Method for managing a request to access an Internet site from an access device

Abstract

A method for managing a request to access an internet site originating from a device and transmitted through a telecommunication network. The method includes: receiving a request including a domain name, originating from the device, intended to be transmitted to a domain name resolution server; routing the request to a domain name resolution server; receiving a response including an IP address and information, called first information, linked to the IP address; transmitting or not transmitting the request over the network as a function of the first information.

Claims

1. A management method, comprising: receiving the request to access a website originating from a device and transmitted through a telecommunications network, the request including a domain nameand being configured to be transmitted to a domain name resolution server; routing the request to the domain name resolution server; receiving a response including an IP address and information, called first information, linked to the IP address; and depending on the first information, transmitting or not transmitting the request on the network.

2. The management method as claimed in claim 1, in response to the initial access request including an IP address of the device, the receiving is preceded by transmitting, to the device, a message requesting transmission of a request to a domain name resolution server.

3. The management method as claimed in claim 1, further comprising: obtaining information linked to the device, called second information; comparing both the first and said second information; and depending on a result of the comparing, transmitting or not transmitting the request on the network.

4. The management method as claimed in claim 1, further comprising following receiving the response including the IP address and the information linked to the IP address, storing the received information, and then receiving a new access request followed by checking for presence of information linked to the domain name in memory, and transmitting or not transmitting the IP address based on the information stored.

5. The management method as claimed in claim 4, wherein a validity period is associated with the stored information.

6. The management method as claimed in claim 5, wherein the method comprises, when the validity period has expired: transmitting, to the domain name resolution server, a request to obtain an update of the information associated with the IP address stored in memory, receiving a response including the update of the information associated with the IP address, and storing the received update of the received information.

7. A management entity comprising: a processor; and a non-transitory computer readable medium comprising instructions stored thereon which when executed by the processor configure the management entity to: receive a request to access a website and originating from a device, the request including a domain name and being configured to be transmitted to a domain name resolution server; route the request to the domain name resolution server; receive a response including an IP address and information, called first information, linked to the IP address; and transmit or not transmit the request on a network depending on the first information.

8. A home gateway comprising the management entity as defined in claim 7.

9. (canceled)

10. A non-transitory computer-readable data carrier on which at least one sequence of program code instructions is stored for executing a management method when the instructions are executed by a processor of a management entity, wherein the method comprises: receiving a request to access a website originating from a device and transmitted through a telecommunications network, wherein the request includes a domain name and is configured to be transmitted to a domain name resolution server; routing the request to the domain name resolution server; receiving a response including an IP address and information, called first information, linked to the IP address; and depending on the first information, transmitting or not transmitting the request on the network.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0052] The invention will be better understood on reading the following description, which is given by way of example and with reference to the appended drawings, in which:

[0053] [FIG. 1] FIG. 1 shows a computer system on which one exemplary embodiment of the invention is illustrated.

[0054] [FIG. 2] FIG. 2 is a schematic view of the architecture of a home gateway according to one embodiment of the invention.

[0055] [FIG. 3] FIG. 3 illustrates one example of steps implemented within the context of a method according to one embodiment.

[0056] [FIG. 4] FIG. 4 illustrates one possible variant of the embodiment described with reference to FIG. 3.

[0057] [FIG. 5] FIG. 5 illustrates another possible variant of the embodiment described with reference to FIG. 3.

DETAILED DESCRIPTION OF ONE OR MORE EXEMPLARY EMBODIMENTS ILLUSTRATING THE INVENTION

[0058] FIG. 1 shows an access device of a user OBJ able to access a communication network RES via an interface device GTW. The communication network RES may be the Internet and the interface device GTW may be a home gateway or a router allowing the terminal OBJ of a user to access the Internet. Access to the communication network is provided by a communication network access provider.

[0059] The access device OBJ may be any type of device configured to access a communication network such as the Internet via the home gateway GTW. The access device OBJ may be a cell phone or other mobile communication terminal, such as a tablet or a laptop computer, a desktop computer or a domestic appliance able to set up a connection with the communication network RES.

[0060] Generally speaking, when a user enters a domain name on the browser installed on an access device, a domain name resolution request is transmitted by the access device to a resolution server or DNS server.

