Extensible access control architecture
US-9185091-B2 · Nov 10, 2015 · US
System and method for suppressing DNS requests
US10356040B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10356040-B2 |
| Application number | US-201816000700-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 5, 2018 |
| Priority date | Jan 27, 2015 |
| Publication date | Jul 16, 2019 |
| Grant date | Jul 16, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwards the content request. The content is received by the intermediary server, which returns it to the requesting application, such as by way of the VPR. Real IP addresses may be returned by the intermediary server such that subsequent content requests to the domain name may bypass the intermediary server. Requests for certain domains, ports, and/or protocols may bypass the intermediary server such that the VPR resolves the domain names to real IP addresses.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system comprising one or more processing devices and one or more memory devices operably coupled to the one or more processing devices, the one or more processing devices storing executable code effective to cause the one or more processing devices to: intercept a first domain resolution request for a first domain name from an application, the first domain name being associated with at least one first content server in a computer network; determine a first internet protocol (IP) address corresponding to the first domain name; store an entry mapping the first IP address to at least a part of the first domain name on a storage device; return, in response to the first domain resolution request, the first IP address intercept a first content request to the first IP address; obtain from the storage device the at least the part of the first domain name corresponding to the first IP address; obtain a routing rule associated with one or more parameters of the first content request; evaluate whether one of (a) the first content request should be forwarded through an intermediary server according to the routing rule associated with the one or more parameters of the first content request, the intermediary server being enabled to forward the request to the at least one first content server and (b) the first content request should be sent to the at least one first content server without being forwarded through the intermediary server according to the routing rule associated with the one or more parameters of the first content request; if (b): determine whether the first IP address is (c) a pseudo IP address or (d) a real IP address; if (c), (i) issue a second domain resolution request over the computer network for the first domain name and (ii) hold at least part of the first content request at least until receiving a response to the second domain resolution request, (iii) obtain a second IP address from the response to the second domain resolution request, the second IP address being a real IP address of the at least one first content server, and then (iv) send at least part of the first content request to the second IP address over a computer network; if (d), send at least part of the first content request to the first IP address over the computer network; and if (a): send at least part of the first content request to a third IP address of the intermediary server over the computer network, the third IP address being different from the first IP address and the real IP address of the at least one first content server. 2. The system of claim 1 , wherein the executable code is further effective to cause the one or more processing devices to determine the first IP address corresponding to the first domain name by: if (b): send a domain resolution request for the first domain name over the computer network; and obtaining the first IP address from a response to the domain resolution request, the first IP address being a real IP address of the first content server. 3. The system of claim 1 , wherein the one or more parameters of the first content request are selected from a group consisting of the first domain name, a transport protocol and a destination port. 4. The system of claim 1 , wherein the intermediary server is enabled to function as at least one of a Virtual Private Network (VPN) server and a proxy server. 5. The system of claim 1 , wherein the executable code is further effective to cause the one or more processing devices to, if (a): determine, according to the one or more parameters and the routing rule, whether (c) the first content request should be forwarded through a VPN server or (d) the first content request should be forwarded through a proxy server according to the one or more parameters and the routing rule; if (c), include the first IP address in a request corresponding to the first content request sent to the VPN server; if (d), exclude the first IP address from a request corresponding to the first content request sent to the proxy server. 6. The method of claim 5 , wherein the executable code is further effective to cause the one or more processing devices to determine whether (c) the first content request should be forwarded through the VPN server or (d) the first content request should be forwarded through the proxy server according to the one or more parameters and the routing rule by: evaluating at least one of a domain name, a transport protocol, and a destination port of the first content request as the one or more parameters with respect to the at least one routing rule.
Assignees
Inventors
Classifications
- H04L63/0272Primary
Virtual private networks · CPC title
- H04L61/1511Primary
Electricity · mapped topic
Electricity · mapped topic
Network architectures or network communication protocols for network security (cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00; network architectures or network communication protocols for wireless network security H04W12/00; security arrangements for protecting computers or computer systems against unauthorised activity G06F21/00) · CPC title
Electricity · mapped topic
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10356040B2 cover?
- A virtual private router (VPR) intercepts DNS requests and returns a pseudo IP address to the requesting application and the pseudo IP address is mapped to a domain name in the request. Requests for content including the pseudo IP address are modified to include the corresponding domain name and transmitted to an intermediary server, which resolves the domain name to a real IP address and forwa…
- Who is the assignee on this patent?
- Anchorfree Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0272. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 16 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).