WO2018190969A1

WO2018190969A1 - System and methods for uniquily identifying internet connected devices

Info

Publication number: WO2018190969A1
Application number: PCT/US2018/020819
Authority: WO
Inventors: Amos Yaacov ANGELOVICI; Dror Yaffe
Original assignee: Adswapper Inc.
Priority date: 2017-04-13
Filing date: 2018-03-04
Publication date: 2018-10-18

Abstract

A method for uniquely identifying, by a third-party web-service, an internet connected device having a device unique identifier, wherein the device unique identifier is inaccessible by an application installed on the internet connected device and calling the third party-web service when executed, the method comprising: receiving, by the third-party web-service, a request originating from the application; sending, by the third-party web-service, a response to the application, the response including executable code configured to attempt, then executed by the application, communicating with a server located within a Virtual Private Network (VPN), thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server; and receiving, by the third-party web-service the device unique identifier obtained from the authentication server, thereby uniquely identifying, by the third-party web-service, the internet connected device.

Description

SYSTEM AND METHODS FOR UNIQUILY IDENTIFYING INTERNET

CONNECTED DEVICES

TECHNICAL FIELD

The invention relates to systems and methods for uniquely identifying internet connected devices, and more specifically to uniquely identifying internet connected devices through a third-party web-service. BACKGROUND

Internet connected devices (such as smartphones, tablets, smartwatches, Smart Televisions, various Internet of Things (IoT) devices, or any other device supporting Hypertext Transfer Protocol (HTTP), etc.) can be uniquely identified by a Device Unique Identifier (DUID) assigned to each such device. The DUTD is a unique identification string generated for each device. However, in order for an application installed on such device to have access to the DUID of the device on which it executes, such application has to be developed using a Software Development Kit (SDK) enabling access to the DUID. In addition, various internet connected devices manufacturers and/or operating system manufacturers, such as Apple Inc., Samsung Electronics, Google, and others, restrict inter-applications communication on the devices, by sandboxing techniques. Such restriction adds a level of complication as it prevents uniquely identifying the devices across applications executing thereon.

One field in which this problem arises is in advertising technology. Advertisers are interested in uniquely identifying devices (associated with corresponding users) across applications, in order to better target the users, and to control the frequency of exposure of the users to an advertisement. In this respect, it is to be noted that application developers can request an advertiser to provide an advertisement by either embedding an SDK (optionally an SDK of the advertiser) in the application code, or by embedding an advertiser tag (i.e. a code snippet inserted within the code where an ad is due to be displayed) in the code. In many cases, application developers prefer embedding an advertiser tag over embedding an SDK in their code, from various reasons, including ease of development and maintenance. Even more importantly, using the advertiser tags approach is a more secure implementation which restricts the advertiser/ Ad network access to the device, as well as enables a freedom to change the ads provider without the need to update all devices having the application installed thereon with a new application version. However, using an advertiser tag, running on an internal browser of the application executing it, will not enable the advertiser to access the DUID, whereas embedding a SDK will.

It is to be noted that the example provided above with respect to advertisements is only one example, and various other third-party service providers can benefit from obtaining the DUID without embedding an SDK in the application provided thereby.

There is thus a need in the art for a new method and system for uniquely identifying internet connected devices by their DUID, even by applications that do not have direct access to the DUID.

References considered to be relevant as background to the presently disclosed subject matter are listed below. Acknowledgement of the references herein is not to be inferred as meaning that these are in any way relevant to the patentability of the presently disclosed subject matter.

US Patent Application No. 2015/0213505 (Guo et al.) published on July 30, 2015, discloses Systems and methods for providing mobile applications at a predetermined data rate. In an embodiment, a request for a campaign is received, the request including an application title, an access endpoint, a campaign duration, and a list of a plurality of communication network operators. In response to receiving the request for the campaign, a special rating request is sent to each communications network operator on the list. The special rating request requests that a predetermined data rate be applied to data associated with the access endpoint for the campaign period. The data associated with the access endpoint is made available at the predetermined data rate on a communications network. Furthermore, advertising may be provided that communicates that the application is available for download and for use on the communications network at the predetermined data rate.

US Patent No. 8,839,388 (Raleigh) published on September 16, 2014, discloses various embodiments for a services policy communication system and method. In some embodiments, a communications device stores a set of device credentials for activating the communications device for a service on a network; and sends an access request to the network, the access request including the set of device credentials. US Patent No. 9,503,460 (Gladstone et al.) published on November 22, 2016, discloses a method in one example embodiment and includes identifying a network location of an endpoint, which is attempting to initiate an application; identifying whether the endpoint is operating in an enterprise environment; determining whether the application is trusted based on metadata associated with the application; and provisioning a tunnel for data traffic associated with the application. In more detailed implementations, the tunnel can be provisioned if the application is trusted and the endpoint is outside of an enterprise environment. In addition, the tunnel can be provisioned if the application is untrusted and the endpoint is within an enterprise environment.

PCT Patent Application No. WO2016/183049 (Vagish) published on November 17, 2016, discloses methods and systems for providing a virtual private network service on a per mobile application basis are presented. In some embodiments, a mobile device that is connected to private network may determine that one of its mobile applications is requesting to communicate with a private network. The mobile device may intercept one or more system calls to communicate with the private network issued by the mobile application. The mobile device may generate a communication link to a virtual private network (VPN) server on a port of the mobile device through which to transmit communications from the mobile application to the private network. The mobile device may instruct the VPN server to transmit one or more messages from the mobile application to an access gateway for forwarding to the private network.

US Patent No. 9,450,951 (Nadeltchev et al.) published on September 20, 2016, discloses a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device. US Patent No. 7,444,508 (Karjala et al.) published on October 28, 2008, discloses a mobile or other device connects to a server via a publicly accessible network such as the Internet. After installation upon the device, a virtual private network (VPN) client connects to the server and downloads a VPN profile. In one embodiment, the device creates public/private key pairs and requests enrollment of a digital certificate. In another embodiment, a digital certificate and public/private key pairs are provided. The device also receives a digital certificate from the server and verifies the server certificate by requesting the user to supply a portion of a fingerprint for the certificate. The invention further includes an automatic content updating (ACU) client that downloads a user profile for the VPN, requests certificate enrollment, and updates the VPN client and other applications when new content is available.; A security service manager (SSM) server includes, or is in communication with, a Web server, multiple databases, an enrollment gateway and an internal certification authority (CA). A VPN policy manager application creates and manages VPN profiles and/or policies and communicates with the SSM server. The SSM server, which may reside on an enterprise intranet, may further communicate with one or more external CAs.

