METHODS FOR ENCRYPTED-TRAFFIC URL FILTERING USING ADDRESS-MAPPING INTERCEPTION

US 20100138910A1
Filed: 12/03/2008
Published: 06/03/2010
Est. Priority Date: 12/03/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for encrypted-traffic URL (Uniform Resource Locator) filtering using address-mapping interception, the method comprising the steps of:

(a) providing a client system having a client application for accessing websites from web servers;

(b) upon said client application attempting to access an encrypted website, performing, by said client application, a name-to-address query to resolve a name of said encrypted website;

(c) intercepting, by a perimeter gateway, address-mapping responses;

(d) creating, by said perimeter gateway, a mapping between said name and at least one network address of said encrypted website;

(e) intercepting, by said perimeter gateway, incoming encrypted traffic;

(f) extracting, by said perimeter gateway, a server'"'"'s network address from said incoming encrypted traffic;

(g) establishing, by said perimeter gateway, a resolved name being accessed using said mapping; and

(h) filtering, by said perimeter gateway, said resolved name.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses methods, media, and perimeter gateways for encrypted-traffic URL filtering using address-mapping interception, methods including the steps of: providing a client system having a client application for accessing websites from web servers; upon the client application attempting to access an encrypted website, performing a name-to-address query to resolve a name of the encrypted website; intercepting address-mapping responses; creating a mapping between the name and at least one network address of the encrypted website; intercepting incoming encrypted traffic; extracting a server'"'"'s network address from the incoming encrypted traffic; establishing a resolved name being accessed using the mapping; and filtering the resolved name. Preferably, the step of filtering includes redirecting the encrypted traffic. Preferably, the method further includes the step of: blocking all encrypted traffic for unresolved names.

64 Citations

View as Search Results

21 Claims

1. A method for encrypted-traffic URL (Uniform Resource Locator) filtering using address-mapping interception, the method comprising the steps of:
- (a) providing a client system having a client application for accessing websites from web servers;
  
  (b) upon said client application attempting to access an encrypted website, performing, by said client application, a name-to-address query to resolve a name of said encrypted website;
  
  (c) intercepting, by a perimeter gateway, address-mapping responses;
  
  (d) creating, by said perimeter gateway, a mapping between said name and at least one network address of said encrypted website;
  
  (e) intercepting, by said perimeter gateway, incoming encrypted traffic;
  
  (f) extracting, by said perimeter gateway, a server'"'"'s network address from said incoming encrypted traffic;
  
  (g) establishing, by said perimeter gateway, a resolved name being accessed using said mapping; and
  
  (h) filtering, by said perimeter gateway, said resolved name.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said client application is a browser application.
  - 3. The method of claim 1, wherein said name-to-address query is a DNS (Domain Name System) query, wherein said address-mapping responses are DNS responses, wherein said name is a domain name, wherein said at least one network address is at least one IP (Internet Protocol)-address, and wherein said resolved name is a resolved domain name.
  - 4. The method of claim 1, wherein said incoming encrypted traffic includes at least one traffic type from the group consisting of:
    - SSL (Secure Sockets Layer)-encrypted traffic, Internet-Protocol-security (IPsec) traffic, secure-shell (SSH) traffic, transport-layer-security (TLS) traffic, and SSL-encrypted HTTP (Hyper-Text Transfer Protocol) traffic.
  - 5. The method of claim 1, wherein said step of filtering includes redirecting said encrypted traffic.
  - 6. The method of claim 1, the method further comprising the step of:
    - (i) blocking, by said perimeter gateway, all encrypted traffic for unresolved names.
  - 7. The method of claim 1, the method further comprising the step of:
    - (i) alerting a user or a system administrator about said encrypted traffic.

