EXTRACTING DATA FROM ENCRYPTED PACKET FLOWS
First Claim
1. A method, comprising:
- detecting a data packet that belongs to an encrypted data flow traversing a network;
determining whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake;
forwarding the data packet to a first server pool that will truncate the data packet, when the encrypted data flow is an existing encrypted data flow; and
forwarding the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, when the encrypted data flow is a new encrypted data flow.
1 Assignment
0 Petitions
Accused Products
Abstract
In one example, the present disclosure describes a device, computer-readable medium, and method for extracting data from encrypted packet flows. For instance, in one example, a method includes detecting a data packet that belongs to an encrypted data flow traversing a network, determining whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake, forwarding the data packet to a first server pool that will truncate the data packet, when the encrypted data flow is an existing encrypted data flow, and forwarding the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, when the encrypted data flow is a new encrypted data flow.
-
Citations
20 Claims
-
1. A method, comprising:
-
detecting a data packet that belongs to an encrypted data flow traversing a network; determining whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake; forwarding the data packet to a first server pool that will truncate the data packet, when the encrypted data flow is an existing encrypted data flow; and forwarding the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, when the encrypted data flow is a new encrypted data flow. - View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10)
-
-
6. A device, comprising:
-
a processor; and a computer-readable medium storing instructions which, when executed by the processor, cause the processor to perform operations comprising; detecting a data packet that belongs to an encrypted data flow traversing a network; determining whether the encrypted data flow is a new encrypted data flow or an existing encrypted data flow, based on an inspection of payloads of data packets belonging to the encrypted data flow for evidence of a transport control protocol handshake; forwarding the data packet to a first server pool that will truncate the data packet, when the encrypted data flow is an existing encrypted data flow; and forwarding the data packet to a second server pool that will inspect a payload of the data packet for a secure sockets layer certificate, when the encrypted data flow is a new encrypted data flow.
-
-
11. A method, comprising:
-
inspecting payloads of data packets belonging to a new encrypted data flow for a secure sockets layer certificate, wherein evidence of a transport control protocol handshake has been previously detected in the new encrypted data flow; detecting the secure sockets layer certificate in a payload of one of the data packets; and extracting the secure sockets layer certificate from the payload of the one of the data packets. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification