domain name.
  • a computerized method of registering a domain name comprising: receiving an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant; comparing the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
  • a computerized method comprising: a part of one or more computers on a network forming an Internet resource, identifying the Internet resource by a URL, the URL containing a level above top level domain name.
  • a computer readable medium comprising a computer program for carrying out the method of: receiving an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant; comparing the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
  • a computer readable medium comprising a computer program for carrying out the method of: identifying an Internet resource identifiable by a URL, the URL containing a level above top level domain name.
  • Figure 1 is a schematic diagram illustrating an embodiment of the present invention
  • Figures 2A and 2B are a flow diagram illustrating the embodiment of Figure 1.
  • a super top level domain for example, ".+++” in a domain name www.test.com.+++, that is to say, a level above top level domain name.
  • a computer system including computers on a network, in which a part of one or more of the computers forms an Internet resource.
  • the Internet resource is identifiable by a URL(URL is uniform or universal resource locator that is a string of characters that forms a reference to an Internet resource) and the URL has a level above top level domain name.
  • embodiments of the invention could have a special emblem or identifier in any portion of the domain name, such as the TLD, for example, www.test.+++ (e.g. ".+++” in place of the usual TLD ".com” or “.org”).
  • the +++ marker or identifier (+++ is an example, other emblems or identifiers could be used) would then be made available to entities that pass a rigorous vetting process. These vetted entities would be granted a second level domain name within the protected top level domain or super top level domain. The marker would then be recognized by 'belligerents' or attackers enabling them to discriminate amongst all potential targets. Clear and credible identification of deserving and properly vetted entities would lead to avoidance or at least reduction of attacks against such
  • an international not-for-profit, philanthropic organization would do the initial vetting of second level applicants and also provide all the supporting services and structures to make the initiative viable and effective on an on-going basis.
  • a rigorous vetting process is directly correlated with the success of the concept implementation.
  • the protection provided by the "+++" marker (or other distinct symbol or identifier) and the supporting work of the entity would cover, for example, websites, computers, servers, email accounts, IP-based communications (IP is internet protocol) and the countless devices that will be networked in the years to come.
  • IP internet protocol
  • the +++ marker would not only be used to dissuade potential attackers. It could also reduce collateral damage caused by everyday spam, worms and viruses.
  • the first of these critical differences between cyber domain and 'physical' domains is the difficulty to ascertain the true identity of an attacker.
  • the consequent lack of accountability renders inoperative the fear of physical retaliation and/or public opprobrium both which deters belligerents in the physical world.
  • the second difference is that major sources of belligerent acts are as likely to be non-nation-state as nation-state.
  • the design of the entity organization has to take into account these critical differences if it is to operate with consequential effect.
  • the first response to these major differences between the four 'physical' domains and the man-made, cyber can be viewed as organizational.
  • the difficulty in identification of an attacker is to include as members of the organization who administer the emblem or domain name, important cyber organizations in major countries. This inclusion would ensure, it is believed, at least some measure, perhaps significant, of localized support against local sources of hacking, which may not be available at an international level whatever conventions entered into.
  • the example entity would not only obtain and manage the new TLD or super TLD, for example, that is, provide initial vetting and registration of applicants and ongoing monitoring of applicants' use of the TLD. It would also support members of the cyber community with special services to help them optimize the protection being provided.
  • a particular domain name or URL extension is allocated based on a self declaration by an applicant, which can be carried out entirely by computer over the Internet.
  • This simple self declaration without validation, leads to the addition of an agreed upon extension to the applicant's current URL (for exampleasite.com/nsz) where /nsz is the emblem forming the extension to the URL (nsz is an acronym for no strike zone).
  • This scheme provides a label, but an attacker can ignore the label and attack the site regardless. This methodology does not require any changes to the Internet and can be accomplished with little cost and inconvenience. A consensus attacker looking at the URL would see the extension and may opt for not attacking this site. If the attacker was using resolved IP addresses then a reverse look up could be employed to provide the URLs which can then be examined.
  • a dedicated domain is allocated to an applicant with the requirement of registration and qualification (for example asite@nsz) where nsz is the emblem forming the indication of the dedicated domain.
  • This method provides a label that has been validated by the DNS (domain name system) registration process to meet the agreed upon criteria for qualifying for the status of the protected entity.
  • DNS domain name system
  • This approach requires creation and maintenance of such a new generic top level domain (or super top level domain), and will imply incurring respective costs, as well as the administrative costs associated with the qualification of requests for registration.
  • the qualified sites would incur the inconvenience of changing their current URL to a new one and addressing the continued use of their prior non-protected URL.
  • the consensus attacker would have more faith that this is a valid URL over that of a self declaration. If the attacker was using resolved IP addresses then a reverse look-up could be employed to provide the URL.
  • This scheme provides a label but an attacker can ignore the label and attack the site regardless.
  • a separate net or computer network within the Internet is provided so that the IP addresses are in a block and can be so identified.
