[go: up one dir, main page]

WO2024116185A1 - System and method for restrictive communication control over personal communication devices - Google Patents

System and method for restrictive communication control over personal communication devices Download PDF

Info

Publication number
WO2024116185A1
WO2024116185A1 PCT/IL2023/051229 IL2023051229W WO2024116185A1 WO 2024116185 A1 WO2024116185 A1 WO 2024116185A1 IL 2023051229 W IL2023051229 W IL 2023051229W WO 2024116185 A1 WO2024116185 A1 WO 2024116185A1
Authority
WO
WIPO (PCT)
Prior art keywords
websites
applications
participants
blacklists
whitelists
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IL2023/051229
Other languages
French (fr)
Inventor
Chaim Menachem KAWE
Dov Weiss
Ziv Meron HADAD
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2024116185A1 publication Critical patent/WO2024116185A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to communication networks, and more particularly to systems and methods for restrictive communication control over personal communication devices.
  • the Internet is a global system of interconnected computers and computer networks. Sometimes referred to as a "network of networks", the Internet connects private, public, academic, commercial and government networks. Originally, when first established, back in the 1960s, the Internet was designed to allow time- sharing of computer resources and to develop packet switching. Decades later, the Internet is a vibrant space for information (sometimes disinformation), social media networks and multitude of other uses.
  • PCDs personal communication devices
  • a method for providing a secluded communication network may include saving and maintaining on a storage device a database of one or a plurality of participants and one or a plurality of authorized users, and one or more blacklists or one or more whitelists each of which is related to any or all of the one or a plurality of authorized users, said one or a plurality of blacklists containing access information of one or more websites or applications to which and from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be denied and said one or a plurality of whitelists containing access information of one or more websites or applications only to which and only from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be allowed.
  • PCD personal communication device
  • the method may also include using a network interface controller of any of the PCDs. If a transmission associated to any of said one or more websites or applications contained in any of the one or more blacklists, that is incoming to or outgoing from that network interface controller, is identified, diverting the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and if a transmission associated to any of said one or more websites or applications contained in any of the one or more whitelists, that is incoming to or outgoing from that network interface controller, is identified, allowing the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
  • the method further includes providing a user application to be installed on the PCD of each of the one or a plurality of participants and said one or a plurality of a plurality of authorized users of the SCN, wherein the user application is configured to manipulate the network interface controller to divert the identified transmission.
  • the user application is configured to identify the transmission associated to any of said one or more websites or applications.
  • the method may include using a managing server to save and maintain the database of the one or a plurality of participants and said one or a plurality of authorized users, the one or more blacklists and the one or more whitelists.
  • the identifying of the transmission associated to any of said one or more websites or applications comprises monitoring data packets transmissions and extracting IP address or DNS address or domain name from the data packets.
  • the method may also include monitoring changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists.
  • the monitoring of the changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists is performed using a cloudbased server.
  • FIG. 1 illustrates a secluded communication network with restrictive communication control over personal communication devices, according to some embodiments of the present invention.
  • Fig. 2A shows a first identification user interface screen of a user app when used by an authorized user, according to some embodiments of the present invention.
  • Fig. 2B shows a registration screen of a user app when used by an authorized user, according to some embodiments of the present invention.
  • Fig. 2C shows an identification interface screen of a user app when used by an authorized user, according to some embodiments of the present invention.
  • Fig. 2D shows a session creation screen of a user app when used by an authorized user, according to some embodiments of the present invention.
  • Fig. 2E shows a session status screen of a user app when used by an authorized user, according to some embodiments of the present invention.
  • Fig. 2F shows a screen displaying a blacklist of blocked websites/apps of a user app when used by an authorized user, according to some embodiments of the present invention.
  • Fig. 3A shows a first identification user interface screen of a user app when used by an unauthorized user, according to some embodiments of the present invention.
  • Fig. 3B shows a registration screen of a user app when used by a participant, according to some embodiments of the present invention.
  • Fig. 3C shows an identification interface screen of a user when used by a participant, app according to some embodiments of the present invention.
  • Fig. 3D shows an authentication screen of a user app when used by a participant, according to some embodiments of the present invention.
  • Fig. 3E shows a session status screen of a user app when used by a participant, according to some embodiments of the present invention.
  • Fig. 3F shows a blocked websites/apps and learning tools screen of a user app when used by a participant, according to some embodiments of the present invention.
  • FIG. 4 is a diagram of a method for a secluded communication network with restrictive communication control over personal communication devices, according to some embodiments of the present invention.
  • FIG. 6 is a block diagram of a system 700 for providing a secluded communication network with restrictive communication control over personal communication devices, according to some embodiments of the invention.
  • the terms “plurality” and “a plurality” as used herein may include, for example, “multiple” or “two or more”.
  • the terms “plurality” or “a plurality” may be used throughout the specification to describe two or more components, devices, elements, units, parameters, or the like.
  • the method embodiments described herein are not constrained to a particular order or sequence. Additionally, some of the described method embodiments or elements thereof can occur or be performed simultaneously, at the same point in time, or concurrently. Unless otherwise indicated, the conjunction “or” as used herein is to be understood as inclusive (any or all of the stated options).
  • Embodiments of the present invention relate to situations where a group of people meet for an interactive session, such as for a lesson in a school class, a training session in a training facility, a lecture in a university or in a conference, a social interaction gathering, and other such sessions, where it is desired to prevent distractions from participants with personal communication devices (PCDs) e.g., smartphone, laptop, etc., who may be distracted from the focusing their attention in the main event by opting to engage with social media, interactive games, chatting and browsing in websites on the Internet.
  • PCDs personal communication devices
  • Distraction to participants may include, for example, various applications and/or websites that are not related to the subject to be learned in the learning session, like social media networks such as TikTok, Instagram, Facebook, YouTube, other content providing websites, etc.
  • social media networks such as TikTok, Instagram, Facebook, YouTube, other content providing websites, etc.
  • systems and methods are provided for providing a secluded communication network (SCN) with restrictive communication control over personal communication devices.
  • SCN secluded communication network
  • the use of PCDs by one or more participants in a session may be restricted by denying access of PCDs of participants to specific websites and/or preventing use of specific applications, or by only allowing access of PCDs of participants to specific websites and/or specific applications, so as to completely or greatly reduce distraction and allow the participants to direct their attention to the event, while still allowing use of the PCDs for other purposes.
