Apparatus and method of securing network communications
First Claim
1. A method of securing session communications between a first network and a second network, the first network having a first encryption device configured to normally encrypt session communications between the first network and the second network, the method comprising:
- initiating a given session of communication between the first network and the second network, wherein the given session is a stateful session, the stateful session ensuring that each session packet of the given session packets travels from the first network to the second network by following a given path, the given path including a particular set of nodes;
receiving, at the first network, given session packets of the given session between the first and second networks, the given session packets including an initial encrypted given session packet having protocol data relating to a given encryption protocol;
determining that at least one of the received given session packets is encrypted (“
encrypted given session packet”
), the given session involving a Layer 7 application that encrypted the at least one encrypted given session packet, wherein determining comprises reading the protocol data relating to the given encryption protocol in the initial encrypted given session packet;
overriding the normal encryption configuration to permit communication of the given session to the second network without further encrypting at least some of the encrypted given session packets; and
controlling, in response to determining, the first encryption device to permit communication of the given session with the second network without further encrypting a plurality of the encrypted given session packets.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and/or method secures session communications between a first network (having a first encryption device configured to encrypt at least some session communications from the first network to the second network) and a second network. The apparatus and/or method receive, at the first network, given session packets of a given session between the first and second networks, and determine that at least one of the received given session packets is encrypted (“encrypted given session packet”). The given session involves a Layer 7 application that encrypted the at least one encrypted given session packet. Next, the apparatus and/or method controls, in response to determining that the given session packet is encrypted, the first encryption device to permit communication of the given session with the second network without further encrypting a plurality of the encrypted given session packets. Preferably, the first encryption device encrypts none of the given session packets.
74 Citations
19 Claims
-
1. A method of securing session communications between a first network and a second network, the first network having a first encryption device configured to normally encrypt session communications between the first network and the second network, the method comprising:
-
initiating a given session of communication between the first network and the second network, wherein the given session is a stateful session, the stateful session ensuring that each session packet of the given session packets travels from the first network to the second network by following a given path, the given path including a particular set of nodes; receiving, at the first network, given session packets of the given session between the first and second networks, the given session packets including an initial encrypted given session packet having protocol data relating to a given encryption protocol; determining that at least one of the received given session packets is encrypted (“
encrypted given session packet”
), the given session involving a Layer 7 application that encrypted the at least one encrypted given session packet, wherein determining comprises reading the protocol data relating to the given encryption protocol in the initial encrypted given session packet;overriding the normal encryption configuration to permit communication of the given session to the second network without further encrypting at least some of the encrypted given session packets; and controlling, in response to determining, the first encryption device to permit communication of the given session with the second network without further encrypting a plurality of the encrypted given session packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for securing session communications between a first network and a second network, the first network having a first encryption device configured to normally encrypt communications between the first network and the second network, the apparatus comprising:
-
an interface for receiving from a Layer 7 application, at the first network, given session packets of a given session between the first and second networks, wherein the given session is a stateful session, the stateful session ensuring that each session packet of the given session packets travels from the first network to the second network by following a given path, the given path including a particular set of nodes, the encrypted given session packets comprising an initial encrypted given session packet having protocol data relating to the given encryption protocol; a parser operatively coupled with the interface, the parser being configured to determine, by reading the protocol data relating to the given encryption protocol in the initial encrypted given session packet, if at least one of the received given session packets is encrypted; and a controller operatively coupled with the parser, the controller being configured to override the normal encryption configuration to permit communication of the given session to the second network without further encrypting at least some of the encrypted given session packets, and the controller being configured to control, in response to the parser determining, the first encryption device to permit communication of the given session with the second network without further encrypting a plurality of the encrypted given session packets. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product for use on a computer system for securing session communications between a first network and a second network, the first network having a first encryption device configured to normally encrypt communications between the first network and the second network, the computer program product comprising a tangible, non-transient computer usable medium having computer readable program code thereon, the computer readable program code comprising:
-
program code for detecting initiation of a given communication session between the first network and the second network, the given session involving a Layer 7 application that encrypts an initial given session packet (“
initial encrypted given session packet”
), wherein the given session is a stateful session, the stateful session ensuring that each session packet of the given session travels from the first network to the second network by following a given path, the given path including a particular set of nodes;program code for receiving the initial encrypted given session packet having protocol data relating to a given encryption protocol after detecting initiation; program code for determining, by reading the protocol data relating to the given encryption protocol in the initial encrypted given session packet, that the initial encrypted given session packet, program code for overriding the normal encryption configuration, to permit communication of the given session to the second network without further encrypting at least some of the encrypted given session packets; and program code for controlling, in response to determining, the first encryption device to permit communication of the given session with the second network without further encrypting a plurality of the encrypted given session packets. - View Dependent Claims (16, 17, 18, 19)
-
Specification