US2019124048A1PendingUtilityA1

System for providing dns-based policies for devices

56
Assignee: NOMINUM INCPriority: Jun 19, 2015Filed: Oct 25, 2018Published: Apr 25, 2019
Est. expiryJun 19, 2035(~8.9 yrs left)· nominal 20-yr term from priority
G06F 21/6263H04L 63/1441G06F 2221/2119H04L 63/102G06F 2221/2141H04L 63/205G06F 2221/2115G06Q 30/0255G06F 2221/2149H04L 63/0263H04L 63/20H04L 63/105G06F 16/90335H04L 61/1511H04L 61/4511
56
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A device control system is associated with individual devices connected through a network control point to a gateway and thereby to the Internet. The gateway inserts an EDNS0 pseudo resource record into an additional data section in each DNS query initiated by an individual device, the EDNS0 pseudo resource record identifying the initiating device. A dynamic policy enforcement engine in front of the DNS engine intercepts the DNS query, identifies the initiating device, and selects a policy that applies to the device. The dynamic policy enforcement engine may provide parental control and security service to the individual device by blocking the DNS query or passing it to the DNS engine according to the policy. A component that intercepts DNS queries may provide several additional types of services to the individual devices, including advertising, messaging, mobile device tracking, individual device application control, and delivery of individualized content.

Claims

exact text as granted — not AI-modified
1 .- 20 . (canceled) 
     
     
         21 . A system comprising:
 a DNS engine operable to resolve domain names in DNS queries to IP addresses;   a dynamic policy enforcement engine operable to receive a DNS query from an individual device and to, based at least in part on the identity of the individual device, to select a policy to apply to the DNS query, and to apply the policy, and as a result thereof, to perform at least one action selected from the list of actions that is:
 (i) block the DNS query; 
 (ii) pass the DNS query to the DNS engine, with or without modification; 
 (iii) return to the individual device a response to the DNS query from the DNS engine; 
 (iv) return to the individual device a modified version of a response to the DNS query from the DNS engine; 
 (v) block a response to the DNS query from the DNS engine; 
 (vi) send a response to the DNS query to the individual device; 
   the dynamic policy enforcement engine operable to exercise control over at least one of an operating system of the individual device and an application that runs on the individual device, said control exercised at least in part by sending one or more requests to at least one of the operating system of the individual device and the application of the individual device.   
     
     
         22 . The system of  claim 21 , wherein the dynamic policy enforcement engine is operable to exercise said control at a time when the policy is created. 
     
     
         23 . The system of  claim 21 , wherein the dynamic policy enforcement engine is operable to exercise said control at a time when the policy is modified. 
     
     
         24 . The system of  claim 21 , wherein the dynamic policy enforcement engine is operable to exercise said control at a time when the individual device is started. 
     
     
         25 . The system of  claim 21 , wherein the dynamic policy enforcement engine is operable to exercise said control at a time when a particular event occurs. 
     
     
         26 . The system of  claim 21 , the dynamic policy enforcement engine identifying the individual device in order to select the policy, based on information in the DNS query. 
     
     
         27 . A method comprising:
 providing a DNS engine that resolves domain names in DNS queries to IP addresses;   providing a dynamic policy enforcement engine that receives a DNS query from an individual device and, based at least in part on the identity of the individual device, selects a policy to apply to the DNS query, and applies the policy, and as a result thereof, performs at least one action selected from the list of actions that is:
 (i) block the DNS query; 
 (ii) pass the DNS query to the DNS engine, with or without modification; 
 (iii) return to the individual device a response to the DNS query from the DNS engine; 
 (iv) return to the individual device a modified version of a response to the DNS query from the DNS engine; 
 (v) block a response to the DNS query from the DNS engine; 
 (vi) send a response to the DNS query to the individual device; 
   the dynamic policy enforcement engine exercising control over at least one of an operating system of the individual device and an application that runs on the individual device, said control exercised at least in part by sending one or more requests to at least one of the operating system of the individual device and the application of the individual device.   
     
     
         28 . The method of  claim 27 , wherein the dynamic policy enforcement engine exercises said control at a time when the policy is created. 
     
     
         29 . The method of  claim 27 , wherein the dynamic policy enforcement engine exercises said control at a time when the policy is modified. 
     
     
         30 . The method of  claim 27 , wherein the dynamic policy enforcement engine exercises said control at a time when the individual device is started. 
     
     
         31 . The method of  claim 27 , wherein the dynamic policy enforcement engine exercises said control at a time when a particular event occurs. 
     
     
         32 . The method of  claim 27 , the dynamic policy enforcement engine identifying the individual device in order to select the policy, based on information in the DNS query.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.