  • a SCN may be desired, for example, when class students attend class at school, attend a university lecture or a tutorial with a teacher, and in other similar sessions.
  • the session itself may be a frontal lecture with the teacher and students are located in a class room or share other physical space, or a lecture in digital medium (e.g., using Zoom TM, Microsoft TeamsTM or similar tools).
  • Similar such scenarios may include physical activity, army training sessions, business meetings, staff meetings, organization meetings, and so on, where it is desired to seclude a group of users for a specific session and allow the organizer of that session to restrict communications of the participants, either by completely blocking such communications and/or restricting such communications to specific websites or specific users of the SCN.
  • a designated application (hereinafter - "user app") may be provided for downloading (or otherwise obtaining) and installing on PCDs of users (hereinafter - “participants”) who are to attend a lesson, a meeting, training, or another group event (hereinafter - “session”) which when activated affect a "learning mode” .
  • An authorized user for example, a teacher, a lecturer, a group coordinator, or any other authorized person may be given specific privileges to restrict, for example via the user app, communications from and to the PCDs of participants by creating, maintaining and updating a blacklist of websites and/or applications which the user app is configured to deny the affected PCD of each of the participants from accessing.
  • the authorized user may restrict, for example via the user app, communications from and to the PCDs of participants by creating, maintaining and updating a whitelist of websites and/or applications which the user app is configured to only the participants' PCDs to access these websites and/or applications, while denying any other communications.
  • a whitelist may be provided, which includes one or more of: IP addresses, DNS addresses and domain names, of websites to which PCDs of the students are allowed to access, whereas, as a default the VPN server blocks access by the students PCDs to any other website.
  • FIG. 1 illustrates a secluded communication network 100 with restrictive communication control over personal communication devices, according to some embodiments of the present invention.
  • a secluded communication network 100 with restrictive communication control over personal communication devices may include three servers (physical or virtual): A router emulating server 112 that provides a router operating system emulator (RouterOS,), and may act as a managing server of the SCN.
  • a router emulating server 112 that provides a router operating system emulator (RouterOS,), and may act as a managing server of the SCN.
  • RouterOS router operating system emulator
  • RouterOS server 112 may be configured to maintain and manage, for example on a storage device 113, a database of one or more authorized users (e.g., teachers, lecturers, trainers, etc.) and registered unauthorized one or more participants (e.g., students, organization workers, the database including identity/authentication data of each of the participants and authorized users, and other persons who are to be participants of sessions in SCN conditions), manage sessions opened by authorized users, managing authentications, e.g., generating authentication tokens, such as JSON Web Tokens (JWT), generate and random access codes, manage blacklists and/or whitelists 109, and managing and maintaining the address of a VPN server 108 the operation of which is described hereinafter.
  • authorized users e.g., teachers, lecturers, trainers, etc.
  • registered unauthorized one or more participants e.g., students, organization workers, the database including identity/authentication data of each of the participants and authorized users, and other persons who are to be participants of sessions in SCN conditions
  • the blacklists and or whitelists may be generated by specific authorized users and/or be provided, as default, by specific authorized users or provided by specific organizations (e.g., an Education Ministry or other government ministry or agency, universities, corporates, organizations etc.).
  • specific organizations e.g., an Education Ministry or other government ministry or agency, universities, corporates, organizations etc.
  • a third server - IP/DNS/domain names monitor 114 may be provided, configured to monitor and update changes to the IP addresses, the DNS addresses and/or the domain names of websites and applications on the Internet that are included in the blacklists or whitelists, updated copies of which may be saved on IP/DNS/domain names monitor 114 and updated regularly.
  • IP/DNS/domain names monitor 114 may be configured to operate in IOS - AppleTM based operating system and in Android TM environments, and monitor communications of iOS/iPadOS app (IP A) and/or Android Package Kit (APK) files.
  • IP A iOS/iPadOS app
  • APIK Android Package Kit
  • IP/DNS/domain names monitor 114 may be configured to monitor communication packets, for example by using Packet Capture (PCAP) file format. IP/DNS/domain names monitor 114 may be configured to be used on any platform, e.g., GNU/Linux, MacOS, BSD, Solaris, other Linux-like operating systems, Microsoft Windows, and other platforms.
  • PCAP Packet Capture
  • IP/DNS/domain names monitor 114 may monitor communications to websites and/or applications included in the blacklists and/or whitelists by intercepting ping transmissions and extract the IP address and/or DNS address and/or domain name indicated in the ping transmissions. Changes in the IP address and/or DNS address and/or domain name of the monitored websites and/or applications can thus be detected and the blacklists and/or whitelists may then be updated. Updates to the blacklists/whitelists may be transmitted to RouterOS 112 to maintain on RouterOS 112 updated blacklists/whitelists.
  • some or all of these servers may be implemented in a single server.
  • the authorized users may only provide names or otherwise indicates the applications/websites to be blocked and the user app is configured to obtain the relevant IP addresses, or DNS addresses, or domain names and update the blacklist of that authorized user.
  • ReouterOS 112 when a user signs in, using the user app 116 installed on that user's PCD, for example participant PCDs 102a, 102b, 102c and an authorized user's PCD 104, to a learning mode session, ReouterOS 112 sends to that user app 116 the IP address or DNS address of VPN server 108.
  • the user app 116 When active in "learning mode", the user app 116 is configured to manipulate the network interface controller such that when an outgoing or incoming ping transmission is identified as relating to a website or an application present on the relevant blacklist (relating to the session that PCD is signed in to) the entire corresponding communication is diverted via RouterOS 112 to VPN server 108, which is configured to act as a dead-end, effectively linked to an empty network.
  • Identification of ping transmission as relating to a website or application present on the relevant blacklist may be carried out locally by the user app 116, or remotely, by transmitting the intercepted IP/DNS address from the user app 116 to RouterOS 112, where the intercepted IP/DNS address may be checked against the blacklist.
  • the user app may be configured to identify and divert blacklist/whitelist related transmissions using packet filtering techniques.
  • the user app may use custom protocols to read ping information from the network interface controller and divert the identified ping related transmission, via RouterOS 112 to end up in VPN server 118.
  • the user app After signing in and identifying as an authorized user, the user app is configured to allow the authorized user to open a session and define a list of applications and/or websites to be blocked so that the student PCDs would be blocked from accessing these applications and/or websites when engaged in the learning session.
  • a random access code may be issued by the user app and provided to the authorized user, and the authorized user may then distribute to the participants who are to attend the session, and when they provide that access code to their user app they are allowed access to the learning session controlled by that authorized user.
  • a participant may register with their name or obtain (or provide) a random name.
  • the user app is configured to allow the authorized user to add or remove application/s and/or website/s form the blacklist of the VPN server at any time, before, during and after the learning session.
  • the SCN may be implemented as a SaaS system (e.g., a cloud-based service) or using physical servers in learning facilities (e.g., schools, universities, training centers etc.).
  • SaaS system e.g., a cloud-based service
  • learning facilities e.g., schools, universities, training centers etc.
  • the user app may include status information on each of the participants in the learning session, presented on the screen of the teacher's PCD.
