Method and apparatus for man-in-the-middle agent-assisted client filtering

US 9,407,663 B1
Filed: 06/28/2012
Issued: 08/02/2016
Est. Priority Date: 09/28/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for data stream transmission policy enforcement by a man-in-the-middle apparatus, the method comprising:

receiving, at the man-in-the-middle apparatus, portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination;

providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus;

performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus at the man-in-the-middle apparatus;

generating a data stream transmission policy at the man-in-the middle apparatus, according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus;

transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and

affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of the present invention relate to a method, an apparatus and a computer-program product for man-in-the-middle agent-assisted client filtering. An example method to be performed by the man-in-the-middle includes receiving portions of a data stream transmitted from a source and performing an analysis of the portions of the data stream. Based on the analysis, the man-in-the-middle then may interact with the source. An example method to be performed by an agent at the source includes providing portions of a transmitted data stream to the man-in-the-middle and interacting with the man-in-the-middle.

44 Citations

View as Search Results

24 Claims

1. A computer-implemented method for data stream transmission policy enforcement by a man-in-the-middle apparatus, the method comprising:
- receiving, at the man-in-the-middle apparatus, portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination;
  
  providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus;
  
  performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus at the man-in-the-middle apparatus;
  
  generating a data stream transmission policy at the man-in-the middle apparatus, according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus;
  
  transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and
  
  affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising:
    - receiving portions of the data stream not previously received from the source device;
      
      performing an analysis of portions of the data stream not previously received from the source device;
      
      modifying the policy for the source device according to the analysis of the received portions of the data stream not previously received from the source device; and
      
      transferring the modified policy to the source device for enforcement at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus.
  - 3. The method of claim 1 further comprising:
    - evaluating the portions of the data stream for a policy violation; and
      
      providing a remediation relating to the source device according to the evaluation.
  - 4. The method of claim 3 wherein providing a remediation relating to the source device according to the evaluation comprises:
    - modifying the policy for the source device to correct the policy violation; and
      
      transferring the modified policy to the source device for enforcement at the source.
  - 5. The method of claim 4 wherein modifying the policy for the source device to correct the policy violation comprises:
    - generating a modification to correct the policy violation;
      
      presenting the modification to an administrator; and
      
      receiving a selection of the modification to modify the policy.

6. A computer-implemented method for data stream transmission policy enforcement by a man-in-the-middle apparatus, the method comprising:
- providing portions of a transmitted data stream from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination, the man-in-the-middle apparatus configured to provide centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus;
  
  receiving at the source device a data stream transmission policy generated at the man-in-the-middle apparatus according to an analysis performed at the man-in-the-middle apparatus of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus and transferred from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and
  
  enforcing the data stream transmission policy at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus, thereby affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6 further comprising:
    - providing portions of the transmitted data stream from the source device not previously received by the man-in-the-middle apparatus; and
      
      receiving a modified policy according to an analysis of the portions of the transmitted data stream not previously received by the man-in-the-middle apparatus for enforcement at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus.
  - 8. The method of claim 6 further comprising:
    - receiving a policy enforcement communication from the man-in-the-middle apparatus in response to an analysis of portions of the transmitted data stream; and
      
      performing a policy-related action in response to the policy enforcement communication at times the source device is not communicatively coupled with the man-in-the-middle apparatus.
  - 9. The method of claim 8wherein receiving a policy enforcement communication from the man-in-the-middle apparatus in response to an analysis of portions of a transmitted data stream comprises receiving a policy enforcement notification from the man-in-the-middle apparatus at a first source device regarding the analysis of portions of a transmitted data stream from a second source device;
    - andwherein performing a policy-related action in response to the policy enforcement communication at times the source device is not communicatively coupled with the man-in-the-middle apparatus comprises transmitting a policy modification to the man-in-the middle apparatus regarding the policy for the second source device.

10. An man-in-the-middle apparatus for data stream transmission policy enforcement comprising:
- a processor; and
  
  memory storing computer executable instructions that when executed on the processor cause the man-in-the-middle apparatus to perform the operations of;
  
  receiving, at the man-in-the-middle apparatus, portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination;
  
  providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus;
  
  performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus at the man-in-the-middle apparatus;
  
  generating a data stream transmission policy at the man-in-the middle apparatus according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus;
  
  transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and
  
  affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The apparatus of claim 10 further comprising:
    - receiving portions of the data stream not previously received from the source device;
      
      performing an analysis of portions of the data stream not previously received from the source device;
      
      modifying the policy for the source device according to the received portions of the data stream not previously received from the source device; and
      
      transferring the modified policy to the source device for enforcement at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus.
  - 12. The apparatus of claim 10 further comprising:
    - evaluating the portions of the data stream for a policy violation; and
      
      providing a remediation relating to the source device according to the evaluation.
  - 13. The apparatus of claim 12 wherein providing a remediation relating to the source device according to the evaluation comprises:
    - modifying the policy for the source device to correct the policy violation; and
      
      transferring the modified policy to the source device for enforcement at the source device.
  - 14. The apparatus of claim 13 wherein modifying the policy for the source device to correct the policy violation comprises:
    - generating a modification to correct the policy violation;
      
      presenting the modification to an administrator; and
      
      receiving a selection of the modification to modify the policy.

