DNS MOBILE APP for SMART DEVICES:

MOBILE PHONES/TABLETS/TELEVISIONS AND OTHER SMART DEVICES CONNECTING TO INTERNET

FIELD

The present disclosure relates to DNS (Domain Name Server Resolution) Application for smart communication devices like mobile phones, tablets, televisions etc. The Application is designed to provide DNS caching, access control, notification, reporting and security against mobile malware threats for the users. It also protects and restricts users from accessing malware, blacklisted sites, botnet controllers and other legitimate websites, which can be restricted as per business/parental uses.

BACKGROUND

Mobile and smart home devices such as smartphones/tablets/TVs have become more advanced. Some of the above-mentioned devices incorporate a processor that runs computer code, including code that implements an operating system (OS). These devices are capable of running computer code that implements one or more applications. These devices are commumcating and downloading information from Internet by using Wifi/2G/3G/LTE. In most of the situations the users are accessing repetitive websites/domains/applications, which can be cached at DNS level. DNS Caching will help users to improvise the user experience and reduce the expensive Internet data usage in mobility environment.

Along with caching, application can control DNS queries, thus controls and restricts the access to certain domains/website/applications (APPS) for security /business policies and parental controls.

SUMMARY

The present disclosure describes one or more systems, methods, routines and/ or techniques to provide DNS Cache, Control of the domains to be accessed, reporting, centralized/distributed Management of profiles on an open platform. The systems, methods, routines and or techniques of the present disclosure allow users to freely use open platform devices while providing efficient, updated and minimally intrusive application to such users and/ or devices. The systems, methods, routines and/ or techniques of the present disclosure will provide the DNS client service on the open platform for DNS resolution, cache and security protections against malware/botnets. The applications will start dropping the DNS queries sent to any malware, botnet or blacklisted IP addresses for example, whenever user is trying to access any application/webpage on the internet if the domain/IP is blacklisted the DNS query is dropped. The application will provide the DNS resolution, caching and restricting the access based on multiple factors. These factors can be based on security or business decisions.

The systems, methods, routines and/or techniques of the present disclosure may include commumcating information to a remote server, for example, such that the centralized server can dynamically update latest policies comprising malware domains (URLs), blacklisted IP data, other legitimate domain restriction based on organization/parental controls from the internet. The centralized server will also pull out data from user platform for reporting and analysis.

These and other advantages, aspects and novel features of the present disclosure, as well as details of an illustrated embodiment thereof, will be more fully understood from the following description and drawings. It is to be understood that the foregoing general descriptions are examples and explanatory only and are not restrictive of the disclosure as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS Several features and advantages are described in the following disclosure, in which several embodiments are explained, using the following drawings as examples.

FIG. 1 depicts an illustration of a block diagram of the packet flow in for any Internet mobile communication system showing example components, connections and interactions of a network setup, where one or more embodiments of the present disclosure may be useful in such a network setup.

FIG. 2 depicts an illustration of an example mobile device or smartphone and various example pieces of code or functions that may run or execute on a mobile device or smartphone, according to one or more embodiments of the present disclosure.

FIG. 3 depicts an illustration of an example mobile device or smartphone and packet flow from Apps/System functions to Internet, according to one or more embodiments of the present disclosure.

FIG. 4 depicts an illustration of an example mobile device or smartphone and packet flow from Apps/System functions to Internet for family mode application, according to one or more embodiments of the present disclosure.

FIG 5. depicts an illustration of an example mobile device or smartphone and packet flow from Apps/System functions to Internet for enterprise class mode application, according to one or more embodiments of the present disclosure.

FIG 6 depicts a flow diagram that shows example steps in a method for providing DNS cache, protect/restrict users from accessing undesirable content/domain, in accordance with one or more embodiments of the present disclosure.

DETAILED DESCRIPTION

Various mobile devices are capable of accessing multiple applications and information's from Internet. These applications vary from banking, social networking, utility, productivity, navigations, games etc. Applications are accessing the data from their respective servers hosted on Internet by performing DNS lookups. System creates DNS queries to the respective recursive DNS servers that perform the DNS lookups. These DNS servers can be enterprise DNS, Telecom DNS or an open DNS. It is observed that about 70-80% queries generated by users on smartphones are same.

The present disclosure describes one or more systems, methods, routines and/ or techniques to help users build DNS cache on the smartphones. The system, methods, routine and/ or techniques will help users to reduce the number of DNS queries generated by smartphones for accessing internet.

The term malware stands for malicious software and may refer to any software or code within a software program designed to, without a user's conscious consent, infiltrate, damage, monitor (or other malicious action) a computing device. Examples of malware include viruses, spyware, clickbots, phishing attempts, fraud ware, Trojan horses, rooting or any other malicious software and/or code. Although the present disclosure may describe one or more systems, methods, routines and/or techniques to protect users from malware by restricting DNS queries to the malware/blacklisted IP addresses.

