System for providing DNS-based control of individual devices
First Claim
1. A system for providing a DNS-based device control system to provide security to users, the system comprising:
- a gateway through which a user uses an individual device to communicate, the gateway uniquely identifying each of a plurality of individual devices in communication with the gateway via a unique device identifier for each of the plurality of individual devices;
a dynamic policy enforcement engine in communication with a DNS engine, wherein a DNS query from the individual device is transmitted to the gateway and then across a wide area network to the dynamic policy enforcement engine to a DNS engine; and
a memory device from which the dynamic policy enforcement engine selects a policy which applies to the individual device that originated the DNS query based on the unique device identifier of the individual device that originated the DNS query, the dynamic policy enforcement engine using the policy to determine whether a site that is the object of the DNS query is a benign site or a malicious site for the individual device, the dynamic policy enforcement engine passing the DNS query to the DNS engine and returning a response of the DNS engine to the individual device if the policy indicates that the individual device'"'"'s DNS query refers to the benign site.
2 Assignments
0 Petitions
Accused Products
Abstract
A device control system is associated with individual devices connected through a network control point to a gateway and thereby to the Internet. The gateway inserts an EDNS0 pseudo resource record into an additional data section in each DNS query initiated by an individual device, the EDNS0 pseudo resource record identifying the initiating device. A dynamic policy enforcement engine in front of the DNS engine intercepts the DNS query, identifies the initiating device, and selects a policy that applies to the device. The dynamic policy enforcement engine may provide parental control and security service to the individual device by blocking the DNS query or passing it to the DNS engine according to the policy. A component that intercepts DNS queries may provide several additional types of services to the individual devices, including advertising, messaging, mobile device tracking, individual device application control, and delivery of individualized content.
-
Citations
15 Claims
-
1. A system for providing a DNS-based device control system to provide security to users, the system comprising:
-
a gateway through which a user uses an individual device to communicate, the gateway uniquely identifying each of a plurality of individual devices in communication with the gateway via a unique device identifier for each of the plurality of individual devices; a dynamic policy enforcement engine in communication with a DNS engine, wherein a DNS query from the individual device is transmitted to the gateway and then across a wide area network to the dynamic policy enforcement engine to a DNS engine; and a memory device from which the dynamic policy enforcement engine selects a policy which applies to the individual device that originated the DNS query based on the unique device identifier of the individual device that originated the DNS query, the dynamic policy enforcement engine using the policy to determine whether a site that is the object of the DNS query is a benign site or a malicious site for the individual device, the dynamic policy enforcement engine passing the DNS query to the DNS engine and returning a response of the DNS engine to the individual device if the policy indicates that the individual device'"'"'s DNS query refers to the benign site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for providing a DNS-based device control system to provide security to users, the system comprising:
-
a gateway through which a user uses an individual device to communicate, the gateway uniquely identifying each of a plurality of individual devices in communication with the gateway via a unique device identifier for each of the plurality of individual devices; a dynamic policy enforcement engine in communication with a DNS engine, wherein a DNS query from the individual device is transmitted to the gateway and then across a wide area network to the dynamic policy enforcement engine to a DNS engine; and a memory device from which the dynamic policy enforcement engine selects a policy which applies to the individual device that originated the DNS query based on the unique device identifier of the individual device that originated the DNS query, the dynamic policy enforcement engine using the policy to determine whether an IP address in a response to the DNS query is a blocked IP address or an unblocked IP address for the individual device, the dynamic policy enforcement engine returning a response of the DNS engine to the individual device if the policy indicates that the DNS response to the individual device'"'"'s DNS query refers to an unblocked IP address.
-
Specification