Secure communication secret sharing
First Claim
1. A method for monitoring communication over a network with a network monitoring device (NMD) that performs actions, comprising:
- passively monitoring a secure communication session based on correlation information for one or more network packets;
providing a session key and other correlation information that corresponds to the secure communication session;
identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and
providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.
-
Citations
20 Claims
-
1. A method for monitoring communication over a network with a network monitoring device (NMD) that performs actions, comprising:
-
passively monitoring a secure communication session based on correlation information for one or more network packets; providing a session key and other correlation information that corresponds to the secure communication session; identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network device for monitoring communication over a network, comprising:
-
a memory that stores instructions; and one or more processors that execute the instructions to perform actions, including; passively monitoring a secure communication session based on correlation information for one or more network packets; providing a session key and other correlation information that corresponds to the secure communication session; identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for monitoring communication over a network, comprising:
-
a network monitoring device (NMD), including; a transceiver for communicating over the network; a memory that stores instructions; and one or more processors that execute the instructions to perform actions, including; passively monitoring a secure communication session based on correlation information for one or more network packets; providing a session key and other correlation information that corresponds to the secure communication session; identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and a client device, comprising; another transceiver for communicating over the network; another memory that stores other instructions; one or more other processors that execute the other memory'"'"'s instructions to perform further actions, including; providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session, wherein the decrypted contents is provided by the NMD. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification