Decrypting transport layer security traffic without Man-in-the-Middle proxy
US11805097B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 25, 2020 |
| Grant date | Oct 31, 2023 |
| Priority date | — |
| Expiry date | Jun 6, 2041 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0272
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A network security platform (NSP) device and interaction method are disclosed. The interaction method provides network packet analysis for secure transmission protocols using ephemeral keys or keys that are negotiated dynamically. The NSP may be part of an Intrusion Protection System, or firewall. The disclosed approach does not use man-in-the-middle proxy. Instead, it includes monitoring connections ends: client and/or server, to intercept the required data or negotiated (or changed) encryption keys. Decrypted data may be sent to an NSP sensor in a secure manner for analysis. Alternatively, intercepted keys used for the encrypt/decrypt operations may be sent to an NSP sensor in a secure manner every time they are changed. The NSP sensor may then use the obtained keys to decrypt traffic prior to providing it to the inspection engines. Embodiments focused on inbound traffic to a web server may coordinate between a web server and an NSP.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.