Detection of encrypted packet streams
First Claim
Patent Images
1. A method carried out using a processor circuit, comprising:
- detecting an observable parameter of an encrypted stream of packets, the parameter being observable despite encryption obscuring the contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting any portion of the stream of packets; and
estimating the type of data within the encrypted stream of packets from the observable parameter, wherein, despite the encryption, the type of data within the encrypted stream of packets may be estimated, wherein the type of data is estimated without decrypting any portion of the stream of packets.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and products are disclosed for detecting encrypted packet streams. One method notes an observable parameter of an encrypted stream of packets. The parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. The type of data within the encrypted stream of packets is inferred from the observable parameter, wherein, despite the encryption, the type of data within the encrypted stream of packets may be inferred.
-
Citations
23 Claims
-
1. A method carried out using a processor circuit, comprising:
-
detecting an observable parameter of an encrypted stream of packets, the parameter being observable despite encryption obscuring the contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting any portion of the stream of packets; and estimating the type of data within the encrypted stream of packets from the observable parameter, wherein, despite the encryption, the type of data within the encrypted stream of packets may be estimated, wherein the type of data is estimated without decrypting any portion of the stream of packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a communications module stored in a memory device, and a processor communicating with the memory device; the communications module detecting an observable parameter of an encrypted stream of packets, the parameter being observable despite encryption obscuring the contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting any portion of the stream of packets, the communications module comparing the observable parameter to a threshold value, and the communications module estimating the type of data within the encrypted stream of packets from the observable parameter, wherein, despite the encryption, the type of data within the encrypted stream of packets may be estimated without decrypting any portion of the stream of packets. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product comprising a non-transitory computer readable medium including instructions for performing the steps:
-
detecting an observable parameter of an encrypted stream of packets, the parameter being observable despite encryption obscuring the contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting any portion of the stream of packets; and estimating the type of data within the encrypted stream of packets from the observable parameter, wherein, despite the encryption, the type of data within the encrypted stream of packets may be estimated, wherein the type of data is estimated without decrypting any portion of the stream of packets. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification