Auditing and controlling encrypted communications
First Claim
Patent Images
1. A method comprising:
- causing intercepting by a first computing device an encrypted communication between a first endpoint and a second endpoint;
causing performing a man-in-the-middle attack on the encrypted communication, the man-in-the-middle attack establishing a first set of encryption keys between the first endpoint and the first computing device and a second set of encryption keys between the first computing device and the second endpoint and providing access to at least a part of the plaintext of the encrypted communication; and
causing transmitting information obtained using the man-in-the-middle attack to an audit server distinct from the first computing device.
0 Assignments
0 Petitions
Accused Products
Abstract
Use of one or more computer systems may be audited by performing a man-in-the-middle attack against a cryptographic protocol (e.g., SSH) at one or more interceptors, transmitting audit data to a centralized audit server. Operations performed using the encrypted connection may be controlled and restricted.
-
Citations
30 Claims
-
1. A method comprising:
-
causing intercepting by a first computing device an encrypted communication between a first endpoint and a second endpoint; causing performing a man-in-the-middle attack on the encrypted communication, the man-in-the-middle attack establishing a first set of encryption keys between the first endpoint and the first computing device and a second set of encryption keys between the first computing device and the second endpoint and providing access to at least a part of the plaintext of the encrypted communication; and causing transmitting information obtained using the man-in-the-middle attack to an audit server distinct from the first computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to perform; intercepting an encrypted connection going through a network interface of a network device; sending information relating to the intercepted encrypted connection to an audit server for recording, said information enabling inspection of plaintext content of the intercepted encrypted connection. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to perform; receiving information relating to an intercepted encrypted connection going through an interceptor in a network device; and recording the information relating to the intercepted encrypted connection, said information enabling inspection of plaintext content of the intercepted encrypted connection. - View Dependent Claims (25)
-
-
26. A computer program product stored on a non-transitory computer-readable medium for causing a network device to process encrypted connections, comprising:
-
computer program code for causing the network device to intercept an encrypted connection through the network device; and computer program code for causing the network device to send information relating to the encrypted connection to an audit server, the information providing the audit server effective access to plaintext of the connection. - View Dependent Claims (27, 28, 29, 30)
-
Specification