System for providing DNS-based policies for devices

US 10,142,291 B2
Filed: 08/03/2017
Issued: 11/27/2018
Est. Priority Date: 06/19/2015
Status: Active Grant

First Claim

Patent Images

1. A system for providing DNS-based policies for devices, the system comprising:

a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the DNS query including at least one of;

(i) a unique gateway identifier associated with the gateway and (ii) a unique device identifier associated with the individual device;

a memory device operable to store at least one policy, the at least one policy corresponding to at least one of the unique gateway identifier and the unique device identifier; and

a dynamic policy enforcement engine extracting from the DNS query the at least one of the unique gateway identifier and the unique device identifier, the dynamic policy enforcement engine operable to enforce the at least one policy when processing the DNS query by using the unique gateway identifier and the unique device identifier to select the at least one policy which applies to the individual device which originated the DNS query;

the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting location information for the individual device from the DNS query; and

,a tracking module operable to store the location information of the individual device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device control system is associated with individual devices connected through a network control point to a gateway and thereby to the Internet. The gateway inserts an EDNS0 pseudo resource record into an additional data section in each DNS query initiated by an individual device, the EDNS0 pseudo resource record identifying the initiating device. A dynamic policy enforcement engine in front of the DNS engine intercepts the DNS query, identifies the initiating device, and selects a policy that applies to the device. The dynamic policy enforcement engine may provide parental control and security service to the individual device by blocking the DNS query or passing it to the DNS engine according to the policy. A component that intercepts DNS queries may provide several additional types of services to the individual devices, including advertising, messaging, mobile device tracking, individual device application control, and delivery of individualized content.

50 Citations

View as Search Results

20 Claims

1. A system for providing DNS-based policies for devices, the system comprising:
- a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the DNS query including at least one of;
  
  (i) a unique gateway identifier associated with the gateway and (ii) a unique device identifier associated with the individual device;
  
  a memory device operable to store at least one policy, the at least one policy corresponding to at least one of the unique gateway identifier and the unique device identifier; and
  
  a dynamic policy enforcement engine extracting from the DNS query the at least one of the unique gateway identifier and the unique device identifier, the dynamic policy enforcement engine operable to enforce the at least one policy when processing the DNS query by using the unique gateway identifier and the unique device identifier to select the at least one policy which applies to the individual device which originated the DNS query;
  
  the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting location information for the individual device from the DNS query; and
  
  ,a tracking module operable to store the location information of the individual device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the at least one policy includes blocking content and redirecting the DNS query.
  - 3. The system of claim 1, further comprising a DNS-based communication module operable to deliver a DNS response to the individual device based on the at least one policy, the individual device loading at least one message based on the DNS response.
  - 4. The system of claim 1, wherein the DNS engine is deployed within a cloud-based environment.
  - 5. The system of claim 1, wherein the unique gateway identifier is permanently assigned to the gateway.
  - 6. The system of claim 1, wherein the unique gateway identifier includes an Internet Protocol (IP) address associated with the gateway.
  - 7. The system of claim 1, wherein the unique device identifier is permanently assigned to the individual device.
  - 8. The system of claim 1, wherein the unique device identifier includes at least one of a mac address, a host name, a network control point IP address, a group tag, and a hash of the mac address.
  - 9. The system of claim 1, wherein the unique device identifier is further associated with a group of devices to which the individual device belongs, the dynamic policy enforcement engine being operable to enforce the at least one policy to content delivered to each device of the group of devices.
  - 10. The system of claim 1, further comprising a policy control user interface, the policy control user interface being operable to modify the at least one policy.
  - 11. The system of claim 10, wherein the policy control user interface includes a gateway interface which communicates with the gateway, the at least one policy modified by setting one or more flags on the gateway interface.
  - 12. The system of claim 10, wherein the policy control user interface includes an Internet service provider interface which communicates with an Internet service provider, the at least one policy modified by setting one or more flags on the Internet service provider interface.
  - 13. The system of claim 10, wherein the policy control user interface includes a DNS interface which communicates with the DNS engine, the at least one policy modified by setting one or more flags on the DNS interface.

14. A method for providing DNS-based policies for devices, the method comprising:
- with a DNS engine, receiving a DNS query from an individual device via a gateway associated with the individual device, the DNS query including at least one of;
  
  (i) a unique gateway identifier associated with the gateway and (ii) the unique device identifier associated with the individual device;
  
  retrieving from a memory device operable to store at least one policy, the at least one policy corresponding to the at least one of the unique gateway identifier and the unique device identifier; and
  
  selecting, with a dynamic policy enforcement engine operable and based on the at least one of the unique gateway identifier and the unique device identifier, the at least one policy which applies to the DNS query, and enforcing the at least one policy;
  
  the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting location information for the individual device from the DNS query; and
  
  ,storing the location information of the individual device.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, wherein the at least one policy includes redirecting the DNS query.
  - 16. The method of claim 14, wherein the unique gateway identifier includes an Internet Protocol (IP) address associated with the gateway.
  - 17. The method of claim 14, wherein the unique device identifier includes at least one of a mac address, a host name, a network control point IP address, a group tag, and a hash of the mac address.
  - 18. The method of claim 14, further comprising, with an advertisement module, delivering a DNS response to the individual device based on the at least one policy.

19. A system for providing DNS-based advertisements for devices, the system comprising:
- a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the DNS query including at least one of;
  
  (i) a unique gateway identifier associated with the gateway and (ii) a unique device identifier associated with the individual device;
  
  a memory device operable to store at least one advertisement;
  
  a dynamic policy enforcement engine extracting from the DNS query the at least one of the unique gateway identifier and the unique device identifier, the dynamic policy enforcement engine operable to enforce the at least one policy when processing the DNS query by using the unique gateway identifier and the unique device identifier to select the at least one policy which applies to the individual device which originated the DNS query;
  
  an advertisement module operable to trigger, via a DNS response returned to the individual device, delivery of the at least one advertisement based on the at least one policy; and
  
  a communication module operable to provide the at least one advertisement to the individual device via the gatewaythe at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting location information for the individual device from the DNS query; and
  
  ,a tracking module operable to store the location information of the individual device.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the advertisement module delivers the at least one advertisement based on historical user actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akamai Technologies, Inc.
Original Assignee
Nominum Incorporated (Akamai Technologies, Inc.)
Inventors
Lemon, Edward, Wellington, Brian, Halley, Robert Thomas, Avirneni, Srinivas, Oborn, Keith
Primary Examiner(s)
Korsak, Oleg

Application Number

US15/668,561
Publication Number

US 20170331788A1
Time in Patent Office

481 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/90335   Query processing

G06F 21/6263   during internet communicati...

G06F 2221/2115   Third party

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06Q 30/0255   based on user history

H04L 61/4511   using domain name system [DNS]

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

System for providing DNS-based policies for devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for providing DNS-based policies for devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links