System and Method for Processing Secure Transmissions
2 Assignments
0 Petitions
Accused Products
Abstract
Secured transmissions between a client and a server are detected, a policy formulated whether encrypted material needs to be decrypted, and if content is to be decrypted it is, using decrypting information obtained from the client and server. Resulting plain test is then deployed to an entity such as a processor, store or interface. The plain text can be checked or modified. The transmission between client and server could be blocked, delivered without being decrypted, decrypted and then re-encrypted with or without modification. Each transmission is given an ID and a policy tag.
-
Citations
60 Claims
-
1-40. -40. (canceled)
-
41. A method comprising:
-
intercepting at a gateway a transmission control protocol (TCP) connection between a client and a server, wherein a secure socket layer (SSL) or transport layer security (TSL) session is embedded in the TCP connection; determining whether contents encrypted in the SSL or TSL session are to be decrypted; terminating the SSL or TSL session on the gateway; decrypting the contents of the SSL or TSL session; processing the decrypted contents to generate processed contents; encrypting the processed contents to generate re-encrypted contents; and initiating a second SSL or TSL session between the gateway and the server over the TCP connection, wherein the second SSL or TSL session contains the re-encrypted contents. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
-
48. A method comprising:
-
intercepting at a gateway a first flow of packets between a client and a server; intercepting at the gateway a second flow of packets between the server and the client; determining that contents of the first flow are to be decrypted based on packets of the first flow and of the second flow; assigning a policy tag to the first flow, wherein the policy tag indicates whether the contents of the first flow are to be decrypted; decrypting the contents of the first flow; processing the decrypted contents of the first flow to generate processed contents; encrypting the processed contents to generate re-encrypted contents; and originating a second flow between the gateway and the server, wherein the second flow contains the re-encrypted contents. - View Dependent Claims (49, 50, 51, 52, 53)
-
-
54. A method comprising:
-
intercepting at a gateway a first flow of packets between a client and a server, wherein the first flow includes encrypted contents in a first secure socket layer (SSL) session and decryption indicia; determining that the encrypted contents of the first flow are to be decrypted based on the decryption indicia; decrypting the encrypted contents of the first flow to generate decrypted contents; processing the decrypted contents of the first flow to generate processed contents; encrypting the processed contents to generate re-encrypted contents; terminating the first SSL session on the gateway; and originating a second SSL session between the gateway and the server, wherein the second SSL session contains the re-encrypted contents. - View Dependent Claims (55, 56, 57, 58, 59, 60)
-
Specification