GENERAL DESCRIPTION

In accordance with a first aspect of the presently disclosed subject matter there is provided a method for uniquely identifying, by a third-party web-service, an internet connected device having a device unique identifier, wherein the device unique identifier is inaccessible by an application installed on the internet connected device and calling the third party-web service when executed, the method comprising: receiving, by the third-party web-service, a request originating from the application; sending, by the third-party web-service, a response to the application, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN), thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server; and receiving, by the third-party web-service the device unique identifier obtained from the authentication server, thereby uniquely identifying, by the third-party web-service, the internet connected device. In some cases, the method further comprises: receiving, by the web -service, additional information originating from the application; and sending, by the web- service, the additional information to a second application installed on the internet connected device, other than the application, thereby enabling transferring the additional information from the application to the second application.

In some cases, the method further comprises sending, by the web-service, a unique identifier uniquely identifying the internet connected device, to the application, thereby enabling the application to locally store the unique identifier, in a location accessible by the application on the internet connected device.

In some cases, the unique identifier is the device unique identifier.

In some cases, the unique identifier is a web-service generated unique identifier, generated by the web-service for uniquely identifying the internet connected device.

In some cases, the executable code is configured to check if the unique identifier is locally stored before attempting to communicate with the server.

In some cases, the server is an HTTP server.

In some cases, the internet connected device includes a configuration of the

VPN.

In some cases, the device unique identifier is sent by the internet connected device to the authentication server via a VPN server.

In some cases, the internet connected device is a mobile device.

In accordance with a second aspect of the presently disclosed subject matter there is provided a method for uniquely identifying, by a third-party web-service, an internet connected device having a device unique identifier, wherein the device unique identifier is inaccessible by an application installed on the internet connected device and calling the third party-web service when executed, the method comprising: sending, by the application, a request to the web-service; receiving, by the application, a response to the request, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN); and executing, by the application, the executable code, thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server, thereby enabling the authentication server to send the device unique identifier to the web-service.

In some cases, the method further comprises: sending, by the application, additional information to the web-service; and receiving, by a second application installed on the internet connected device, other than the application, the additional information, thereby enabling transferring the additional information from the application to the second application.

In some cases, the method further comprises: receiving, by the application, from the web-service, a unique identifier uniquely identifying the internet connected device; and locally storing, by the application, the unique identifier, in a location accessible by the application on the internet connected device.

In some cases, the unique identifier is the device unique identifier.

In some cases, the executable code is configured to check if the device unique identifier is locally stored before attempting to communicate with the server.

In some cases, the server is an HTTP server.

In some cases, the internet connected device includes a configuration of the

VPN.

In some cases, the internet connected device is a mobile device.

In accordance with a third aspect of the presently disclosed subject matter there is provided a method for uniquely identifying, by a third-party web-service, an internet connected device, the method comprising: receiving, by the web-service, a request originating from an application installed on the internet connected device, the request including a current Internet Protocol (IP) address of the internet connected device; generating, by the web-service, a unique identifier for the internet connected device; storing, by the web-service, the unique identifier in association with the current IP address of the internet connected device; sending, by the web -service, the unique identifier to the application, thereby enabling the application to store the unique identifier in a local storage of the internet connected device, accessible by the application; receiving, by the web-service, from the application, upon a change of the current IP address of the internet connected device, a new IP address and the unique identifier; and updating the current IP address associated with the unique identifier to the new IP address.

In some cases, the method further comprises: receiving, by the web-service, a unique identifier request originating from the application installed on the internet connected device, the request including the current Internet Protocol (IP) address of the internet connected device; and sending, by the web-service, the unique identifier to the application, enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

In some cases, the internet connected device is a mobile device.

In accordance with a fourth aspect of the presently disclosed subject matter there is provided a method for uniquely identifying, by a third-party web-service, an internet connected device, the method comprising: sending, by an application installed on the internet connected device, to the web-service, a unique identification request including a current Internet Protocol (IP) address of the internet connected device; receiving, by the application, a unique identifier, uniquely identifying the internet connected device, from the web-service, the device unique identifier being associated with the current IP address; detecting, by the application, a change of the current IP address of the internet connected device to a new IP address; and sending, by the application, the new IP address and the unique identifier, thereby enabling the web-service to update the current IP address associated with the unique identifier to the new IP address.

In some cases, the method further comprises: sending, by the application, a unique identifier request to the web-service, the request including the current Internet Protocol (IP) address of the internet connected device; and receiving, by the application, the unique identifier, thereby enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

In some cases, the internet connected device is a mobile device.

In accordance with a fifth aspect of the presently disclosed subject matter there is provided a web-service server having a processor configured to: receive a request originating from an application installed on an internet connected device; send a response to the application, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN), thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, a device unique identifier to an authentication server, wherein the device unique identifier is inaccessible by the application; and receive the device unique identifier obtained from the authentication server, thereby uniquely identifying the internet connected device.

In some cases, the processor is further configured to: receive additional information originating from the application; and send the additional information to a second application installed on the internet connected device, other than the application, thereby enabling transferring the additional information from the application to the second application.

In some cases, the processor is further configured to send a unique identifier uniquely identifying the internet connected device, to the application, thereby enabling the application to locally store the unique identifier, in a location accessible by the application on the internet connected device.

In some cases, the unique identifier is the device unique identifier.

In some cases, the server is an HTTP server.

In some cases, the internet connected device includes a configuration of the

VPN.

In some cases, the internet connected device is a mobile device.

In accordance with a sixth aspect of the presently disclosed subject matter there is provided an internet connected device having a device unique identifier inaccessible by an application installed on the internet connected device, the internet connected device having a processor configured to execute the application, the application configured to: send a request to the web-service; receive a response to the request, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN); and execute the executable code, thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server, thereby enabling the authentication server to send the device unique identifier to the web-service.

In some cases, the application is further configured to: send additional information to the web-service; and receive, by a second application installed on the internet connected device, other than the application, the additional information, thereby enabling transferring the additional information from the application to the second application.

In some cases, the application is further configured to: receive from the web- service, a unique identifier uniquely identifying the internet connected device; and locally store, by the application, the unique identifier, in a location accessible by the application on the internet connected device.

In some cases, the unique identifier is the device unique identifier.

In some cases, the server is an HTTP server.

In some cases, the internet connected device includes a configuration of the

VPN.

In some cases, the internet connected device is a mobile device.

