• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    It is proposed a collection method for a user-oriented audience measurement of a consumption message, called hit, which is transferred to a node for site-oriented audience measurement (5) by a marker performed or included by an application that itself is performed by a terminal (2) in a panel household (1). An intermediate element (3), through which the hit goes, accomplishes the following steps: interception of a secure connection request from the application executing or including the marker, with the node as its destination; by simulating the node handling of the request for secure connection and establishing a first secure connection (6) between the terminal and the intermediate element; receiving the hit via the first secure connection; recording the hit, including at least one hit parameter, with an identification of the terminal; renewed transfer of the consumption message to the node, via a second connection (7a, 7b) established between the intermediate element and the node.
    公开号:NL2016940A
    申请号:NL2016940
    申请日:2016-06-10
    公开日:2016-12-12
    发明作者:M Oddou Christophe;M Giot David
    申请人:Mediametrie;
    IPC主号:
    专利说明:

    Title: Collection method for a user-oriented audience measurement, transferred from a hit to a node for site-oriented audience measurement, with simulation of the node by an intermediate element.
    1. FIELD OF THE INVENTION
    The field of the invention is that of audience measurement techniques.
    More precisely, the invention relates to a collection technique for a user-oriented audience measurement of a consumption message, called a hit, which is transferred to a node for site-oriented audience measurement by a marker performed by a terminal in a panel household. The marker is, for example, located in a web page that is executed by a browser, which is itself executed by the terminal. In a variant, the marker is in a third-party application, which itself is executed by the terminal.
    In particular, but not exclusively, the invention applies to the user-oriented audience measurement of streamed content (e.g., a TV program) transmitted over the Internet.
    More generally, the proposed technique can apply to: • any type of information network; • any type of content (in particular but not exclusively, audio and / or video content: streamed or downloaded content, live content or deferred content, missed TV ('catch up TV'), video on demand (VOD), web radio, online available content (content available on internet sites, ie references in web pages that can be consulted with a browser executed by the terminal), content available on third-party applications performed by the terminal, etc.); • any type of terminal (fixed or mobile, personal or shared): computer, smartphone, tablet, connected TV, etc.
    2. TECHNICAL BACKGROUND
    Nowadays there are two main measures (also called 'Web Analytics' tools) to perform a public measurement (in a broad sense) for a website, on the Internet: site-oriented audience measurement (in English 'site-centric') and user-oriented audience measurement ( in English 'user-centric'). 2.1 Site-centric measurement
    This is a measurement produced by the website on request that itself marks the web pages (HTML pages) that one wants to measure. The main purpose of the site-centric measurement is to measure the traffic volumes. This allows fine and precise monitoring: the behavior of the internet user on the site, the most consulted content, the most frequently used services and the internet return of the visits. The site-centric measurement also applies to measuring the effectiveness of online marketing activities: clicks, conversion rates, sales, return on investment, etc.
    The operation of the "site-centric" measurement is based on marking each page of a site with a marker (also called "marker block" or "tag"), for example a Javascript code. As soon as a page is requested by a web browser via a terminal connected to the Internet (computer, smartphones, tablets, connected TVs, etc.), the marker placed on the page sends a request (also called 'hit' or 'consumption message') to the measurement server. This way the traffic on the pages is tracked. The site-centric measurement makes it possible to analyze the number of terminals (identified by their internet browsers) that have consulted a site during a certain period. The browsers are identified using cookies or with the pairing IP address / user agent when measurement with a cookie is not possible. For a given browser and terminal, a cookie is placed on the terminal by the server of the audience measurement company (Web Analytics system) when a marker is downloaded from the server of the audience measurement company for the first time. This cookie is common to all sites marked by the public measurement company, because it is a "third-party cookie" (in English "third party cookie") that is managed by this company.
    Web site marking technology (originally designed to measure website visits, as set out above) has subsequently been extended to third-party applications (also known as 'mobile applications' or 'publisher applications') that can be downloaded from online application stores (eg markers for iOS , Android or Windows). For example, it is suggested to insert a marker ("tag") in the mobile application. For this purpose, there are marker libraries for the various platforms for mobile applications. Mobile applications are tools that facilitate the search and consultation of all types of content for users. A mobile application that is connected essentially behaves like a browser, because information is read on the Internet for each operation or data access. Unlike a browser, a mobile application can generally take into account the functionality of the terminal on which it is running, thereby offering the user more efficiency.
