Inline secret sharing
First Claim
1. A method for monitoring communication over a network between one or more computers, with one or more network monitoring computers (NMCs) that perform actions, comprising:
- monitoring a plurality of network packets that are communicated between the one or more computers;
employing the one or more NMCs to identify a secure communication session established between two of the one or more computers based on an exchange of handshake information that is associated with the secure communication session, wherein the one or more NMCs are inline with the secure communication session;
obtaining key information that corresponds to the secure communication session from a key provider, wherein the key information is encrypted by the key provider;
employing the one or more NMCs to decrypt the key information;
employing the one or more NMCs to derive the session key based on the decrypted key information and the handshake information;
employing the one or more NMCs to decrypt one or more network packets that are included in the secure communication session; and
employing the one or more NMCs to inspect the one or more decrypted network packets to execute one or more rule-based policies.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.
151 Citations
30 Claims
-
1. A method for monitoring communication over a network between one or more computers, with one or more network monitoring computers (NMCs) that perform actions, comprising:
-
monitoring a plurality of network packets that are communicated between the one or more computers; employing the one or more NMCs to identify a secure communication session established between two of the one or more computers based on an exchange of handshake information that is associated with the secure communication session, wherein the one or more NMCs are inline with the secure communication session; obtaining key information that corresponds to the secure communication session from a key provider, wherein the key information is encrypted by the key provider; employing the one or more NMCs to decrypt the key information; employing the one or more NMCs to derive the session key based on the decrypted key information and the handshake information; employing the one or more NMCs to decrypt one or more network packets that are included in the secure communication session; and employing the one or more NMCs to inspect the one or more decrypted network packets to execute one or more rule-based policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for monitoring communication over a network between one or more computers comprising:
-
one or more network monitoring computers (NMCs), comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; monitoring a plurality of network packets that are communicated between the one or more computers; employing the one or more NMCs to identify a secure communication session established between two of the one or more computers based on an exchange of handshake information that is associated with the secure communication session, wherein the one or more NMCs are inline with the secure communication session; obtaining key information that corresponds to the secure communication session from a key provider, wherein the key information is encrypted by the key provider; employing the one or more NMCs to decrypt the key information; employing the one or more NMCs to derive the session key based on the decrypted key information and the handshake information; employing the one or more NMCs to decrypt one or more network packets that are included in the secure communication session; and employing the one or more NMCs to inspect the one or more decrypted network packets to execute one or more rule-based policies; and the one or more computers, comprising; a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; providing one or more of the plurality of network packets. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A processor readable non-transitory storage media that includes instructions for monitoring communication over a network between one or more computers, wherein execution of the instructions by one or more processors on one or more network monitoring computers (NMCs) performs actions, comprising:
-
monitoring a plurality of network packets that are communicated between the one or more computers; employing the one or more NMCs to identify a secure communication session established between two of the one or more computers based on an exchange of handshake information that is associated with the secure communication session, wherein the one or more NMCs are inline with the secure communication session; obtaining key information that corresponds to the secure communication session from a key provider, wherein the key information is encrypted by the key provider; employing the one or more NMCs to decrypt the key information; employing the one or more NMCs to derive the session key based on the decrypted key information and the handshake information; employing the one or more NMCs to decrypt one or more network packets that are included in the secure communication session; and employing the one or more NMCs to inspect the one or more decrypted network packets to execute one or more rule-based policies. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A network monitoring computer (NMC) for monitoring communication over a network between one or more computers, comprising:
-
a transceiver that communicates over the network; a memory that stores at least instructions; and one or more processors that execute instructions that perform actions, including; monitoring a plurality of network packets that are communicated between the one or more computers; employing the one or more NMCs to identify a secure communication session established between two of the one or more computers based on an exchange of handshake information that is associated with the secure communication session, wherein the one or more NMCs are inline with the secure communication session; obtaining key information that corresponds to the secure communication session from a key provider, wherein the key information is encrypted by the key provider; employing the one or more NMCs to decrypt the key information; employing the one or more NMCs to derive the session key based on the decrypted key information and the handshake information; employing the one or more NMCs to decrypt one or more network packets that are included in the secure communication session; and employing the one or more NMCs to inspect the one or more decrypted network packets to execute one or more rule-based policies. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification