Decrypting network traffic on a middlebox device using a trusted execution environment

Assignee

• Symantec Corporation · US

Inventors

• Yuqiong Sun · Mountain View, US
• Daniel Marino · Los Angeles, US
• Susanta K. Nanda · San Jose, US
• Saurabh Shintre · Sunnyvale, US
• Brian Witten · Reston, US
• Ronald Frederick · Mountain View, US
• Qing Li · Shanghai, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0281
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.