  • nsz is used to stand for "no strike zone" as the emblem or identifier. Any other currently vacant designation could be agreed upon to be used. While the simplest implementation is to have one or a unique designation, if there is a need for differentiation, then multiple or a plurality of labels could be used. The more labels used results in the ability to select which categories not to attack but at the penalty of a more complex determination algorithm simply because of the number of terms to consider.
  • the proposed emblem does not actually prevent it from being attacked by a belligerent party. All the emblem does is alert the parties about the nature of the intended target. The belligerent party must then decide what action to take or not to take. Depending on the scheme selected, the application of the emblem may be diluted if there are no controls on who may use it or the scheme may become so burdensome that it is not followed.
  • the computer system 100 includes a user terminal or computer 102, such as a server complex, personal computer (PC) or laptop computer on which a vetting process is carried out. While only a single user terminal of this type is illustrated, more than one may be provided.
  • the user terminal is connected to the Internet or other network 104.
  • the Internet includes a computer or computers106 in the form of a server or servers. These have software loaded on them that provide a website to other user terminals or computers, such as a personal computer (PC) or laptop computer108 for applying for use of a domain name including the unique top level domain name described above. While only a single user terminal of this type is illustrated, more than one may be provided.
  • FIGS 2A and 2B illustrate the functions carried out by the computers 102,106,108 of Figure 1 as a flowchart 200.
  • a website is created on the server 106.
  • the website provides an interface on which a user of the user terminal 108 of Figure 1 is presented with questions as part of the vetting process for domain name including the unique top level domain name. The user may answer these questions, by using a keyboard or touch screen device, for example.
  • step criterion or criteria and, in particular, ethical criterion or criteria are developed such that meeting the criterion or all of the criteria an entity or user is afforded a URL within the unique top level domain, or failing any of the criteria the entity be denied such a URL.
  • This criterion or criteria are typically developed by an organisation likely to be considered trustworthy or honorable to a potential cyber attacker as explained above.
  • step 206 these criteria are publicly postedon the website maintained on the servers 106 and displayed on the user device (or devices) 108. In this way, all interested parties can see the criteria.
  • step 208 these criteria are reviewed or revised periodically based on feedback from interested partiesor based on events, such as a website including an allocated unique top level domain being cyber attacked.
  • step 210 a software portal on the website maintained on the server or servers 106 allows any potential applicant or user to enter answers to a series of questions on their terminal 108.
  • the server receives an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant.
  • the ethical criteria may include for example a list of publicly posted necessary attributes, such as that the applicant entity performs charitable work and/or a list of publicly posted fatal attributes, such as that the applicant entity distributes weapons.
  • the servers carry out a real-time check and rejectan application that clearly fails one or more pre-determined criteria.
  • the server compares the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria.
  • steps 212 applications that pass this real-time check or accepted applications are passed by the server to another user terminal 102 on which a vetting process is carried out.
  • Each accepted application is reviewed by staff using the user terminal (a plurality of user terminals or computers may be used) to confirm (and also by a variety of means including manual investigation) that the information submitted by an applicant is true.
  • step 212 the applicant may be contacted, for example, by e-mail initiated from the user terminal or computer 102, regarding any concerns and the applicant will have an opportunity to resolve any issues.
  • step 216 once a successful applicant is identified by the vetting process, a signal is sent from the vetting terminal or computer 102 to the server (or servers) 106 maintaining the website, typically by initiation of a user of the vetting process terminal selecting an button appropriate button with a mouse or other pointing device of the terminal. On receipt of the signal, the website is updated and this is reflected by the display of the applicant's user terminal 108 allowing a user or applicant to select a domain name within the unique top level domain.
  • step 218 software on the server determines if that domain is already taken. If the domain is taken, at the next step, step 220, the applicant is given an opportunity to attempt to select another domain name using their user terminal 108. Once a domain name is selected, as shown at the next step, step 222, it is screened by appropriate software on the server 106 (and/ or manually) to see if it is conflicting, confusing, or objectionable based on predetermined criteria implemented in software on the server.
  • step 224 the website displayed on the user's terminal 108 is updated by the server 106 such that the applicant may complete the application including any fee payment (such as using an online credit card payment system or online payment system such as PayPal).
  • step 226 once payment is received, the user is assigned the domain name and this is stored in the memory of the server. The domain name is then registered and propagated into the Internet address resolution mechanism.
  • step 228, complaints regarding use of the unique top level domain may be registered on the website using a user terminal or computer 108 (likely a different one of the terminals or computers 108 that made the application).
  • theapplicant is reconfirmed as meeting the criteria, for example, by being sent an e- mail to log on to the website and answer specific questions displayed on their terminal or computer when they log on to the website.
  • the applicant may have their use of a domain within the top level domain removed if they fail the reconfirmation.
  • an indication that the application has been accepted and the domain name within the unique top level or super level domain name is registered to the applicant and is transmitted to the applicant computer from the server 106.
  • a computer readable medium such as a hard-drive, solid state memory, CD-ROM or DVD- ROM, comprising a computer program may be provided for carrying out the computerized method described above.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multi Processors (AREA)
  • Computer And Data Communications (AREA)

