Secure communication secret sharing
First Claim
1. A method for monitoring communication over a network with a network monitoring device (NMD) that performs actions, comprising:
- providing correlation information for one or more network packets that are employed to establish a secure communication session; and
providing a session key and other correlation information that corresponds to the secure communication session;
providing one or more network connection flows that correspond to the secure communication session based on a match of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers;
decrypting the one or more network packets in the one or more network connection flows communicated over the secure communication session; and
providing a display to a user of analysis of the secure communication session.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.
132 Citations
30 Claims
-
1. A method for monitoring communication over a network with a network monitoring device (NMD) that performs actions, comprising:
-
providing correlation information for one or more network packets that are employed to establish a secure communication session; and providing a session key and other correlation information that corresponds to the secure communication session; providing one or more network connection flows that correspond to the secure communication session based on a match of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers; decrypting the one or more network packets in the one or more network connection flows communicated over the secure communication session; and providing a display to a user of analysis of the secure communication session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for monitoring communication over a network, comprising:
-
a network monitoring device (NMD), comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and a processor device that executes instructions that perform actions, including; passively monitoring a plurality of network packets that are communicated between one or more client computers and one or more server computers; providing one or more network connection flows that correspond to the secure communication session based on a match of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers; decrypting the one or more network packets in the one or more network connection flows communicated over the secure communication session; and providing a display to a user of analysis of the secure communication session; and the client computer, comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and a processor device that executes instructions that perform actions, including; communicating the one or more network packets to the server computer. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A processor readable non-transitory storage media that includes instructions for monitoring communication over a network, wherein execution of the instructions by a network monitoring device (NMD) having one or more processors performs actions, comprising:
-
providing correlation information for one or more network packets that are employed to establish a secure communication session; and providing a session key and other correlation information that corresponds to the secure communication session; providing one or more network connection flows that correspond to the secure communication session based on a match of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers; decrypting the one or more network packets in the one or more network connection flows communicated over the secure communication session; and providing a display to a user of analysis of the secure communication session. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A network computer for monitoring communication over a network, comprising:
-
a transceiver that communicates over the network; a memory that stores at least instructions; and a processor device that executes instructions that perform actions, including; passively monitoring a plurality of network packets that are communicated between one or more client computers and one or more server computers; providing correlation information for one or more network packets that are employed to establish a secure communication session; and providing a session key and other correlation information that corresponds to the secure communication session; providing one or more network connection flows that correspond to the secure communication session based on a match of the secure communication session'"'"'s other correlation information with other correlation information provided by one or more key providers; decrypting the one or more network packets in the one or more network connection flows communicated over the secure communication session; and providing a display to a user of analysis of the secure communication session. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification