Method and system for securely scanning network traffic
First Claim
1. A method comprising:
- via an obtained encryption parameter shared by a first device, a second device, and a separate computer, forwarding only each data packet, of a plurality of received packets, that is in compliance with a predetermined criterion associated with said separate computer, a decrypted copy of each data packet scanned for compliance with said predetermined criterion at a predetermined portion of said separate computer, said predetermined portion of said separate computer adapted to provide only an affirmative response or a negative response regarding compliance with said predetermined criterion, wherein contents of said decrypted copy of each data packet is restricted to said predetermined portion of said separate computer, said separate computer adapted for restricting all operators of said separate computer from accessing contents of said decrypted copy of each data packet.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.
-
Citations
19 Claims
-
1. A method comprising:
via an obtained encryption parameter shared by a first device, a second device, and a separate computer, forwarding only each data packet, of a plurality of received packets, that is in compliance with a predetermined criterion associated with said separate computer, a decrypted copy of each data packet scanned for compliance with said predetermined criterion at a predetermined portion of said separate computer, said predetermined portion of said separate computer adapted to provide only an affirmative response or a negative response regarding compliance with said predetermined criterion, wherein contents of said decrypted copy of each data packet is restricted to said predetermined portion of said separate computer, said separate computer adapted for restricting all operators of said separate computer from accessing contents of said decrypted copy of each data packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A device comprising:
a content scanner adapted to, via an obtained encryption parameter shared by a first device, a second device, and a separate computer, forward only each data packet, of a plurality of received packets, that is in compliance with a predetermined criterion associated with said separate computer, a decrypted copy of each data packet scanned for compliance with said predetermined criterion at a predetermined portion of said separate computer, said predetermined portion of said separate computer adapted to provide only an affirmative response or a negative response regarding compliance with said predetermined criterion, wherein contents of said decrypted copy of each data packet is restricted to said predetermined portion of said separate computer, said separate computer adapted for restricting all operators of said separate computer from accessing contents of said decrypted copy of each data packet. - View Dependent Claims (15, 16, 17, 18)
-
19. A system comprising:
-
a firewall device adapted to, via an obtained encryption parameter shared by a first device, a second device, and a separate computer, forward only each data packet, of a plurality of received packets, that is in compliance with a predetermined criterion associated with said separate computer, a decrypted copy of each data packet scanned for compliance with said predetermined criterion at a predetermined portion of said separate computer, said predetermined portion of said separate computer adapted to provide only an affirmative response or a negative response regarding compliance with said predetermined criterion, wherein contents of said decrypted copy of each data packet is restricted to said predetermined portion of said separate computer, said separate computer adapted for restricting all operators of said separate computer from accessing contents of said decrypted copy of each data packet; and
said first device.
-
Specification