Destination domain extraction for secure protocols

  • US 9,419,942 B1
  • Filed: 07/25/2013
  • Issued: 08/16/2016
  • Est. Priority Date: 06/05/2013
  • Status: Active Grant
First Claim
Patent Images

1. A system for destination domain extraction for secure protocols, comprising:

  • a security device;

    a processor configured to;

    monitor network communications between a client and a remote server;

    determine if the client sends a request to create a secure connection with the remote server, wherein the secure connection utilizes a secure protocol, the secure protocol being a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol; and

    extract a destination domain from the request to create the secure connection with the remote server, comprising;

    before the secure connection is created, extract the destination domain from a server name indication (SNI) of a client hello message sent from the client to the remote server, the secure connection including an encrypted message, wherein the extracting of the destination domain from the SNI of the client hello message sent from the client to the remote server comprises to;

    identify the SNI from the client hello message during a handshaking process for setting the secure connection between the client and the remote server;

    extract a domain identified in a public certificate sent from the remote server to the client;

    compare the destination domain and the domain identified in the public certificate; and

    in the event that the destination domain matches the domain identified in the public certificate, apply a security policy based on the destination domain to filter traffic at the security device, wherein the security policy includes a whitelist/blacklist policy; and

    a memory coupled to the processor and configured to provide the processor with instructions.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×