[0061] The DNS server then responds to the access device 10 with a network address or “Internet Protocol” address corresponding to the domain name, the access device then being able to access the IP address via the home gateway GTW.

[0062] The home gateway GTW is an interface device allowing exchanges between the access device OBJ and the communication network RES. It acts, among other things, as a DNS relay. In other words, the gateway takes responsibility for sending the resolution requests REQ to DNS resolution servers. One possible architecture of the interface device will be described later with reference to FIG. 2.

[0063] It will be recalled here that it is necessary to obtain the IP address of the website in order to access it. In general, a website has one or more IP addresses (for example 93.184.216.34) and a domain name (www.example.com).

[0064] A domain name is translated into a numeric address by a DNS (acronym for “Domain Name System”) domain name resolution server.

[0065] FIG. 2 illustrates a home gateway configured to implement the management method according to one particular embodiment of the invention.

[0066] According to this particular embodiment, the gateway has the conventional architecture of a computer and comprises in particular a processor CPU (or microcontroller), and a memory MEM in which, in which, an entity ENT is stored. In our example, the entity ENT is a computer program that comprises instructions for implementing the steps of the management method that will be described below with reference to FIG. 3 when the program is executed by the processor CPU.

[0067] The gateway furthermore comprises a module Wi-Fi and a module RES for communicating with a local area network such as a Wi-Fi network and a wide area network such as an ADSL, fiber, etc. network.

[0068] FIG. 3 illustrates a flowchart of the processing method according to a first embodiment of the invention.

[0069] In our example, the access device OBJ is a connected object.

[0070] When the connected object OBJ wishes to access the communication network RES via the home gateway GTW, the object OBJ 10, in a first step ET1, creates a resolution request REQ to resolve the domain name DN of a website that it wishes to access and transmits this resolution request REQ to the gateway GTW.

[0071] In a second step ET2, the home gateway GTW transmits the resolution request to the DNS server.

[0072] The DNS server then performs two tasks. A first task of obtaining, in a third step ET3, the IP address associated with the domain name; a second task of obtaining descriptive information about the IP address by interrogating the server SRV in a fourth step ET4, the descriptive information having the role for example of providing a confidence level N-IP associated with the device to which the resolved IP address corresponds. This information, called descriptive information, may be stored in the DNS server or stored on a server external to the DNS server. In a fifth step ET5, the DNS server obtains and transmits, to the entity ENT, the obtained descriptive information N-IP about the IP address in question.

[0073] This descriptive information may be diverse and varied. Descriptive information may be a type of website associated with the IP address: social network, video games, crypto-mining, etc.

[0074] Other descriptive information may be the geographical location of the server: China, Russia, United States, Brazil, France

[0075] Other descriptive information may be a confidence score associated with the IP address, for example given on a scale of one to ten.

[0076] In a sixth step ET6, the gateway receives the response from the DNS server, the response including the resolved IP address and a set of descriptive information associated with the IP address.

[0077] It is assumed here, to simplify the exemplary embodiment, that the received set of descriptive information is a confidence level N-IP provided in the form of a confidence score on a scale of 1 to 10, for example 9 for the website in question.

[0078] In a seventh step ET7, the management entity ENT receives the response, checks VRF the received information N-IP and decides to transmit the IP address to the object based on the received descriptive information, in our example the received confidence score.

[0079] It is assumed here that the entity transmits the IP address only if the confidence score is greater than or equal to 7. In this example, with the score received by the entity ENT being 9, the entity transmits the IP address to the object in an eighth step ET8.

[0080] Had the score received from the DNS server been a score lower than 7, the entity would not have transmitted the IP address.

[0081] After receiving the IP address, the object OBJ accesses the website having the received IP address.

[0082] According to a first variant, the access request is based on an IP address instead of a domain name.

[0083] With reference to FIG. 4, if the object OBJ wishes, in a step ET1a, to access a website via a URL address instead of a domain name, a request REQ(IP) is transmitted from the object OBJ to the entity ENT. Upon receipt of the request REQ(IP), instead of transmitting a request as in step ET2 described above, responds to the object OBJ in a step ET1b, by asking the object to transmit an access request to the website using a domain name.

[0084] In a subsequent step ET1c, the object OBJ transmits, in return, an access request REQ(DN) to access the website using a domain name.

[0085] The entity receives the access request.