Abstract

A computer system 100 comprising one or more computers on a network 104, the one or more computers being configured to receive an application for a domain name from an applicant computer 108. The application includes information regarding an ethical criterion or ethical criteria of the applicant. The information regarding the ethical criterion or ethical criteria is compared against predetermined ethical criterion or ethical criteria; such that if the information after confirmation meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer 108. The domain name may include a level above top level domain name. The level above top level domain name may be identical for all applicants.

Description

A COMPUTER SYSTEM
The present invention relates to a computer system. BACKGROUND OF THE INVENTION
Inherent in the expansion of cyberspace (the internet or world wide web) are resultant new and progressively greater vulnerabilities for all user entities. Yet in cyberspace the law of the jungle prevails. Criminal acts such as hacking as well as worms and viruses proliferate indiscriminately throughout the domain. New cyber weapons are being developed as nation states establish so called cyber commands. As a result of 'belligerent' acts, sudden catastrophic failures not only of particular entities but also on systemic levels constitute clear and present threats. The issue is well recognized and has been a focal point of discussion at countless cyber forums.
Software, such as anti-virus software, forming counter-measures to overcome these cyber attacks is constantly being developed and then redeveloped as the 'belligerents' find flaws in it. BRIEF SUMMARY OF THE INVENTION
Embodiments of the invention described herein address this issue. In contrast to the prior art, where counter-measures are endlessly being developed and redeveloped and, thus, it appears will never be impenetrable, embodiments of the present inventiondonot actually prevent (or actively attempt to prevent) a cyberspace attack by a belligerent party.
Embodiments of the invention relate to an emblem forming part of a domain name that alerts parties about the nature of the intended target. The emblem may be the TLD (top level domain name) or a so-called super TLD as explained further below. The belligerent party has the opportunity to then decide, in view of the emblem or particular domain name, what action to take or not to take. It is envisaged that, by clearly indicating the nature of an intended target in its domain name, that at least some belligerent parties will decide to take no hostile action. The public knowledge that a rigorous vetting process is applied on an applicant for an emblem in the form of a particular domain name is directly correlated with the success of the concept implementation.
Most people are not attackers and thus do not need to see a unique indicator that an entity should not be attacked. Some people do not care about any damage they do and will indiscriminately attack all entities without regard to the nature of the entity. However some people, who are attackers, will restrain from attacking an entity if it were clearly marked. This is the class of attackers who will be deferred by the implementation of the marker. A physical world analogy is that most people do not set fires and will not burn any building. A few will burn buildings at any opportunity. Some however will pass over buildings such as churches, hospitals, and the like by virtue of their effective indication of their being a "safe harbor".
The difficulty of making a safe harbor emblem in cyberspace in the form of a particular TLD is exacerbated by the large number of TLDs currently in use. There are currently 22 top level generic domain names as well as a host of country names. The ICANN (The Internet Corporation for Assigned Names and Numbers), who manage TLDs, is opening up the top level domains so soon there could be thousands. A TLD is a domain at the highest level in the Internet's hierarchical Domain Name System, which effectively translates host names (easy for people to read) to IP (internet protocol) addresses (easy for computers to read). Currently, a TLD is the last part of the domain name string, that is, the last label of a fully qualified domain name, for example, in the domain name www.test.com, the top-level domain is com.
Some top level domains may give an appearance of a grouping of entities that should not be attacked, but may not be vetted (so anyone can obtain a URL within that top level domain) or the vetting may be based on criteria established only for that domain and thus the extension may be being used by entities that would not be afforded protection under particular ethical criteria (for example, a hospital that does research on chemical warfare weapons, or a church dedicated to Satin.). Other top level domains such as .gov contain both military as well as humanitarian entities so the humanitarian entities would not be identified easily for protection under any particular ethical criteria.
While a particular "safe" identifier could simply be based on a particular top level domain (or indeed other part of a domain name, such a domain name extension as described below, or other emblem or identifier), it is unrealistic in today's Internet environment to expect an attacker (manually or via a software application) to be easily able to identify entities that he would not attack unless easily identified. With the proliferation of URLs and top level domains, the attacker would literally have to research each entity to decide if it should not be attacked.
Embodiments of the present invention cut across all of the URLs and can be viewed as providing a new level above top level domain name (or super TLD) for the attacker to avoid. The selected level above top level domain name may be unique. That is to say, the level above top level domain name may be identical for all URLs comprising the level above top level domain name. For example, the only level above the top level domain name may be +++. Any entity with this one, unique extension has, in the example described below, met a vigorous vetting process against a publicly posted criteria and thus should not be attacked. A side benefit to both the entities and the public is that any URL within the top level domain or super TLD (or indeed other emblem or identifier) has a degree of legitimacy established by the public knowing that they had been vetted. Thus, for example, a charity with such a URL could benefit from greater donations from a public assured that the charity was not a scam of some sort as well as being an indication to discourage cyberspace attack.
Any entity could have a URL with a current or future top level domain name followed by a unique super top level domain name embodying the present invention, for example, joe.goodguy.gov.+++ (+++ is being used as one example of the unique super top level domain. The actual designation would be coordinated with ICANN.). It is expected that the first entity with the marker would be recognized at deserving protection while