As another example of an undesirable application that may not technically be thought of as malware, a software program or application may generate huge amount of DNS queries in a manner that drains the battery of a mobile device faster than a user would expect and increases the internet consumption of the device. In various embodiments of the present disclosure, the user can restrict the communication to undesirable domains/IP addresses or the number of queries generated by specific application by restricting the DNS queries. Therefore, the use of the term "malware" throughout this disclosure should not be understood to limit these descriptions and or embodiments. FIG. 1 depicts an illustration of a block diagram showing example components, connections and interactions of a network setup in mobility and Wifi environment.

Mobility environment blocks will remain same to an extent for 2G/3G and LTE setups where one or more embodiments of the present disclosure may be useful in such a network setup. In mobility environment telecom service providers have their own DNS cache solution (Gi DNS) for internet DNS resolutions. Gi DNS may provide following function/services to its subscribers

• DNS cache

• DNS Security at gateway level

• DNS Blacklisting

• DNS recursive lookups

For subscribers, every DNS queries are sent to Gi DNS which is responded based on DNS Cache and other security features implemented. It should be understood that the network setup 100 may include additional or fewer components, connections and interactions than are shown in FIG. 1. FIG. 1 focuses on a portion of what may be a much larger network of components, connections and interactions. Network setup may include one or more mobile/tablet/smart devices per subscriber.

For Wifi/DSL/FTTX environment, where one or more embodiments of the present disclosure may be useful in such a network setup. Subscriber has its own router which might act as DNS server for local area network (LAN) comprising one ore more mobile/tablets/Smart Tv or other smart devices connecting to internet. In ISP (Internet service provider) environment, it also has its own gateway DNS servers may provide following functions/service to its subscribers.

• DNS cache

• DNS Security at gateway level

• DNS Blacklisting

• DNS recursive lookups for Internet resolutions

For subscribers, every DNS queries are sent to ISP DNS which is responded based on DNS Cache and other security features implemented. It should be understood that the network setup may include additional or fewer components, connections and interactions than are shown in FIG. 1. FIG. 1 focuses on a portion of what may be a much larger network of components, connections and interactions. Network setup may include one or more mobile/tablet/smart devices per subscriber.

In the above-mentioned setup for Mobility that is based on 2G/3G/LTE environment as well as Wifi/DSL/FTTX based home/office connectivity, the present disclosure will be installed on all end devices/open platforms. The present disclosure will provide all required DNS server features on the smart devices like mobile, tablets, smart TV, smart gadgets, smart automobile etc.

The following functions/services will be provided.

• DNS cache

• DNS Security

• DNS Blacklisting

• DNS recursive lookups for Internet resolutions

• Profiling

• Reporting

FIG 2 depicts the typical system architectures of smartphones/tablets. The architectures is based on four building blocks • Applications

• Applications Framework

• Libraries

• Operating System Kernel

The present disclosure will be placed at two layers in the current OS architecture.

• Applications: The present disclosure will have GUI or frontend access to users for the following functions.

o Configurations settings

o Profiling

o Reporting

o Security enhancements

The above-mentioned tasks will be performed by users/administrators locally as well as remotely to control and provide enhancements in the functionalities. The Application interface will be accessing and controlling DNS functionalities of the smart devices.

• Kernel: OS kernel governs the networking and system functionalities of the smart devices. This includes

o Networking

^■ IP Address assignment based on DHCP/Static: for mobility/wifi access

^■ DNS settings

^■ DNS resolutions

o Drivers for various connectivity and other functionalities

o Power Management

The present disclosure will have a process running at kernel level to access and control the system functionalities related to DNS. The engine/process running at kernel will provide following functionalities

o DNS Cache: The engine will cache all the recursive DNS queries responses for the TTL value mentioned by the responding authoritative DNS server. With cache inbuilt on the smart devices, number of recursive queries generated by smart devices will go down. DNS cache functionalities on smart devices can be also improvised by using DNS prefetch and negative cache TTL (RFC 2308) standard functionalities.

o Security enhancements: Most of the telecom/enterprise or individual customers would like to build security enhancements in their smart devices. These security enhancements can have various requirements from:

^■ Restricting and allowing specific internet access to non-blacklisted domains/websites/applications based on security and business considerations. These list of domains are customizable and configurable for user/enterprise and telecom.

^■ Restricting access to blacklisting domains based on regulatory requirements of organization or country. These are standard list of domains/IP addresses, which will be released by regulatory authorities of any country. Users/Enterprise/telecom will not be able to modify access of these domains.

^■ Restricting access to malicious domains and malicious IP addresses.