[0086] At this stage; the method again takes place as described above from step ET2 to step ET6.

[0087] Next, in a sixth step ET6a, the management entity ENT receives the response, checks VRF the received information N-IP and decides to transmit the IP address to the object based on the received descriptive information, in our example the received confidence score.

[0088] It is assumed again here that the entity transmits the IP address only if the confidence score is greater than or equal to 7.

[0089] In this example, with the score received by the entity ENT being 9, the entity transmits the received request on the Internet, in a seventh step ET7a, to the website having the IP address.

[0090] According to a second variant, the method takes into account information linked to the connected object when making a decision. In this configuration, the entity ENT takes into account not only descriptive information relating to the website that the object OBJ wishes to access, but also descriptive information about the object OBJ itself.

[0091] Descriptive information about the object may be of any kind. For example, the descriptive information is a category of user likely to be using the object: child/adult, or a category of object (toy, video game for children or adults, “IoT” (for “Internet of Things”) object such as a camera or a refrigerator, etc.).

[0092] The object is for example a connected game for children (a stuffed toy, an electric car for children, etc.).

[0093] In this configuration, the entity ENT compares the received information relating to the website with the information relating to the object. The entity detects any incompatibilities between the object and the website. For example, if the website is an adult site, without being malicious, and the user category of the object is “child”, the entity ENT does not transmit the IP address to the object or does not transmit the access request as the case may be.

[0094] In the same way, if the website is a crypto-mining site (that is to say a site for “mining” cryptocurrencies), and the object is of the “IoT” type, the entity ENT does not transmit the IP address to the object or does not transmit the access request as the case may be.

[0095] A confidence level may also be assigned to the object OBJ. In this case, the entity may use this confidence level to decide whether or not to transmit the IP address.

[0096] According to one embodiment, the descriptive information received from the resolution server is stored in the memory MEM of the gateway GTW. It is also possible to set a period TM beyond which the information expires.

[0097] In this configuration, when an access request based on a domain name is received, the entity ENT checks whether this domain name DN has already been resolved by consulting the memory of the gateway (step DN/MEM).

[0098] If not, steps ET2 and those that follow are carried out again.

[0099] If so, optionally, with reference to FIG. 5, the validity of the descriptive information is checked by the entity (step TM ?).

[0100] If the data are no longer valid because the validity period has expired, steps ET2 and those that follow are carried out again.

[0101] If the data are valid, steps ET8 or ET7a are carried out according to the use case defined above. Only step ET8 is shown in FIG. 5.

[0102] According to another variant, when the information linked to an IP address, stored in memory in the home gateway, has expired and is therefore no longer valid, the entity ENT transmits a domain name resolution request in order to obtain the latest updated descriptive information.

[0103] More precisely, when the information is no longer valid, this embodiment comprises the following steps: [0104] A step of transmitting, to a domain name resolution server, a request to obtain an update of the information associated with an IP address and stored in memory, [0105] A step of receiving a response including the information associated with the IP address, and [0106] A step of storing the received information.

[0107] In this variant, the trigger for the transmission of a resolution request is not the reception of a request, originating from the access device, to access a domain name DN, but a state of the descriptive information stored in memory, more precisely expiry of the descriptive information.

[0108] Finally, to conclude, it is specified here that “descriptive information” refers to data able to characterize an object or a remote server.

[0109] Descriptive information relating to the object is for example permissions and/or metadata known to the home gateway, the latter keeping the connected objects to which it is connected up to date.

[0110] The permissions refer for example to an administrator, a normal user, etc.

[0111] The metadata relates for example to [0112] a type of equipment: Camera, PC, Telephone, Tablet, Printer, TV [0113] a confidence level such as a confidence score: 0 10 [0114] a type of equipment: dangerous, non-secure, parental, social network, video games [0115] a category of equipment/software: dangerous/not dangerous; dangerous software is known to include for example crypto-mining software that uses the processing power of a peripheral for the purpose of generating cryptocurrency. These websites may be used legitimately by the user of the object, but are also used illegitimately by malicious third parties. [0116] a country of origin: China, Russia, United States, France, etc.

[0117] Although the present disclosure has been described with reference to one or more examples, workers skilled in the art will recognize that changes may be made in form and detail without departing from the scope of the disclosure and/or the appended claims.