jane.notsogood.gov (without the unique super top level domain) would not.
Thus, an embodiment of the invention is a super top level domain that is added to the URLs of entities that pass a vetting process. In contrast, the prior art is the promotion of a proliferation of top level domains rather than a unique super top level domain covering the others for those entities deserving of protection from attack.
The invention in its various aspects is defined in the independent claims below to which reference should now be made. Advantageous features are set forth in the dependent claims.
Arrangements are described in more detail below and take the form of a computer system comprising one or more computers on a network, the one or more computers being configured to receive an application for a domain name from an applicant computer. The application includes information regarding an ethical criterion or ethical criteria of the applicant. The information regarding the ethical criterion or ethical criteria is compared against predetermined publically posted ethical criterion or ethical criteria; such that if the information, once confirmed, meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer and is propagated within the Internet routing function entities. The domain name may include a level above top level domain name. The level above top level domain name may be identical for all applicants.
In a first aspect of the present invention, there is provided a computer system comprising one or more computers on a network, the one or more computers being configured to: receive an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant;
compare the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
The domain name may include a top level domain name. The top level domain name may be identical for all applicants.
The domain name may include a level above top level domain name. The level above top level domain name may be identical for all applicants.
The domain name may include a domain name extension. The domain name extension may be identical for all applicants.
The ethical criteria comprise one or more from the list comprising: a list of publicly posted necessary attributes, such as an entity performs charitable work; a list of publicly posted fatal attributes, such as that the entity distributes weapons.
In a second aspect of the present invention, there is provided a computer system comprising: computers on a network, a part of one or more of the computers forming an Internet resource, the Internet resource being identifiable by a URL, the URL containing a level above top level domain name. Thus, this arrangement forms a new top level domain name for translation purposes. The level above top level domain name may be identical for all URLs comprising the level above top level domain name.
In a third aspect of the present invention, there is provided a computerized method of registering a domain name, the computerized method comprising: receiving an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant; comparing the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
In a fourth aspect of the present invention, there is provided a computerized method comprising: a part of one or more computers on a network forming an Internet resource, identifying the Internet resource by a URL, the URL containing a level above top level domain name. In a fifth aspect of the present invention, there is provided a computer readable medium comprising a computer program for carrying out the method of: receiving an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant; comparing the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
In a sixth aspect of the present invention, there is provided a computer readable medium comprising a computer program for carrying out the method of: identifying an Internet resource identifiable by a URL, the URL containing a level above top level domain name.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will be described in more detail, by way of example, with reference to the accompanying drawings, in which:
Figure 1 is a schematic diagram illustrating an embodiment of the present invention; and Figures 2A and 2B are a flow diagram illustrating the embodiment of Figure 1. DETAILED DESCRIPTION OF THE INVENTION
In one embodiment of the present invention, there is provided a super top level domain (TLD) for example, ".+++" in a domain name www.test.com.+++, that is to say, a level above top level domain name. In other words, a computer system including computers on a network, in which a part of one or more of the computers forms an Internet resource. The Internet resource is identifiable by a URL(URL is uniform or universal resource locator that is a string of characters that forms a reference to an Internet resource) and the URL has a level above top level domain name.
However, embodiments of the invention could have a special emblem or identifier in any portion of the domain name, such as the TLD, for example, www.test.+++ (e.g. ".+++" in place of the usual TLD ".com" or ".org"). The +++ marker or identifier (+++ is an example, other emblems or identifiers could be used) would then be made available to entities that pass a rigorous vetting process. These vetted entities would be granted a second level domain name within the protected top level domain or super top level domain. The marker would then be recognized by 'belligerents' or attackers enabling them to discriminate amongst all potential targets. Clear and credible identification of deserving and properly vetted entities would lead to avoidance or at least reduction of attacks against such
'protected' entities making use of the marker. It should be noted that this methodology is not mutually exclusive with protective measures such as anti-viral software and thus both methodologies can be deployed simultaneously.
In this particular example, an international not-for-profit, philanthropic organization, would do the initial vetting of second level applicants and also provide all the supporting services and structures to make the initiative viable and effective on an on-going basis. A rigorous vetting process is directly correlated with the success of the concept implementation. The protection provided by the "+++" marker (or other distinct symbol or identifier) and the supporting work of the entity would cover, for example, websites, computers, servers, email accounts, IP-based communications (IP is internet protocol) and the countless devices that will be networked in the years to come. The +++ marker would not only be used to dissuade potential attackers. It could also reduce collateral damage caused by everyday spam, worms and viruses.