In accordance with a seventh aspect of the presently disclosed subject matter there is provided a web-service server having a processor configured to: receive a request originating from an application installed on an internet connected device, the request including a current Internet Protocol (IP) address of the internet connected device; generate a unique identifier for the internet connected device; store the unique identifier in association with the current IP address of the internet connected device; send the unique identifier to the application, thereby enabling the application to store the unique identifier in a local storage of the internet connected device, accessible by the application; receive from the application, upon a change of the current IP address of the internet connected device, a new IP address and the unique identifier; and update the current IP address associated with the unique identifier to the new IP address.

In some cases, the processor is further configured to: receive a unique identifier request originating from the application installed on the internet connected device, the request including the current Internet Protocol (IP) address of the internet connected device; and send the unique identifier to the application, enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

In some cases, the internet connected device is a mobile device.

In accordance with an eights aspect of the presently disclosed subject matter there is provided an internet connected device having a device unique identifier inaccessible by an application installed on the internet connected device, the internet connected device having a processor configured to execute the application, the application configured to: send to a web-service, a unique identification request including a current Internet Protocol (IP) address of the internet connected device; receive a unique identifier, uniquely identifying the internet connected device, from the web-service, the device unique identifier being associated with the current IP address; detect a change of the current IP address of the internet connected device to a new IP address; and send the new IP address and the unique identifier, thereby enabling the web-service to update the current IP address associated with the unique identifier to the new IP address.

In some cases, the processor is further configured to: send a unique identifier request to the web-service, the request including the current Internet Protocol (IP) address of the internet connected device; and receive the unique identifier, thereby enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

In some cases, the internet connected device is a mobile device.

In accordance with a ninth aspect of the presently disclosed subject matter there is provided a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of a web-service server to perform a method comprising: receiving a request originating from an application installed on an internet connected device; sending a response to the application, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN), thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, a device unique identifier to an authentication server, wherein the device unique identifier is inaccessible by the application; and receiving the device unique identifier obtained from the authentication server, thereby uniquely identifying the internet connected device.

In accordance with a tenth aspect of the presently disclosed subject matter there is provided a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of an internet connected device having a device unique identifier inaccessible by an application installed thereon, to perform a method comprising: sending a request to the web-service; receiving a response to the request, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN); and executing the executable code, thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server, thereby enabling the authentication server to send the device unique identifier to the web-service.

In accordance with an eleventh aspect of the presently disclosed subject matter there is provided a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of a web-service server to perform a method comprising: receiving a request originating from an application installed on an internet connected device, the request including a current Internet Protocol (IP) address of the internet connected device; generating a unique identifier for the internet connected device; storing the unique identifier in association with the current IP address of the internet connected device; sending the unique identifier to the application, thereby enabling the application to store the unique identifier in a local storage of the internet connected device, accessible by the application; receiving from the application, upon a change of the current IP address of the internet connected device, a new IP address and the unique identifier; and updating the current IP address associated with the unique identifier to the new IP address.

In accordance with a twelfth aspect of the presently disclosed subject matter there is provided a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of an internet connected device having a device unique identifier inaccessible by an application installed thereon, to perform a method comprising: sending to a web-service, a unique identification request including a current Internet Protocol (IP) address of the internet connected device; receiving a unique identifier, uniquely identifying the internet connected device, from the web-service, the device unique identifier being associated with the current IP address; detecting a change of the current IP address of the internet connected device to a new IP address; and sending the new IP address and the unique identifier, thereby enabling the web-service to update the current IP address associated with the unique identifier to the new IP address.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to understand the presently disclosed subject matter and to see how it may be carried out in practice, the subject matter will now be described, by way of non- limiting examples only, with reference to the accompanying drawings, in which:

Fig. 1 is a block diagram schematically illustrating one example of a system for uniquely identifying an internet connected device, in accordance with the presently disclosed subject matter;

Fig. 2 is a block diagram schematically illustrating one example of an internet connected device, in accordance with the presently disclosed subject matter;

Fig. 3 is a block diagram schematically illustrating one example of a third-party web-service server, in accordance with the presently disclosed subject matter; Fig. 4 is a flowchart illustrating one example of a sequence of operations carried out by a web-service server for uniquely identifying an internet connected device, in accordance with the presently disclosed subject matter;

Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out by an internet connected device for uniquely identifying the internet connected device by a third-party web-service, in accordance with the presently disclosed subject matter;

Fig. 6 is a flowchart illustrating another example of a sequence of operations carried out by a web-service server for uniquely identifying an internet connected device, in accordance with the presently disclosed subject matter; and

Fig. 7 is a flowchart illustrating another example of a sequence of operations carried out by an internet connected device for uniquely identifying the internet connected device by a third-party web-service, in accordance with the presently disclosed subject matter. DETAILED DESCRIPTION

In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the presently disclosed subject matter. However, it will be understood by those skilled in the art that the presently disclosed subject matter may be practiced without these specific details. In other instances, well- known methods, procedures, and components have not been described in detail so as not to obscure the presently disclosed subject matter.

In the drawings and descriptions set forth, identical reference numerals indicate those components that are common to different embodiments or configurations.

Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as "receiving", "sending", "storing", "executing", or the like, include action and/or processes of a computer that manipulate and/or transform data into other data, said data represented as physical quantities, e.g. such as electronic quantities, and/or said data representing the physical objects. The terms "computer", "processor", and "controller" should be expansively construed to cover any kind of electronic device with data processing capabilities, including, by way of non-limiting example, a personal desktop/laptop computer, a server, a computing system, a communication device, a smartphone, a tablet computer, a smart television, a processor (e.g. digital signal processor (DSP), a microcontroller, a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), etc.), a group of multiple physical machines sharing performance of various tasks, virtual servers co-residing on a single physical machine, any other electronic computing device, and/or any combination thereof.

The operations in accordance with the teachings herein may be performed by a computer specially constructed for the desired purposes or by a general -purpose computer specially configured for the desired purpose by a computer program stored in a non-transitory computer readable storage medium. The term "non-transitory" is used herein to exclude transitory, propagating signals, but to otherwise include any volatile or non-volatile computer memory technology suitable to the application.

As used herein, the phrase "for example," "such as", "for instance" and variants thereof describe non-limiting embodiments of the presently disclosed subject matter. Reference in the specification to "one case", "some cases", "other cases" or variants thereof means that a particular feature, structure or characteristic described in connection with the embodiment(s) is included in at least one embodiment of the presently disclosed subject matter. Thus, the appearance of the phrase "one case", "some cases", "other cases" or variants thereof does not necessarily refer to the same embodiment(s).

It is appreciated that, unless specifically stated otherwise, certain features of the presently disclosed subject matter, which are, for clarity, described in the context of separate embodiments, may also be provided in combination in a single embodiment. Conversely, various features of the presently disclosed subject matter, which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable sub-combination.