The category and rating of this IP/Domains can be found in integration with 3 ^rd party security feeds. These feeds continuously update active malicious domains and malicious IP addresses active on the Internet. This is a dynamic list that will be dynamically and periodically updated in application. Users/Enterprise/Telecom can modify the access of the domains/IP addresses.

■ DNSSEC: DNSSEC is one of the key enhancements which most of financial and federal websites are deploying to protect DNS communication from DNS cache poisoning attacks. These attacks are widely common on Internet and increasing consistently.

DNS queries generated by any applications or system generated functions will be validated by various user configurable and standard security functions. The detailed flow chart is explained in FIG 6.

FIG 3 depicts the building blocks of entire solution for the present disclosure. The significance of the building blocks is explained in detail as follows: -

Applications (APPS): Smart devices like Phones/Tablets/ Televisions do have the capabilities to load multiple applications on the same. These applications are one of the key usages for smart phone. These applications are used for financial transaction, social networking, utility, cloud based applications. These applications are in-turn connecting to hosted servers on Internet. For connecting back to Internet server, all the application relies on domain name resolutions (DNS). Applications are generating multiple and periodic DNS queries to connect to their respective application servers on Internet for updates, uploads, downloads, notifications and transactions.

System applications: All smart devices have an underlying operating system that requires connectivity to Internet. System applications are also one of the critical Internet users for smart devices. System applications are continuously updating and pulling multiple information on internet about the smart phone such as location identifications, notifications, updates, patching etc. Again for all these functionalities systems are generating multiple and periodic DNS queries to connect back to cloud based servers hosted by respective mobile/OS manufacturers.

Kernel/DNS Engine: Application and system-generated traffic are always generating DNS queries to Internet. For all the communications based on TCP/IP protocol stack will be routed through OS kernel. The OS kernel will control all the networking and underlying system functionalities for Wifi/2G/3G and LTE. The OS kernel will have DNS settings for smart devices. The present disclosure will have DNS process engine deployed in OS kernel. All the DNS queries generated from Application and system applications will be sent to this DNS engine. The DNS engine will have certain access list, which will be periodically updated by DNS application. Based on access list, DNS engine will generate or drop DNS queries. The DNS engine will also maintain the DNS cache for the TTL based on respective DNS response. All the DNS cache will be loaded data structure in an encrypted form. The cache file will be read-only and which can't be modified to prevent DNS cache poisoning. The DNS engine will be solely responsible to send the DNS resolution of all the DNS queries. The DNS engine will be performing following function based on configurations done on DNS APP.

• Recursive DNS lookups in case not resolution not in DNS cache.

• Drop DNS queries for blacklist/malicious domains

• Respond the DNS queries from DNS cache

• Modify the DNS response in case user needs to be notified by redirecting to other servers.

DNS APP: DNS App is a front-end interface for the present disclosure. The DNS App will be installed on smart devices working on multiple Operating systems. DNS App can be installed from legitimate application stores deployed on the smart phones. The DNS app will be providing following GUI access to users. • Settings

• Reporting

• Security enhancements setting

• Dashboard for live statistics

• Profiles

• Mode of operations: standalone/family/enterprise/telecom

Central Management server: The Central Management server is an application installed either on internet cloud or in data center of enterprise customers. The function of central management server is to control the DNS app installed in multiple smart devices. There are various modes of operation in which the DNS application can be deployed for centralized control. The primary functions for central management server are -

• Configuration and control of security policies,

• Centralized configuration of DNS App,

• Centralized reporting

• Integration with 3 ^rd Party security feeds

• Identity Management

The centralized server will communicate to respective DNS app with SSL (secure socket layer) or an equivalent protocol. The DNS App will initiate the TCP connection on port 443 to centralized server. The centralized server will also integrate with 3 ^rd party security feed from various sources. The centralized server will integrate and collate the data from various sources. Security data from the server will be updated to respective DNS application installed on various smart devices.

3 ^rd Party Security Feed: 3 ^rd party security feeds are paid feeds, which will share and periodically update multiple data. The data is linked with following security threats

• Malwares

• Botnets

• Blacklisted domains

• Blacklisted IP addresses

FIG 4 and FIG 5: Depicts the operational modes of the application and solution.

The application can be installed in following modes

• Single user mode: Single user is a mode where the user owns or controls single smart device. The user can install, modify the configuration or delete the application. The user can get all configuration and reporting on the application itself. Following functionalities will be available to configure and operate.

o Mode

o Settings

o Security Controls

o Profiles

o Reporting Family mode: Family mode is a mode of operation where the users own or control multiple smart devices. These devices are purely used for personal or professional objectives. As the user want to control/restrict the usage and security of the smart devices. The user will install the application on all of its self -owned smart devices. Once the applications are installed, the user can configure and push the policies/profiles to respective devices for parental control, security, caching and reporting from central server hosted on internet cloud.

