Cryptographic policy enforcement
First Claim
Patent Images
1. A method comprising:
- capturing packets being transmitted over a network;
assembling an object from the captured packets;
assigning a cryptographic status to the object by determining whether the captured object is encrypted; and
determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object, wherein assigning a cryptographic status to the captured object comprises performing a statistical analysis on bytes in the captured object, and wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object.
11 Assignments
0 Petitions
Accused Products
Abstract
Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.
-
Citations
30 Claims
-
1. A method comprising:
-
capturing packets being transmitted over a network; assembling an object from the captured packets; assigning a cryptographic status to the object by determining whether the captured object is encrypted; and determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object, wherein assigning a cryptographic status to the captured object comprises performing a statistical analysis on bytes in the captured object, and wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus that includes a processor and a non-transitory computer readable medium, comprising:
-
a packet capture module to capture packets being transmitted over a network; an object assembly module to reconstruct an object from the captured packets; and a cryptographic analyzer to determine whether the object violated a cryptographic policy in effect over the network, wherein a cryptographic status is assigned to the captured object and a statistical analysis is performed on bytes in the captured object, and wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
capturing an object being transmitted over a network; generating a tag associated with the captured object, the tag containing metadata related to the captured object; assigning a cryptographic status to the captured object by determining whether the captured object was encrypted prior to being transmitted over the network; and adding the cryptographic status of the captured object to the tag associated with the captured object, wherein assigning a cryptographic status to the captured object comprises performing a statistical analysis on bytes in the captured object, and wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A non-transitory machine-readable medium having stored thereon data representing instructions, that, when executed by a processor of a capture system, cause the processor to perform operations comprising:
-
capturing packets being transmitted over a network; assembling an object from the captured packets; assigning a cryptographic status to the object by determining whether the captured object is encrypted; and determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object, wherein assigning a cryptographic status to the captured object comprises performing a statistical analysis on bytes in the captured object, and wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A non-transitory machine-readable medium having stored thereon data representing instructions, that, when executed by a processor of a capture system, cause the processor to perform operations comprising:
-
capturing an object being transmitted over a network; generating a tag associated with the captured object, the tag containing metadata related to the captured object; assigning a cryptographic status to the captured object by determining whether the captured object was encrypted prior to being transmitted over the network; and adding the cryptographic status of the captured object to the tag associated with the captured object, wherein assigning a cryptographic status to the captured object comprises performing a statistical analysis on bytes in the captured object, and wherein the statistical analysis comprises calculating an index of coincidence for the bytes in the captured object. - View Dependent Claims (28, 29, 30)
-
Specification