×

Implementation of secure socket layer intercept

  • US 10,469,594 B2
  • Filed: 12/08/2015
  • Issued: 11/05/2019
  • Est. Priority Date: 12/08/2015
  • Status: Active Grant
First Claim
Patent Images

1. A system for inspecting secure data, the system comprising:

  • a server facing device, the server facing device comprising a first hardware processor and a first memory, the server facing device being operable to;

    retrieve the security certificate from the server, the server facing device and the server being connected via a server-side encrypted connection; and

    receive the unencrypted data from the monitoring device via the data traffic channel upon the inspection of the unencrypted data by the monitoring device; and

    a client facing device in communication with the server facing device, the client facing device comprising a second hardware processor and a second memory, the client facing device being operable to;

    intercept a client request to establish a secure connection with a server, the client request being associated with the secure data;

    establish a data traffic channel between the client facing device and the server facing device associated with the server, the data traffic channel being unencrypted;

    send a control message to the server facing device via the data traffic channel, the control message including an instruction to the server facing device to obtain a security certificate from the server;

    receive, via the data traffic channel, from the server facing device, the security certificate, the security certificate being forged by the client facing device to establish a client-side encrypted connection between the client and the client facing device;

    upon establishing the client-side encrypted connection, receive the secure data from the client via the client-side encrypted connection, the secure data being encrypted by the client;

    decrypt the secure data to obtain unencrypted data; and

    send the unencrypted data to a monitoring device via the data traffic channel, the monitoring device including a third-party security device placed between the client facing device and the server facing device and communicating with each of the client facing device and the server facing device via the data traffic channel, wherein the unencrypted data is inspected by the monitoring device and sent by the monitoring device, upon the inspecting, to the server facing device;

    wherein the server facing device is configured to;

    upon receipt of the unencrypted data, re-encrypt the unencrypted data to obtain the secure data; and

    upon the re-encrypting, send the secure data to the server.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×