System and method for identifying encrypted conference media traffic
First Claim
1. A method for identifying conference media traffic comprising:
- receiving a plurality of dummy packets, each of the dummy packets comprising a timestamp;
matching at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets;
in response to matching the series of the plurality of dummy packets to the signature key, extracting a first identification different from the signature key from one or more of the plurality of dummy packets;
determining that a second identification associated with one or more encrypted media packets matches the first identification;
associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification;
wherein the first identification and the second identification each comprise a source identification and a destination identification; and
wherein the source identification and the destination identification are Internet Protocol (IP) addresses.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for identifying conference media traffic includes receiving a plurality of dummy packets and matching a series of the plurality of dummy packets to a signature key. The method also includes extracting a first identification from one or more of the plurality of dummy packets in response to matching a series of the plurality of dummy packets to a signature key and determining that a second identification associated with one or more encrypted media packets matches the first identification. The method also includes associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification.
78 Citations
16 Claims
-
1. A method for identifying conference media traffic comprising:
-
receiving a plurality of dummy packets, each of the dummy packets comprising a timestamp; matching at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets; in response to matching the series of the plurality of dummy packets to the signature key, extracting a first identification different from the signature key from one or more of the plurality of dummy packets; determining that a second identification associated with one or more encrypted media packets matches the first identification; associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification; wherein the first identification and the second identification each comprise a source identification and a destination identification; and wherein the source identification and the destination identification are Internet Protocol (IP) addresses. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A network apparatus comprising:
-
an interface operable to; receive a plurality of dummy packets, each of the dummy packets comprising a timestamp; and receive one or more encrypted media packets; and a processor coupled to the interface and operable to; match at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a-pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets; in response to matching the series of the plurality of dummy packets to the signature key, extract a first identification different from the signature key from one or more of the plurality of dummy packets; determine that a second identification associated with one or more of the encrypted media packets matches the first identification; associate one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification; wherein the first identification and the second identification each comprise a source identification and a destination identification; and wherein the source identification and the destination identification are Internet Protocol (IP) addresses. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer readable medium including code for identifying encrypted conference media traffic, the code operable to:
-
receive a plurality of dummy packets, each of the dummy packets comprising a timestamp; match at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets; in response to matching the series of the plurality of dummy packets to the signature key, extract a first identification different from the signature key from one or more of the plurality of dummy packets; determine that a second identification associated with one or more encrypted media packets matches the first identification; associate one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification; wherein the first identification and the second identification each comprise a source identification and a destination identification; and wherein the source identification and the destination identification are Internet Protocol (IP) addresses. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A network apparatus comprising:
-
means for receiving a plurality of dummy packets, each of the dummy packets comprising a timestamp; means for matching at a service control engine, without extracting payload information from the dummy packets and without extracting a packet type, a series of the plurality of dummy packets to a signature key associated with the time of day corresponding to a timestamp of one or more of the plurality of dummy packets, the signature key defined by a pattern corresponding to a series of packets, wherein the pattern comprises a first size of a first one of the series of packets and a second size of a second one of the series of packets; means for in response to matching the series of the plurality of dummy packets to the signature key, extracting a first identification different from the signature key from one or more of the plurality of dummy packets; means for determining that a second identification associated with one or more encrypted media packets matches the first identification; means for associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification; wherein the first identification and the second identification each comprise a source identification and a destination identification; and wherein the source identification and the destination identification are Internet Protocol (IP) addresses.
-
Specification