Automatic quality management of chat agents via chat bots
US-2019058793-A1 · Feb 21, 2019 · US
Secure communication protocol processing
US11245674B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11245674-B2 |
| Application number | US-201715841297-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 14, 2017 |
| Priority date | Dec 14, 2017 |
| Publication date | Feb 8, 2022 |
| Grant date | Feb 8, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Example methods are provided for secure communication protocol processing in a network environment. The method may comprise, in response to detecting a first transport protocol packet that is addressed from a first endpoint to a second endpoint and includes unencrypted payload data and a first sequence number, generating and sending a first secure communication protocol packet that includes encrypted payload data and a second sequence number. The method may also comprise, in response detecting a second transport protocol packet that includes the first sequence number, determining that the second transport protocol packet is a retransmission of the first transport protocol packet. The method may further comprise generating and sending a second secure communication protocol packet that includes the second sequence number associated with the first sequence number.
First claim
Opening claim text (preview).
We claim: 1. A method for a security agent to perform secure communication protocol processing in a network environment that includes the security agent, a first endpoint, and a second endpoint, the method comprising: in response to detecting a first transport protocol packet that is addressed for transmission via a transport layer connection from the first endpoint to the second endpoint, wherein the first transport protocol packet includes unencrypted payload data and a first sequence number: (i) based on the first transport protocol packet, generating and sending a first secure communication protocol packet that includes: encrypted payload data that has been encrypted by the security agent from the payload data in the first transport protocol packet, and a second sequence number, (ii) wherein the security agent: is implemented by a hypervisor of a physical host that supports the first endpoint, is deployed along a data path between the first endpoint and a physical network attached to the physical host, and does not terminate or re-establish the transport layer connection, and wherein the security agent does not store a copy of the encrypted payload data that was sent; and (iii) storing mapping data that associates the first sequence number with the second sequence number; and in response to receiving, from the first endpoint, a second transport protocol packet that includes the first sequence number: (i) based on the mapping data and the first sequence number in the second transport protocol packet, determining that the second transport protocol packet is a retransmission of the first transport protocol packet; and (ii) in response to determining that the second transport protocol packet is the retransmission of the first transport protocol packet, generating and sending a second secure communication protocol packet, wherein the second secure communication protocol packet includes the second sequence number associated with the first sequence number, and wherein generating and sending the second secure communication protocol packet includes encrypting unencrypted payload data in the second transport protocol packet to generate encrypted payload data in the second secure communication protocol packet. 2. The method of claim 1 , wherein generating and sending the first secure communication protocol packet comprises: mapping the first sequence number to the second sequence number based on an offset value associated with one or more of: size of a secure communication protocol header in the first secure communication protocol packet, size of an authentication tag in the first secure communication protocol packet, and data padding in the first secure communication protocol packet. 3. The method of claim 1 , wherein generating and sending the first secure communication protocol packet comprises: encrypting the unencrypted payload data in the first transport protocol packet using a first encryption initialization vector to generate the encrypted payload data in the first secure communication protocol packet. 4. The method of claim 3 , wherein encrypting the unencrypted payload data in the second transport protocol packet to generate the encrypted payload data in the second secure communication protocol packet includes encrypting the unencrypted payload data in the second transport protocol packet using a second encryption initialization vector that is different from the first encryption initialization vector. 5. The method of claim 1 , further comprising: in response to detecting an acknowledgement packet for the second secure communication protocol packet from the second endpoint, generating and sending an acknowledgement packet for the second transport protocol packet based on the mapping data. 6. A non-transitory computer-readable storage medium that includes instructions which, in response to execution by a processor of a computer system having a security agent, cause the security agent of the computer system to perform a method of secure communication protocol processing in a network environment that includes the computer system, a first endpoint, and a second endpoint, wherein the method comprises: in response to detecting a first transport protocol packet that is addressed for transmission via a transport layer connection from the first endpoint to the second endpoint, wherein the first transport protocol packet includes unencrypted payload data and a first sequence number: (i) based on the first transport protocol packet, generating and sending a first secure communication protocol packet that includes: encrypted payload data that has been encrypted by the security agent from the payload data in the first transport protocol packet, and a second sequence number, (ii) wherein the security agent: is implemented by a hypervisor of a physical host that supports the first endpoint, is deployed along a data path between the first endpoint and a physical network attached to the physical host, and does not terminate or re-establish the transport layer connection, and wherein a copy of the encrypted payload data that was sent is not stored by the security agent; and (iii) storing mapping data that associates the first sequence number with the second sequence number; and in response to receiving, from the first endpoint, a second transport protocol packet that includes the first sequence number: (i) based on the mapping data and the first sequence number in the second transport protocol packet, determining that the second transport protocol packet is a retransmission of the first transport protocol packet; and (ii) in response to determining that the second transport protocol packet is the retransmission of the first transport protocol packet, generating and sending a second secure communication protocol packet, wherein the second secure communication protocol packet includes the second sequence number associated with the first sequence number, and wherein generating and sending the second secure communication protocol packet includes encrypting unencrypted payload data in the second transport protocol packet to generate encrypted payload data in the second secure communication protocol packet. 7. The non-transitory computer-readable storage medium of claim 6 , wherein generating and sending the first secure communication protocol packet comprises: mapping the first sequence number to the second sequence number based on an offset value associated with one or more of: size of a secure communication protocol header in the first secure communication protocol packet, size of an authentication tag in the first secure communication protocol packet, and data padding in the first secure communication protocol packet. 8. The non-transitory computer-readable storage medium of claim 6 , wherein generating and sending the first secure communication protocol packet comprises: encrypting the unencrypted payload data in the first transport protocol packet using a first encryption initialization vector to generate the encrypted payload data in the first secure communication protocol packet. 9. The non-transitory computer-readable storage medium of claim 8 , wherein encrypting the unencrypted payload data in the second transport protocol packet to generate the encrypted payload data in the second secure communication protocol packet includes encrypting the unencrypted payload data in the second transport protocol packet using a second encryption initialization vector that is different from the first encryption initialization vector. 10. The non-transitory computer-readable storage medium of claim 6 , wherein the method further comprises: in response to detecting an acknowledgement packet for the second secure co
Assignees
Inventors
Classifications
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
using a plurality of keys or algorithms · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
using a predetermined code, e.g. password, passphrase or PIN (network architectures or network communication protocols for supporting authentication of entities using passwords in a packet data network H04L63/083) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11245674B2 cover?
- Example methods are provided for secure communication protocol processing in a network environment. The method may comprise, in response to detecting a first transport protocol packet that is addressed from a first endpoint to a second endpoint and includes unencrypted payload data and a first sequence number, generating and sending a first secure communication protocol packet that includes enc…
- Who is the assignee on this patent?
- Nicira Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 08 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 10 related publications on this page (citations in our corpus or others sharing the same primary CPC).