Method and system for securely scanning network traffic
First Claim
1. A method comprising:
- regarding a data packet encrypted utilizing an encryption parameter shared by a first device, a second device, and a separate computer, said encrypted data packet sent by said first device to said second device;
causing said separate computer to decrypt said encrypted data packet within said separate computer, said separate computer adapted to restrict all operators of said separate computer from accessing contents of said data packet.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.
68 Citations
20 Claims
-
1. A method comprising:
regarding a data packet encrypted utilizing an encryption parameter shared by a first device, a second device, and a separate computer, said encrypted data packet sent by said first device to said second device;
causing said separate computer to decrypt said encrypted data packet within said separate computer, said separate computer adapted to restrict all operators of said separate computer from accessing contents of said data packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
19. A method comprising:
regarding a data packet encrypted utilizing an encryption parameter shared by a first device, a second device, and a separate computer, said encrypted data packet sent by said first device to said second device;
decrypting said encrypted data packet within said separate computer, said separate computer adapted to restrict all operators of said separate computer from accessing contents of said data packet.
-
20. A machine-readable medium comprising a computer program adapted to:
-
regarding a data packet encrypted utilizing an encryption parameter shared by a first device, a second device, and a separate computer, said encrypted data packet sent by said first device to said second device;
decrypt said encrypted data packet within said separate computer, said separate computer adapted to restrict all operators of said separate computer from accessing contents of said data packet.
-
Specification