In implementing the concept, it is noteworthy to keep in mind that the cyber domain differs in critical aspects from the four 'physical' domains. The four physical domains being land, water, air, andspace and are subject to internationally agreed upon "rules of the road", such as those contained in the Geneva and Hague Conventions. These conventions provide important protections for qualified humanitarian entities in the cultural, spiritual and perhaps in the most recognized manner, the medical field (i.e. hospitals). They thus define acceptable behaviour by the nation state signatories to the conventions, particularly in times of conflict. In an increasingly globalizing world these Yules of the road' have come to assume a role akin to 'pillars of civilization'.
The first of these critical differences between cyber domain and 'physical' domains is the difficulty to ascertain the true identity of an attacker. The consequent lack of accountability renders inoperative the fear of physical retaliation and/or public opprobrium both which deters belligerents in the physical world. The second difference is that major sources of belligerent acts are as likely to be non-nation-state as nation-state. The design of the entity organization has to take into account these critical differences if it is to operate with consequential effect. The first response to these major differences between the four 'physical' domains and the man-made, cyber, can be viewed as organizational. Thus the counter to the first difference, the difficulty in identification of an attacker, is to include as members of the organization who administer the emblem or domain name, important cyber organizations in major countries. This inclusion would ensure, it is believed, at least some measure, perhaps significant, of localized support against local sources of hacking, which may not be available at an international level whatever conventions entered into.
As for the second difference, existing international institutions appear unsuitable as vehicles for achieving the objectives referred to above, because they are built with traditional paradigms of nation-state actors. They further, it is believed, lack the agility and inclusiveness demanded by the new cyber domain, which has levelled the playing field for and between nation-states and non-state actors. Therefore membership in the organization will not be assumed to be in the first place that of nation-states and it is envisaged that private sector entities may participate.
The example entity would not only obtain and manage the new TLD or super TLD, for example, that is, provide initial vetting and registration of applicants and ongoing monitoring of applicants' use of the TLD. It would also support members of the cyber community with special services to help them optimize the protection being provided.
There are three example embodiments to implementthis scheme, which are set-out below, namely simple self declaration, dedicated domain and separate net within the Internet. SIMPLE SELF DECLARATION
In this example, a particular domain name or URL extension is allocated based on a self declaration by an applicant, which can be carried out entirely by computer over the Internet. This simple self declaration, without validation, leads to the addition of an agreed upon extension to the applicant's current URL (for exampleasite.com/nsz) where /nsz is the emblem forming the extension to the URL (nsz is an acronym for no strike zone).
This scheme provides a label, but an attacker can ignore the label and attack the site regardless. This methodology does not require any changes to the Internet and can be accomplished with little cost and inconvenience. A consensus attacker looking at the URL would see the extension and may opt for not attacking this site. If the attacker was using resolved IP addresses then a reverse look up could be employed to provide the URLs which can then be examined.
DEDICATED DOMAIN OR SUPER TOP LEVEL DOMAIN
In this example, a dedicated domain is allocated to an applicant with the requirement of registration and qualification (for example asite@nsz) where nsz is the emblem forming the indication of the dedicated domain.
This method provides a label that has been validated by the DNS (domain name system) registration process to meet the agreed upon criteria for qualifying for the status of the protected entity. This approach requires creation and maintenance of such a new generic top level domain (or super top level domain), and will imply incurring respective costs, as well as the administrative costs associated with the qualification of requests for registration. The qualified sites would incur the inconvenience of changing their current URL to a new one and addressing the continued use of their prior non-protected URL. The consensus attacker would have more faith that this is a valid URL over that of a self declaration. If the attacker was using resolved IP addresses then a reverse look-up could be employed to provide the URL. This scheme provides a label but an attacker can ignore the label and attack the site regardless. SEPARATE NET WITHIN THE INTERNET
In this example, a separate net or computer network within the Internet is provided so that the IP addresses are in a block and can be so identified.
With this scheme, not only would a top level domain (or super top level domain) be employed as a label but the resulting IP assignment would be in a dedicated block so that the IP address can be recognized as being protected without a reverse look-up. This is the most costly of all the schemes herein, as it requires the protected site be relocated to a protected block of physical addresses. The cost would be significant, and still does not offer protection from an attacker who chooses to ignore the protected status. Meanwhile, the existence of such a separate net would have a certain impeding/disruptive effect on the fundamental operational principles of the Internet.
It should be noted that these implementations are not mutually exclusive and may coexist.
For the purposes of these examples, as mentioned above, nsz is used to stand for "no strike zone" as the emblem or identifier. Any other currently vacant designation could be agreed upon to be used. While the simplest implementation is to have one or a unique designation, if there is a need for differentiation, then multiple or a plurality of labels could be used. The more labels used results in the ability to select which categories not to attack but at the penalty of a more complex determination algorithm simply because of the number of terms to consider. SECURITY CONSIDERATIONS
As discussed above, the proposed emblem does not actually prevent it from being attacked by a belligerent party. All the emblem does is alert the parties about the nature of the intended target. The belligerent party must then decide what action to take or not to take. Depending on the scheme selected, the application of the emblem may be diluted if there are no controls on who may use it or the scheme may become so burdensome that it is not followed.
The benefit of embodiments of the present invention is that it will provide for the clear recognition of a protected entity, person or other asset in cyberspace. EXAMPLE COMPUTER SYSTEM
An example computer system embodying the present invention will now be described with reference to Figures 1 , 2A and 2B.
