Decryption and analysis of network traffic using key material collected from endpoint devices of a computer network

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Scott E. Moore · Meridian, US
• Scott Carter · Los Altos, US
• Matthew D. Tharp · Denver, US
• Edward G. Quackenbush · Oakton, US
• Etienne Boucher · ᐙᔂᓂᐲ Waswanipi, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/065
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An apparatus in one embodiment comprises a first endpoint device having a processor coupled to a memory. The first endpoint device is adapted for communication with other endpoint devices over a network, and implements a key capture agent configured to interface with an operating system of the first endpoint device. The key capture agent is configured to collect key material associated with a session key utilized to encrypt packets sent by the first endpoint device to a second endpoint device over the network as part of a corresponding session. The key material and an identifier of the corresponding session are transmitted for delivery to a decoder that is not part of the first or second endpoint devices, so as to permit the decoder to be configured to decrypt the encrypted packets in intercepted network traffic. For example, the key capture agent may be configured to transmit the key material.