Secure communication secret sharing

US 10,326,741 B2
Filed: 03/13/2017
Issued: 06/18/2019
Est. Priority Date: 04/24/2015
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring communication over a network with a network monitoring device (NMD) that performs actions, comprising:

passively monitoring a secure communication session based on correlation information for one or more network packets;

providing a session key and other correlation information that corresponds to the secure communication session;

identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and

providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.

Citations

20 Claims

1. A method for monitoring communication over a network with a network monitoring device (NMD) that performs actions, comprising:
- passively monitoring a secure communication session based on correlation information for one or more network packets;
  
  providing a session key and other correlation information that corresponds to the secure communication session;
  
  identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and
  
  providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising employing the one or more key providers to provide the session key, wherein the one or more key providers include one or more of a client application, a server application, a session key broker, a hardware security module, a firewall, a proxy, a cache, or application delivery controller.
  - 3. The method of claim 1, further comprising an application that is instantiated to perform the actions of the method, wherein the application is arranged as one or more of an application, a plugin for another application, or the application is integrated with one or more other applications.
  - 4. The method of claim 1, further comprising providing two or more different sets of the secure communication'"'"'s other correlation information, wherein each of these sets include different types of other correlation information that are compatible with two or more different key providers.
  - 5. The method of claim 1, further comprising buffering the one or more packets for the secure communication session until the session key is provided.
  - 6. The method of claim 1, further comprising employing the session key to decrypt a portion or more of the one or more network packets.
  - 7. The method of claim 1, further comprising employing the NMD to communicate one or more of the session key or the secure communication session'"'"'s other correlation information to one or more other NMDs, wherein the one or more other NMD'"'"'s employ the one or more of the communicated session key and other correlation information to decrypt the one or more network packets.

8. A network device for monitoring communication over a network, comprising:
- a memory that stores instructions; and
  
  one or more processors that execute the instructions to perform actions, including;
  
  passively monitoring a secure communication session based on correlation information for one or more network packets;
  
  providing a session key and other correlation information that corresponds to the secure communication session;
  
  identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and
  
  providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The network device of claim 8, further comprising employing the one or more key providers to provide the session key, wherein the one or more key providers include one or more of a client application, a server application, a session key broker, a hardware security module, a firewall, a proxy, a cache, or application delivery controller.
  - 10. The network device of claim 8, wherein execution of the instructions instantiates an application to perform the actions, wherein the application is arranged as one or more of an application, a plugin for another application, or the application is integrated with one or more other applications.
  - 11. The network device of claim 8, further comprising providing two or more different sets of the secure communication'"'"'s other correlation information, wherein each of these sets include different types of other correlation information that are compatible with two or more different key providers.
  - 12. The network device of claim 8, further comprising buffering the one or more packets for the secure communication session until the session key is provided.
  - 13. The network device of claim 8, further comprising employing the session key to decrypt a portion or more of the one or more network packets.
  - 14. The network device of claim 8, further comprising employing the network device to communicate one or more of the session key or the secure communication session'"'"'s other correlation information to one or more other network devices, wherein the one or more other network device'"'"'s employ the one or more of the communicated session key and other correlation information to decrypt the one or more network packets.

15. A system for monitoring communication over a network, comprising:
- a network monitoring device (NMD), including;
  
  a transceiver for communicating over the network;
  
  a memory that stores instructions; and
  
  one or more processors that execute the instructions to perform actions, including;
  
  passively monitoring a secure communication session based on correlation information for one or more network packets;
  
  providing a session key and other correlation information that corresponds to the secure communication session;
  
  identifying a network connection flow that corresponds to the secure communication session based on a comparison of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers, wherein contents of one or more encrypted packets in the secure communication session are decrypted; and
  
  a client device, comprising;
  
  another transceiver for communicating over the network;
  
  another memory that stores other instructions;
  
  one or more other processors that execute the other memory'"'"'s instructions to perform further actions, including;
  
  providing a display to a user of the decrypted contents of the one or more decrypted packets in the secure communication session, wherein the decrypted contents is provided by the NMD.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the NMD'"'"'s one or more processors'"'"' execution of the instructions instantiates an application to perform the actions, wherein the application is arranged as one or more of an application, a plugin for another application, or the application is integrated with one or more other applications.
  - 17. The system of claim 15, wherein the NMD'"'"'s one or more processors'"'"' execution of the instructions performs other actions comprising providing two or more different sets of the secure communication'"'"'s other correlation information, wherein each of these sets include different types of other correlation information that are compatible with two or more different key providers.
  - 18. The system of claim 15, wherein the NMD'"'"'s one or more processors'"'"' execution of the instructions performs other actions comprising buffering the one or more packets for the secure communication session until the session key is provided.
  - 19. The system of claim 15, wherein the NMD'"'"'s one or more processors'"'"' execution of the instructions performs other actions comprising employing the session key to decrypt a portion or more of the one or more network packets.
  - 20. The system of claim 15, wherein the NMD'"'"'s one or more processors'"'"' execution of the instructions performs other actions comprising communicating one or more of the session key or the secure communication session'"'"'s other correlation information to one or more other NMDs, wherein the one or more other NMD'"'"'s employ the one or more of the communicated session key and other correlation information to decrypt the one or more network packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ExtraHop Networks, Incorporated
Original Assignee
ExtraHop Networks, Incorporated
Inventors
Rothstein, Jesse Abraham, Higgins, Benjamin Thomas, Hatch, Brian David
Primary Examiner(s)
Powers, William S

Application Number

US15/457,886
Publication Number

US 20180034783A1
Time in Patent Office

827 Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/0876   Network utilisation, e.g. v...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/166   at the transport layer

H04L 67/01   Protocols

Secure communication secret sharing

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure communication secret sharing

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links