As illustrated in Figure 1 , the computer system 100 includes a user terminal or computer 102, such as a server complex, personal computer (PC) or laptop computer on which a vetting process is carried out. While only a single user terminal of this type is illustrated, more than one may be provided. The user terminal is connected to the Internet or other network 104. The Internet includes a computer or computers106 in the form of a server or servers. These have software loaded on them that provide a website to other user terminals or computers, such as a personal computer (PC) or laptop computer108 for applying for use of a domain name including the unique top level domain name described above. While only a single user terminal of this type is illustrated, more than one may be provided.
Figures 2A and 2B illustrate the functions carried out by the computers 102,106,108 of Figure 1 as a flowchart 200. At step 202, first, a website is created on the server 106. The website provides an interface on which a user of the user terminal 108 of Figure 1 is presented with questions as part of the vetting process for domain name including the unique top level domain name. The user may answer these questions, by using a keyboard or touch screen device, for example. At the next step, step 204, criterion or criteria and, in particular, ethical criterion or criteria are developed such that meeting the criterion or all of the criteria an entity or user is afforded a URL within the unique top level domain, or failing any of the criteria the entity be denied such a URL. This criterion or criteria are typically developed by an organisation likely to be considered trustworthy or honorable to a potential cyber attacker as explained above.
At the next step, step 206, these criteria are publicly postedon the website maintained on the servers 106 and displayed on the user device (or devices) 108. In this way, all interested parties can see the criteria.
In this example, at the next step, step 208, these criteria are reviewed or revised periodically based on feedback from interested partiesor based on events, such as a website including an allocated unique top level domain being cyber attacked. At the next step, step 210, a software portal on the website maintained on the server or servers 106 allows any potential applicant or user to enter answers to a series of questions on their terminal 108. In other words, the server receives an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant. The ethical criteria may include for example a list of publicly posted necessary attributes, such as that the applicant entity performs charitable work and/or a list of publicly posted fatal attributes, such as that the applicant entity distributes weapons. The servers carry out a real-time check and rejectan application that clearly fails one or more pre-determined criteria. In other words, the server compares the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria. As shown at the next step, step 212, applications that pass this real-time check or accepted applications are passed by the server to another user terminal 102 on which a vetting process is carried out. Each accepted application is reviewed by staff using the user terminal (a plurality of user terminals or computers may be used) to confirm (and also by a variety of means including manual investigation) that the information submitted by an applicant is true. As shown at the next step, step 212, the applicant may be contacted, for example, by e-mail initiated from the user terminal or computer 102, regarding any concerns and the applicant will have an opportunity to resolve any issues. At the next step, step 216, once a successful applicant is identified by the vetting process, a signal is sent from the vetting terminal or computer 102 to the server (or servers) 106 maintaining the website, typically by initiation of a user of the vetting process terminal selecting an button appropriate button with a mouse or other pointing device of the terminal. On receipt of the signal, the website is updated and this is reflected by the display of the applicant's user terminal 108 allowing a user or applicant to select a domain name within the unique top level domain. Once the applicant has chosen such a domain name it is submitted via the Internet 104 to the server 106. As shown at the next step, step 218, software on the server determines if that domain is already taken. If the domain is taken, at the next step, step 220, the applicant is given an opportunity to attempt to select another domain name using their user terminal 108. Once a domain name is selected, as shown at the next step, step 222, it is screened by appropriate software on the server 106 (and/ or manually) to see if it is conflicting, confusing, or objectionable based on predetermined criteria implemented in software on the server. If the domain name is found acceptable, as shown at the next step, step 224, the website displayed on the user's terminal 108 is updated by the server 106 such that the applicant may complete the application including any fee payment (such as using an online credit card payment system or online payment system such as PayPal). At the next step, step 226, once payment is received, the user is assigned the domain name and this is stored in the memory of the server. The domain name is then registered and propagated into the Internet address resolution mechanism. As shown at the next step, step 228, complaints regarding use of the unique top level domain may be registered on the website using a user terminal or computer 108 (likely a different one of the terminals or computers 108 that made the application). Should complaints arise (or on a periodic basis at a predetermined time or times), theapplicant is reconfirmed as meeting the criteria, for example, by being sent an e- mail to log on to the website and answer specific questions displayed on their terminal or computer when they log on to the website. The applicant may have their use of a domain within the top level domain removed if they fail the reconfirmation.
In summary, if the information received from the applicant computer 108 meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name within the unique top level or super level domain name is registered to the applicant and is transmitted to the applicant computer from the server 106.
While this example describes the registration of a domain name within a unique top level domain to an applicant, the same methodology would apply to another aspect or aspects of a domain name, for example, within a super top level domain or a domain name extension. A computer readable medium, such as a hard-drive, solid state memory, CD-ROM or DVD- ROM, comprising a computer program may be provided for carrying out the computerized method described above.
Embodiments of the present invention have been described. It will be appreciated that variations and modifications may be made to the described embodiments within the scope of the present invention.

