CRYPTOGRAPHIC POLICY ENFORCEMENT

US 20110167265A1
Filed: 03/14/2011
Published: 07/07/2011
Est. Priority Date: 01/22/2004
Status: Active Grant

First Claim

Patent Images

1-32. -32. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.

171 Citations

52 Claims

1-32. -32. (canceled)

33. A method, comprising:
- capturing packets in a network environment;
  
  assembling an object from the captured packets;
  
  determining whether the object is encrypted; and
  
  assigning a cryptographic status to the object, wherein the cryptographic status is provided for the object based, at least, on a statistical analysis of bytes in the object.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 34. The method of claim 33, further comprising:
    - determining whether the object violated a cryptographic policy using the cryptographic status of the object.
  - 35. The method of claim 34, wherein determining whether the object violated the cryptographic policy comprises determining that the object was unencrypted when the object was required to be encrypted.
  - 36. The method of claim 34, further comprising:
    - generating an alert if the cryptographic policy is determined to be violated.
  - 37. The method of claim 33, wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object.
  - 38. The method of claim 37, wherein the index of coincidence measures a distribution of numbers that differ from being uniform.
  - 39. The method of claim 33, further comprising:
    - evaluating whether the object was encrypted using a form of block cipher prior to transmission.
  - 40. The method of claim 33, wherein the statistical analysis includes distinguishing ciphertext from binary data.
  - 41. The method of claim 33, wherein the statistical analysis includes identifying a frequency count of bytes that appear in a block of bytes of a particular size.
  - 42. The method of claim 33, wherein the bytes are preprocessed before performing the statistical analysis such that the statistical analysis is based at least on differences between adjacent bytes.
  - 43. The method of claim 33, further comprising:
    - identifying a type of encryption used for the object; and
      
      decrypting the object.
  - 44. The method of claim 33, wherein the cryptographic status is stored in a tag associated with the object, and wherein the tag is provided in a tag database.

45. A capture system, comprising:
- a packet capture module configured to capture packets in a network environment;
  
  an object assembly module configured to assemble an object from the captured packets; and
  
  a cryptographic analyzer configured to determine a cryptographic status of the object, wherein the cryptographic status is based, at least, on a statistical analysis of bytes in the object.
- View Dependent Claims (46, 47, 48)
- - 46. The capture system of claim 45, wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object, and wherein the index of coincidence measures a distribution of numbers that differ from being uniform.
  - 47. The capture system of claim 45, wherein the statistical analysis includes distinguishing ciphertext from binary data, and wherein the statistical analysis includes identifying a frequency count of bytes that appear in a block of bytes of a particular size.
  - 48. The capture system of claim 45, wherein the bytes are preprocessed before performing the statistical analysis such that the statistical analysis is based at least on differences between adjacent bytes.

49. A non-transitory medium having stored thereon data representing instructions configured for execution by a processor of a capture system, the instructions causing the capture system to perform operations comprising:
- assembling an object from packets captured in a network environment;
  
  determining whether the object is encrypted; and
  
  identifying a cryptographic status of the object, wherein the cryptographic status is based, at least, on a statistical analysis of bytes in the object.
- View Dependent Claims (50, 51, 52)
- - 50. The medium of claim 49, the operations further comprising:
    - determining whether the object violated a cryptographic policy using the cryptographic status of the object, wherein determining whether the object violated the cryptographic policy comprises determining that the object was unencrypted when the object was required to be encrypted.
  - 51. The medium of claim 49, wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object, and wherein the index of coincidence measures a distribution of numbers that differ from being uniform.
  - 52. The medium of claim 49, wherein the statistical analysis includes distinguishing ciphertext from binary data, and wherein the statistical analysis includes identifying a frequency count of bytes that appear in a block of bytes of a particular size.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Iglesia, Erik de la, Ahuja, Ratinder Paul Singh, Coleman, Shaun

Granted Patent

US 8,307,206 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/102 Entity profiles

CRYPTOGRAPHIC POLICY ENFORCEMENT

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

171 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

CRYPTOGRAPHIC POLICY ENFORCEMENT

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

171 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links