Cryptographic policy enforcement
First Claim
Patent Images
1. A method comprising:
- capturing packets being transmitted over a network;
assembling an object from the captured packets;
assigning a cryptographic status to the object by determining whether the captured object is encrypted; and
determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.
11 Assignments
0 Petitions
Accused Products
Abstract
Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.
302 Citations
32 Claims
-
1. A method comprising:
-
capturing packets being transmitted over a network;
assembling an object from the captured packets;
assigning a cryptographic status to the object by determining whether the captured object is encrypted; and
determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a packet capture module to capture packets being transmitted over a network;
an object assembly module to reconstruct an object from the captured packets; and
a cryptographic analyzer to determine whether the object violated a cryptographic policy in effect over the network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
capturing an object being transmitted over a network;
generating a tag associated with the captured object, the tag containing metadata related to the captured object;
assigning a cryptographic status to the captured object by determining whether the captured object was encrypted prior to being transmitted over the network; and
adding the cryptographic status of the captured object to the tag associated with the captured object. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A machine-readable medium having stored thereon data representing instructions, that, when executed by a processor of a capture system, cause the processor to perform operations comprising:
-
capturing packets being transmitted over a network;
assembling an object from the captured packets;
assigning a cryptographic status to the object by determining whether the captured object is encrypted; and
determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A machine-readable medium having stored thereon data representing instructions, that, when executed by a processor of a capture system, cause the processor to perform operations comprising:
-
capturing an object being transmitted over a network;
generating a tag associated with the captured object, the tag containing metadata related to the captured object;
assigning a cryptographic status to the captured object by determining whether the captured object was encrypted prior to being transmitted over the network; and
adding the cryptographic status of the captured object to the tag associated with the captured object. - View Dependent Claims (30, 31, 32)
-
Specification