Claims

1. A computer system comprising one or more computers on a network, the one or more computers being configured to:
receive an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant;
compare the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
2. A computer system according to claim 1 , wherein the domain name includes a top level domain name.
3. A computer system according to claim 2, wherein the top level domain name is identical for all applicants.
4. A computer system according to claim 1 , wherein the domain name includes a level above top level domain name.
5. A computer system according to claim 4, wherein the level above top level domain name is identical for all applicants.
6. A computer system according to claim 1 , wherein the domain name includes a domain name extension.
7. A computer system according to claim 6, wherein the domain name extension is identical for all applicants.
8. A computer system according to claim 1 , wherein the ethical criteria comprise one or more from the list comprising:
a list of publicly posted necessary attributes, such as an entity performs charitable work;
a list of publicly posted fatal attributes, such as that the entity distributes weapons.
9. A computer system comprising:
computers on a network, a part of one or more of the computers forming an Internet resource,
the Internet resource being identifiable by a URL, the URL containing a level above top level domain name.
10. A computer system according to claim 6, wherein the level above top level domain name is identical for all URLs comprising the level above top level domain name.
1 1 . A computerized method of registering a domain name, the computerized method comprising:
receiving an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant;
comparing the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
12. A computerized method according to claim 1 1 , wherein the domain name includes a top level domain name.
13. A computerized method according to claim 12, wherein the top level domain name is identical for all applicants.
14. A computerized method according to claim 1 1 , wherein the domain name includes a level above top level domain name.
15. A computerized method according to claim 14, wherein the level above top level domain name is identical for all applicants.
16. A computerized method according to claim 1 1 , wherein the domain name includes a domain name extension.
17. A computerized method according to claim 16, wherein the domain name extension is identical for all applicants.
18. A computerized method according to claim 1 1 , wherein the ethical criteria comprise one or more from the list comprising:
a list of publicly posted necessary attributes, such as an entity performs charitable work;
a list of publicly posted fatal attributes, such as that the entity distributes weapons.
19. A computerized method comprising:
a part of one or more computers on a network forming an Internet resource, identifying the Internet resource by a URL, the URL containing a level above top level domain name.
20. A computerized method according to claim 19, wherein the level above top level domain name is identical for all URLs comprising the level above top level domain name.
21 . A computer readable medium comprising a computer program for carrying out the method of:
receiving an application for a domain name from an applicant computer, the application including information regarding an ethical criterion or ethical criteria of the applicant;
comparing the information regarding the ethical criterion or ethical criteria against predetermined ethical criterion or ethical criteria; such that if the information meets the predetermined ethical criterion or ethical criteria, an indication that the application has been accepted and the domain name is registered to the applicant is transmitted to the applicant computer.
22. A computer readable medium according to claim 21 , wherein the domain name includes a top level domain name.
23. A computer readable medium according to claim 22, wherein the top level domain name is identical for all applicants.
24. A computer readable medium according to claim 21 , wherein the domain name includes a level above top level domain name.
25. A computer readable medium according to claim 24, wherein the level above top level domain name is identical for all applicants.
26. A computer readable medium according to claim 21 , wherein the domain name includes a domain name extension.
27. A computer readable medium according to claim 26, wherein the domain name extension is identical for all applicants.
28. A computer readable medium according to claim 21 , wherein the ethical criteria comprise one or more from the list comprising:
a list of publicly posted necessary attributes, such as an entity performs charitable work;
a list of publicly posted fatal attributes, such as that the entity distributes weapons.
29. A computer readable medium comprising a computer program for carrying out the method of:
identifying an Internet resource identifiable by a URL, the URL containing a level above top level domain name.
30. A computer readable medium according to claim 29, wherein the level above top level domain name is identical for all URLs comprising the level above top level domain name.
PCT/US2012/023706 2012-02-03 2012-02-03 A computer system WO2012083314A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2012/023706 WO2012083314A2 (en) 2012-02-03 2012-02-03 A computer system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2012/023706 WO2012083314A2 (en) 2012-02-03 2012-02-03 A computer system

