Method and apparatus for man-in-the-middle agent-assisted client filtering
First Claim
1. A computer-implemented method for data stream transmission policy enforcement by a man-in-the-middle apparatus, the method comprising:
- receiving, at the man-in-the-middle apparatus, portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination;
providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus;
performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus at the man-in-the-middle apparatus;
generating a data stream transmission policy at the man-in-the middle apparatus, according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus;
transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and
affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device.
2 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments of the present invention relate to a method, an apparatus and a computer-program product for man-in-the-middle agent-assisted client filtering. An example method to be performed by the man-in-the-middle includes receiving portions of a data stream transmitted from a source and performing an analysis of the portions of the data stream. Based on the analysis, the man-in-the-middle then may interact with the source. An example method to be performed by an agent at the source includes providing portions of a transmitted data stream to the man-in-the-middle and interacting with the man-in-the-middle.
-
Citations
24 Claims
-
1. A computer-implemented method for data stream transmission policy enforcement by a man-in-the-middle apparatus, the method comprising:
-
receiving, at the man-in-the-middle apparatus, portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination; providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus; performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus at the man-in-the-middle apparatus; generating a data stream transmission policy at the man-in-the middle apparatus, according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for data stream transmission policy enforcement by a man-in-the-middle apparatus, the method comprising:
-
providing portions of a transmitted data stream from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination, the man-in-the-middle apparatus configured to provide centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus; receiving at the source device a data stream transmission policy generated at the man-in-the-middle apparatus according to an analysis performed at the man-in-the-middle apparatus of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus and transferred from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and enforcing the data stream transmission policy at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus, thereby affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device. - View Dependent Claims (7, 8, 9)
-
-
10. An man-in-the-middle apparatus for data stream transmission policy enforcement comprising:
-
a processor; and memory storing computer executable instructions that when executed on the processor cause the man-in-the-middle apparatus to perform the operations of; receiving, at the man-in-the-middle apparatus, portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination; providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus; performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus at the man-in-the-middle apparatus; generating a data stream transmission policy at the man-in-the middle apparatus according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A source device for operation of a man-in-the-middle agent operation for man-in-the-middle data stream transmission policy enforcement comprising:
-
a processor; and memory storing computer executable instructions that when executed on the processor cause the man-in-the-middle apparatus to perform the operations of; providing portions of a transmitted data stream from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination, the man-in-the-middle apparatus configured to provide centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus; receiving at the source device a data stream transmission policy generated at the man-in-the-middle apparatus according to an analysis performed at the man-in-the-middle apparatus of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus and transferred from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and enforcing the data stream transmission policy at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus, thereby affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device. - View Dependent Claims (16, 17, 18)
-
-
19. A computer program product having a non-transitory computer readable storage medium with instructions encoded thereon that, when executed by a processor of a computer, causes the computer to perform man-in-the-middle data stream transmission policy enforcement comprising:
-
computer program code for receiving portions of a data stream transmitted from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination; computer program code for providing centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the computer; computer program code for performing an analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus; computer program code for generating a data stream transmission policy at the man-in-the middle apparatus according to the analysis of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; computer program code for transferring the policy for local data stream transmission policy enforcement from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device of data stream transmissions from the source device by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and computer program code for affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device. - View Dependent Claims (20, 21, 22)
-
-
23. A computer program product having a non-transitory computer readable storage medium with instructions encoded thereon that, when executed by a processor of a computer, causes the computer to perform man-in-the-middle data stream transmission policy enforcement comprising
computer program code for providing portions of a transmitted data stream from a source device in a network intended for a destination and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus before the data stream escapes the network toward the destination, the man-in-the-middle apparatus configured to provide centralized data stream transmission policy enforcement of data stream transmissions from the source device, by the man-in-the-middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus, without configuration of the source device as a part of a local data stream transmission policy enforcement model for enforcement of data stream transmissions from the source device, at times the source device is communicatively coupled with the man-in-the-middle apparatus; -
computer program code for receiving at the source device a data stream transmission policy generated at the man-in-the-middle apparatus according to an analysis performed at the man-in-the-middle apparatus of the portions of the data stream transmitted from the source device and intercepted by the man-in-the middle apparatus at times the source device is communicatively coupled with the man-in-the-middle apparatus and transferred from the man-in-the-middle apparatus to the source device for local data stream transmission policy enforcement at the source device by a man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus; and computer program code for enforcing the data stream transmission policy at the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus by the man-in-the-middle agent operating on the source device at times the source device is not communicatively coupled with the man-in-the-middle apparatus, thereby affecting operation of the source device, at times the source device is not communicatively coupled with the man-in-the-middle apparatus, to provide local data stream transmission policy enforcement at the source device of data stream transmissions from the source device as if the source device were communicatively coupled with the man-in-the-middle apparatus and the man-in-the-middle apparatus were providing centralized data stream transmission policy enforcement of data stream transmissions from the source device. - View Dependent Claims (24)
-
Specification