METHODS FOR ENCRYPTED-TRAFFIC URL FILTERING USING ADDRESS-MAPPING INTERCEPTION
First Claim
1. A method for encrypted-traffic URL (Uniform Resource Locator) filtering using address-mapping interception, the method comprising the steps of:
- (a) providing a client system having a client application for accessing websites from web servers;
(b) upon said client application attempting to access an encrypted website, performing, by said client application, a name-to-address query to resolve a name of said encrypted website;
(c) intercepting, by a perimeter gateway, address-mapping responses;
(d) creating, by said perimeter gateway, a mapping between said name and at least one network address of said encrypted website;
(e) intercepting, by said perimeter gateway, incoming encrypted traffic;
(f) extracting, by said perimeter gateway, a server'"'"'s network address from said incoming encrypted traffic;
(g) establishing, by said perimeter gateway, a resolved name being accessed using said mapping; and
(h) filtering, by said perimeter gateway, said resolved name.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention discloses methods, media, and perimeter gateways for encrypted-traffic URL filtering using address-mapping interception, methods including the steps of: providing a client system having a client application for accessing websites from web servers; upon the client application attempting to access an encrypted website, performing a name-to-address query to resolve a name of the encrypted website; intercepting address-mapping responses; creating a mapping between the name and at least one network address of the encrypted website; intercepting incoming encrypted traffic; extracting a server'"'"'s network address from the incoming encrypted traffic; establishing a resolved name being accessed using the mapping; and filtering the resolved name. Preferably, the step of filtering includes redirecting the encrypted traffic. Preferably, the method further includes the step of: blocking all encrypted traffic for unresolved names.
64 Citations
21 Claims
-
1. A method for encrypted-traffic URL (Uniform Resource Locator) filtering using address-mapping interception, the method comprising the steps of:
-
(a) providing a client system having a client application for accessing websites from web servers; (b) upon said client application attempting to access an encrypted website, performing, by said client application, a name-to-address query to resolve a name of said encrypted website; (c) intercepting, by a perimeter gateway, address-mapping responses; (d) creating, by said perimeter gateway, a mapping between said name and at least one network address of said encrypted website; (e) intercepting, by said perimeter gateway, incoming encrypted traffic; (f) extracting, by said perimeter gateway, a server'"'"'s network address from said incoming encrypted traffic; (g) establishing, by said perimeter gateway, a resolved name being accessed using said mapping; and (h) filtering, by said perimeter gateway, said resolved name. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
-
(a) program code for providing a client system with a client application for accessing websites from web servers; (b) program code for, upon said client application attempting to access an encrypted website, performing, by said client application, a name-to-address query to resolve a name of said encrypted website; (c) program code for intercepting, by a perimeter gateway, address-mapping responses; (d) program code for creating, by said perimeter gateway, a mapping between said name and at least one network address of said encrypted website; (e) program code for intercepting, by said perimeter gateway, incoming encrypted traffic; (f) program code for extracting, by said perimeter gateway, a server'"'"'s network address from said incoming encrypted traffic; (g) program code for establishing, by said perimeter gateway, a resolved name being accessed using said mapping; and (h) program code for filtering, by said perimeter gateway, said resolved name. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A perimeter gateway for encrypted-traffic URL (Uniform Resource Locator) filtering using address-mapping interception, the gateway comprising:
-
(a) a query module for performing, upon a client application of a client system attempting to access an encrypted website, a name-to-address query to resolve a name of an encrypted website on a web server; (b) a response module for intercepting address-mapping responses; (c) a mapping module for creating a mapping between said name and at least one network address of said encrypted website; (d) an encrypted-traffic module for intercepting incoming encrypted traffic; (e) an extraction module for extracting a server'"'"'s network address from said incoming encrypted traffic; (f) a resolving module for establishing a resolved name being accessed using said mapping; and (g) a filtering module for filtering said resolved name. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification