SYSTEM AND METHOD FOR SECURING NETWORK TRAFFIC

US 20140089661A1
Filed: 09/24/2013
Published: 03/27/2014
Est. Priority Date: 09/25/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving DNS queries sent over the internet;

selecting from three resource access levels for the DNS queries based on an internet resource database and rules set by a network administration interface, wherein the three resource access levels are a permitted level, a restricted level, and a partially permitted level;

returning an unmodified IP address for the permitted level DNS queries;

returning a replacement resource IP address for the restricted level DNS queries, wherein the replacement resource IP address is directed to a block page that allows authentication and, upon successful authentication, stores an access cookie on the client machine;

returning a web proxy server IP address for the partially permitted level DNS queries;

recognizing the access cookie on the client machine and redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to the web proxy server IP address;

performing a content analysis of HTTP traffic directed to the web proxy server IP address; and

monitoring and modifying the HTTP traffic directed to the web proxy server IP address based on the rules set by the network administration interface, the access cookie and the content analysis.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One variation of a method for selectively filtering internet traffic includes: receiving DNS queries; determining resource access levels for the DNS queries based on an internet resource database, wherein the resource access levels comprise a first level, a second level, and a third level returning an unmodified IP address for the first level DNS queries; returning a replacement resource IP address for the second level DNS queries; returning a web proxy server IP address for the third level DNS queries; and regulating HTTP traffic directed to the web proxy server IP address.

91 Citations

View as Search Results

23 Claims

1. A method comprising:
- receiving DNS queries sent over the internet;
  
  selecting from three resource access levels for the DNS queries based on an internet resource database and rules set by a network administration interface, wherein the three resource access levels are a permitted level, a restricted level, and a partially permitted level;
  
  returning an unmodified IP address for the permitted level DNS queries;
  
  returning a replacement resource IP address for the restricted level DNS queries, wherein the replacement resource IP address is directed to a block page that allows authentication and, upon successful authentication, stores an access cookie on the client machine;
  
  returning a web proxy server IP address for the partially permitted level DNS queries;
  
  recognizing the access cookie on the client machine and redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to the web proxy server IP address;
  
  performing a content analysis of HTTP traffic directed to the web proxy server IP address; and
  
  monitoring and modifying the HTTP traffic directed to the web proxy server IP address based on the rules set by the network administration interface, the access cookie and the content analysis.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising generating a cryptographic hash based on the access cookie;
    - appending the cryptographic hash to the web proxy server IP address to create an appended web proxy server IP address;
      
      redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to the appended web proxy server IP address;
      
      performing a content analysis of redirected HTTP traffic directed to the appended web proxy server IP address; and
      
      monitoring and modifying redirected HTTP traffic directed to the appended web proxy server IP address based on the rules set by the network administration interface, the content analysis of the redirected HTTP traffic, and the cryptographic hash.
  - 3. The method of claim 1 further comprising redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to an appended web proxy server IP address, wherein the appended web proxy server IP address comprises the web proxy server IP address with an appended cryptographic hash;
    - performing a content analysis of redirected HTTP traffic directed to the appended web proxy server IP address; and
      
      monitoring and modifying redirected HTTP traffic directed to the appended web proxy server IP address based on the rules set by the network administration interface, the content analysis of the redirected HTTP traffic, and the appended cryptographic hash.
  - 4. The method of claim 3, further comprising detecting an encryption handshake for encrypted traffic directed to the web proxy server address;
    - passing encrypted traffic after detecting the encryption handshake;
      
      detecting a successfully completed encrypted login process; and
      
      Mocking encrypted traffic after detecting the successfully completed encrypted login process.
  - 5. The method of claim 3, wherein selecting further comprises selecting based on heuristic analysis of domains referenced by the DNS queries.
  - 6. The method of claim 4, wherein selecting further comprises selecting based on heuristic analysis of domains referenced by the DNS queries.