    The marking technique for web pages and applications can be summarized as follows. When a publisher marks his website to allow an internet audience measurement company to measure its audience, he integrates a marker into his HTML pages (the marker then consists of a call to a Javascript routine that is on the server of the audience measurement company) or in its third-party applications (the marker then consists of a library written in native code and is integrated in the third-party application). When loading each page or third-party application, a marker identification (unique and persistent) is generated (if that has not been done before). In the case of a page (from a site of a publisher) that can be consulted with the web browser of the terminal, then the marking identification is placed by the server of the public measurement company in the form of a cookie on the terminal (the cookie is in the generally common to all sites marked by the public measurement company). In the case of a third-party application proposed by a publisher in a store for third-party applications, the marker identification is generated by the marker and stored in a storage space of the terminal specific to each application, if it is not possible to uniquely identify the terminal to use. This is generally different per application.
    In addition to measuring visits to HTML pages and third-party applications, certain markers can also measure the audience of audio and / or video content that is displayed by content playback devices (also known as "players" or "players"). For this purpose these markers are linked to the content players to know their operating status. During the presentation of content (including at the start) the marker sends periodic requests (also called "hits" or "consumption messages") to the internet audience measurement server to transfer the operating status of the player (player). These hits convey different parameters: the identity of the content, the position in the content (the time index of the playback), the status of the player (pause, playback ...), the marker identification (which allows sessions from the same terminal during the same day can be doubled) as well as a temporary session identification which is renewed with every new start of the player. In nominal mode, the hits are sent every 60 seconds. The marking technique for web pages and applications makes it possible to measure the consumption (number and duration) of content.
    A disadvantage of the marking technique is that it is limited to "site-centric" measurement and does not take into account the concept of a panel (this concept is specific to the "user-centric" measurement). With the "site-centric" measurement it is not possible to identify the internet users separately who are connecting to the site (they do not know who is behind the terminal connected to the Internet). It therefore does not make it possible to have a qualified audience. That is why the "user-centric" measurement (detailed below) complements the "site-centric" measurement. 2.2 "User-centric" measurement
    This measurement is based on following the navigation (surfing) on the Internet of a panel (sample of internet users) that is representative of a population of internet users (for example Dutch internet users). The navigation of the panel is measured and an exploratory study is conducted in parallel to extrapolate their navigation to the internet population studied. By accurately identifying the panel member, the "user-centric" measurement can be used to analyze the number of unique visitors who have visited a site within a certain period. A unique visitor to the panel corresponds to a qualified and identified individual. Extrapolated, a panel member corresponds to thousands of unique visitors. The "user-centric" measurement gives agencies, publishers and marketing professionals accurate and reliable reports about the audience of internet sites and internet use. This information can be used for strategic plans, competition investigations or media planning. For example, the results are updated every month.
    A first known technique for 'user-centric' audience measurement is based on digital tattooing (in English 'audio watermarking') of an audio channel (also called 'audio component') of broadcast content (for example TV channels) or comparing their audio fingerprint ( in English 'audio fingerprinting') with reference fingerprints. This first known technique forms the basis for the audimeters that are used for reference research into daily TV viewing behavior. In the case of a TV set, the audimeter (often a mini-PC) captures the audio channel of the displayed channel (electrically or acoustically) in order to be able to process the signal and transfer the audience data to the server from the public measurement company. A disadvantage of this first known technique is that in the case of portable PCs, smartphones or tablets it is difficult to imagine permanently connecting an audimeter (i.e. an external device) to these by their nature mobile devices. Another disadvantage of this first known technique is that on certain types of terminals (often Apple terminals (registered trademark)) it is very difficult to capture the audio channel in digital format, directly at the level of the audio circuits.
    A second known technique for "user-centric" audience measurement is based on the analysis of network traffic between the terminal and the Internet. This second known technique consists of utilizing network traces that are left at the level of a router installed in the home of the panel members or at the level of an HTTP proxy through which the terminals of the panel members must pass. For example, in the context of measuring internet traffic in a household recruited to participate in a panel, a solution that is used by the public measurement company is to connect a router to the box (ie the router modem, also called 'network connection equipment', supplied by the internet provider) and to ask the household to connect all terminals to it in order to be able to log the internet traffic that passes through it. The main disadvantage of this second known technique is that the network traffic may have no connection whatsoever with the content that is actually displayed on the terminal. For example, when the user pauses the player (player), the audiovisual stream is further stored in buffer memory, with no guarantee that it will later be decoded and displayed. So there is an inaccuracy in the measurement of streamed content that may be buffered in the terminals and never consumed. Another disadvantage is that this solution is limited to the home where the router is located.
