US 12,255,871 B2
Methods and systems for efficient encrypted SNI filtering for cybersecurity applications
Sean Moore, Hollis, NH (US); Vincent Mutolo, Portsmouth, NH (US); and Jonathan R. Rogers, Hampton Falls, NH (US)
Assigned to Centripetal Networks, LLC, Portsmouth, NH (US)
Filed by Centripetal Networks, LLC, Portsmouth, NH (US)
Filed on Nov. 13, 2023, as Appl. No. 18/389,026.
Application 18/389,026 is a continuation of application No. 17/958,534, filed on Oct. 3, 2022, granted, now 11,855,966.
Application 17/958,534 is a continuation of application No. 17/688,108, filed on Mar. 7, 2022, granted, now 11,463,405, issued on Oct. 4, 2022.
Application 17/688,108 is a continuation of application No. 17/307,080, filed on May 4, 2021, granted, now 11,271,902, issued on Mar. 8, 2022.
Application 17/307,080 is a continuation of application No. 17/175,747, filed on Feb. 15, 2021, granted, now 11,646,996, issued on May 9, 2023.
Application 17/175,747 is a continuation of application No. 16/928,083, filed on Jul. 14, 2020, granted, now 10,924,456, issued on Feb. 16, 2021.
Prior Publication US 2024/0171542 A1, May 23, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 63/0236 (2013.01) [H04L 61/4511 (2022.05); H04L 63/0281 (2013.01); H04L 63/205 (2013.01); H04L 63/306 (2013.01)] 26 Claims
OG exemplary drawing
 
1. A packet filtering device comprising:
one or more processors; and
memory storing instructions that, when executed by the one or more processors, cause the packet filtering device to:
receive, from a server external to a network protected by the packet filtering device, intelligence data, wherein the intelligence data comprises one or more domains;
receive, from a first device, a plurality of encrypted packets, wherein the plurality of encrypted packets comprises an encrypted server name indication (eSNI) value;
determine whether a plaintext hostname is resolvable from the eSNI value;
determine, based on a determination that the plaintext hostname is resolvable from the eSNI value, whether the plaintext hostname corresponds to the one or more domain names;
query a data structure to determine whether law enforcement is authorized to intercept traffic corresponding to the plaintext hostname; and
based on a determination that the plaintext hostname corresponds to the one or more domain names and based on a determination that law enforcement is authorized to intercept traffic corresponding to the plaintext hostname, store the plurality of encrypted packets in a lawful intercept database.