In embodiments of the presently disclosed subject matter, fewer, more and/or different stages than those shown in Figs. 4-7 may be executed. In embodiments of the presently disclosed subject matter one or more stages illustrated in Figs. 4-7 may be executed in a different order and/or one or more groups of stages may be executed simultaneously. Figs. 1-3 illustrate a general schematic of the system architecture in accordance with an embodiment of the presently disclosed subject matter. Each module in Figs. 1-3 can be made up of any combination of software, hardware and/or firmware that performs the functions as defined and explained herein. The modules in Figs. 1-3 may be centralized in one location or dispersed over more than one location. In other embodiments of the presently disclosed subject matter, the system may comprise fewer, more, and/or different modules than those shown in Figs. 1-3.

Any reference in the specification to a method should be applied mutatis mutandis to a system capable of executing the method and should be applied mutatis mutandis to a non-transitory computer readable medium that stores instructions that once executed by a computer result in the execution of the method.

Any reference in the specification to a system should be applied mutatis mutandis to a method that may be executed by the system and should be applied mutatis mutandis to a non-transitory computer readable medium that stores instructions that may be executed by the system.

Any reference in the specification to a non-transitory computer readable medium should be applied mutatis mutandis to a system capable of executing the instructions stored in the non-transitory computer readable medium and should be applied mutatis mutandis to method that may be executed by a computer that reads the instructions stored in the non-transitory computer readable medium.

Bearing this in mind, attention is drawn to Fig. 1, showing a block diagram schematically illustrating one example of a system for uniquely identifying an internet connected device, in accordance with the presently disclosed subject matter.

According to certain examples of the presently disclosed subject matter, the system 10 for uniquely identifying an internet connected device 100 by a web-service (hereinafter: "system") includes a plurality of internet connected devices 100, such as smartphones, tablet computers, smartwatches, smart televisions, various Internet of Things (IoT) devices, or any other device supporting Hypertext Transfer Protocol (HTTP), etc. The system 10 further includes one or more third-party web-services executed on a third-party web-service server 170, or on a group of third-party web- service servers 170, that can optionally be distributed. The internet connected devices 100 and the third-party web-service servers 170 are connected to a communication network 140, such as the Internet. In some cases, the third-party web-service servers 170 can be part of a Virtual Private Network (VPN) 160, however it is not necessarily so. Any one of the internet connected devices 100 can have one or more applications installed thereon and configured to communicate, over the communication network 140, with one or more of the third-party web-service servers 170, e.g. for obtaining a certain service therefrom. Some exemplary services include: (a) receiving advertisements to be displayed by the application calling the third-party web-service; (b) obtaining analytical information relating to the application calling the third-party web-service; (c) sharing information between two or more applications installed on the internet connected device executing the third-party web-service; (d) authenticating users across applications without having to embed a third-party authenticator's SDK in the application's code (e.g. without embedding Facebook's or Google's authenticator in the code); (e) identifying if a user is underage across applications without having to embed the monitoring code SDK in the application, etc.

In many cases, a third-party web-service provider, offering the third-party web- service, is interested in uniquely identifying the internet connected device 100 executing the application communicating therewith. However, in many cases, such applications do not have access to a unique identifier of the internet connected device 100 enabling unique identification of the internet connected device 100 executing the application (e.g., in cases where the application is not developed using Software Development Kits (SDKs) enabling access to a unique identifier assigned to the internet connected device 100 e.g. by its manufacturer). It is to be noted in this respect that in many cases application developers prefer avoiding use of third-party SDKs from various reasons, including the fact that using such third-party SDKs can optionally enable the third-party SDK developers to access various information that the application developers desire not to share. In addition, if a given third-party's SDK is embedded in the application's code for performing a certain task, and the application developer is interested in replacing the given third party SDK by another third-party SDK, the application has to be updated on the internet-connected device.

In accordance with the presently disclosed subject matter, two possible solutions are provided, as explained below.

The first solution includes use of VPN 160, for forcing a process during which the internet connected device 100 sends a unique identifier (hereinafter: "Device Unique Identifier" or "DUTD"), assigned to the internet connected device 100 by its manufacturer or by another entity such as the third-party web-service provider, for authentication purposes, as further detailed herein, inter alia with reference to Figs. 4 and 5. The connection to the VPN 160 can be pre-configured on the internet connected device 100.

There are several methods for pre-configuring a connection to the VPN 160 on the internet connected device 100. One method includes installing a second application on the internet connected device 100, the second application configured to configure the connection to the VPN 160. For this purpose, the second application can download a VPN profile defining the connection to the VPN 160, including a DUID assigned to the internet connected device 100 by the third-party web-service provider. Alternatively, the second application can be configured to have access to the DUID assigned to the internet connected device 100 by its manufacturer (e.g. as the second application can be developed using an SDK), and in such case, it can download a VPN profile defining the connection to the VPN 160, and associate it with the DUID assigned to the internet connected device 100 by its manufacturer. As another alternative, the connection to the VPN 160 can be manually configured by the internet connected device 100 user. As an additional alternative, the user of the internet connected device 100 may be instructed to download, from a given network location (optionally identified by a Unified Resource Locator (URL)), a VPN profile defining the connection to the VPN 160, including a DUID assigned to the internet connected device 100 by the third-party web-service provider.

In more detail, in the first solution, an application installed on the internet connected device 100 requests a web-service from the third-party web-service server 170. The third-party web-service server 170 returns a response to the application, including executable code (e.g. JavaScript), configured to send an identification request to a server, such as a Hypertext Transfer Protocol (HTTP) server 130, located within the VPN 160. Upon execution of the executable code by the application, a VPN connection is initialized, via a VPN Tunnel 150, between the internet connected device 100 executing the application and a VPN server 110 of the VPN 160. As part of the VPN connection initialization, the internet connected device 100 provides the VPN server 110 with the DUID, and the VPN server 110 performs an authentication process vs. an authentication server 120 of the VPN 160. Upon successful completion of the authentication process, the HTTP server 130 receives the identification request from the application, and executes a process during which the HTTP server 130 approaches the authentication server 120 to retrieve the DUID, and send the DUTD back to the application. In some cases, the application can store the DUID on a local storage, accessible by the application, within the internet connected device 100 (e.g. in a cookie file of an internal browser of the application). It is to be noted that a more detailed explanation about this process is provided with reference to Figs. 4 and 5.

