Encrypted packet inspection
First Claim
1. An encrypted packet inspection (EPI) method, comprising:
- noninvasively receiving, as an authorized third party, an encrypted packet, the packet being sent in a cryptographic session from a first computing device and addressed to a second computing device; and
decrypting the encrypted packet, whereby a plaintext packet results.
10 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and device for encrypted packet inspection allowing an authorized third party device to monitor cryptographic handshaking information (full-duplex) between two other devices and together with the secret private key then transparently decrypt the bulk encrypted data stream.
The scope of this invention encompasses many applications, three examples of which are firewalls, load balancers, and local network caches. Additionally, this invention achieves and contributes to the efficient handling of encrypted information in other ways, three examples of which are making switching, routing, and security decisions.
183 Citations
28 Claims
-
1. An encrypted packet inspection (EPI) method, comprising:
-
noninvasively receiving, as an authorized third party, an encrypted packet, the packet being sent in a cryptographic session from a first computing device and addressed to a second computing device; and
decrypting the encrypted packet, whereby a plaintext packet results. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 24, 25, 26, 27, 28)
-
-
18. An encrypted packet inspection (EPI) system comprising:
-
an EPI device;
a system application circuitry;
a first computing device;
a second computing device;
wherein the first and second computing devices are configured to establish a cryptographic session and to send and receive encrypted information over the cryptographic session;
wherein the cryptographic session passes through the system application circuitry;
wherein the EPI device is configured to receive communications of the cryptographic session;
wherein the EPI device is configured to decrypt encrypted communications of the cryptographic session, producing plaintext; and
wherein the EPI device sends the plaintext to the system application circuitry.
-
-
23. An encrypted packet inspection (EPI) system comprising:
-
a first computing device;
a second computing device;
an EPI device;
a system application circuitry including a content cache configured to provide cache inserted content;
wherein the first computing device and the second computing device are configured to establish an cryptographic session;
wherein the EPI device is configured to intermediate the cryptographic session;
wherein the EPI device is configured to decrypt encrypted packets communicated in the cryptographic session, producing plaintext;
wherein the EPI device is configured to send the plaintext to the system application circuitry; and
wherein the system application circuitry is configured to send the plaintext and cache inserted text to the EPI device.
-
Specification