15. A source device for operation of a man-in-the-middle agent operation for man-in-the-middle data stream transmission policy enforcement comprising:
- a processor; and
  
  memory storing computer executable instructions that when executed on the processor cause the man-in-the-middle apparatus to perform the operations of;
  
  providing portions of a transmitted data stream from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination, the man-in-the-middle apparatus configured to provide centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus;
  
  receiving at the source device a data stream transmission policy generated at the man-in-the-middle apparatus according to an analysis performed at the man-in-the-middle apparatus of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus and transferred from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and
  
  enforcing the data stream transmission policy at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus, thereby affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.
- View Dependent Claims (16, 17, 18)
- - 16. The apparatus of claim 15 further comprising:
    - providing portions of the transmitted data stream from the source device not previously received by the man-in-the-middle apparatus; and
      
      receiving a modified policy according to an analysis of the portions of the transmitted data stream not previously received by the man-in-the-middle apparatus for enforcement at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus.
  - 17. The apparatus of claim 15 further comprising:
    - receiving a policy enforcement communication from the man-in-the-middle apparatus in response to an analysis of portions of the transmitted data stream; and
      
      performing a policy-related action in response to the policy enforcement communication at times the source device is not communicatively coupled with the man-in-the-middle apparatus.
  - 18. The apparatus of claim 17wherein receiving a policy enforcement communication from the man-in-the-middle apparatus in response to an analysis of portions of a transmitted data stream comprises receiving a policy enforcement notification from the man-in-the-middle apparatus at a first source device regarding the analysis of portions of a transmitted data stream from a second source device;
    - andwherein performing a policy-related action in response to the policy enforcement communication at times the source device is not communicatively coupled with the man-in-the-middle apparatus comprises transmitting a policy modification to the man-in-the middle apparatus regarding the policy for the second source device.

19. A computer program product having a non-transitory computer readable storage medium with instructions encoded thereon that, when executed by a processor of a computer, causes the computer to perform man-in-the-middle data stream transmission policy enforcement comprising:
- computer program code for receiving portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination;
  
  computer program code for providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the computer;
  
  computer program code for performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus;
  
  computer program code for generating a data stream transmission policy at the man-in-the middle apparatus according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus;
  
  computer program code for transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and
  
  computer program code for affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.
- View Dependent Claims (20, 21, 22)
- - 20. The computer program product of claim 19 further comprising:
    - computer program code for evaluating the portions of the data stream for a policy violation; and
      
      computer program code for providing a remediation relating to the source device according to the evaluation.
  - 21. The computer program product of claim 20 wherein computer program code for providing a remediation relating to the source device according to the evaluation comprises:
    - computer program code for modifying the policy for the source device to correct the policy violation; and
      
      computer program code for transferring the modified policy to the source device for enforcement at the source.
  - 22. The computer program product of claim 21 wherein computer program code for modifying the policy for the source device to correct the policy violation comprises:
    - computer program code for presenting a modification to an administrator to correct the policy violation; and
      
      computer program code for receiving a selection of the modification to modify the policy.

23. A computer program product having a non-transitory computer readable storage medium with instructions encoded thereon that, when executed by a processor of a computer, causes the computer to perform man-in-the-middle data stream transmission policy enforcement comprisingcomputer program code for providing portions of a transmitted data stream from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination, the man-in-the-middle apparatus configured to provide centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus;
- computer program code for receiving at the source device a data stream transmission policy generated at the man-in-the-middle apparatus according to an analysis performed at the man-in-the-middle apparatus of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus and transferred from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and
  
  computer program code for enforcing the data stream transmission policy at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus, thereby affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.
- View Dependent Claims (24)
- - 24. The computer program product of claim 23 further comprising:
    - computer program code for receiving a policy enforcement communication from the man-in-the-middle apparatus in response to an analysis of portions of the transmitted data stream; and
      
      computer program code for performing a policy-related action in response to the policy enforcement communication at times the source device is not communicatively coupled with the man-in-the-middle apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Pauley, Wayne A. Jr., Todd, Stephen J., Fisher, Michel F.
Primary Examiner(s)
Turchen, James

Application Number

US13/536,337
Time in Patent Office

1,496 Days
Field of Search

726/22, 726/23
US Class Current

1/1
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/20 for managing network securi...

Method and apparatus for man-in-the-middle agent-assisted client filtering

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for man-in-the-middle agent-assisted client filtering

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links