Turning to the second solution, it includes utilizing an application installed on the internet connected device 100, and configured to provide the third-party web-service server 170 with an Internet Protocol (IP) address assigned to the internet connected device 100 at the time the application is executed (It is to be noted in this respect that whenever the internet connected device 100, or the application installed thereon, sends a request to a web-service, the request includes the IP address of the internet connected device 100 (as a standard part of any TCP/IP implementation of a connection between the internet connected device 100 and the third-party web-service server 170)). The third-party web-service server 170 can generate and assign a unique identifier (hereinafter: "Third-Party Service Device Unique Identifier" or "3PDUI") to the internet connected device 100 having the IP address provided thereto, locally store such unique identifier in association with the received IP address, and send such 3PDUI to the internet connected device 100. The application can be further configured to check (e.g. periodically or upon identification of certain events, such as a restart event, occurring, etc.) if the IP address of the internet connected device 100 changed (e.g. as the internet connected device 100 roamed between cellular networks, or as the internet connected device 100 was restarted, etc.), and if so - provide the third-party web- service server 170 with the new Internet Protocol (IP) address assigned to the internet connected device 100 and with the 3PDUI previously assigned to the internet connected device 100, so that the third-party web-service server 170 can update the IP address of the internet connected device 100, stored in association with the 3PDUI, to the new IP address. Accordingly, the third-party web-service server 170 will always have the 3PDUI stored in association with the current IP address of the internet connected device 100, which will enable the web-service executed on the third -party web-service server 170 to uniquely identify the internet connected device 100 by the 3PDUI using the current IP address of the internet connected device 100, upon request. Attention is drawn to Fig. 2, showing a block diagram schematically illustrating one example of an internet connected device, in accordance with the presently disclosed subject matter.

According to certain examples of the presently disclosed subject matter, internet connected device 100 can comprise a network interface 250 (e.g. a WiFi client, a LiFi client, 3G/4G client, or any other component that enables the internet connected device 100 to wirelessly connect to the communication network 140, etc.), enabling connecting the internet connected device 100 to a communication network 140 (e.g. a TCP/IP communication network such as the Internet) and enabling it to send data and/or receive data sent thereto, through the communication network 140, including sending and/or receiving requests/responses to/from third-party web-services (installed on third-party web-services servers such as third-party web-service server 170) and/or VPN servers (such as VPN server 110) and/or HTTP servers (such as HTTP server 130), as detailed herein, inter alia with reference to Figs. 4 and 5. The internet connected device 100 can have an Internet Protocol (IP) address assigned to it by an Internet Service Provider (ISP). The ISP can sometimes assign an internet connected device 100 with a new IP address, e.g. upon certain events occurring (e.g. roaming, restarting the internet connected device 100, etc.).

Internet connected device 100 can have one or more applications installed thereon, such as App "a" 230-a, App "b" 230-b, App "n" 230-n. Each application can have a local storage accessible thereto (and optionally inaccessible to other applications), such as App "a" storage 240-a for App "a" 230-a, App "n" storage 240-n for App "n" 230-n, etc.

Internet connected device 100 can further comprise a local data repository 260 (e.g. Read Only Memory - ROM, Random Access Memory - RAM, or any other type of local memory, etc.) configured to store data, including, inter alia, the internet connected device 100 IP address, a DUTD, a 3PDUI, etc. In some cases, data repository 260 can be further configured to enable retrieval and/or update and/or deletion of the data stored thereon. In some cases, certain parts of the data repository 260 can be inaccessible by any application installed on the internet connected device 100. In some cases, certain application installed on the internet connected device 100 can have access to certain parts of the data repository 260, that are optionally inaccessible to other applications. In some cases, at least one application installed on the internet connected device 100 cannot access at least a part of the data repository 260 comprising the DUID.

Internet connected device 100 further comprises a processing resource 200. Processing resource 200 can be one or more processing units (e.g. central processing units), microprocessors, microcontrollers (e.g. microcontroller units (MCUs)) or any other computing processing device, which are adapted to independently or cooperatively process data for controlling relevant internet connected device 100 resources and for enabling operations related to internet connected device 100 resources.

The processing resource 200 can comprise one or more of the following modules: internet connected device unique identification module 210 and app info sharing module 220.

According to some examples of the presently disclosed subject matter, internet connected device unique identification module 210 can be configured to uniquely identify an internet connected device 100, as further detailed herein, inter alia with reference to Fig. 5.

According to some examples of the presently disclosed subject matter, app info sharing module 220 can be configured to enable sharing data between two applications installed on an internet connected device 100, utilizing the unique identification of the internet connected device 100, as further detailed herein, inter alia with reference to Figs. 4-7.

Fig. 3 is a block diagram schematically illustrating one example of a third-party web-service server, in accordance with the presently disclosed subject matter.

According to certain examples of the presently disclosed subject matter, third- part web-service server 170 can comprise a network interface 310 (e.g. a network card enabling the third-part web-service server 170 to connect to the communication network 140, via a wired or wireless connection, etc.), enabling connecting the third-part web- service serverl70 to the communication network 140 (e.g. a TCP/IP communication network such as the Internet) and enabling it to send data and/or receive data sent thereto, through the communication network 140, including sending and/or receiving requests/responses to/from internet connected devices 100 applications (installed on internet connected devices 100), as detailed herein, inter alia with reference to Figs. 4-7. Third-part web-service server 170 can further comprise, or be otherwise associated with, a data repository 320 (e.g. a database, a storage system, a memory including Read Only Memory - ROM, Random Access Memory - RAM, or any other type of local memory, etc.) configured to store data, including, inter alia, one or more of: an IP addresses of internet connected devices 100, a DUTD of internet connected devices 100, a 3PDUI of internet connected devices 100, etc. In some cases, data repository 320 can be further configured to enable retrieval and/or update and/or deletion of the data stored thereon.

Third-part web-service server 170 further comprises a processing resource 330. Processing resource 330 can be one or more processing units (e.g. central processing units), microprocessors, microcontrollers (e.g. microcontroller units (MCUs)) or any other computing devices or modules, including multiple and/or parallel and/or distributed processing units, which are adapted to independently or cooperatively process data for controlling relevant third-part web-service server 170 resources and for enabling operations related to third-part web-service server 170 resources.

The processing resource 330 can comprise one or more of the following modules: web-service internet connected device unique identification module 340 and web-service app info sharing module 350.

According to some examples of the presently disclosed subject matter, web- service internet connected device unique identification module 340 can be configured to uniquely identify an internet connected device 100, as further detailed herein, inter alia with reference to Fig. 4.

According to some examples of the presently disclosed subject matter, web- service app info sharing module 350 can be configured to enable sharing data between two applications installed on a given internet connected device 100, utilizing the unique identification of the given internet connected device 100, as further detailed herein, inter alia with reference to Figs. 4 and 5.