User will be authenticated on the central management servers and add self owned devices in its profile. The devices will be added manually and identified based on username/password and hardware identifications based on serial numbers/IMEI numbers. User will define its secret key to authenticate smart devices with his profile defined on central server. Each profile on the centralized server for users is identified based on their respective registered email id. This will ensure the smart devices are authenticated and integrated with central server using secured communication based on SSL or equivalent.

Enterprise mode: Enterprise mode is mode of operation for organizations to own or control smart devices of its employees/contractors. The enterprise administrator will instruct and mandate all its smartphone users to install the DNS application. The DNS application will be installed and identified to its central server with a registered email id. This mode will work similar to family mode with one clear distinction that enterprise can load application in their internal network. This will help enterprise to provide following solution with DNS.

o Control internet access to smart devices in their premises

o Restrict mobile users access coming from internet

o Unified identity management for mobile users by pushing profiles o Controlling Intranet access for mobile users

The enterprise mode centralized server will be sized and designed based on the number of smart devices it is going to manage. All the functionalities and features can be offered to enterprise in either standalone mode as application or as cloud based solution.

Telco mode: Enterprise mode is mode of operation for Telecom service provider, which offers data connectivity services to its subscriber. This services are based on 2G, 3G, Wi-Fi, LTE, FTTX connectivity options. The telecom service provider can offer this as value added service to their subscriber to provide parental control, security services for smart devices. The primary services can be offered to the subscribers can be: - o Restricting the access Blacklisted domains stated by regulatory authorities o Notify the users which are generating DNS queries to malicious domains o Security protection against malicious domains

o Parental controls for users

The telecom mode servers will be sized and designed based on the number of smart devices it is going to manage. Fig 6: Depicts the flow of algorithm from DNS query generated by applications (APP) or system generated traffic.

Step 1: Whenever user connects to data network from smart devices with mobility/wifi/FTTX mode, the application loaded on smart devices connects to its server hosted on Internet cloud. Along-with applications, the system also generates multiple traffic for identification/updates/notifications to Internet server. As soon as the applications try to connect to its servers, the first communication is DNS resolution. The DNS resolution is done by generating DNS query for resolving the IP address of the domain server hosted on the Internet. The DNS queries are sent to kernel/networking engine, which maintains network and DNS server configurations. The DNS engine loaded by the DNS application will analyze the query based on the algorithm defined as mentioned in next steps.

Step 2: Once the DNS query is sent to DNS App. The DNS app will analyze the name of the domain. The name of the domain is validated against the list of the blacklisted domain, which was added/updated by central server based on multiple criteria, which include regulatory requirement, security requirement or organizational policies. (Updates from the central server depend on the mode and service purchased by the user). If the domain matches with blacklisted domain, the query will be dropped or redirected to some other server for notifications. The number of queries and the list of domains will be captured/indexed for reporting functionality provided by the DNS app. In case the domain is not part blacklisted domain, it will forward to next step.

Step 3: Once the DNS query is validated against the blacklisted domains updated by central servers, users can also set certain domains in blacklist by themselves or as an organizational policy. The DNS query will be again validated against the list. If the domain matches with list, the query will be dropped or redirected to some other server for notifications. The number of queries and the list of domains will be captured to be shown in the reports generated by the DNS app. In case the domain is not part blacklisted domain, it will forward to next step.

Step 4: Once the domain is validated against the restrictions, the domain is checked against the cache list in the application. In case the domain entry is present in cache, it will be quickly responded to the applications. In case the domain is not cached, it will move to next step.

Step 5: Before actually generating the query on the Internet, the DNS app will validate and update the policy from centralized server to ensure the DNS query will be validated against the blacklisted domains. The validation may happen with delta addition/ deletion of the policy updates to speed up the process of DNS response. If the domain matches with list, the query will be dropped or redirected to some other server for notifications. The number of queries and the list of domains will be captured to be shown in the reports generated by the DNS app. In case the domain is not part blacklisted domain, it will forward to next step.

Step 6: Now the DNS app will generate the recursive DNS query to the DNS servers defined in the OS kernel. The DNS server may be on the local area network/telecom network/ open DNS. User has the flexibility to use any DNS based on the configuration of the smart device.

Step 7: Once the smart device receives the resolution of the recursive DNS query with an IP address/addresses. These IP addresses can be on IPv4 or IPv6 or both based on the network configuration and setup. The IP addresses are again validated against the list of blacklisted IP defined by central server/user. If the IP addresses matches with list, the response will be dropped or redirected to some other server for notifications. The number of queries and the list of domains will be captured to be shown in the reports generated by the DNS app. In case the IP address is not part blacklisted list, it will forward to next step.

Step 8: Once all the validation i.e. domain and resolved IP addresses are done, the response of the DNS is sent to the respective application. The DNS app will also update the DNS cache for future queries to be responded from cache.