Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Secure data redaction and masking in intercepted data interactions
US10097582B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10097582-B2 |
| Application number | US-201414553235-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 25, 2014 |
| Priority date | Nov 25, 2014 |
| Publication date | Oct 9, 2018 |
| Grant date | Oct 9, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system, and computer program product for modifying intercepted data interactions are provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the intercepted packet. In an instruction according to a coding grammar, a modification of the intercepted packet is encoded. The instruction is suited for the encoding under a circumstance of the modifying. The instruction is sent to the intercepting agent. The intercepting agent at the intercepting data processing system performs the modification according to the security policy and independently of the protocol.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer usable program product for use with a security data processing system and an intercepting data processing system that is a separate structure from the security data processing system, the product comprising: a computer readable storage device; and computer usable code stored in the computer readable storage device; wherein the computer usable code includes code for: receiving, by the security data processing system and from an intercepting agent executing in the intercepting data processing system, an intercepted packet; applying, by the security data processing system, a security policy to the intercepted packet to determine whether data of the intercepted packet is non-compliant with a set of security policy(ies); receiving, by the security data processing system, an indication of a network condition and a plurality of coding grammars, the indication of the network condition including a network traffic throughput metric, wherein the selected coding grammar comprises a representation of a combination of an operation and a data fragment, the combination being positioned at a position in the intercepted packet; selecting, by the security data processing system, a selected coding grammar from the plurality of coding grammars based, at least in part, upon the network traffic throughput metric; responsive to a determination that data of the intercepted packet is non-compliant with a set of security policy(ies), generating, by the security data processing system and according to the selected coding grammar, an instruction designed to cause a modification of the intercepted packet to make a revised packet that is compliant with the set of security policy(ies); and sending the instruction from the security data processing system to the intercepting agent. 2. The product of claim 1 wherein the selected coding grammar specifies a representation of a set of instruction components in the generated instruction. 3. The product of claim 1 wherein the modification is independent of protocol. 4. The product of claim 1 wherein the computer usable code further includes code for applying, by the intercepting agent, the instruction received from the security data processing system to modify a copy of the intercepted packet according to the instruction whereby the copy of the intercepted packet is compliant with the set of security policy(ies). 5. A computer system comprising: an intercepting data processing sub-system; and a security data processing system; wherein the security data processing sub-system is structured, programmed and connected in data communication to: receive, from an intercepting agent executing in the intercepting data processing sub-system, an intercepted packet, apply a security policy to the intercepted packet to determine whether data of the intercepted packet is non-compliant with a set of security policy(ies), receive an indication of a network condition and a plurality of coding grammars, the indication of the network condition including a network traffic throughput metric, select a selected coding grammar from the plurality of coding grammars based, at least in part, upon the network traffic throughput metric, wherein the selected coding grammar comprises a representation of a combination of an operation and a data fragment, the combination being positioned at a position in the intercepted packet; responsive to a determination that data of the intercepted packet is non-compliant with a set of security policy(ies), generate, according to the selected coding grammar, an instruction designed to cause a modification of the intercepted packet to make a revised packet that is compliant with the set of security policy(ies), and send the instruction to the intercepting agent; and wherein the intercepting data processing sub-system is structured, programmed and connected in data communication to apply, by the intercepting agent, the instruction received from the security data processing sub-system to modify a copy of the intercepted packet according to the instruction whereby the copy of the intercepted packet is compliant with the set of security policy(ies). 6. The system of claim 5 wherein the selected coding grammar specifies a representation of a set of instruction components in the generated instruction. 7. The system of claim 5 wherein the modification is independent of protocol.
Assignees
Inventors
Classifications
Filtering by information in the payload · CPC title
- H04L63/166Primary
at the transport layer · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Electricity · mapped topic
Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10097582B2 cover?
- A system, and computer program product for modifying intercepted data interactions are provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the int…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/166. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 09 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).