Detection of encrypted packet streams using a timer

US 8,332,938 B2
Filed: 09/17/2004
Issued: 12/11/2012
Est. Priority Date: 09/17/2004
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

estimating a type of data within an encrypted stream of packets based on detecting an observable parameter, the observable parameter being observable despite encryption obscuring contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting the stream of packets, and wherein the observable parameter is outside the encrypted stream of packets;

establishing a timer that depends on the type of data within the encrypted stream to provide a time interval during which no further estimation of the type of data within the encrypted stream of packets is performed;

processing the encrypted stream of packets until expiration of the time interval, despite a change in the type of estimated data, wherein establishing the type of data and establishing the timer are performed on at least one processor;

estimating that Voice Over Internet Protocol data is included within the encrypted stream of packets based on detection of the observable parameter; and

continue estimating that the Voice Over Internet Protocol data is included in the encrypted stream of packets until expiration of the time interval.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and devices are disclosed for detecting encrypted Internet Protocol packet streams. The type of data within an encrypted stream of packets is inferred using an observable parameter. The observable parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. A timer is established that maintains settings despite changes in the type of inferred data.

68 Citations

17 Claims

1. A computer implemented method, comprising:
- estimating a type of data within an encrypted stream of packets based on detecting an observable parameter, the observable parameter being observable despite encryption obscuring contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting the stream of packets, and wherein the observable parameter is outside the encrypted stream of packets;
  
  establishing a timer that depends on the type of data within the encrypted stream to provide a time interval during which no further estimation of the type of data within the encrypted stream of packets is performed;
  
  processing the encrypted stream of packets until expiration of the time interval, despite a change in the type of estimated data, wherein establishing the type of data and establishing the timer are performed on at least one processor;
  
  estimating that Voice Over Internet Protocol data is included within the encrypted stream of packets based on detection of the observable parameter; and
  
  continue estimating that the Voice Over Internet Protocol data is included in the encrypted stream of packets until expiration of the time interval.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising maintaining the type of estimated data until expiration of the time interval.
  - 3. The method according to claim 1, further comprising comparing the observable parameter to a threshold value.
  - 4. The method according to claim 3, wherein if the comparison is unfavorable, maintaining the type of estimated data until expiration of the timer.
  - 5. The method according to claim 1, further comprising varying a value of the time interval according to congestion.
  - 6. The method according to claim 1, further comprising varying a value of the time interval according to a software application.
  - 7. The method according to claim 1, further comprising comparing the observable parameter to an actual characteristic of the encrypted stream of packets.

8. A system, comprising:
- a communications module stored in a memory device, anda processor communicating with the memory device;
  
  the communications module estimating a type of data within an encrypted stream of packets based on detecting an observable parameter, the observable parameter being observable despite encryption obscuring contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting the stream of packets, and wherein the observable parameter is outside the encrypted stream of packets; and
  
  the communications module establishing a timer that depends on the type of data within the encrypted stream to provide a time interval during which no further estimation of the type of data with the encrypted stream of packets is performed, wherein the communications module maintains the type of estimated data until expiration of the time interval despite a change in the observable parameter, wherein the communications module i) estimates that Voice Over Internet Protocol data is included within the encrypted stream of packets using the observable parameter, and ii) continues estimating that the Voice Over Internet Protocol data is included within the encrypted stream of packets until expiration of the time interval.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system according to claim 8, wherein the communications module processes the encrypted stream of packets until expiration of the time interval.
  - 10. The system according to claim 8, wherein the communications module compares the observable parameter to a threshold value.
  - 11. The system according to claim 10, wherein if the comparison is unfavorable, the communications module maintains the type of estimated d until expiration of the timer.
  - 12. The system according to claim 8, wherein the communications module varies a value of the time interval according to a schedule.
  - 13. The system according to claim 8, wherein the communications module varies time interval according to a protocol.
  - 14. The system according to claim 8, wherein estimating the type of data within the encrypted stream of packets includes comparing the observable parameter to an actual characteristic of the encrypted stream of packets.

15. An article of manufacture including a memory including instructions when executed by a computer performing:
- estimating a type of data within an encrypted stream of packets based on detecting an observable parameter, the observable parameter being observable despite encryption obscuring contents of the encrypted stream of packets, wherein the observable parameter is observed without decrypting the stream of packets, and wherein the observable parameter is outside the encrypted stream of packets; and
  
  establishing a timer that depends on the type of data within the encrypted stream to provide a time interval during which no further estimation of the type of data with the encrypted stream of packets is performed,wherein the memory further includes instructions for applying quality of service processing until expiration of the time interval, despite a change in the observable parameter; and
  
  wherein the memory further includes instructions for performing;
  
  estimating that Voice Over Internet Protocol data is included within the encrypted stream of packets based on detecting the observable parameter; and
  
  continuing estimating that the Voice Over Internet Protocol data is included in the encrypted stream of packets until expiration of the time interval.
- View Dependent Claims (16, 17)
- - 16. The article of manufacture according to claim 15, wherein the memory further includes instructions for processing the encrypted stream of packets until expiration of the time interval.
  - 17. The article of manufacture according to claim 15, wherein estimating the type of data comprises comparing the observable parameter to an actual characteristic of the encrypted stream of packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bellsouth Intellectual Property Corporation (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Aaron, Jeffrey A., Shrum, Edgar Vaughan Jr.
Primary Examiner(s)
GELAGAY, SHEWAYE

Application Number

US10/943,589
Publication Number

US 20060064747A1
Time in Patent Office

3,007 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

H04L 63/0428 wherein the data content is...

Detection of encrypted packet streams using a timer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

68 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of encrypted packet streams using a timer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links