    A third known technique for "user-centric" audience measurement is based on a measurement program (also called "measurement software" or "measurement application") that is built into the terminal in order to be able to transfer and analyze the connection data (surf data) in real time. The "measurement application" was developed by the public measurement company and installed by the panel member on its terminal to be able to measure its use. The application works as a background task and, in a special implementation, installs a local proxy (also called "process proxy") on the terminal. All network connections (Wi-Fi, 3G / 4G, ...) go through the local proxy and can pass all HTTP requests sent to the target servers as they pass. The main disadvantage of this third known technique is that it requires a very consistent R & D effort to maintain a measurement program on all operating systems (OS) and all internet browsers at the terminals, taking into account the developments of the major parties on the web, and that equally well on a computer (PC), tablet, smartphone, etc. On the other hand, when audiovisual content (stream) is protected with a technical security measure (or DRM, "Digital Rights Management" in English), the measurement program can generally do not measure their consumption. 2.3 Use of the hits of a "site-centric" measurement in the context of a "user-centric" measurement
    As explained earlier, the "site-centric" measurement is based on the sending of hits by the markers that are integrated in web pages or third-party applications. It has been proposed to use these hits in the context of a "user-centric" measurement. For example, as in the second known "user-centric" audience measurement technique presented above, a router installed in the household of panel members records (hits) transmitted by the terminals of that household. The thus logged hits can then be used by the public measurement company to know which HTML page or which part of a third-party application has been visited by the panel member. But above all, in the case of hits transmitted by markers that interact with players, they can be utilized to effect a measurement of video consumption. The knowledge of internet traces (HTTP requests) alone is not sufficient to accurately know the duration of consumption of streamed content, because the content may be placed in buffer memory and may be delayed. The marker, on the other hand, is a means to accurately find out which part of the content has been decoded and presented. In the context of measuring TV on internet displays (PC, tablet, mobile), one can use this technology to measure the audience of television channels (live, delayed or missed) in a panel of viewers. The condition is of course that the sites and the applications of the channels use this marking technology.
    For several years it has been observed that internet parties are increasingly migrating their servers to secure connections via the HTTPS protocol. By setting up this type of connection, the internet user is assured on the one hand that he connects to the correct site and not to a hijacked site (server authentication) and on the other hand that the communication is encrypted and cannot be intercepted (confidentiality). The HTTPS protocol was originally used by banking or e-commerce sites, but is now largely used by all sites that belong to social networks and that store or exchange personal, potentially sensitive information. When an HTML page is loaded via HTTPS (that is, via a secure connection according to the HTTPS protocol), the internet browser requires that all parts of this page (images, Javascript, ...) be loaded via HTTPS from the point of view security, in order to prevent malicious code from entering through a secure website. Nowadays, most browsers still accept that items are loaded via the HTTP protocol in a page that is loaded via the HTTPS protocol. Only a warning icon will be displayed for the address bar, but it is likely that loading will be blocked in future versions of the browsers. Like all components, a marker from a public measurement company must also be loaded via HTTPS. Likewise, the hits sent by these markers must be sent via HTTPS.
    Returning to the aforementioned solution for 'user-centric' measurement based on the utilization of registered (logged) hits by a router present in a household of panel members (that is the second known technique presented above), it is determined that the router that is placed for every hit in the middle of an encrypted HTTPS connection (established between a terminal in the household and the server of the public measurement company), only logs the domain name to which the hit is sent, but does not register any of the parameters included in this hit . For example, for hits transmitted by markers that interact with playback devices (players), the router does not record the status of the player, the name of the content, and the time index of playback. The logs (recordings of network traces corresponding to hits) can therefore not be used to effect a "user-centric" measurement (of video consumption in the aforementioned example).
    Similarly, a disadvantage of the third known technique is that, if the 'measurement application' and the application in use (of which one wants to measure internet traffic) are each in their own sandbox, the local proxy of the 'measurement application' after having an HTTPS -connection has no longer access to the details of the hits (same problem with a router or an external proxy). The hits sent via HTTPS (for example hits of the "eStat streaming" type) cannot be used. A sandbox is a mechanism with which (a) program (s) can be executed with fewer risks for the operating systems.
    In other words, in the context of a 'user-centric' measurement, it is currently possible to use the parameters in the hits that are sent over a non-secure connection (for example via the HTTP protocol), but not the parameters in the hits that are sent over a secure connection (for example via the HTTPS protocol). It is therefore not possible to use all hits sent by the terminals in a household of panel members and it is therefore not possible to achieve a public measurement in all cases.
    3. OBJECTS OF THE INVENTION
    In at least one embodiment, the invention has the particular object of overcoming these various disadvantages of the prior art.