  • status indicators in colors may be provided, so that if the status indicator of a participant is green, the related participant's PCD is linked to the learning session and is used. For example, if the status indicator is red, the participant who was previously connected to the learning session through their PCD has left (PCD was disconnected from the learning session). For example, if the status indicator is yellow, the related participant's PCD is linked to the learning session but is idle (not showing any activity).
  • the user app and/or teacher app may be configured to allow a teacher and/or a participant to enter learning mode independently, for blocking certain applications and/or websites, without having to enter the access code.
  • one or more participants may also be the authorized users.
  • one ore more participants may enter its PCD into a learning mode, and also define for themselves, as one or more authorized users their blacklist or whitelist.
  • monitoring communications based on identifying DNS addresses may include reverse DNS search, which is used to identify a domain name based on an IP address.
  • the IP/DNS listener 114 may collect all DNS entries allocated to a domain and may list them in a list of preferences. It is possible to conduct a DNS search using various DNS search tools, such as Google, Cloudflare, OpenDNS and other authorized domain and internet hosting lists.
  • a DNS checker e.g., IP/DNS listener 114
  • DNS entries may include A, AAAA, CNAME, MX, NS, PTR, SRV, SOA, TXT, CAA, DS, DNSKEY etc.
  • Fig. 2A shows a first identification user interface screen 120 of a user app when used by an authorized user, according to some embodiments of the present invention.
  • this screen the user is asked to identify themselves as either an authorized user 130 or a participant 132.
  • Fig. 2B shows a registration screen 122 of a user app when used by an authorized user, according to some embodiments of the present invention.
  • the user is asked to enter a first name 140 and a second name 142.
  • Fig. 2C shows an identification interface screen 124 of a user app when used by an authorized user, according to some embodiments of the present invention.
  • a teacher who selected "I am a teacher" in previous screen 120 is asked to enter a teacher code 144 and thus ends the identification stage.
  • Fig. 2D shows a lesson creation screen 150 of a user app when used by an authorized user, according to some embodiments of the present invention.
  • the teacher selects "create lesson” and is forwarded to the next screen.
  • Fig. 2E shows a lesson status screen 152 of a user app when used by an authorized user, according to some embodiments of the present invention.
  • the authorized user is asked to share a code 156 with the participants to allow them to join the lesson and is presented with a list of the participants 158 that are currently linked to the lesson, and may also select 160 to view the list of blocked websites/apps.
  • Fig. 2F shows an blocked websites/apps screen 154 of a user app according when used by an authorized user, to some embodiments of the present invention.
  • Fig. 3A shows a first identification user interface screen 170 of a user app when used by a participant, according to some embodiments of the present invention.
  • Fig. 3B shows a registration screen 172 of a user app according to some embodiments of the present invention.
  • Screens a70 and 172 are essentially the same as screens 120 and 122. It is the selection of whether the user is a participant or an authorized user that determines what would be the next screen to appear.
  • Fig. 3C shows an identification interface screen of a user app according to some embodiments of the present invention.
  • the participant may choose to join the lesson by pressing button 176.
  • Fig. 3D shows an authentication screen 180 of a participant app according to some embodiments of the present invention.
  • the participant is required to enter the access code that is supplied by the authorized user (see the teacher screen of Fig. 2E).
  • Fig. 3E shows a lesson status screen 182 of a user app according to some embodiments of the present invention.
  • the participant may select to be controlled by be subjected top restricted communications by confirming linking to the VPN server and remaining in the learning session or deselect and opt out of the learning session.
  • Fig. 3F shows a blocked websites/apps and learning tools screen 184 of a user app according to some embodiments of the present invention.
  • Fig. 4 is a block diagram of a method 500 for providing a secluded communication network (SCN).
  • Method 500 may include:
  • NIC network interface controller
  • a transmission associated to any of said one or more websites or applications contained in any of the one or more blacklists, that is incoming to or outgoing from that network interface controller is identified, diverting the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and [0079] if a transmission 506 associated to any of said one or more websites or applications contained in any of the one or more whitelists, that is incoming to or outgoing from that network interface controller, is identified, allowing the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
  • the method may also include using a network interface controller of any of the PCDs. If a transmission associated to any of said one or more websites or applications contained in any of the one or more blacklists, that is incoming to or outgoing from that network interface controller, is identified, diverting the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and if a transmission associated to any of said one or more websites or applications contained in any of the one or more whitelists, that is incoming to or outgoing from that network interface controller, is identified, allowing the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
  • the method further includes providing a user application to be installed on the PCD of each of the one or a plurality of participants and said one or a plurality of a plurality of authorized users of the SCN, wherein the user application is configured to manipulate the network interface controller to divert the identified transmission.
  • the user application is configured to identify the transmission associated to any of said one or more websites or applications.
  • the method may include using a managing server to save and maintain the database of the one or a plurality of participants and said one or a plurality of authorized users, the one or more blacklists and the one or more whitelists.
  • the identifying of the transmission associated to any of said one or more websites or applications comprises monitoring data packets transmissions and extracting IP address or DNS address or domain name from the data packets.
  • the method may also include monitoring changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists.
  • the monitoring of the changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists is performed using a cloudbased server.
  • FIG. 5 is a block diagram of a system 700 for providing a secluded communication network, according to some embodiments of the invention.
  • System 700 may include a processor 702 (e.g. single processor or a processing unit made that includes a plurality of processors, on a single machine or distributed on a plurality of machines) for executing a method according to some embodiments of the present invention.
  • Processor 702 may be linked with memory 706 on which a program implementing a method according to some embodiments of the present invention and corresponding data may be loaded and run from, and storage device 708, which includes a non-transitory computer readable medium (or mediums) such as, for example, one or a plurality of hard disks, flash memory devices, etc.
  • System 700 may further include an output device 704 (e.g. display device such as CRT, LCD, LED etc.) on which one or a plurality user interfaces associated with a program implementing a method according to some embodiments of the present invention and corresponding data may be presented.
  • System 700 may also include input interface 701, such as, for example, one or a plurality of keyboards, pointing devices, touch sensitive surfaces (e.g. touch sensitive screens), etc. for allowing a user to input commands and data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for providing a secluded communication network (SCN), may include saving and maintaining a database of the plurality of participants and the plurality of authorized users, and blacklists each of which is related to any of the authorized users, containing access information of one or more websites or applications to which and from which access by a personal communication device (PCD) of each of the plurality of participants is to be denied and using a network interface controller of any of the PCD, denying access to the websites and applications on the blacklists.