Attention is drawn to Figs. 4 and 5. Fig. 4 is a flowchart illustrating one example of a sequence of operations carried out by a third-party web service executing on a web-service server for uniquely identifying an internet connected device, in accordance with the presently disclosed subject matter, and Fig. 5 is a flowchart illustrating one example of a sequence of operations carried out by an application installed on an internet connected device for uniquely identifying the internet connected device by the third-party web-service, in accordance with the presently disclosed subject matter. Both flowcharts provide a full picture of a process of uniquely identifying an internet connected device by the web-service.

The process enables an application (e.g. App "a" 230-a, App "n" 230-n) calling the third-party web-service to obtain the DUID of the internet connected device 100 on which the application is installed, even in those cases where the DUID is otherwise inaccessible by such application (e.g. even if the application does not have direct access to the DUID stored on the data repository 260 of the internet connected device 100 on which the application is installed).

It is to be noted that those parts of the process carried out by the application installed on the internet connected device 100 can be performed utilizing the internet connected device 100 unique identification module 210, and those parts of the process carried out by the third-party web-service server 170 can be performed utilizing the web-service mobile device unique identification module 340.

According to some examples of the presently disclosed subject matter, the internet connected device unique identification process begins with an application (e.g. App "a" 230-a, ... , App "n" 230-n), installed on the internet connected device 100 to be identified, sending a request to the third-party web-service server 170 (block 510). The request can be any type of request (e.g. an HTTP request) triggering activation of a web service executing on the third-party web-service server 170. The request, originating from the application to be identified, is received by the web service (block 410).

In response to the request received at block 410, the web-service is configured to send a response to the application, the response including executable code, executable by the application (e.g. JavaScript code that can be executed by an internal web-browser of the application) (block 420).

The executable code can be configured to check, when executed by the application, if the application has access to a unique identifier uniquely identifying the internet connected device 100. Such unique identifier uniquely identifying the internet connected device 100 can be stored in a part of the internet connected device's 100 memory accessible by the application (e.g. for App "a" 230-a, the unique identifier can be stored App "a" storage 240-a, for App "n" 230-n, the unique identifier can be stored App "n" storage 240-n), e.g. in cases the unique identifier has been previously obtained and locally stored using the process described herein (see block 440 herein). If the application has access to the unique identifier - the executable code can send the unique identifier back to the web-service, thereby uniquely identifying the internet connected device 100.

If not, the executable code can be configured to attempt sending a request to a server (e.g. HTTP server 130) located within a Virtual Private Network (VPN) thereby triggering a VPN connection initialization, via a VPN Tunnel 150, between the internet connected device 100 executing the application and a VPN server 110 of the VPN 160. As a natural part of the VPN connection initialization, the internet connected device 100 (having the VPN connection pre-configured thereon) provides the VPN server 110 with the DUID (which is a unique identifier uniquely identifying the internet connected device 100), and the VPN server 110 performs an authentication process vs. an authentication server 120 of the VPN 160. Upon successful completion of the authentication process, the server to which the request was sent (e.g. HTTP server 130) receives the request sent by the executable code executed by the application executing on the internet connected device 100 to be identified, and executes a process during which the server (e.g. HTTP server 130) approaches the authentication server 120 to retrieve the DUID of the internet connected device 100, and send the DUID back to the application. The executable code executed by the internet connected device 100, can be further configured to send the DUID to the web-service, thereby uniquely identifying the internet connected device 100 by the web-service.

The executable code, sent by the web-service to the internet connected device 100, is received and executed by the application (blocks 520 and 530), resulting in the web-service receiving the DUID of the internet connected device 100 to be uniquely identified (block 430).

In some cases, the web-service can be configured to send the DUID received at block 430, or another unique identifier uniquely identifying the internet connected device 100 (e.g. a unique identifier generated by the web-service), to the application, thereby enabling the application to locally store the DUID or the other unique identifier, in a location, on the internet connected device 100, accessible by the application (e.g. for App "a" 230-a, the DUID can be stored inside a cookie file in App "a" storage 240- a, for App "n" 230-n, the DUID can be stored inside a cookie file in App "n" storage 240-n) (block 440). The application can receive the DUID or the other unique identifier (block 540) and locally store it in a location accessible by the application (block 550). It is to be noted that the web-service, utilizing the unique identifier uniquely identifying the internet connected device 100, can be used to enable two different applications installed on a certain internet connected device 100 to exchange data therebetween, even in those cases where the two different applications cannot directly exchange data therebetween. For example, one application of the two applications can send data designated to the other application to the web-service, along with an indication of the internet connected device 100 unique identifier (e.g. as obtained at block 540). The web-service can receive the data, and send it to a second application installed on the same internet connected device 100 (identifiable by the unique identifier), e.g. upon the second application requesting to receive the data provided by the first application.

It is to be noted that, with reference to Figs. 4 and 5, some of the blocks can be integrated into a consolidated block or can be broken down to a few blocks and/or other blocks may be added. It is to be further noted that some of the blocks are optional. It should be also noted that whilst the flow diagram is described also with reference to the system elements that realizes them, this is by no means binding, and the blocks can be performed by elements other than those described herein.

Attention is drawn to Figs. 6 and 7. Fig. 6 is a flowchart illustrating another example of a sequence of operations carried out by a third-party web service executing on a web-service server for uniquely identifying an internet connected device, in accordance with the presently disclosed subject matter, and Fig. 7 is a flowchart illustrating another example of a sequence of operations carried out by an application installed on an internet connected device for uniquely identifying the internet connected device by the third-party web-service, in accordance with the presently disclosed subject matter. Both flowcharts provide a full picture of a second process of uniquely identifying an internet connected device by the web-service.

It is to be noted that those parts of the second process carried out by the application installed on the internet connected device 100 can be performed utilizing the internet connected device unique identification module 210, and those parts of the second process carried out by the third-party web-service server 170 can be performed utilizing the web-service internet connected device unique identification module 340.

According to some examples of the presently disclosed subject matter, the second process begins with a dedicated application installed on an internet connected device 100 performing an initial registration stage during which it sends a web-service a unique identification request, including a current IP address of the internet connected device 100 (block 710). It is to be noted in this respect that whenever the internet connected device 100 sends a request to a web-service, the request includes the IP address of the internet connected device (as a standard part of any TCP/IP implementation of a connection between the internet connected device 100 and the third-party web-service server 170). The request, including the current IP address of the internet connected device 100, is received by the web-service (block 610), which is configured to generate a unique identifier uniquely identifying the internet connected device (hereinafter: "Third-Party Service Device Unique Identifier" or "3PDUI") (block 620). The web-service is further configured to store the 3PDUI in association with the current IP address of the internet connected device 100, e.g. in data repository 320 (block 630). The web-service then sends the 3PDUI to the dedicated application, thereby enabling it to store the 3PDUI in a local storage of the internet connected device 100, accessible by the application (e.g. in a cookie file accessible to an internal web- browser of the application) (block 640). The dedicated application can be configured to receive the 3PDUI, and locally store it, in a location accessible thereto (block 720).