    More precisely, in at least one embodiment of the invention, it is an object to provide a technique with which it is possible to collect (and thus make usable) all parameters in the context of a 'user-centric' measurement (user-oriented audience measurement) are in the hits sent by the terminal or the terminals of a panel household, hits that are transmitted either via a non-secure connection (e.g. via the HTTP protocol) or via a secure connection (e.g. via the HTTPS protocol) .
    At least one embodiment of the invention also has the purpose of providing such a technique that requires no modification of the existing markers nor of the existing terminals.
    Another object of at least one embodiment of the invention is to provide such a technique that is easy to use and inexpensive.
    4, EXPLANATION OF THE INVENTION
    In a particular embodiment of the invention, a collection method is proposed for a user-oriented audience measurement of a consumption message, called a hit, which is transferred to a node for site-oriented audience measurement by a marker performed or included by an application that itself is performed by a terminal in a panel household. An intermediate element, through which the hit goes, accomplishes the following steps: - interception of a request for secure connection originating from the application executing or including the marker, with the destination of the node; - by simulating the node handling of the request for secure connection and establishing a first secure connection between the terminal and the intermediate element; - receipt of the hit via the first secure connection; - registration of the hit, comprising at least one hit parameter, with an identification of the terminal; - renewed transfer of the consumption message to the node, established via a second connection between the intermediate element and the node.
    The principle of the proposed solution consists of terminating the secure connection in the intermediate element and setting up a new connection with the node for the site-oriented audience measurement. Between these two connections, the intermediate element has unencrypted access to the hit parameter (s), so that the parameter (s) can be collected (by making registrations, also called hit logs, which include this parameter (s)) to him or them be able to use it later in the context of a user-oriented measurement. The identification of the terminal (for example, the MAC address of the terminal) that is included in every log registration of a hit, makes it possible to know information that is required for a user-oriented measurement, such as, for example, the identity of the person (s) n (s) that are registered on the terminal and / or the type of terminal (for example 'shared' or 'individual', 'iOS tablet' or 'Android smartphone' ...) · It is thus possible to collect (and in the context of a user-oriented audience measurement that can be used) all parameters in the hits sent by the terminal (s) of a panel household, even when these hits are transmitted via a secure connection. In the context of a user-oriented audience measurement, the user of the terminal is generally asked (at the start of a user session) to log in by selecting his first name from a list of persons in the household. This information (registration) is linked to the identification of the terminal (for example the MAC address). The identification of the terminal can thus be used as an association key between the hit logs of the terminal and the content of the notification (identity of the person) to qualify the public with socio-demographic data.
    According to a special feature, said hit parameter belongs to the group comprising: information about the status of a content player, an identification of the content and a time index of the content playback.
    In this way the proposed solution applies to a collection for a user-oriented audience measurement of audio and / or video content displayed by content players ("players").
    In a first special implementation, the intermediate element is a router that is installed in the panel household and to which the terminal is connected in order to gain access to an information network.
    In a second special implementation, the intermediate element is an external proxy outside the terminal, as a result of which the network traffic from the terminal passes to gain access to an information network.
    According to a special feature, the intermediate element is a proxy within the terminal through which the network connections pass from the terminal.
    According to a special feature, the application that executes the marker or comprises a browser that executes a web page that includes the marker, or a third-party application that includes the marker.
    According to a special feature, to simulate the node for the site-oriented audience measurement, the intermediate element uses a private key of the node for the site-oriented audience measurement and a certificate including a public key of the node for the site-oriented audience measurement.
    According to a special feature, the first secure connection complies with the HTTPS communication protocol.
    According to a special feature, the second connection is not secured.
    A second secure connection (for example according to the HTTPS communication protocol) is also possible in an embodiment variant. The advantage of a second non-secure connection is the simplicity of deployment (the network equipment does not have to authenticate the site-oriented audience measurement node).
    According to a special feature, the second connection complies with the HTTP communication protocol.
    In another embodiment of the invention, a computer program product is proposed that includes the program instruction code for deploying the aforementioned method (in any of the various embodiments) when said program is run on a computer.
    In another embodiment of the invention, a storage medium is proposed that is computer readable and non-transient, on which is stored a computer program that includes an instruction set executable by a computer for deploying the aforementioned method (in any of the different embodiments).
    In another embodiment of the invention, a set of intermediate elements is proposed for a user-oriented audience measurement of a consumption message, called hit, which is transferred to a site-oriented audience measurement node by a marker executed or included by an application executed by a terminal in a panel household. The intermediate element through which the hit goes is configured and adapted for: - intercepting a secure connection request from the application running or including the marker, with the node as its destination; - simulating the node handling the request for secure connection and setting up a first secure connection between the terminal and the intermediate element; - receiving the hit via the first secure connection; - registering the hit, comprising at least one hit parameter, with an identification of the terminal; - a renewed transfer of the consumption message to the node via a second connection established between the intermediate element and the node.