Description

SYSTEM AND METHOD FOR RESTRICTIVE COMMUNICATION
CONTROL OVER PERSONAL COMMUNICATION DEVICES
FIELD OF THE INVENTION
[0001] The present invention relates to communication networks, and more particularly to systems and methods for restrictive communication control over personal communication devices.
BACKGROUND OF THE INVENTION
[0002] The Internet is a global system of interconnected computers and computer networks. Sometimes referred to as a "network of networks", the Internet connects private, public, academic, commercial and government networks. Originally, when first established, back in the 1960s, the Internet was designed to allow time- sharing of computer resources and to develop packet switching. Decades later, the Internet is a vibrant space for information (sometimes disinformation), social media networks and multitude of other uses.
[0003] In situations where a group of people meet for an interactive session, such as for a lesson in a school class, training in a training facility, a lecture in a university or in a conference, in a social interaction gathering, and in other such situations, participants with personal communication devices (PCDs) e.g., smartphone, laptop, etc., may be distracted from the main event by opting to engage with social media, interactive games, chatting and browsing in websites on the Internet.
[0004] Sometimes it may be needed to prevent or restrict the use of PCDs, by denying access of PCDs of participants to specific websites and/or denying use of specific applications, to completely or greatly reduce distraction and allow the participants to direct their attention to the actual event, while still allowing use of the PCDs for other purposes. SUMMARY OF THE INVENTION
[0005] There is thus provided, in accordance with an embodiment of the invention, a method for providing a secluded communication network (SCN). The method may include saving and maintaining on a storage device a database of one or a plurality of participants and one or a plurality of authorized users, and one or more blacklists or one or more whitelists each of which is related to any or all of the one or a plurality of authorized users, said one or a plurality of blacklists containing access information of one or more websites or applications to which and from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be denied and said one or a plurality of whitelists containing access information of one or more websites or applications only to which and only from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be allowed.
[0006] The method may also include using a network interface controller of any of the PCDs. If a transmission associated to any of said one or more websites or applications contained in any of the one or more blacklists, that is incoming to or outgoing from that network interface controller, is identified, diverting the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and if a transmission associated to any of said one or more websites or applications contained in any of the one or more whitelists, that is incoming to or outgoing from that network interface controller, is identified, allowing the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
[0007] According to some embodiments of the present invention, the method further includes providing a user application to be installed on the PCD of each of the one or a plurality of participants and said one or a plurality of a plurality of authorized users of the SCN, wherein the user application is configured to manipulate the network interface controller to divert the identified transmission.
[0008] According to some embodiments of the present invention, the user application is configured to identify the transmission associated to any of said one or more websites or applications.
[0009] According to some embodiments of the present invention, the method may include using a managing server to save and maintain the database of the one or a plurality of participants and said one or a plurality of authorized users, the one or more blacklists and the one or more whitelists.
[0010] According to some embodiments of the present invention, the identifying of the transmission associated to any of said one or more websites or applications comprises monitoring data packets transmissions and extracting IP address or DNS address or domain name from the data packets.
[0011] According to some embodiments of the present invention, the method may also include monitoring changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists.
[0012] According to some embodiments of the present invention, the monitoring of the changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists is performed using a cloudbased server.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] In order for the present invention to be better understood and for its practical applications to be appreciated, the following Figures are provided and referenced hereafter. It should be noted that the Figures are given as examples only and in no way limit the scope of the invention. Like components are denoted by like reference numerals.
[0014] Fig. 1 illustrates a secluded communication network with restrictive communication control over personal communication devices, according to some embodiments of the present invention.
[0015] Fig. 2A shows a first identification user interface screen of a user app when used by an authorized user, according to some embodiments of the present invention.
[0016] Fig. 2B shows a registration screen of a user app when used by an authorized user, according to some embodiments of the present invention.
[0017] Fig. 2C shows an identification interface screen of a user app when used by an authorized user, according to some embodiments of the present invention.
[0018] Fig. 2D shows a session creation screen of a user app when used by an authorized user, according to some embodiments of the present invention.
[0019] Fig. 2E shows a session status screen of a user app when used by an authorized user, according to some embodiments of the present invention.
[0020] Fig. 2F shows a screen displaying a blacklist of blocked websites/apps of a user app when used by an authorized user, according to some embodiments of the present invention.
[0021] Fig. 3A shows a first identification user interface screen of a user app when used by an unauthorized user, according to some embodiments of the present invention.
[0022] Fig. 3B shows a registration screen of a user app when used by a participant, according to some embodiments of the present invention.
[0023] Fig. 3C shows an identification interface screen of a user when used by a participant, app according to some embodiments of the present invention.
[0024] Fig. 3D shows an authentication screen of a user app when used by a participant, according to some embodiments of the present invention. [0025] Fig. 3E shows a session status screen of a user app when used by a participant, according to some embodiments of the present invention.
[0026] Fig. 3F shows a blocked websites/apps and learning tools screen of a user app when used by a participant, according to some embodiments of the present invention.
[0027] Fig. 4 is a diagram of a method for a secluded communication network with restrictive communication control over personal communication devices, according to some embodiments of the present invention.
[0028] Fig. 6 is a block diagram of a system 700 for providing a secluded communication network with restrictive communication control over personal communication devices, according to some embodiments of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0029] In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those of ordinary skill in the art that the invention may be practiced without these specific details. In other instances, well-known methods, procedures, components, modules, units and/or circuits have not been described in detail so as not to obscure the invention.