The dedicated application is further configured to detect a change in the IP address of the internet connected device 100 to a new IP address (e.g. by comparing a stored IP address representative of the latest IP address assigned to the internet connected device 100 known to the dedicated application, with a new IP address assigned to the internet connected device 100) (block 730). In case, of a change of the IP address, the dedicated application can be configured to send the new IP address, and the 3PDUI (obtained at block 720) to the web-service (block 740). The web-service can be configured to receive the new IP address and the 3PDUI sent to it in block 740 (block 650). Upon the web-service receiving the new IP address and the 3PDUI, the web-service can be configured to update the IP address stored in association with the received 3PDUI to the new IP address (block 660).

In this manner, the web-service always has a mapping between the current IP addresses of the internet connected devices and their respective 3PDUIs. In light of the fact that the IP address is always included as part of any request sent to an external server (e.g. third-party web-service server 170), any application can approach the web- service with its current IP address, and receive its 3PDUI. It is to be understood that the presently disclosed subject matter is not limited in its application to the details set forth in the description contained herein or illustrated in the drawings. The presently disclosed subject matter is capable of other embodiments and of being practiced and carried out in various ways. Hence, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting. As such, those skilled in the art will appreciate that the conception upon which this disclosure is based may readily be utilized as a basis for designing other structures, methods, and systems for carrying out the several purposes of the present presently disclosed subject matter.

It will also be understood that the system according to the presently disclosed subject matter can be implemented, at least partly, as a suitably programmed computer. Likewise, the presently disclosed subject matter contemplates a computer program being readable by a computer for executing the disclosed method. The presently disclosed subject matter further contemplates a machine-readable memory tangibly embodying a program of instructions executable by the machine for executing the disclosed method.

Claims

CLAIMS:

1. A method for uniquely identifying, by a third-party web-service, an internet connected device having a device unique identifier, wherein the device unique identifier is inaccessible by an application installed on the internet connected device and calling the third party-web service when executed, the method comprising:

receiving, by the third-party web-service, a request originating from the application;

sending, by the third-party web-service, a response to the application, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN), thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server; and receiving, by the third-party web-service the device unique identifier obtained from the authentication server, thereby uniquely identifying, by the third-party web- service, the internet connected device.

2. The method of claim 1, further comprising:

receiving, by the web-service, additional information originating from the application; and

sending, by the web-service, the additional information to a second application installed on the internet connected device, other than the application, thereby enabling transferring the additional information from the application to the second application.

3. The method of claim 1, further comprising sending, by the web-service, a unique identifier uniquely identifying the internet connected device, to the application, thereby enabling the application to locally store the unique identifier, in a location accessible by the application on the internet connected device.

4. The method of claim 3, wherein the unique identifier is the device unique identifier.

5. The method of claim 3, wherein the unique identifier is a web-service generated unique identifier, generated by the web-service for uniquely identifying the internet connected device.

6. The method of claim 3, wherein the executable code is configured to check if the unique identifier is locally stored before attempting to communicate with the server.

7. The method of claim 1, wherein the server is an HTTP server.

8. The method of claim 1, wherein the internet connected device includes a configuration of the VPN.

9. The method of claim 1, wherein the device unique identifier is sent by the internet connected device to the authentication server via a VPN server.

10. The method of claim 1 wherein the internet connected device is a mobile device.

11. A method for uniquely identifying, by a third-party web-service, an internet connected device having a device unique identifier, wherein the device unique identifier is inaccessible by an application installed on the internet connected device and calling the third party-web service when executed, the method comprising:

sending, by the application, a request to the web-service;

receiving, by the application, a response to the request, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN); and

executing, by the application, the executable code, thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server, thereby enabling the authentication server to send the device unique identifier to the web-service.

12. The method of claim 11, further comprising:

sending, by the application, additional information to the web-service; and receiving, by a second application installed on the internet connected device, other than the application, the additional information, thereby enabling transferring the additional information from the application to the second application.

13. The method of claim 11, further comprising:

receiving, by the application, from the web-service, a unique identifier uniquely identifying the internet connected device; and

locally storing, by the application, the unique identifier, in a location accessible by the application on the internet connected device.

14. The method of claim 13, wherein the unique identifier is the device unique identifier.

15. The method of claim 13, wherein the unique identifier is a web-service generated unique identifier, generated by the web-service for uniquely identifying the internet connected device.

16. The method of claim 13, wherein the executable code is configured to check if the device unique identifier is locally stored before attempting to communicate with the server.

17. The method of claim 11, wherein the server is an HTTP server.

18. The method of claim 11, wherein the internet connected device includes a configuration of the VPN.

19. The method of claim 1 1 wherein the internet connected device is a mobile device.

20. A method for uniquely identifying, by a third-party web-service, an internet connected device, the method comprising:

receiving, by the web-service, a request originating from an application installed on the internet connected device, the request including a current Internet Protocol (IP) address of the internet connected device;

generating, by the web-service, a unique identifier for the internet connected device;

storing, by the web-service, the unique identifier in association with the current IP address of the internet connected device;

sending, by the web-service, the unique identifier to the application, thereby enabling the application to store the unique identifier in a local storage of the internet connected device, accessible by the application;

receiving, by the web-service, from the application, upon a change of the current IP address of the internet connected device, a new IP address and the unique identifier; and

updating the current IP address associated with the unique identifier to the new IP address.

21. The method of claim 20, further comprising: receiving, by the web-service, a unique identifier request originating from the application installed on the internet connected device, the request including the current Internet Protocol (IP) address of the internet connected device; and

sending, by the web-service, the unique identifier to the application, enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

22. The method of claim 20 wherein the internet connected device is a mobile device.

23. A method for uniquely identifying, by a third-party web-service, an internet connected device, the method comprising:

sending, by an application installed on the internet connected device, to the web- service, a unique identification request including a current Internet Protocol (IP) address of the internet connected device;

receiving, by the application, a unique identifier, uniquely identifying the internet connected device, from the web-service, the device unique identifier being associated with the current IP address;

detecting, by the application, a change of the current IP address of the internet connected device to a new IP address; and

sending, by the application, the new IP address and the unique identifier, thereby enabling the web-service to update the current IP address associated with the unique identifier to the new IP address.