    The intermediate element advantageously comprises means for inserting the steps it accomplishes in the collecting method as previously described, in any of the different embodiments.
    5. LIST OF FIGURES
    Other features and advantages of the invention appear upon reading the following description, given as an indicative and non-limitative example, and the accompanying drawings, in which: - Figures 1 and 2 illustrate the general principle and a sequence diagram of a collection, respectively method according to a first special embodiment of the invention; - figure 3 presents the structure of network equipment according to a special embodiment of the invention, and - figure 4 illustrates the general principle of a collection method according to a second special embodiment of the invention.
    6. DETAILED DESCRIPTION
    In all figures of the present document identical elements are indicated with the same reference number.
    Now, in conjunction with Figures 1 and 2, a collection method is presented according to a first particular embodiment of the invention.
    A panel household 1 is considered, comprising at least one terminal 2 (computer, smartphone, tablet, connected TV, etc.) connected to an information network (often the Internet) via a box 4 (also called 'router modem' or 'network connection equipment') supplied by an internet provider.
    It is assumed that each terminal 2 participates in the deployment of a site-oriented ("site-centric") measurement. To this end, he executes markers (integrated in web pages or third-party applications) that transfer hits (consumption messages) to a node for site-oriented audience measurement 5. In the case that they are transferred by markers that work together with players, these hits usually include recorded as parameters are the status of the player, the name of the content and the time index of the playback.
    For example, each marker is located in a web page that is executed by a browser, which is itself executed by the terminal. In a variant, each marker is in a third-party application, which itself is executed by the terminal.
    It is also assumed that people want to use these hits (including the parameters included in this) to use a user-oriented ("user-centric") measurement. To this end, in the particular embodiment illustrated in Figure 1, the panel household 1 is equipped with, inter alia, a router 3. Each terminal 2 of the household is connected to the router 3, which itself is connected to the box 4. The router 3 can thus log the ongoing internet traffic from each terminal 2 of the household.
    In the particular embodiment illustrated in Figure 1, the proposed technique makes it possible for the router 3 to collect the hits and the parameters therein, regardless of the nature (secured or not) of the connection established by the terminal 2.
    When the router 3 intercepts a connection request from the terminal 2 with the destination for the site-oriented audience measurement node 5, then two cases are possible.
    If it is a non-secure connection request (for example, according to the HTTP communication protocol), then the router 3 passes it to the node 5. Upon receipt of this request by the node 5, followed by an initialization phase, a non-secure connection becomes (e.g. an HTTP connection) established between the terminal 2 and the node 5. Thus, any hit transmitted by the terminal passes through the router which can register it (logging because the connection between the terminal 2 and the node 5 is not secure) ) by collecting the parameters included therein and also by storing an identification of the terminal. In other words, the router 3 creates a registration (also called "logbook") comprising the domain name to which the hit was sent, an identification of the terminal that sent the hit and the hit parameters. Each terminal connected to the router is often identified by a unique connection identifier (for example, its MAC address or its local IP address on the local network (LAN) of the household), allowing the router to log the internet traffic of each terminal separately .
    If it is a secure connection request 21 (e.g. according to the HTTPS communication protocol), then the router 3 intercepts it and does not allow it to proceed to the node 5 (step 22 of Figure 2). The router 3 handles the request by simulating node 5, which results (after an initialization phase with various exchanges 24 between the terminal and the router 3) in setting up a first secure connection between the terminal 2 and the router 3 (step 23 of figure 2). Incidentally, the router 3 establishes a second connection (unsecured or, in a variant, secured) with the node 5 (step 25 of Figure 2) after an initialization phase with various exchanges 26 between the router 3 and the node 5. Thus every hit 27 transmitted by the terminal 2 is received by the router 3 which, because the first secure connection is terminated in the router, registers (logs) it by collecting the parameters included therein (step 28 of Figure 2). In other words, the router 3 creates a registration (also called "logbook") comprising the domain name to which the hit was sent, an identification of the terminal that sent the hit and the hit parameters. The router then transfers the hit 27 "to the node 5 again via the second connection (step 29 of Figure 2).
    In Figure 1, which illustrates the second case, the first secure connection is indicated by 6 and the second connection is indicated by 7a for the part between the router 3 and the box 4, and by 7b for the part between the box 4 and the node 5.
    In summary, the solution proposed in this particular embodiment consists of terminating the (first) secure connection (for example HTTPS) in the router 3 (intermediate element) and setting up a new (second) connection (for example HTTP or HTTPS) up to the node 5. Between the two connections, the router has access to the unencrypted data (hit parameters), making it possible to log the information for later use.