[0030] Although embodiments of the invention are not limited in this regard, discussions utilizing terms such as, for example, “processing,” “computing,” “calculating,” “determining,” “establishing”, “analyzing”, “checking”, or the like, may refer to operation(s) and/or process(es) of a computer, a computing platform, a computing system, or other electronic computing device, that manipulates and/or transforms data represented as physical (e.g., electronic) quantities within the computer’s registers and/or memories into other data similarly represented as physical quantities within the computer’s registers and/or memories or other information non-transitory storage medium (e.g., a memory) that may store instructions to perform operations and/or processes. Although embodiments of the invention are not limited in this regard, the terms “plurality” and “a plurality” as used herein may include, for example, “multiple” or “two or more”. The terms “plurality” or “a plurality” may be used throughout the specification to describe two or more components, devices, elements, units, parameters, or the like. Unless explicitly stated, the method embodiments described herein are not constrained to a particular order or sequence. Additionally, some of the described method embodiments or elements thereof can occur or be performed simultaneously, at the same point in time, or concurrently. Unless otherwise indicated, the conjunction “or” as used herein is to be understood as inclusive (any or all of the stated options).
[0031] Embodiments of the present invention relate to situations where a group of people meet for an interactive session, such as for a lesson in a school class, a training session in a training facility, a lecture in a university or in a conference, a social interaction gathering, and other such sessions, where it is desired to prevent distractions from participants with personal communication devices (PCDs) e.g., smartphone, laptop, etc., who may be distracted from the focusing their attention in the main event by opting to engage with social media, interactive games, chatting and browsing in websites on the Internet.
[0032] Distraction to participants may include, for example, various applications and/or websites that are not related to the subject to be learned in the learning session, like social media networks such as TikTok, Instagram, Facebook, YouTube, other content providing websites, etc.
[0033] According to some embodiments of the present invention, systems and methods are provided for providing a secluded communication network (SCN) with restrictive communication control over personal communication devices. According to some aspects of the present invention the use of PCDs by one or more participants in a session, e.g., participants who willingly signed in for such service, may be restricted by denying access of PCDs of participants to specific websites and/or preventing use of specific applications, or by only allowing access of PCDs of participants to specific websites and/or specific applications, so as to completely or greatly reduce distraction and allow the participants to direct their attention to the event, while still allowing use of the PCDs for other purposes.
[0034] a SCN may be desired, for example, when class students attend class at school, attend a university lecture or a tutorial with a teacher, and in other similar sessions. The session itself may be a frontal lecture with the teacher and students are located in a class room or share other physical space, or a lecture in digital medium (e.g., using Zoom ™, Microsoft Teams™ or similar tools). Similar such scenarios may include physical activity, army training sessions, business meetings, staff meetings, organization meetings, and so on, where it is desired to seclude a group of users for a specific session and allow the organizer of that session to restrict communications of the participants, either by completely blocking such communications and/or restricting such communications to specific websites or specific users of the SCN.
[0035] According to some embodiments of the present invention, a designated application (hereinafter - "user app") may be provided for downloading (or otherwise obtaining) and installing on PCDs of users (hereinafter - "participants") who are to attend a lesson, a meeting, training, or another group event (hereinafter - "session") which when activated affect a "learning mode" .
[0036] When in the "learning mode" the affected PCDs of participants are denyed from accessing specific websites and/or applications or are only allowed to access specific websites and/or applications.
[0037] An authorized user, for example, a teacher, a lecturer, a group coordinator, or any other authorized person may be given specific privileges to restrict, for example via the user app, communications from and to the PCDs of participants by creating, maintaining and updating a blacklist of websites and/or applications which the user app is configured to deny the affected PCD of each of the participants from accessing. In some embodiments of the present invention the authorized user may restrict, for example via the user app, communications from and to the PCDs of participants by creating, maintaining and updating a whitelist of websites and/or applications which the user app is configured to only the participants' PCDs to access these websites and/or applications, while denying any other communications.
[0038] In some embodiments of the present invention, instead of a blacklist, a whitelist may be provided, which includes one or more of: IP addresses, DNS addresses and domain names, of websites to which PCDs of the students are allowed to access, whereas, as a default the VPN server blocks access by the students PCDs to any other website.
[0039] Fig. 1 illustrates a secluded communication network 100 with restrictive communication control over personal communication devices, according to some embodiments of the present invention.
[0040] According to some embodiments of the present invention, a secluded communication network 100 with restrictive communication control over personal communication devices may include three servers (physical or virtual): A router emulating server 112 that provides a router operating system emulator (RouterOS,), and may act as a managing server of the SCN. RouterOS server 112 may be configured to maintain and manage, for example on a storage device 113, a database of one or more authorized users (e.g., teachers, lecturers, trainers, etc.) and registered unauthorized one or more participants (e.g., students, organization workers, the database including identity/authentication data of each of the participants and authorized users, and other persons who are to be participants of sessions in SCN conditions), manage sessions opened by authorized users, managing authentications, e.g., generating authentication tokens, such as JSON Web Tokens (JWT), generate and random access codes, manage blacklists and/or whitelists 109, and managing and maintaining the address of a VPN server 108 the operation of which is described hereinafter.
[0041] The blacklists and or whitelists may be generated by specific authorized users and/or be provided, as default, by specific authorized users or provided by specific organizations (e.g., an Education Ministry or other government ministry or agency, universities, corporates, organizations etc.).
[0042] A third server - IP/DNS/domain names monitor 114 may be provided, configured to monitor and update changes to the IP addresses, the DNS addresses and/or the domain names of websites and applications on the Internet that are included in the blacklists or whitelists, updated copies of which may be saved on IP/DNS/domain names monitor 114 and updated regularly.
[0043] IP/DNS/domain names monitor 114 may be configured to operate in IOS - Apple™ based operating system and in Android ™ environments, and monitor communications of iOS/iPadOS app (IP A) and/or Android Package Kit (APK) files.
