System for providing DNS-based control of individual devices

US 9,742,811 B2
Filed: 08/21/2015
Issued: 08/22/2017
Est. Priority Date: 03/18/2010
Status: Active Grant

First Claim

Patent Images

1. A system for providing DNS-based control of individual devices, the system comprising:

a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the gateway connected through a wide area network to a dynamic policy enforcement engine, the DNS query including a gateway identifier and a device identifier;

a memory device operable to store at least one policy corresponding to the gateway identifier and the device identifier;

the dynamic policy enforcement engine operable to enforce the at least one policy to content delivered to the individual device, the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting coordinates of the individual device from the DNS query; and

a tracking module operable to store the coordinates of the individual device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device control system is associated with individual devices connected through a network control point to a gateway and thereby to the Internet. The gateway inserts an EDNS0 pseudo resource record into an additional data section in each DNS query initiated by an individual device, the EDNS0 pseudo resource record identifying the initiating device. A dynamic policy enforcement engine in front of the DNS engine intercepts the DNS query, identifies the initiating device, and selects a policy that applies to the device. The dynamic policy enforcement engine may provide parental control and security service to the individual device by blocking the DNS query or passing it to the DNS engine according to the policy. A component that intercepts DNS queries may provide several additional types of services to the individual devices, including advertising, messaging, mobile device tracking, individual device application control, and delivery of individualized content.

49 Citations

View as Search Results

29 Claims

1. A system for providing DNS-based control of individual devices, the system comprising:
- a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the gateway connected through a wide area network to a dynamic policy enforcement engine, the DNS query including a gateway identifier and a device identifier;
  
  a memory device operable to store at least one policy corresponding to the gateway identifier and the device identifier;
  
  the dynamic policy enforcement engine operable to enforce the at least one policy to content delivered to the individual device, the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting coordinates of the individual device from the DNS query; and
  
  a tracking module operable to store the coordinates of the individual device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The system of claim 1, wherein the at least one policy includes at least one of blocking the content and redirecting the DNS query based on the at least one policy, the at least one policy providing DNS-based parental control of the individual device.
  - 3. The system of claim 1, wherein the at least one policy includes providing subscriber security by at least one of blocking the content and redirecting the DNS query.
  - 4. The system of claim 3, wherein the blocked content is associated with malware, a phishing site, and an attack.
  - 5. The system of claim 1, wherein the at least one policy includes providing advertisement content to the individual device.
  - 6. The system of claim 1, further comprising a DNS-based communication module operable to deliver at least one message to the individual device based on the at least one policy.
  - 7. The system of claim 1, wherein the DNS engine is deployed within a cloud-based environment.
  - 8. The system of claim 1, wherein the at least one policy is operable to control the individual device.
  - 9. The system of claim 8, wherein the control of the individual device includes controlling at least one application installed on the individual device.
  - 10. The system of claim 1, wherein the gateway identifier includes an Internet Protocol (IP) address associated with the gateway.
  - 11. The system of claim 1, further comprising a communication module operable to deliver the content to the individual device via the gateway.
  - 12. The system of claim 1, wherein the gateway is associated with a network control point, the individual device being part of the network control point.
  - 13. The system of claim 12, wherein the network control point is associated with a household.
  - 14. The system of claim 12, wherein the network control point is associated with at least one location.
  - 15. The system of claim 1, wherein the device identifier includes at least one of the following:
    - a MAC address, a host name, a network control point IP address, a group tag, and a hash of the MAC address.
  - 16. The system of claim 1, wherein the device identifier is further associated with a group of devices to which the individual device belongs, the dynamic policy enforcement engine being operable to enforce the at least one policy to content delivered to each individual device of the group of devices.
  - 17. The system of claim 1, further comprising a policy control user interface, the policy control user interface being operable to allow a user to modify the at least one policy.
  - 18. The system of claim 17, wherein the policy control user interface includes a gateway interface, the at least one policy being set by selecting at least one flag on the gateway interface.
  - 19. The system of claim 17, wherein the policy control user interface includes a DNS interface, the at least one policy being set by selecting at least one flag on the DNS interface.
  - 20. The system of claim 17, wherein the policy control user interface includes an ISP interface, the at least one policy being set by selecting at least one flag on the ISP interface.
  - 21. The system of claim 1, wherein the device identifier is provided in at least one DNS message.
  - 22. The system of claim 1, wherein the individual device includes at least one of the following:
    - a Personal Computer (PC), a smartphone, a game console, a tablet, and a phablet.