8. A computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
- (a) program code for providing a client system with a client application for accessing websites from web servers;
  
  (b) program code for, upon said client application attempting to access an encrypted website, performing, by said client application, a name-to-address query to resolve a name of said encrypted website;
  
  (c) program code for intercepting, by a perimeter gateway, address-mapping responses;
  
  (d) program code for creating, by said perimeter gateway, a mapping between said name and at least one network address of said encrypted website;
  
  (e) program code for intercepting, by said perimeter gateway, incoming encrypted traffic;
  
  (f) program code for extracting, by said perimeter gateway, a server'"'"'s network address from said incoming encrypted traffic;
  
  (g) program code for establishing, by said perimeter gateway, a resolved name being accessed using said mapping; and
  
  (h) program code for filtering, by said perimeter gateway, said resolved name.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The storage medium of claim 8, wherein said client application is a browser application.
  - 10. The storage medium of claim 8, wherein said name-to-address query is a DNS (Domain Name System) query, wherein said address-mapping responses are DNS responses, wherein said name is a domain name, wherein said at least one network address is at least one IP (Internet Protocol)-address, and wherein said resolved name is a resolved domain name.
  - 11. The storage medium of claim 8, wherein said incoming encrypted traffic includes at least one traffic type from the group consisting of:
    - SSL (Secure Sockets Layer)-encrypted traffic, Internet-Protocol-security (IPsec) traffic, secure-shell (SSH) traffic, transport-layer-security (TLS) traffic, and SSL-encrypted HTTP (Hyper-Text Transfer Protocol) traffic.
  - 12. The storage medium of claim 8, wherein said program code for filtering includes program code for redirecting said encrypted traffic
  - 13. The storage medium of claim 8, the computer-readable code further comprising:
    - (i) program code for blocking, by said perimeter gateway, all encrypted traffic for unresolved names.
  - 14. The storage medium of claim 8, the computer-readable code further comprising:
    - (i) program code for alerting a user or a system administrator about said encrypted traffic.

15. A perimeter gateway for encrypted-traffic URL (Uniform Resource Locator) filtering using address-mapping interception, the gateway comprising:
- (a) a query module for performing, upon a client application of a client system attempting to access an encrypted website, a name-to-address query to resolve a name of an encrypted website on a web server;
  
  (b) a response module for intercepting address-mapping responses;
  
  (c) a mapping module for creating a mapping between said name and at least one network address of said encrypted website;
  
  (d) an encrypted-traffic module for intercepting incoming encrypted traffic;
  
  (e) an extraction module for extracting a server'"'"'s network address from said incoming encrypted traffic;
  
  (f) a resolving module for establishing a resolved name being accessed using said mapping; and
  
  (g) a filtering module for filtering said resolved name.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The gateway of claim 15, wherein said client application is a browser application.
  - 17. The gateway of claim 15, wherein said name-to-address query is a DNS (Domain Name System) query, wherein said address-mapping responses are DNS responses, wherein said name is a domain name, wherein said at least one network address is a at least one IP (Internet Protocol)-address, and wherein said resolved name is a resolved domain name.
  - 18. The gateway of claim 15, wherein said incoming encrypted traffic includes at least one traffic type from the group consisting of:
    - SSL (Secure Sockets Layer)-encrypted traffic, Internet-Protocol-security (IPsec) traffic, secure-shell (SSH) traffic, transport-layer-security (TLS) traffic, and SSL-encrypted HTTP (Hyper-Text Transfer Protocol) traffic.
  - 19. The gateway of claim 15, wherein said filtering module is configured for redirecting said encrypted traffic.
  - 20. The gateway of claim 15, the gateway further comprising:
    - (h) a blocking module for blocking all encrypted traffic for unresolved names.
  - 21. The gateway of claim 15, the gateway further comprising:
    - (h) an alerting module for alerting a user or a system administrator about said encrypted traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Limited
Original Assignee
Check Point Software Technologies Limited
Inventors
Guzner, Guy, Segal, Eytan, Shoshani-Levi, Izhar, Aldor, Ori

Application Number

US12/326,914
Publication Number

US 20100138910A1
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0428   wherein the data content is...

H04L 63/102   Entity profiles

METHODS FOR ENCRYPTED-TRAFFIC URL FILTERING USING ADDRESS-MAPPING INTERCEPTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS FOR ENCRYPTED-TRAFFIC URL FILTERING USING ADDRESS-MAPPING INTERCEPTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links