[0044] IP/DNS/domain names monitor 114 may be configured to monitor communication packets, for example by using Packet Capture (PCAP) file format. IP/DNS/domain names monitor 114 may be configured to be used on any platform, e.g., GNU/Linux, MacOS, BSD, Solaris, other Linux-like operating systems, Microsoft Windows, and other platforms.
[0045] IP/DNS/domain names monitor 114 may monitor communications to websites and/or applications included in the blacklists and/or whitelists by intercepting ping transmissions and extract the IP address and/or DNS address and/or domain name indicated in the ping transmissions. Changes in the IP address and/or DNS address and/or domain name of the monitored websites and/or applications can thus be detected and the blacklists and/or whitelists may then be updated. Updates to the blacklists/whitelists may be transmitted to RouterOS 112 to maintain on RouterOS 112 updated blacklists/whitelists.
[0046] In some embodiments of the present invention, some or all of these servers may be implemented in a single server.
[0047] In some embodiments of the invention, the authorized users may only provide names or otherwise indicates the applications/websites to be blocked and the user app is configured to obtain the relevant IP addresses, or DNS addresses, or domain names and update the blacklist of that authorized user.
[0048] According to some embodiments of the present invention, when a user signs in, using the user app 116 installed on that user's PCD, for example participant PCDs 102a, 102b, 102c and an authorized user's PCD 104, to a learning mode session, ReouterOS 112 sends to that user app 116 the IP address or DNS address of VPN server 108. When active in "learning mode", the user app 116 is configured to manipulate the network interface controller such that when an outgoing or incoming ping transmission is identified as relating to a website or an application present on the relevant blacklist (relating to the session that PCD is signed in to) the entire corresponding communication is diverted via RouterOS 112 to VPN server 108, which is configured to act as a dead-end, effectively linked to an empty network.
[0049] Identification of ping transmission as relating to a website or application present on the relevant blacklist may be carried out locally by the user app 116, or remotely, by transmitting the intercepted IP/DNS address from the user app 116 to RouterOS 112, where the intercepted IP/DNS address may be checked against the blacklist.
[0050] In the case of whitelists, when an outgoing or incoming ping transmission is verified as relating to a website or an application present on the relevant whitelist (relating to the session that PCD is signed in to) the entire corresponding communication is allowed to be transmitted to its intended recipient, whether that intended recipient is the PCD of that user or a website or application on the Internet 110 without any intervention, while other transmissions, whose ping transmission includes an IP/DNS address or a domain name that is not included in the whitelist are diverted via RouterOS 112 to VPN server 108.
[0051] In some embodiments of the invention, the user app may be configured to identify and divert blacklist/whitelist related transmissions using packet filtering techniques. The user app may use custom protocols to read ping information from the network interface controller and divert the identified ping related transmission, via RouterOS 112 to end up in VPN server 118.
[0052] After signing in and identifying as an authorized user, the user app is configured to allow the authorized user to open a session and define a list of applications and/or websites to be blocked so that the student PCDs would be blocked from accessing these applications and/or websites when engaged in the learning session. [0053] According to some embodiments of the invention, a random access code may be issued by the user app and provided to the authorized user, and the authorized user may then distribute to the participants who are to attend the session, and when they provide that access code to their user app they are allowed access to the learning session controlled by that authorized user. A participant may register with their name or obtain (or provide) a random name. When signing in the participant is required to acknowledge entering into a learning mode via the VPN server, confirming their consent to use the SCN and accepting the rules and limitations of that SCN.
[0054] When a participant completes the signing that participant's name or other identifying information may be presented to the teacher on their PCD.
[0055] The user app is configured to allow the authorized user to add or remove application/s and/or website/s form the blacklist of the VPN server at any time, before, during and after the learning session.
[0056] According to some embodiments of the present invention, the SCN may be implemented as a SaaS system (e.g., a cloud-based service) or using physical servers in learning facilities (e.g., schools, universities, training centers etc.).
[0057] According to some embodiments of the present invention, the user app may include status information on each of the participants in the learning session, presented on the screen of the teacher's PCD. For example, status indicators in colors may be provided, so that if the status indicator of a participant is green, the related participant's PCD is linked to the learning session and is used. For example, if the status indicator is red, the participant who was previously connected to the learning session through their PCD has left (PCD was disconnected from the learning session). For example, if the status indicator is yellow, the related participant's PCD is linked to the learning session but is idle (not showing any activity).
[0058] According to some embodiments of the invention, the user app and/or teacher app may be configured to allow a teacher and/or a participant to enter learning mode independently, for blocking certain applications and/or websites, without having to enter the access code.
[0059] According to some embodiments of the present invention, one or more participants may also be the authorized users.
[0060] According to some embodiments of the present invention, one ore more participants may enter its PCD into a learning mode, and also define for themselves, as one or more authorized users their blacklist or whitelist.
[0061] According to some embodiments of the present invention, monitoring communications based on identifying DNS addresses, may include reverse DNS search, which is used to identify a domain name based on an IP address. The IP/DNS listener 114 may collect all DNS entries allocated to a domain and may list them in a list of preferences. It is possible to conduct a DNS search using various DNS search tools, such as Google, Cloudflare, OpenDNS and other authorized domain and internet hosting lists. To verify that the correct DNS entries were included for a domain, a DNS checker (e.g., IP/DNS listener 114) may be used. DNS entries may include A, AAAA, CNAME, MX, NS, PTR, SRV, SOA, TXT, CAA, DS, DNSKEY etc.
[0062] Fig. 2A shows a first identification user interface screen 120 of a user app when used by an authorized user, according to some embodiments of the present invention. In this screen the user is asked to identify themselves as either an authorized user 130 or a participant 132.
[0063] Fig. 2B shows a registration screen 122 of a user app when used by an authorized user, according to some embodiments of the present invention. The user is asked to enter a first name 140 and a second name 142.
[0064] Fig. 2C shows an identification interface screen 124 of a user app when used by an authorized user, according to some embodiments of the present invention. A teacher who selected "I am a teacher" in previous screen 120 is asked to enter a teacher code 144 and thus ends the identification stage.