    For this purpose, the firmware (basic software) of the router 3 must be modified so that it can act as the node for site-oriented audience measurement 5, viewed from the terminal 2 which sets up the HTTPS connection. This implies, for example, placing the private key of the node 5 in the firmware of the router, as well as the X509 certificate including the public key of the node 5. Because the certificate has a limited validity, it is necessary that can be worked in the memory of the router when it loses its validity.
    This cryptographic data can be sensitive data and can be hidden by means of obfuscation techniques that are well known to security specialists. In particular, it is useful to be able to update the firmware regularly in order to allow little time for attackers to attempt reverse engineering.
    A detailed example of the implementation achieved on the router is presented below.
    When a client tries to set up an HTTPS connection to a secure server, he initially sets up a TCP / IP connection with port 443 of the server. After the TCP connection is established, the client and server initialize the SSL layer ("Secure Socket Layer") or TLS ("Transport Layer Security") in order to negotiate the cryptographic parameters used for communication and to negotiate the keys used for encrypting the messages. At the end of this initialization, the elements of the HTTP protocol are transferred to the SSL / TLS layer to be encrypted for transmission via TCP / IP. The HTTPS protocol is nothing but the HTTP protocol transported via SSL / TLS.
    The initialization of the SSL / TLS layer consists on the one hand of authenticating the server in order to guarantee the client that it is the intended server and not a hijacked copy and on the other hand of negotiating a shared secret between the client and the server.
    To enable the client to authenticate the server, it returns its certificate in X509 format, which includes the following parameters: • the expiry date of the certificate; • the name of the certified organization; • the public key assigned to this organization; • the name of the certificate authority that issued the certificate; • the algorithm with which the certificate is signed; • the signature of the certificate, calculated by hashing the body of the certificate with a hash function and by encrypting the hash (condensate) with the private key of the certificate authority.
    Upon receipt of the certificate, the client decrypts the signature with the corresponding public key from the certificate authority (this is present in the root certificates of the certificate authorities pre-installed in the client). Then, it in turn has the body of the certificate using the algorithm specified in the certificate and compares the hash with the hash that comes from decrypting the signature. If the values are the same, the server is authenticated.
    At this stage, after the server is authenticated, the client generates a temporary random secret that it transfers to the server by encrypting it with the public key of the server present in its certificate. Upon receipt, the server can gain access to the secret by decrypting the message with its private key. From that moment on, the client and the server share the same secret that they can use to encrypt their exchanges with a symmetrical encryption algorithm.
    In a particular embodiment of the invention, the router intercepts the TCP connection requests to port 443 of the node 5 (e.g., using the "iptable" command under the Linux operating system) and redirects it to a program capable of handle the SSL / TLS protocol (such as the 'stunnel' program) executed on the router. This program returns the certificate of the node 5 during the authentication phase and negotiates with the terminal client 2 the shared secret that serves to encrypt the HTTPS communication between the terminal 2 and the router 3. The messages received by this program are decrypted and returned to the node 5 in HTTP. Use of the HTTPS protocol is possible in one embodiment, but requires the router to know the root certificates of the certificate authorities in order to in turn authenticate the node 5 or not to the authenticity of the node 5 verifies on the basis that the router applies this exception only for the node 5.
    Figure 3 presents the simplified structure of the router 3 which uses the collecting method according to the special embodiment described above, in conjunction with Figures 1 and 2. The router 3 comprises a directly accessible memory 33 (for example a RAM memory), a processing unit 32, equipped with, for example, a processor and controlled by a computer program stored in a read-out memory 31 (e.g. a ROM memory or a hard disk). For example, during the initialization, the instruction code of the computer program is loaded into the directly accessible memory 33 before it is executed by the processor of the processing unit 32.
    This figure 3 only illustrates a particular one of several possible forms, whereby the router realizes the different steps illustrated in figures 1 and 2. The proposed technique can be realized on any reprogrammable calculator (a computer, a DSP processor or a microcontroller) that executes a program that includes an instruction set, or on a function-related calculator (e.g., a set of logic gates such as an FPGA or an ASIC, or any other hardware module). In the case of an implementation on a reprogrammable calculator, the corresponding program (i.e., the instruction set) can be stored on a removable or non-removable storage medium (such as, for example, a floppy disk, a CD-ROM, or a DVD-ROM), the storage medium can be read in whole or in part by a computer or a processor.
