A domain name registration system in which registry services are shared among multiple independent registrars is a Shared Registration System (SRS.) The SRS presently implemented on the Internet utilizes the Extensible Provisioning Protocol (EPP), a text/XML protocol that permits multiple service providers (such as registrars) to perform object provisioning operations using a shared central object, such as a registry. EPP includes extension mechanisms that provide for the modification and/or addition of implementation-specific features and other object management capabilities.
Security is needed for a SRS to protect the integrity of domain name registrations. For example, security measures are implemented to ensure that only accredited registrars can add, delete or otherwise modify a domain name record at a registry. Such security measures can include requirements that the registry authenticate a registrar before the registry processes EPP commands. The registry can authenticate the registrar by verifying the registrar's digital certificate, requiring and verifying a registrar password, verifying that the registrar's communications originate from an IP address (or address range) known to be associated with the registrar, etc.
Security measures can also be implemented for communications between a registrant and the registrar. This is important to ensure that modifications requested for a domain name properly originate with an authorized party, such as the registrant itself. Such security measures can include requiring and verifying a registrant password at the registrar, verifying the registrant's digital certificate, etc.
Domain names are assigned, released, and managed using the Extensible Provisioning Protocol (EPP). The EPP is a flexible protocol designed for allocating objects within registries over the Internet. Other objects currently provisioned using EPP are host names and contact information. The motivation for the creation of EPP was to provide a flexible communication protocol between registrars and registries and registrars. Although EPP is widely adopted by many registries, the term “provisioning objects,” as that term is used herein, should be understood to include any logical entity that can be or is registered. Such registrable objects may be able to be created, deleted and modified. Such provisioning objects are described in the standards that define EPP, Examples of standard provisioning objects include domain names in RFC 5731, host names in RFC 5732, and contacts in RFC 5733 information, as well as any resource that may be provisioned by a first entity to a second entity where the first entity has ultimate control over the resource. It should also be understood that, as used herein, provisioning objects also include the yet-to-be-developed structures that may replace or modify the provisioned objects presently available in EPP. A provisioning object includes the standard EPP objects as existing or yet-to-be-developed objects following the EPP standard.
Another security measure is Auth Info, which includes a secondary password used to authorize domain name transfers. When a registrant wishes to initiate a transfer, the registrant provides its Auth Info password to the gaining registrar, who uses it to initiate the transfer request. The use of the secondary Auth Info password can prevent the unauthorized transfer of a domain name.
Known security measures are not entirely effective against all threats. For example, an unauthorized entity that has stolen the actual registrant's credentials can pose as the registrant and improperly add, delete or modify a domain name record in the registrant's name. Likewise, a registrar (or an entity posing as a registrar that has the registrar's credentials) can improperly add, delete or modify a registrant's domain name record. The standard mechanism for authorization for the Shared Registration System Extensible Provisioning Protocol (EPP) (IETF STD: 69) is the use of an authorization code that acts as a password linked to a domain name. The authorization code is set by the Registrars, where the policy of the format and frequency of change is determined by the Registrar. If the authorization code does not follow password complexity best practices, a domain record may be subject to unauthorized modification. For example, the authorization code may be guessed by an unauthorized party. Thus, such a modification may be accomplished using a transfer request from one registrar to another, followed by the losing registrar failing to ACK the transfer, resulting in the registry doing an “auto-ACK.” What was needed was a system that could validate the actual registrant's authorization to make changes to a domain name record.
A known system that verifies the registrant's authorization to make changes to a domain name record creates a chain of trust between a registrant and a registry. This system is described in U.S. patent application Ser. No. 12/487,567, “SHARED REGISTRATION SYSTEM MULTI-FACTOR AUTHENTICATION,” filed on Jun. 18, 2009, which is hereby incorporated by reference herein in its entirety. It permits a registrant to generate one or more credentials (e.g., a One Time Password (OTP), a biometric scan of the registrant's fingerprint, iris or retina, a registrant digital certificate on a smart card, etc.) One or more of these credentials is submitted by the registrant to the registrar when the registrant requests changes to its domain name registrations. The registrar sends the credentials in commands it sends to a registry to effectuate these changes. The registry can process the commands only if it can successfully validate the registrant's credentials. However, it can be burdensome for the registrant to submit a new credential for each discrete command to modify a domain name record. It can also be inefficient for the Shared Registration System to validate a different registrant credential for each command. What is needed is a more efficient way to ensure the chain of trust between a registrant and a registry.