US 9,813,394 B2
Manage encrypted network traffic using DNS responses
Paul Michael Martini, San Diego, CA (US); and Peter Anthony Martini, San Diego, CA (US)
Assigned to iboss, Inc., San Diego, CA (US)
Filed by iboss, Inc., San Diego, CA (US)
Filed on Dec. 16, 2016, as Appl. No. 15/382,392.
Application 15/382,392 is a continuation of application No. 14/848,219, filed on Sep. 8, 2015, granted, now 9,525,660.
Application 14/848,219 is a continuation of application No. 14/280,513, filed on May 16, 2014, granted, now 9,137,217, issued on Sep. 15, 2015.
Prior Publication US 2017/0099271 A1, Apr. 6, 2017
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 29/12 (2006.01); H04L 29/08 (2006.01)
CPC H04L 63/0464 (2013.01) [H04L 61/103 (2013.01); H04L 61/1511 (2013.01); H04L 67/02 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A computer-implemented method executed by one or more processors, the method comprising:
requesting an address associated with a domain name from a resolution server, the domain name included in a predetermined set of domain names for which secure requests are to be identified;
receiving a response from the resolution server including one or more addresses associated with the domain name;
associating with the domain name a particular address selected from the received one or more addresses;
receiving a request to resolve the domain name;
sending a response to the request to resolve the domain name, the sent response including the particular address associated with the domain name;
receiving a secure request for a resource, the secure request directed to the particular address associated with the domain name;
determining that the secure request is directed to the domain name based on the association between the particular address and the domain name;
selectively decrypting the secure request based at least in part on determining that the secure request is directed to the domain name, wherein selectively decrypting the secure request includes determining that the secure request should be decrypted based at least in part on one or more rules, and decrypting the secure request to generate decrypted information;
inspecting the decrypted information;
determining that the secure request should be forwarded based at least in part on inspecting the decrypted information and at least in part on the one or more rules;
modifying the decrypted information based at least in part on the one or more rules;
encrypting the decrypted information to produce a second secure request; and
forwarding the second secure request to an address associated with the domain name.