    The particular embodiment described above, with figures 1 and 2, is based on the use of a router 3 in the panel household. It is clear that other embodiments of the invention may be considered. In particular, it is foreseeable that a different network device is used instead of the router, in particular a proxy through which the network traffic of the terminal passes to gain access to the information network. In this variant based on the use of a proxy (instead of the router), the sensitive data (private key, certificate) is less exposed to attackers than with a router installed in the household.
    A detailed example of the implementation achieved on the proxy is presented below.
    If a terminal is configured to go through an explicit proxy, the IP address and the input port of which are defined, then it is first necessary to set up a TCP connection to the proxy using the HTTP CONNECT command. This command includes in the parameters the name of the Web server that the terminal is trying to connect to, as well as the port number (80 for HTTP and 443 for HTTPS). The proxy sends a response back to the terminal indicating the connection to the proxy.
    The proxy then sets up the HTTP or HTTPS connection to the specified server and transfers the messages unencrypted (HTTP) or encrypted (HTTPS) in two directions between the terminal and the server. Its role is limited to simple routing and the encrypted messages of the HTTPS connections are unreadable because the SSL layer has been negotiated between the terminal and the Web server without the intervention of the proxy.
    In the context of the proposed solution, if the proxy receives a CONNECT command in the direction of the site-oriented audience measurement node 5 with port 443, then it sends a message to the terminal setting up the connection to the proxy and negotiates with the terminal initialization of the SSL / TLS layer (return of the certificate, sharing of a common secret) instead of the node. The exchanged messages are then transferred again between the proxy and the node 5, for example by means of an HTTP connection.
    Now, in conjunction with Figure 4, a collection method is presented according to a second particular embodiment of the invention.
    This second form differs from the first (described above in connection with Figures 1 and 2) in that the intermediate element using the proposed mechanism is not a router 3 in the panel household 1, but an internal proxy within the terminal 2 ', hereinafter called 'local proxy' 2c.
    More precisely, the terminal 2 'comprises: • an application 2a whose internet traffic is to be measured. This application is, for example, an internet browser that executes web pages with markers included or a third-party application with markers included. The markers, when executed, transfer hits (consumption messages) to a node for site-oriented audience measurement 5; • a "measurement application" 2b (see definition above), which functions as a background task and installs a local proxy 2c (also called "process proxy") on the terminal.
    When the application 2a requests the local proxy 2c to initiate a secure HTTPS connection with the measurement node 5 managed by the public measurement company, the idea is to simulate the measurement node 5 at the level of the local proxy 2c thanks to the certificate and the private key of the measurement node, wherein these two pieces of information are built into the 'measurement application' 2b. After the first HTTPS connection is established, the local proxy 2c has access to the unencrypted exchanges before forwarding them to the measurement node 5 via a second HTTP (or HTTPS) connection.
    In Figure 4, the first secure HTTPS connection (between the application 2a and the local proxy 2c) is indicated by 6 'and the second connection is indicated by 7a' for the part between the local proxy 2c and the box 4, and by 7b for the part between the box 4 and the node 5.
    权利要求:
    Claims (13)
    [1]
    A collection method, for a user-oriented audience measurement, of a consumption message, called a hit (27), transmitted to a node for site-oriented audience measurement (5) by a marker performed by or included in an application that itself is performed by a terminal (2) in a panel household (1), characterized in that an intermediate element (3, 2c) through which the hit passes causes the following steps: - interception (22) of a request for secure connection originating from the application executing or including the marker , with the node as its destination; - by simulating the node handling (23) of the request for secure connection and setting up (23) a first secure connection (6) between the terminal and the intermediate element; - receipt (28) of the hit via the first secure connection; - registration (28) of the hit, comprising at least one hit parameter, with an identification of the terminal; - a renewed transfer (29) of the consumption message to the node, via a second connection (7a, 7b) established between the intermediate element and the node.
    [2]
    The method of claim 1, wherein said at least one hit parameter belongs to the group comprising: information about the status of a content player, an identification of the content, and a time index of playing content.
    [3]
    The method of any one of claims 1 and 2, wherein the intermediate element is a router that is installed in the panel household and to which the terminal is connected to access an information network.
    [4]
    The method according to any of claims 1 and 2, wherein the intermediate element is an external proxy outside the terminal, through which the network traffic of the terminal passes to gain access to an information network.
    [5]
    Method according to one of claims 1 and 2, wherein the intermediate element is an internal proxy within the terminal and through which the network connections pass from the terminal.
    [6]
    The method of any one of claims 1 to 5, wherein the application that executes or includes the marker is a browser that executes a web page that includes the marker, or a third-party application that includes the marker.
