System and method for identifying encrypted conference media traffic

US 8,417,942 B2
Filed: 08/31/2007
Issued: 04/09/2013
Est. Priority Date: 08/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method for identifying conference media traffic comprising:

receiving a plurality of dummy packets, each of the dummy packets comprising a timestamp;

matching at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets;

in response to matching the series of the plurality of dummy packets to the signature key, extracting a first identification different from the signature key from one or more of the plurality of dummy packets;

determining that a second identification associated with one or more encrypted media packets matches the first identification;

associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification;

wherein the first identification and the second identification each comprise a source identification and a destination identification; and

wherein the source identification and the destination identification are Internet Protocol (IP) addresses.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for identifying conference media traffic includes receiving a plurality of dummy packets and matching a series of the plurality of dummy packets to a signature key. The method also includes extracting a first identification from one or more of the plurality of dummy packets in response to matching a series of the plurality of dummy packets to a signature key and determining that a second identification associated with one or more encrypted media packets matches the first identification. The method also includes associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification.

78 Citations

View as Search Results

16 Claims

1. A method for identifying conference media traffic comprising:
- receiving a plurality of dummy packets, each of the dummy packets comprising a timestamp;
  
  matching at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets;
  
  in response to matching the series of the plurality of dummy packets to the signature key, extracting a first identification different from the signature key from one or more of the plurality of dummy packets;
  
  determining that a second identification associated with one or more encrypted media packets matches the first identification;
  
  associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification;
  
  wherein the first identification and the second identification each comprise a source identification and a destination identification; and
  
  wherein the source identification and the destination identification are Internet Protocol (IP) addresses.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising applying one or more policies to the one or more encrypted media packets in response to associating one or more encrypted media packets with a conference.
  - 3. The method of claim 1, further comprising updating the signature key.
  - 4. The method of claim 3, wherein updating the signature key comprises changing the signature key based on the time of day.
  - 5. The method of claim 1, further comprising, in response to extracting a first identification from one or more of the plurality of dummy packets, monitoring a network for one or more encrypted media packets having a second identification that matches the first identification.

6. A network apparatus comprising:
- an interface operable to;
  
  receive a plurality of dummy packets, each of the dummy packets comprising a timestamp; and
  
  receive one or more encrypted media packets; and
  
  a processor coupled to the interface and operable to;
  
  match at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a-pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets;
  
  in response to matching the series of the plurality of dummy packets to the signature key, extract a first identification different from the signature key from one or more of the plurality of dummy packets;
  
  determine that a second identification associated with one or more of the encrypted media packets matches the first identification;
  
  associate one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification;
  
  wherein the first identification and the second identification each comprise a source identification and a destination identification; and
  
  wherein the source identification and the destination identification are Internet Protocol (IP) addresses.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The network apparatus of claim 6, wherein the processor is further operable to apply one or more policies to the one or more encrypted media packets in response to associating one or more encrypted media packets with a conference.
  - 8. The network apparatus of claim 6, wherein the processor is further operable to update the signature key.
  - 9. The network apparatus of claim 6, wherein a processor operable to update a signature key comprises a processor operable to change the signature key based on the time of day.
  - 10. The network apparatus of claim 6, wherein the processor is further operable to monitor a network for one or more encrypted media packets having a second identification that matches the first identification in response to extracting a first identification from one or more of the plurality of dummy packets.

11. A non-transitory computer readable medium including code for identifying encrypted conference media traffic, the code operable to:
- receive a plurality of dummy packets, each of the dummy packets comprising a timestamp;
  
  match at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets;
  
  in response to matching the series of the plurality of dummy packets to the signature key, extract a first identification different from the signature key from one or more of the plurality of dummy packets;
  
  determine that a second identification associated with one or more encrypted media packets matches the first identification;
  
  associate one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification;
  
  wherein the first identification and the second identification each comprise a source identification and a destination identification; and
  
  wherein the source identification and the destination identification are Internet Protocol (IP) addresses.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer readable medium of claim 11, wherein the code is further operable to apply one or more policies to the one or more encrypted media packets in response to associating one or more encrypted media packets with a conference.
  - 13. The non-transitory computer readable medium of claim 11, wherein the code is further operable to update the signature key.
  - 14. The non-transitory computer readable medium of claim 13, wherein code operable to update the signature key comprises code operable to change the signature based on the time of day.
  - 15. The non-transitory computer readable medium of claim 11, wherein the code is further operable to monitor a network for one or more encrypted media packets having a second identification that matches the first identification in response to extracting a first identification from one or more of the plurality of dummy packets.

16. A network apparatus comprising:
- means for receiving a plurality of dummy packets, each of the dummy packets comprising a timestamp;
  
  means for matching at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets;
  
  means for in response to matching the series of the plurality of dummy packets to the signature key, extracting a first identification different from the signature key from one or more of the plurality of dummy packets;
  
  means for determining that a second identification associated with one or more encrypted media packets matches the first identification;
  
  means for associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification;
  
  wherein the first identification and the second identification each comprise a source identification and a destination identification; and
  
  wherein the source identification and the destination identification are Internet Protocol (IP) addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Dunn, Chris A., Cooke, Jawhny X., Aziz, Zaheer, Sagy, Ravid
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
SHAW, BRIAN F

Application Number

US11/848,650
Publication Number

US 20090063856A1
Time in Patent Office

2,048 Days
Field of Search

713/160, 726/13, 370/252, 370/230.1
US Class Current

713/160
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 65/403   Arrangements for multi-part...

H04L 65/75   Media network packet handling

H04L 65/756   adapting media to device ca...

System and method for identifying encrypted conference media traffic

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identifying encrypted conference media traffic

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links