Restricting communication over an encrypted network connection to internet domains that share common IP addresses and shared SSL certificates
First Claim
Patent Images
1. A computer-implemented method executed by one or more hardware processors, the method comprising:
- receiving an encrypted request for a resource, the encrypted request directed to a particular IP address;
determining that the particular IP address is a spoofed IP address associated with a particular domain name;
determining that the encrypted request is directed to the particular domain name based on the association between the spoofed IP address and the particular domain name, wherein the determination is made without decrypting the encrypted request; and
selectively allowing the encrypted request based at least in part on determining that the encrypted request is directed to the particular domain name.
7 Assignments
0 Petitions
Accused Products
Abstract
An apparatus prevents communication by a client device to a domain that cannot be uniquely identified by relocating the DNS mapping of the domain to a destination IP Address that is uniquely identifiable and that represents a location of an apparatus that provides a data path to the domain.
-
Citations
17 Claims
-
1. A computer-implemented method executed by one or more hardware processors, the method comprising:
-
receiving an encrypted request for a resource, the encrypted request directed to a particular IP address; determining that the particular IP address is a spoofed IP address associated with a particular domain name; determining that the encrypted request is directed to the particular domain name based on the association between the spoofed IP address and the particular domain name, wherein the determination is made without decrypting the encrypted request; and selectively allowing the encrypted request based at least in part on determining that the encrypted request is directed to the particular domain name. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory, computer-readable medium storing instructions operable when executed to cause at least one hardware processor to perform operations comprising:
-
receiving an encrypted request for a resource, the encrypted request directed to a particular IP address; determining that the particular IP address is a spoofed IP address associated with a particular domain name; determining that the encrypted request is directed to the particular domain name based on the association between the spoofed IP address and the particular domain name, wherein the determination is made without decrypting the encrypted request; and selectively allowing the encrypted request based at least in part on determining that the encrypted request is directed to the particular domain name. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
memory for storing data; and one or more hardware processors operable to perform operations comprising; receiving an encrypted request for a resource, the encrypted request directed to a particular IP address; determining that the particular IP address is a spoofed IP address associated with a particular domain name; determining that the encrypted request is directed to the particular domain name based on the association between the spoofed IP address and the particular domain name, wherein the determination is made without decrypting the encrypted request; and selectively allowing the encrypted request based at least in part on determining that the encrypted request is directed to the particular domain name. - View Dependent Claims (14, 15, 16, 17)
-
Specification