24. The method of claim 23, further comprising:

sending, by the application, a unique identifier request to the web-service, the request including the current Internet Protocol (IP) address of the internet connected device; and

receiving, by the application, the unique identifier, thereby enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

25. The method of claim 24 wherein the internet connected device is a mobile device.

26. A web-service server having a processor configured to:

receive a request originating from an application installed on an internet connected device; send a response to the application, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN), thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, a device unique identifier to an authentication server, wherein the device unique identifier is inaccessible by the application; and

receive the device unique identifier obtained from the authentication server, thereby uniquely identifying the internet connected device.

27. The web-service server of claim 26, wherein the processor is further configured to:

receive additional information originating from the application; and

send the additional information to a second application installed on the internet connected device, other than the application, thereby enabling transferring the additional information from the application to the second application.

28. The web-service server of claim 26, wherein the processor is further configured to send a unique identifier uniquely identifying the internet connected device, to the application, thereby enabling the application to locally store the unique identifier, in a location accessible by the application on the internet connected device.

29. The web-service server of claim 28, wherein the unique identifier is the device unique identifier.

30. The web-service server of claim 28, wherein the unique identifier is a web-service generated unique identifier, generated by the web -service for uniquely identifying the internet connected device.

31. The web-service server of claim 28, wherein the executable code is configured to check if the unique identifier is locally stored before attempting to communicate with the server.

32. The web-service server of claim 26, wherein the server is an HTTP server.

33. The web-service server of claim 26, wherein the internet connected device includes a configuration of the VPN.

34. The web-service server of claim 26, wherein the device unique identifier is sent by the internet connected device to the authentication server via a VPN server.

35. The web-service server of claim 26 wherein the internet connected device is a mobile device.

36. An internet connected device having a device unique identifier inaccessible by an application installed on the internet connected device, the internet connected device having a processor configured to execute the application, the application configured to:

send a request to the web-service;

receive a response to the request, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN); and

execute the executable code, thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server, thereby enabling the authentication server to send the device unique identifier to the web-service.

37. The internet connected device of claim 36, wherein the application is further configured to:

send additional information to the web-service; and

receive, by a second application installed on the internet connected device, other than the application, the additional information, thereby enabling transferring the additional information from the application to the second application.

38. The internet connected device of claim 36, wherein the application is further configured to:

receive from the web-service, a unique identifier uniquely identifying the internet connected device; and

locally store, by the application, the unique identifier, in a location accessible by the application on the internet connected device.

39. The internet connected device of claim 38, wherein the unique identifier is the device unique identifier.

40. The internet connected device of claim 38, wherein the unique identifier is a web-service generated unique identifier, generated by the web-service for uniquely identifying the internet connected device.

41. The internet connected device of claim 38, wherein the executable code is configured to check if the device unique identifier is locally stored before attempting to communicate with the server.

42. The internet connected device of claim 36, wherein the server is an HTTP server.

43. The internet connected device of claim 36, wherein the internet connected device includes a configuration of the VPN.

44. The internet connected device of claim 36, wherein the internet connected device is a mobile device.

45. A web-service server having a processor configured to:

receive a request originating from an application installed on an internet connected device, the request including a current Internet Protocol (IP) address of the internet connected device;

generate a unique identifier for the internet connected device;

store the unique identifier in association with the current IP address of the internet connected device;

send the unique identifier to the application, thereby enabling the application to store the unique identifier in a local storage of the internet connected device, accessible by the application;

receive from the application, upon a change of the current IP address of the internet connected device, a new IP address and the unique identifier; and

update the current IP address associated with the unique identifier to the new IP address.

46. The web-service server of claim 45, wherein the processor is further configured to:

receive a unique identifier request originating from the application installed on the internet connected device, the request including the current Internet Protocol (IP) address of the internet connected device; and

send the unique identifier to the application, enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

47. The web-service server of claim 45, wherein the internet connected device is a mobile device.

48. An internet connected device having a device unique identifier inaccessible by an application installed on the internet connected device, the internet connected device having a processor configured to execute the application, the application configured to:

send to a web-service, a unique identification request including a current

Internet Protocol (IP) address of the internet connected device;

receive a unique identifier, uniquely identifying the internet connected device, from the web-service, the device unique identifier being associated with the current IP address;

detect a change of the current IP address of the internet connected device to a new IP address; and

send the new IP address and the unique identifier, thereby enabling the web- service to update the current IP address associated with the unique identifier to the new IP address.

49. The internet connected device of claim 48, wherein the processor is further configured to:

send a unique identifier request to the web-service, the request including the current Internet Protocol (IP) address of the internet connected device; and

receive the unique identifier, thereby enabling the application to store the unique identifier in the local storage of the internet connected device, accessible by the application.

50. The internet connected device of claim 48, wherein the internet connected device is a mobile device.

51. A non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of a web-service server to perform a method comprising:

receiving a request originating from an application installed on an internet connected device;

sending a response to the application, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN), thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, a device unique identifier to an authentication server, wherein the device unique identifier is inaccessible by the application; and

receiving the device unique identifier obtained from the authentication server, thereby uniquely identifying the internet connected device.

52. A non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of an internet connected device having a device unique identifier inaccessible by an application installed thereon, to perform a method comprising:

sending a request to the web-service;

receiving a response to the request, the response including executable code configured to attempt, when executed by the application, communicating with a server located within a Virtual Private Network (VPN); and

executing the executable code, thereby triggering a VPN authentication process for connecting the internet connected device to the VPN, the VPN authentication process including sending, by the internet connected device, the device unique identifier to an authentication server, thereby enabling the authentication server to send the device unique identifier to the web-service.

53. A non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of a web-service server to perform a method comprising:

receiving a request originating from an application installed on an internet connected device, the request including a current Internet Protocol (IP) address of the internet connected device;

generating a unique identifier for the internet connected device;

storing the unique identifier in association with the current IP address of the internet connected device;

sending the unique identifier to the application, thereby enabling the application to store the unique identifier in a local storage of the internet connected device, accessible by the application; receiving from the application, upon a change of the current IP address of the internet connected device, a new IP address and the unique identifier; and

54. A non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code, executable by at least one processor of an internet connected device having a device unique identifier inaccessible by an application installed thereon, to perform a method comprising:

sending to a web-service, a unique identification request including a current

Internet Protocol (IP) address of the internet connected device;

receiving a unique identifier, uniquely identifying the internet connected device, from the web-service, the device unique identifier being associated with the current IP address;

detecting a change of the current IP address of the internet connected device to a new IP address; and

sending the new IP address and the unique identifier, thereby enabling the web- service to update the current IP address associated with the unique identifier to the new IP address.