23. A system for DNS-based blocking content for individual devices, the system comprising:
- a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the gateway connected through a wide area network to a dynamic policy enforcement engine, the DNS query including a gateway identifier and a device identifier;
  
  a memory device operable to store at least one policy corresponding to the gateway identifier and the device identifier;
  
  the dynamic policy enforcement engine extracting;
  
  a pseudo resource record from an additional data section when the dynamic policy enforcement engine receives the DNS query, the pseudo resource record previously inserted into the additional data section, the dynamic policy enforcement engine operable to block content from delivery to the individual device based on the at least one policy by using the gateway identifier and the device identifier to select the at least one policy which applies to the individual device which originated the DNS query, the at least one policy including DNS-based tracking of the individual device, andcoordinates of the individual device from the DNS query; and
  
  a tracking module operable to store the coordinates of the individual device.
- View Dependent Claims (24, 25)
- - 24. The system of claim 23, wherein the at least one policy includes parental control of the individual device.
  - 25. The system of claim 23, wherein the at least one policy includes providing subscriber security for the individual device.

26. A system for providing DNS-based messaging to individual devices, the system comprising:
- a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the gateway connected through a wide area network to a dynamic policy enforcement engine, the DNS query including a gateway identifier and a device identifier;
  
  a memory device operable to store at least one message;
  
  a messaging module operable to trigger delivery of the at least one message based on the gateway identifier and the device identifier, the messaging module returning a DNS response to the individual device, causing the individual device to load the at least one message from a communication module instead of loading a page requested by the DNS query;
  
  the communication module operable to deliver the at least one message to the individual device via the gateway, by retrieving the at least one message from the memory device and returning the at least one message to the individual device;
  
  the dynamic policy enforcement engine operable to enforce at least one policy to the message delivered to the individual device, the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting coordinates of the individual device from the DNS query; and
  
  a tracking module operable to store the coordinates of the individual device.
- View Dependent Claims (27)
- - 27. The system of claim 26, wherein the at least one message is provided via at least one of a browser and an application associated with the individual device.

28. A system for providing DNS-based advertisement to individual devices, the system comprising:
- a DNS engine operable to receive a DNS query from an individual device via a gateway associated with the individual device, the gateway connected through a wide area network to a dynamic policy enforcement engine, the DNS query including a gateway identifier and a device identifier;
  
  a memory device operable to store at least one advertisement;
  
  an advertisement module operable to trigger delivery of the at least one advertisement based on the gateway identifier and the device identifier, the advertisement module returning a DNS response to the individual device, causing the individual device to load the at least one advertisement from a communication module instead of loading a page requested by the DNS query;
  
  the communication module operable to provide the at least one advertisement to the individual device via the gateway, by retrieving the at least one advertisement from the memory device and returning the at least one advertisement to the individual device;
  
  the dynamic policy enforcement engine operable to enforce at least one policy to the advertisement delivered to the individual device, the at least one policy including DNS-based tracking of the individual device, the dynamic policy enforcement engine extracting coordinates of the individual device from the DNS query; and
  
  a tracking module operable to store the coordinates of the individual device.
- View Dependent Claims (29)
- - 29. The system of claim 28, wherein the advertisement is provided based on historical user actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akamai Technologies, Inc.
Original Assignee
Nominum Incorporated (Akamai Technologies, Inc.)
Inventors
Lemon, Edward, Wellington, Brian, Halley, Robert Thomas, Avirneni, Srinivas, Oborn, Keith
Primary Examiner(s)
Korsak, Oleg

Application Number

US14/832,935
Publication Number

US 20150365441A1
Time in Patent Office

732 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/90335   Query processing

G06F 21/6263   during internet communicati...

G06F 2221/2115   Third party

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06Q 30/0255   based on user history

H04L 61/4511   using domain name system [DNS]

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

System for providing DNS-based control of individual devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

System for providing DNS-based control of individual devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links