Publications (2)

Publication Number Publication Date
WO2012083314A2 true WO2012083314A2 (en) 2012-06-21
WO2012083314A3 WO2012083314A3 (en) 2014-04-17

Family

ID=46245421

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/023706 WO2012083314A2 (en) 2012-02-03 2012-02-03 A computer system

Country Status (1)

Country Link
WO (1) WO2012083314A2 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100306830A1 (en) * 2002-06-06 2010-12-02 Hardt Dick C Distributed Hierarchical Identity Management

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100306830A1 (en) * 2002-06-06 2010-12-02 Hardt Dick C Distributed Hierarchical Identity Management

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DOMAIN NAME ALERT.: 'Professionals Can Go Pro with .pro.' A PUBLICATION OF THE TECHNOLOGY GROUP OF DORSEY & WHITNEY LLP., [Online] 04 December 2003, Retrieved from the Internet: <URL:http://www.dorsey.com/files/Publication/8b079f6f-93c9-4ad4-913c-666605279321/Presentation/PublicationAttachment/45ae6923-f44f-427e-8b2e-a4ca57bdb1a3/PROAlert04dec03.pdf> [retrieved on 2011-07-03] *
MISSISSIPPI.GOV DOMAIN POLICY.: 'Notice of Approval.' MISSISSIPI DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES., [Online] 05 April 2004, Retrieved from the Internet: <URL:http://www.its.ms.gov/docs/Mississippi.gov%20Domain%20Policy.pdf> [retrieved on 2011-07-03] *

Also Published As

Publication number Publication date
WO2012083314A3 (en) 2014-04-17

Similar Documents

Publication Publication Date Title
US8769706B2 (en) System and method for user to verify a network resource address is trusted
Luiijf et al. Nineteen national cyber security strategies
EP1964364B1 (en) Method for evaluating and accessing a network address
Muscanell et al. Weapons of influence misused: A social influence analysis of why people fall prey to internet scams
US10771260B2 (en) Systems and methods for digital certificate security
Korczynski et al. Cybercrime after the sunrise: A statistical analysis of DNS abuse in new gTLDs
Althobaiti et al. A review of human-and computer-facing url phishing features
Rader et al. Exploring historical and emerging phishing techniques and mitigating the associated security risks
Dhoni et al. Synergizing generative ai and cybersecurity: Roles of generative ai entities, companies, agencies, and government in enhancing cybersecurity
Bajaj Cyberspace: Post-Snowden
Lee et al. Fluxing botnet command and control channels with URL shortening services
Njilla et al. Game theoretic modeling of security and trust relationship in cyberspace
Benenson et al. Susceptibility to URL-based Internet attacks: Facebook vs. email
Al Helou et al. Multilingual web sites: Internationalized Domain Name homograph attacks
Swart et al. Adaptation of the JDL model for multi-sensor national cyber security data fusion
WO2012083314A2 (en) A computer system
Ross The latest attacks and how to stop them
Korczynski et al. Statistical Analysis of DNS Abuse in gTLDs Final Report
Kim et al. Method for evaluating the security risk of a website against phishing attacks
Drury et al. No phishing with the wrong bait: reducing the phishing risk by address separation
Salter et al. The Trichan takedown: Lessons in the governance and regulation of child sexual abuse material
Holland TLD Operator Perspective on the Changing Cyber Security Landscape
Aaron et al. Phishing landscape 2020
Krone et al. Criminal misuse of the domain name system
Bonilla et al. Social Media Privacy and Security–Developing Guidelines

Legal Events

Date Code Title Description
122 Ep: pct application non-entry in european phase

Ref document number: 12726707

Country of ref document: EP

Kind code of ref document: A2