Patent · US Active

Securely deliver decrypted data of mirrored VPN traffic

US12375471B2 · kind B2 · utility

0Cited by

3References

20Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Zhanglin He · San Jose, US
Tripti Agarwal · Fremont, US
Kavitha Sivagnanam · San Mateo, US
Tushar Vyankatesh Nargunde · San Jose, US
Jose Carlos Sagrero Dominguez · Lilburn, US

Key dates

Filing date	Jul 31, 2023
Grant date	Jul 29, 2025
Priority date	—
Expiry date	Feb 7, 2044

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/166
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

An orchestrator that manages security appliances for an organization determines a sink configured for traffic mirroring and correspondingly configures components for secure conveyance of mirrored traffic to a sink. The orchestrator configures a VM associated with the mirroring sink to use correlated packets and tunnel keys to securely convey the packets to an organization. The virtual machine decrypts each set of packets with the correlated tunnel key in memory and then re-encrypts the packets with a cryptographic key (hereinafter “random key”) generated on-the-fly for use on the current set of decrypted packets in memory. The virtual machine then encrypts the random key with a public key of the organization that will monitor and/or analyze the traffic data and writes the encrypted packets and/or packet contents and encrypted random key to a specified repository of the organization.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.