[0065] Fig. 2D shows a lesson creation screen 150 of a user app when used by an authorized user, according to some embodiments of the present invention. The teacher selects "create lesson" and is forwarded to the next screen. [0066] Fig. 2E shows a lesson status screen 152 of a user app when used by an authorized user, according to some embodiments of the present invention. The authorized user is asked to share a code 156 with the participants to allow them to join the lesson and is presented with a list of the participants 158 that are currently linked to the lesson, and may also select 160 to view the list of blocked websites/apps.
[0067] Fig. 2F shows an blocked websites/apps screen 154 of a user app according when used by an authorized user, to some embodiments of the present invention.
[0068] Fig. 3A shows a first identification user interface screen 170 of a user app when used by a participant, according to some embodiments of the present invention.
[0069] Fig. 3B shows a registration screen 172 of a user app according to some embodiments of the present invention.
[0070] Screens a70 and 172 are essentially the same as screens 120 and 122. It is the selection of whether the user is a participant or an authorized user that determines what would be the next screen to appear.
[0071] Fig. 3C shows an identification interface screen of a user app according to some embodiments of the present invention. The participant may choose to join the lesson by pressing button 176.
[0072] Fig. 3D shows an authentication screen 180 of a participant app according to some embodiments of the present invention. The participant is required to enter the access code that is supplied by the authorized user (see the teacher screen of Fig. 2E).
[0073] Fig. 3E shows a lesson status screen 182 of a user app according to some embodiments of the present invention. In this screen the participant may select to be controlled by be subjected top restricted communications by confirming linking to the VPN server and remaining in the learning session or deselect and opt out of the learning session. [0074] Fig. 3F shows a blocked websites/apps and learning tools screen 184 of a user app according to some embodiments of the present invention.
[0075] Fig. 4 is a block diagram of a method 500 for providing a secluded communication network (SCN). Method 500 may include:
[0076] saving and maintaining 502 on a storage device a database of one or a plurality of participants and one or a plurality of authorized users, and one or more blacklists or one or more whitelists each of which is related to any or all of the one or a plurality of authorized users, said one or a plurality of blacklists containing access information of one or more websites or applications to which and from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be denied and said one or a plurality of whitelists containing access information of one or more websites or applications only to which and only from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be allowed; and
[0077] using a network interface controller (NIC) 501 of any of the PCDs,
[0078] if 504 a transmission associated to any of said one or more websites or applications contained in any of the one or more blacklists, that is incoming to or outgoing from that network interface controller, is identified, diverting the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and [0079] if a transmission 506 associated to any of said one or more websites or applications contained in any of the one or more whitelists, that is incoming to or outgoing from that network interface controller, is identified, allowing the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
[0080] The method may also include using a network interface controller of any of the PCDs. If a transmission associated to any of said one or more websites or applications contained in any of the one or more blacklists, that is incoming to or outgoing from that network interface controller, is identified, diverting the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and if a transmission associated to any of said one or more websites or applications contained in any of the one or more whitelists, that is incoming to or outgoing from that network interface controller, is identified, allowing the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
[0081] According to some embodiments of the present invention, the method further includes providing a user application to be installed on the PCD of each of the one or a plurality of participants and said one or a plurality of a plurality of authorized users of the SCN, wherein the user application is configured to manipulate the network interface controller to divert the identified transmission.
[0082] According to some embodiments of the present invention, the user application is configured to identify the transmission associated to any of said one or more websites or applications.
[0083] According to some embodiments of the present invention, the method may include using a managing server to save and maintain the database of the one or a plurality of participants and said one or a plurality of authorized users, the one or more blacklists and the one or more whitelists.
[0084] According to some embodiments of the present invention, the identifying of the transmission associated to any of said one or more websites or applications comprises monitoring data packets transmissions and extracting IP address or DNS address or domain name from the data packets.
[0085] According to some embodiments of the present invention, the method may also include monitoring changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists.
[0086] According to some embodiments of the present invention, the monitoring of the changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists is performed using a cloudbased server.
[0087] Fig. 5 is a block diagram of a system 700 for providing a secluded communication network, according to some embodiments of the invention. System 700 may include a processor 702 (e.g. single processor or a processing unit made that includes a plurality of processors, on a single machine or distributed on a plurality of machines) for executing a method according to some embodiments of the present invention. Processor 702 may be linked with memory 706 on which a program implementing a method according to some embodiments of the present invention and corresponding data may be loaded and run from, and storage device 708, which includes a non-transitory computer readable medium (or mediums) such as, for example, one or a plurality of hard disks, flash memory devices, etc. on which a program implementing a method according to some embodiments of the present invention and corresponding data may be stored. System 700 may further include an output device 704 (e.g. display device such as CRT, LCD, LED etc.) on which one or a plurality user interfaces associated with a program implementing a method according to some embodiments of the present invention and corresponding data may be presented. System 700 may also include input interface 701, such as, for example, one or a plurality of keyboards, pointing devices, touch sensitive surfaces (e.g. touch sensitive screens), etc. for allowing a user to input commands and data.
[0088] Different embodiments are disclosed herein. Features of certain embodiments may be combined with features of other embodiments. Thus, certain embodiments may be combinations of features of multiple embodiments. The foregoing description of the embodiments of the invention has been presented for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed. It should be appreciated by persons skilled in the art that many modifications, variations, substitutions, changes, and equivalents are possible in light of the above teaching. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.
[0089] While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those of ordinary skill in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.

