System, method and computer program product for guaranteeing electronic transactions

US 20050160095A1
Filed: 02/16/2005
Published: 07/21/2005
Est. Priority Date: 02/25/2002
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting on a network an initiation of a data transaction comprising a plurality of data packets transmitted between a server and a client, the data transaction being encrypted utilizing a session secret negotiated between the server and the client;

capturing a copy of the data transaction by copying the data packets during transmission;

associating an identifier with the data transaction;

generating timestamps for the copied data packets, each timestamp including information identifying the identifier;

storing the captured copy of the data transaction, the identifier and the timestamps in a database;

mapping the identifier to an entry in an index;

retrieving the captured copy of the data transaction from the database utilizing the entry;

submitting a portion of the captured copy of the data transaction to at least one of the server and the client to obtain the session secret; and

decrypting the captured copy of the data transaction utilizing the obtained session secret.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for guaranteeing a data transaction over a network are disclosed. When a data transaction between at least a server and a client is detected on a network, data transmitted via the network between the server and client during the data transaction is captured. At least one identifier is associated with the captured data. A timestamp is also generated for the captured data. The timestamp includes information therein identifying at least a portion of the identifier(s). The captured data, the identifier(s) and the timestamp are stored in one or more data stores. The identifier(s) associated with the stored captured data is also mapped to an entry in an index to permit retrieval of the stored data from the data store via the index.

180 Citations

View as Search Results

16 Claims

1. A method, comprising:
- detecting on a network an initiation of a data transaction comprising a plurality of data packets transmitted between a server and a client, the data transaction being encrypted utilizing a session secret negotiated between the server and the client;
  
  capturing a copy of the data transaction by copying the data packets during transmission;
  
  associating an identifier with the data transaction;
  
  generating timestamps for the copied data packets, each timestamp including information identifying the identifier;
  
  storing the captured copy of the data transaction, the identifier and the timestamps in a database;
  
  mapping the identifier to an entry in an index;
  
  retrieving the captured copy of the data transaction from the database utilizing the entry;
  
  submitting a portion of the captured copy of the data transaction to at least one of the server and the client to obtain the session secret; and
  
  decrypting the captured copy of the data transaction utilizing the obtained session secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the data transaction comprises a Voice over Internet Protocol (VoIP) communication.
  - 3. The method of claim 2, wherein the data transaction comprises a signaling communication and a media transport communication, and wherein separate session secrets are negotiated for the signaling communication and the media transport communication.
  - 4. The method of claim 3, wherein the session secret of the media transport communication is constructed from information negotiated during the signaling communication.
  - 5. The method of claim 4, wherein the decrypting further comprises parsing data decrypted from the signaling communication to obtain information for retrieving captured data of the media transport communication.
  - 6. The method of claim 1, wherein data received by at least one of the server and the client during the data transaction is compared with data contained in the decrypted captured copy of the data transaction to determine if the received data matches the captured data.
  - 7. The method of claim 1, wherein a portion of the captured copy of the data transaction is discarded from the database and a cryptographic state of the data transaction is stored in the database to facilitate subsequent decryption of the data transaction.
  - 8. The method of claim 7, wherein the session secret comprises a block cipher in cipher block chaining mode and the cryptographic state comprises a cipher text of a block preceding a section of the data transaction adjacent the discarded portion.
  - 9. The method of claim 7, wherein the session secret comprises a stream cipher and the cryptographic state comprises a position of a first bit of an end section of the data transaction relative to a complete key stream generated by the stream cipher.
  - 10. The method of claim 9, wherein the cryptographic state is utilized to decrypted the end portion of the data transaction.

11. A system, comprising:
- logic for detecting on a network an initiation of a data transaction comprising a plurality of data packets transmitted between a server and a client, the data transaction being encrypted utilizing a session secret negotiated between the server and the client;
  
  logic for capturing a copy of the data transaction by copying the data packets during transmission;
  
  logic for associating an identifier with the data transaction;
  
  logic for generating timestamps for the copied data packets, each timestamp including information identifying the identifier;
  
  logic for storing the captured copy of the data transaction, the identifier and the timestamps in a database;
  
  logic for mapping the identifier to an entry in an index;
  
  logic for retrieving the captured copy of the data transaction from the database utilizing the entry;
  
  logic for submitting a portion of the captured copy of the data transaction to at least one of the server and the client to obtain the session secret; and
  
  logic for decrypting the captured copy of the data transaction utilizing the obtained session secret.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, wherein the data transaction comprises a Voice over Internet Protocol (VoIP) communication.
  - 13. The system of claim 11, wherein a portion of the captured copy of the data transaction is discarded from the database and a cryptographic state of the data transaction is stored in the database to facilitate subsequent decryption of the data transaction.

14. A computer program product, comprising:
- computer program product for detecting on a network an initiation of a data transaction comprising a plurality of data packets transmitted between a server and a client, the data transaction being encrypted utilizing a session secret negotiated between the server and the client;
  
  computer program product for capturing a copy of the data transaction by copying the data packets during transmission;
  
  computer program product for associating an identifier with the data transaction;
  
  computer program product for generating timestamps for the copied data packets, each timestamp including information identifying the identifier;
  
  computer program product for storing the captured copy of the data transaction, the identifier and the timestamps in a database;
  
  computer program product for mapping the identifier to an entry in an index;
  
  computer program product for retrieving the captured copy of the data transaction from the database utilizing the entry;
  
  computer program product for submitting a portion of the captured copy of the data transaction to at least one of the server and the client to obtain the session secret; and
  
  computer program product for decrypting the captured copy of the data transaction utilizing the obtained session secret.
- View Dependent Claims (15, 16)
- - 15. The computer program product of claim 14, wherein the data transaction comprises a Voice over Internet Protocol (VoIP) communication.
  - 16. The computer program product of claim 14, wherein a portion of the captured copy of the data transaction is discarded from the database and a cryptographic state of the data transaction is stored in the database to facilitate subsequent decryption of the data transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chemtron Research LLC (Intellectual Ventures LLC)
Original Assignee
Network Resonance Incorporated
Inventors
Rescorla, Eric, Dick, Kevin Stewart

Granted Patent

US 7,769,997 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 2463/102   applying security measure f...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04L 67/14   Session management for real...

H04L 69/329   in the application layer [O...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/321   involving a third party or ...

System, method and computer program product for guaranteeing electronic transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

180 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for guaranteeing electronic transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

180 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links