Cryptographic policy enforcement

US 20050166066A1
Filed: 11/22/2004
Published: 07/28/2005
Est. Priority Date: 01/22/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

capturing packets being transmitted over a network;

assembling an object from the captured packets;

assigning a cryptographic status to the object by determining whether the captured object is encrypted; and

determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.

302 Citations

32 Claims

1. A method comprising:
- capturing packets being transmitted over a network;
  
  assembling an object from the captured packets;
  
  assigning a cryptographic status to the object by determining whether the captured object is encrypted; and
  
  determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein determining whether the object violated the cryptographic policy comprises determining that the object violated the cryptographic policy by being encrypted when the object was not expected to be encrypted.
  - 3. The method of claim 1, wherein determining whether the object violated the cryptographic policy comprises determining that the object violated the cryptographic policy by being unencrypted when the object was required to be encrypted.
  - 4. The method of claim 1, wherein determining whether the object violated the cryptographic policy comprises accessing at least one rule of the cryptographic policy related to a transmission channel in which the object was transmitted, and comparing the cryptographic status of the object to a status required by the rule.
  - 5. The method of claim 4, wherein the transmission channel comprises a set of source Internet protocol (IP) addresses and a set of destination IP addresses.
  - 6. The method of claim 1, further comprising allowing a user to edit the cryptographic policy.
  - 7. The method of claim 1, further comprising generating an alert to a user if the cryptographic policy is determined to be violated.
  - 8. The method of claim 1, further comprising blocking delivery of the object if the cryptographic policy is determined to be violated.

9. An apparatus comprising:
- a packet capture module to capture packets being transmitted over a network;
  
  an object assembly module to reconstruct an object from the captured packets; and
  
  a cryptographic analyzer to determine whether the object violated a cryptographic policy in effect over the network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein the cryptographic policy comprises a set of cryptographic rules.
  - 11. The apparatus of claim 10, wherein at least one rule of the set of cryptographic rules defines a transmission channel and whether encrypted objects are allowed or not on the channel.
  - 12. The apparatus of claim 10, wherein at least one rule of the set of cryptographic rules defines a transmission channel and whether encrypted objects are required or not on the channel.
  - 13. The method of claim 12, wherein the transmission channel comprises a set of source Internet protocol (IP) addresses and a set of destination IP addresses.
  - 14. The apparatus of claim 10, further comprising a user interface configured to allow a user to edit the set of cryptographic rules.
  - 15. The apparatus of claim 9, further comprising a user interface to transmit an alert to a user if the cryptographic policy is determined to be violated by the cryptographic analyzer.
  - 16. The apparatus of claim 9, wherein the apparatus blocks delivery of the object if the cryptographic policy is determined to be violated by the cryptographic analyzer.

17. A method comprising:
- capturing an object being transmitted over a network;
  
  generating a tag associated with the captured object, the tag containing metadata related to the captured object;
  
  assigning a cryptographic status to the captured object by determining whether the captured object was encrypted prior to being transmitted over the network; and
  
  adding the cryptographic status of the captured object to the tag associated with the captured object.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, further comprising determining whether the captured object violates a cryptographic policy by checking the metadata contained in the tag against one or more cryptographic rules.
  - 19. The method of claim 17, wherein one of the cryptographic rules prohibits transmission of encrypted objects from one or more source Internet protocol (IP) addresses.
  - 20. The method of claim 17, wherein assigning a cryptographic status to the captured object does not rely on any known content in the captured object.
  - 21. The method of claim 17, wherein assigning a cryptographic status to the captured object comprises performing statistical analysis on bytes making up the captured object.
  - 22. The method of claim 21, wherein the statistical analysis comprises calculating an index of coincidence for the bytes making up the captured object.
  - 23. The method of claim 22, wherein the statistical analysis comprises preprocessing the bytes making up the captured object by calculating differences between adjacent bytes, and the index of coincidence is determined for the calculated differences.

24. A machine-readable medium having stored thereon data representing instructions, that, when executed by a processor of a capture system, cause the processor to perform operations comprising:
- capturing packets being transmitted over a network;
  
  assembling an object from the captured packets;
  
  assigning a cryptographic status to the object by determining whether the captured object is encrypted; and
  
  determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The machine-readable medium of claim 24, wherein determining whether the object violated the cryptographic policy comprises determining that the object violated the cryptographic policy by being encrypted when the object was not expected to be encrypted.
  - 26. The machine-readable medium of claim 24, wherein determining whether the object violated the cryptographic policy comprises determining that the object violated the cryptographic policy by being unencrypted when the object was required to be encrypted.
  - 27. The machine-readable medium of claim 24, wherein determining whether the object violated the cryptographic policy comprises accessing at least one rule of the cryptographic policy related to a transmission channel in which the object was transmitted, and comparing the cryptographic status of the object to a status required by the rule.
  - 28. The machine-readable medium of claim 27, wherein the transmission channel comprises a set of source Internet protocol (IP) addresses and a set of destination IP addresses.

29. A machine-readable medium having stored thereon data representing instructions, that, when executed by a processor of a capture system, cause the processor to perform operations comprising:
- capturing an object being transmitted over a network;
  
  generating a tag associated with the captured object, the tag containing metadata related to the captured object;
  
  assigning a cryptographic status to the captured object by determining whether the captured object was encrypted prior to being transmitted over the network; and
  
  adding the cryptographic status of the captured object to the tag associated with the captured object.
- View Dependent Claims (30, 31, 32)
- - 30. The machine-readable medium of claim 29, wherein the instructions further cause the processor to determine whether the captured object violates a cryptographic policy by checking the metadata contained in the tag against one or more cryptographic rules.
  - 31. The machine-readable medium of claim 29, wherein one of the cryptographic rules prohibits transmission of encrypted objects from one or more source Internet protocol (IP) addresses.
  - 32. The machine-readable medium of claim 29, wherein assigning a cryptographic status to the captured object does not rely on any known content in the captured object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
de la Iglesia, Erik, Ahuja, Ratinder Paul Singh, Coleman, Shaun

Granted Patent

US 7,930,540 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/102 Entity profiles

Cryptographic policy enforcement

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

302 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic policy enforcement

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

302 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links