7. A method comprising:
- receiving DNS queries;
  
  determining resource access levels for the DNS queries based on an internet resource database, wherein the resource access levels comprise a first level, a second level, and a third level;
  
  returning an unmodified IP address for the first level DNS queries;
  
  returning a replacement resource IP address for the second level DNS queries;
  
  returning a web proxy server IP address for the third level DNS queries; and
  
  regulating HTTP traffic directed to the web proxy server IP address.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The method of claim 7, wherein determining resource access levels further comprises determining resource access levels based on rules set by a network administration interface.
  - 9. The method of claim 8, wherein regulating the HTTP traffic comprises monitoring and modifying the HTTP traffic based on the rules set by the network administration interface.
  - 10. The method of claim 9, further comprising performing a content analysis of the HTTP traffic directed to the web proxy server IP address;
    - wherein regulating the HTTP traffic further comprises monitoring and modifying the HTTP traffic based on the content analysis.
  - 11. The method of claim 10, further comprising storing an access cookie on a client machine;
    - wherein regulating the HTTP traffic further comprises monitoring and modifying the HTTP traffic based on the access cookie.
  - 12. The method of claim 8, wherein the replacement resource IP address is directed to a block page that allows authentication.
  - 13. The method of claim 12, further comprising storing an access cookie on a client machine upon successful authentication through the block page;
    - storing an access cookie on the client machine; and
      
      recognizing the access cookie on the client machine and redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to the web proxy server IP address.
  - 14. The method of claim 13, wherein regulating the HTTP traffic further comprises monitoring and modifying the HTTP traffic based on the access cookie.
  - 15. The method of claim 12, further comprising storing an access cookie on a client machine upon successful authentication through the block page;
    - storing an access cookie on the client machine; and
      
      recognizing the access cookie on the client machine and redirecting traffic, sent from the client machine and originally directed to the replacement resource IP address, to an appended web proxy server IP address, wherein the appended web proxy server IP address comprises the web proxy server IP address with an appended cryptographic hash.
  - 16. The method of claim 15, further comprising monitoring and modifying redirected HTTP traffic directed to the appended web proxy server IP address based on the appended cryptographic hash.
  - 17. The method of claim 9 further comprising detecting an encryption handshake for encrypted traffic directed to the web proxy server address;
    - passing encrypted traffic after detecting the encryption handshake;
      
      detecting a successfully completed encrypted login process; and
      
      Mocking additional encrypted traffic after detecting the successfully completed encrypted login process.
  - 18. The method of claim 17, wherein detecting the successfully completed encrypted login process comprises at least one of counting transmitted bytes and counting packets.

19. A method for identifying users in the cloud comprising:
- intercepting DNS requests from a client;
  
  determining user identification requirements for the DNS requests;
  
  redirecting the client to a web proxy server based on the user identification requirements; and
  
  regulating traffic through the web proxy server based on an access token of the client.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19 further comprising redirecting the client to an authentication broker;
    - and providing the client with the access token.
  - 21. The method of claim 20 wherein the access token is a cryptographic hash.
  - 22. The method of claim 20 wherein regulating traffic comprises monitoring and modifying the traffic based on the access token.
  - 23. The method of claim 22 wherein regulating traffic further comprises monitoring and modifying the traffic based on rules set by the network administration interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Securly, Inc.
Original Assignee
Securly, Inc.
Inventors
Mahadik, Vinay, Madhusudan, Bharath

Application Number

US14/034,961
Publication Number

US 20140089661A1
Time in Patent Office

Days
Field of Search
US Class Current

713/162
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 61/4511   using domain name system [DNS]

H04L 61/59   using proxies for addressing

H04L 63/0281   Proxies

H04L 63/168   above the transport layer

H04L 9/0643   Hash functions, e.g. MD5, S...

SYSTEM AND METHOD FOR SECURING NETWORK TRAFFIC

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR SECURING NETWORK TRAFFIC

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links