Claims

1. A method for providing a secluded communication network (SCN), the method comprising: saving and maintaining on a storage device a database of one or a plurality of participants and one or a plurality of authorized users, and one or more blacklists or one or more whitelists each of which is related to any or all of the one or a plurality of authorized users, said one or a plurality of blacklists containing access information of one or more websites or applications to which and from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be denied and said one or a plurality of whitelists containing access information of one or more websites or applications only to which and only from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be allowed; and using a network interface controller of any of the PCDs, if a transmission associated to any of said one or more websites or applications contained in any of the one or more blacklists, that is incoming to or outgoing from that network interface controller, is identified, diverting the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and if a transmission associated to any of said one or more websites or applications contained in any of the one or more whitelists, that is incoming to or outgoing from that network interface controller, is identified, allowing the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
2. The method of claim 1, further comprising providing a user application to be installed on the PCD of each of the one or a plurality of participants and said one or a plurality of a plurality of authorized users of the SCN, wherein the user application is configured to manipulate the network interface controller to divert the identified transmission.
3. The method of claim 2, wherein the user application is configured to identify the transmission associated to any of said one or more websites or applications.
4. The method of claim 1, further comprising using a managing server to save and maintain the database of the one or a plurality of participants and said one or a plurality of authorized users, the one or more blacklists and the one or more whitelists.
5. The method of claim 1, wherein the identifying of the transmission associated to any of said one or more websites or applications comprises monitoring data packets transmissions and extracting IP address or DNS address or domain name from the data packets.
6. The method of claim 1, further comprising monitoring changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists.
7. The method of claim 6, wherein the monitoring of the changes of IP address or DNS address or domain name of said one or more websites or applications contained in the one or a plurality of blacklists or in the one or a plurality of whitelists is performed using a cloud-based server.
8. A non-transitory computer readable storage medium for providing a secluded communication network (SCN) having stored thereon instructions that when executed by a processor will cause the processor to: save and maintain on a storage device a database of one or a plurality of participants and one or a plurality of authorized users, and one or a plurality of blacklists or one or a plurality of whitelists each of which is related to any or all of the one or a plurality of authorized users, said one or a plurality of blacklists containing access information of one or more websites or applications to which and from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be denied and said one or a plurality of whitelists containing access information of one or more websites or applications only to which and only from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be allowed; and using a network interface controller of any of the PCD, if a transmission associated to any of said one or more websites or applications contained in any of the one or a plurality of blacklists, that is incoming to or outgoing from that network interface controller, is identified, divert the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network; and if a transmission associated to any of said one or more websites or applications contained in any of the one or a plurality of whitelists, that is incoming to or outgoing from that network interface controller, is identified, allow the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
9. The non-transitory computer readable storage medium of claim 8 for providing a secluded communication network (SCN) having stored thereon instructions that when executed by a processor will cause the processor to: manipulate the network interface controller to divert the identified transmission.
10. The non-transitory computer readable storage medium of claim 9 for providing a secluded communication network (SCN) having stored thereon instructions that when executed by a processor will cause the processor to: identify the transmission associated to any of said one or more websites or applications.
11. The non-transitory computer readable storage medium of claim 8 for providing a secluded communication network (SCN) having stored thereon instructions that when executed by a processor will cause the processor to: using a managing server to save and maintain a database of the one or a plurality of participants and the one or a plurality of authorized users, and the one or a plurality of blacklists and the one or more whitelists.
12. A system for providing a secluded communication network (SCN), the system comprising: memory and a processor configured to: save and maintain on a storage device a database of one or a plurality of participants and one or a plurality of authorized users, and one or a plurality of blacklists or one or a plurality of whitelists each of which is related to any of the one or a plurality of authorized users, said one or a plurality of blacklists containing access information of one or more websites or applications to which and from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be denied and said one or a plurality of whitelists containing access information of one or more websites or applications only to which and only from which access by a personal communication device (PCD) of each of the one or a plurality of participants is to be allowed; and using a network interface controller of any of the PCD, if a transmission associated to any of said one or more websites or applications contained in any of the one or a plurality of blacklists, that is incoming to or outgoing from that network interface controller, is identified, divert the identified transmission to a VPN server to prevent it from being received by an intended recipient, wherein the VPN server is defined as an empty network, and if a transmission associated to any of said one or more websites or applications contained in any of the one or a plurality of whitelists, that is incoming to or outgoing from that network interface controller, is identified, allow the identified transmission to be transmitted to an intended recipient and prevent any other incoming or outgoing transmissions from being received by an intended recipient by diverting said any other incoming or outgoing transmissions to the VPN server to prevent it from being received by an intended recipient.
13. The system of claim 12, wherein a user application is installed on the PCD of each of the one or a plurality of participants and the one or a plurality of authorized users of the SCN, wherein the user application is configured to manipulate the network interface controller to divert the identified transmission.
14. The system of claim 13, wherein the user application is configured to identify the transmission associated to any of said one or more websites or applications.
15. The system of claim 12, further comprising a managing server configured to save and maintain a database of the one or a plurality of participants and the one or a plurality of authorized users, the one or more blacklists and the one or more whitelists.
16. The system of claim 12, wherein the identifying of the transmission associated to any of said one or more websites or applications comprises monitoring data packets transmissions and extracting IP address or DNS address or domain name from the data packets.
17. The system of claim 12, further comprising a server for monitoring changes of IP address or DNS address or domain name of said one or more websites or applications contained in the blacklists or in the whitelists.
18. The system of claim 17, wherein server for monitoring changes of IP address or DNS address or domain name is a cloud-based server.
PCT/IL2023/051229 2022-12-01 2023-11-30 System and method for restrictive communication control over personal communication devices Ceased WO2024116185A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202263429153P 2022-12-01 2022-12-01
US63/429,153 2022-12-01

Publications (1)

Publication Number Publication Date
WO2024116185A1 true WO2024116185A1 (en) 2024-06-06

Family

ID=91323332

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2023/051229 Ceased WO2024116185A1 (en) 2022-12-01 2023-11-30 System and method for restrictive communication control over personal communication devices

Country Status (1)

Country Link
WO (1) WO2024116185A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1873669A1 (en) * 2006-10-26 2008-01-02 Philip Behrens Method, system and device for controlling and/or limiting electronic communication
EP1782604B1 (en) * 2004-07-22 2011-05-25 Facebook, Inc. Methods for authorizing transmission of content from first to second individual and authentication of an individual based on an individual's social network
CN111669400A (en) * 2020-06-19 2020-09-15 广西和你学科技发展有限公司 Method for filtering website of wireless router
US20210192021A1 (en) * 2015-06-29 2021-06-24 Airwatch, Llc Managing grouped student devices with timed locks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1782604B1 (en) * 2004-07-22 2011-05-25 Facebook, Inc. Methods for authorizing transmission of content from first to second individual and authentication of an individual based on an individual's social network
EP1873669A1 (en) * 2006-10-26 2008-01-02 Philip Behrens Method, system and device for controlling and/or limiting electronic communication
US20210192021A1 (en) * 2015-06-29 2021-06-24 Airwatch, Llc Managing grouped student devices with timed locks
CN111669400A (en) * 2020-06-19 2020-09-15 广西和你学科技发展有限公司 Method for filtering website of wireless router

Similar Documents

Publication Publication Date Title
US11410565B2 (en) Systems for classroom media sharing
Beuran et al. Integrated framework for hands-on cybersecurity training: CyTrONE
Schauer et al. REMLABNET-open remote laboratory management system for e-experiments
JP2022541686A (en) Content sharing method and device
US20190098107A1 (en) Geographic location based user computing asset provisioning in distributed computing systems
WO2024116185A1 (en) System and method for restrictive communication control over personal communication devices
US20210280084A1 (en) Systems and methods for providing extensible electronic learning systems
Cholil et al. Fostering political participation among students of Pesantren through new media in Madura
Sletten Security in a mobile learning environment
JP6680987B2 (en) Information processing device and program
Baby et al. Information security modelling in an e-learning environment
Mustofa et al. Implementation of Load Balancing Per Connection Classifier on Mikrotik for Internet Services at Private Vocational Schools
Rajib CCNP Security Cisco Secure Firewall and Intrusion Prevention System Official Cert Guide
Heintz Cheating at digital exams-vulnerabilities and countermeasures
Puumalainen Cyber Security studies at JAMK and RUAS: Designing cyber security exercises for SAREN Cyber Range
Fabry et al. Proximity-Based Video Communication with CocktailParty
Škorić Security in amateur packet radio networks
Palmer An application to simplify and improve efficiency in the management of a computer networking and cyber security laboratory
Sapia et al. Teaching-learning firewall configuration using a visual modeling web based tool: The SP2Model and its application to Computer Science course
Yuan et al. Journal of The Colloquium for Information SystemsSecurity Educatio
Thomas Exam Ref MS-100 Microsoft 365 Identity and Services
Rursch et al. Using Content Analysis to Evaluate Student Inquiry-Based Learning: The Case of High School Students Preparing for a Cyber Defense Competition
Education et al. Resilience
Tout A roadmap for transitioning an information assurance program and others to cloud computing
Chlouba et al. Synthesizing mobile communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23897057

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 23897057

Country of ref document: EP

Kind code of ref document: A1