Cryptographic policy enforcement
First Claim
Patent Images
1. A method, comprising:
- capturing packets in a network environment;
assembling an object from the captured packets;
determining whether the object is encrypted;
assigning a cryptographic status to the object; and
determining whether the object violated a cryptographic policy, wherein the cryptographic policy comprises a set of cryptographic rules differentiating between transmissions that are required to be encrypted, transmissions that are required to be unencrypted, and transmissions that are allowed, but not required, to be encrypted.
9 Assignments
0 Petitions
Accused Products
Abstract
Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.
372 Citations
20 Claims
-
1. A method, comprising:
-
capturing packets in a network environment; assembling an object from the captured packets; determining whether the object is encrypted; assigning a cryptographic status to the object; and determining whether the object violated a cryptographic policy, wherein the cryptographic policy comprises a set of cryptographic rules differentiating between transmissions that are required to be encrypted, transmissions that are required to be unencrypted, and transmissions that are allowed, but not required, to be encrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A capture system, comprising:
-
a packet capture module configured to capture packets in a network environment; an object assembly module configured to assemble an object from the captured packets; and a cryptographic analyzer configured to determine a cryptographic status of the object and determine whether the object violated a cryptographic policy, wherein the cryptographic policy comprises a set of cryptographic rules differentiating between transmissions that are required to be encrypted, transmissions that are required to be unencrypted, and transmissions that are allowed, but not required, to be encrypted. - View Dependent Claims (14, 15, 16)
-
-
17. A non-transitory medium having stored thereon data representing instructions configured for execution by a processor of a capture system, the instructions causing the capture system to perform operations comprising:
-
assembling an object from packets captured in a network environment; determining whether the object is encrypted; identifying a cryptographic status of the object; and determining whether the object violated a cryptographic policy, wherein the cryptographic policy comprises a set of cryptographic rules differentiating between transmissions that are required to be encrypted, transmissions that are required to be unencrypted, and transmissions that are allowed, but not required, to be encrypted. - View Dependent Claims (18, 19, 20)
-
Specification