Extracting data from encrypted packet flows
First Claim
1. A method, comprising:
- detecting, by a processor, a data packet that belongs to an encrypted data flow traversing a network;
determining, by the processor, whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake;
forwarding, by the processor, the data packet to a first server pool that will truncate the data packet, only when the encrypted data flow is the existing encrypted data flow; and
forwarding, by the processor, the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, only when the encrypted data flow is the new encrypted data flow.
1 Assignment
0 Petitions
Accused Products
Abstract
In one example, the present disclosure describes a device, computer-readable medium, and method for extracting data from encrypted packet flows. For instance, in one example, a method includes detecting a data packet that belongs to an encrypted data flow traversing a network, determining whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake, forwarding the data packet to a first server pool that will truncate the data packet, when the encrypted data flow is an existing encrypted data flow, and forwarding the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, when the encrypted data flow is a new encrypted data flow.
-
Citations
20 Claims
-
1. A method, comprising:
-
detecting, by a processor, a data packet that belongs to an encrypted data flow traversing a network; determining, by the processor, whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake; forwarding, by the processor, the data packet to a first server pool that will truncate the data packet, only when the encrypted data flow is the existing encrypted data flow; and forwarding, by the processor, the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, only when the encrypted data flow is the new encrypted data flow. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A device, comprising:
-
a processor; and a non-transitory computer-readable medium storing instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising; detecting a data packet that belongs to an encrypted data flow traversing a network; determining whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake; forwarding the data packet to a first server pool that will truncate the data packet, only when the encrypted data flow is the existing encrypted data flow; and forwarding the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, only when the encrypted data flow is the new encrypted data flow. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium storing instructions which, when executed by a processor, cause the processor to perform operations, the operations comprising:
-
detecting a data packet that belongs to an encrypted data flow traversing a network; determining whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake; forwarding the data packet to a first server pool that will truncate the data packet, only when the encrypted data flow is the existing encrypted data flow; and forwarding the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, only when the encrypted data flow is the new encrypted data flow. - View Dependent Claims (17, 18, 19, 20)
-
Specification