    [7]
    The method of any one of claims 1 to 6, wherein, to simulate the site-oriented audience measurement node, the intermediate element uses a private key of the site-oriented audience measurement node and a certificate including a public key of the node for the site-oriented audience measurement.
    [8]
    The method of any one of claims 1 to 7, wherein the first secure connection complies with the HTTPS communication protocol.
    [9]
    Method according to one of claims 1 to 8, characterized in that the second connection is not secured.
    [10]
    The method of claim 9, wherein the second connection complies with the HTTP communication protocol.
    [11]
    A computer program product, comprising program instruction code for implementing the method according to at least one of claims 1 to 10, when said program is executed on a computer.
    [12]
    A storage medium (31), computer-readable and non-transient, that stores a computer program product according to claim 11.
    [13]
    13. Intermediate element (3, 3 '), for user-oriented audience measurement, collecting a consumption message, called hit (27), transferred to a node for site-oriented audience measurement (5) by a marker performed by or included in an application that itself is performed by a terminal (2) in a panel household (1), characterized in that the intermediate element, through which the hit goes, is configured and adapted for: - intercepting a request for secure connection originating from the application executing or including the marker, the destination is the node; - simulating the node handling the request for secure connection and setting up a first secure connection between the terminal and the intermediate element; - receiving the hit via the first secure connection; - registering the hit, comprising at least one hit parameter, with an identification of the terminal; - a renewed transfer of the consumption message to the node via a second connection established between the intermediate element and the node.
    类似技术:
    公开号 | 公开日 | 专利标题
    JP2019013009A|2019-01-24|Automatic fraudulent digital certificate detection
    US9235731B2|2016-01-12|Trusted data relay
    US20160294794A1|2016-10-06|Security System For Data Communications Including Key Management And Privacy
    US11082221B2|2021-08-03|Methods and systems for creating and recovering accounts using dynamic passwords
    US20090083184A1|2009-03-26|Methods and Apparatus for Detecting Fraud with Time Based Computer Tags
    CN105850100A|2016-08-10|Systems and methods for audience measurement
    US20210203503A1|2021-07-01|Permissions from entities to access information
    Chen2008|A secure and traceable E-DRM system based on mobile device
    CN110199508A|2019-09-03|Sensitive data is distributed across the secure data of content distributing network
    CN110089087A|2019-08-02|The across a network secure data of sensitive data absorbs
    Dykstra2015|Seizing electronic evidence from cloud computing environments
    Choo et al.2017|Evidence and forensics in the cloud: challenges and future research directions
    Culnane et al.2017|Trust implications of DDoS protection in online elections
    US9356787B2|2016-05-31|Secure communication architecture including sniffer
    CN109740319B|2021-03-12|Digital identity verification method and server
    US9344285B2|2016-05-17|Method and system for preserving privacy and accountability
    Tan et al.2003|M-commerce security: the impact of wireless application protocol | security services on e-business and e-health solutions
    US9178853B1|2015-11-03|Securely determining internet connectivity
    US10298404B1|2019-05-21|Certificate echoing for session security
    NL2016940A|2016-12-12|Collect method for a user-oriented audience measurement, a hit transferred to a node for site-targeted audience measurement, with simulation of the node by an intermediate element.
    KR102042086B1|2019-11-27|Module for controlling encryption communication protocol
    Breeding2016|Privacy and security for library systems
    NL2016943B1|2019-10-04|Collection method for a user-oriented audience measurement, from hits transferred to a node for site-oriented audience measurement, using hit registrations created by the node.
    Al-Rawy et al.2018|A design for blockchain-based digital voting system
    Breeding2019|Key Technologies with Implications for Privacy: Encryption, Analytics, and Advertising Tracking
    同族专利:
    公开号 | 公开日
    FR3037458B1|2018-08-24|
    NL2016940B1|2019-07-31|
    FR3037458A1|2016-12-16|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US7610400B2|2004-11-23|2009-10-27|Juniper Networks, Inc.|Rule-based networking device|
    US7962616B2|2005-08-11|2011-06-14|Micro Focus , Inc.|Real-time activity monitoring and reporting|
    US20120084349A1|2009-12-30|2012-04-05|Wei-Yeh Lee|User interface for user management and control of unsolicited server operations|
    法律状态:
    2021-02-03| MM| Lapsed because of non-payment of the annual fee|Effective date: 20200701 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1555402A|FR3037458B1|2015-06-12|2015-06-12|METHOD OF COLLECTING, FOR A CENTER-USER AUDIENCE MEASUREMENT, A HIT TRANSMITTED TO A CENTER-SITE AUDIENCE MEASUREMENT NODE, WITH NODE SIMULATION BY AN INTERMEDIATE ELEMENT.|
    [返回顶部]