What technology area does this patent fall under?

Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Apr 28 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Intercepting, decrypting and inspecting traffic over an encrypted channel

US2016119374A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016119374-A1
Application number	US-201414526215-A
Country	US
Kind code	A1
Filing date	Oct 28, 2014
Priority date	Oct 28, 2014
Publication date	Apr 28, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session initiation request message, preferably by creating a fake socket to a local process, and then diverting the request message over that socket. The TCP connection is then terminated, and the mechanism initiates a new session in initiation request message, all while the original session initiation request message continues to be held. The server responds with its server certificate, which is then used by the mechanism to generate a new server certificate. The new server certificate is then returned to the requesting client as the response to the session initiation request message.

First claim

Opening claim text (preview).

1 . A method, comprising: responsive to detection of a session initiation request message from a client and intended for a server, the session initiation request message being received following establishment of a TCP connection between the client and the server, holding the session initiation request message locally; terminating the TCP connection and initiating a new session initiation request message to the server, while continuing to hold the session initiation request message locally; receiving from the server a response to the new session initiation request message, the response including a server certificate; using information in at least the server certificate to generate a new server certificate; and forwarding a response to the session initiation request message, the response including the new server certificate; wherein each operation is carried out in software executing in a hardware element. 2 . The method as described in claim 1 wherein the step of holding the session initiation request includes: creating a socket to a local process; and diverting the session initiation request message to the local process over the socket. 3 . The method as described in claim 2 wherein the local process is a user mode local process having an associated listener, and the socket is created by an operating system kernel. 4 . The method as described in claim 2 wherein diverting the session initiation request message to the local process includes: creating a child socket associated with the listener; and adding the child socket to a queue associated with the listener. 5 . The method as described in claim 1 wherein the new server certificate is generated by: extracting subject information from the server certificate; creating a key pair and a public key certificate, the public key certificate including the information, together with a public key of the key pair; and signing the public key certificate with a self-signed certificate. 6 . The method as described in claim 1 , further including: intercepting a data packet received from the client; decrypting the data packet to recover given data; inspecting the given data; re-encrypting the given data to generate a new data packet; and forwarding the new data packet to the server. 7 . The method as described in claim 1 , wherein the session initiation request message is one of: an SSL client hello, and a TLS client hello, and the TCP connection is not bound to a dedicated port. 8 . Apparatus, comprising: a processor; computer memory holding computer program instructions executed by the processor, the computer program instructions comprising: program code responsive to detection of a session initiation request message from a client and intended for a server, the session initiation request message being received following establishment of a TCP connection between the client and the server, to hold the session initiation request message locally; program code operative to terminate the TCP connection and initiate a new session initiation request message to the server, while continuing to hold the session initiation request message locally; program code operative to receive from the server a response to the new session initiation request message, the response including a server certificate; program code operative to use information in at least the server certificate to generate a new server certificate; and program code operative to forward a response to the session initiation request message, the response including the new server certificate. 9 . The apparatus as described in claim 8 wherein the program code to hold the session initiation request includes: program code operative to create a socket to a local process; and program code operative to divert the session initiation request message to the local process over the socket. 10 . The apparatus as described in claim 9 wherein the local process is a user mode local process having an associated listener, and the socket is created by an operating system kernel. 11 . The apparatus as described in claim 9 wherein the program code operative to divert the session initiation request message to the local process includes: program code operative to create a child socket associated with the listener; and program code operative to add the child socket to a queue associated with the listener. 12 . The apparatus as described in claim 8 wherein the program code operative to generate the new server certificate includes: program code operative to extract subject information from the server certificate; program code operative to create a key pair and a public key certificate, the public key certificate including the information, together with a public key of the key pair; and program code to sign the public key certificate with a self-signed certificate. 13 . The apparatus as described in claim 8 , further including: program code operative to intercept a data packet received from the client; program code operative to decrypt the data packet to recover given data; program code operative to inspect the given data; program code operative to re-encrypt the given data to generate a new data packet; and program code operative to forward the new data packet to the server. 14 . The apparatus as described in claim 8 , wherein the session initiation request message is one of: an SSL client hello, and a TLS client hello, and the TCP connection is not bound to a dedicated port. 15 . A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method, the computer program instructions comprising: program code responsive to detection of a session initiation request message from a client and intended for a server, the session initiation request message being received following establishment of a TCP connection between the client and the server, to hold the session initiation request message locally; program code operative to terminate the TCP connection and initiate a new session initiation request message to the server, while continuing to hold the session initiation request message locally; program code operative to receive from the server a response to the new session initiation request message, the response including a server certificate; program code operative to use information in at least the server certificate to generate a new server certificate; and program code operative to forward a response to the session initiation request message, the response including the new server certificate. 16 . The computer program product as described in claim 15 wherein the program code to hold the session initiation request includes: program code operative to create a socket to a local process; and program code operative to divert the session initiation request message to the local process over the socket. 17 . The computer program product as described in claim 16 wherein the local process is a user mode local process having an associated listener, and the socket is created by an operating system kernel. 18 . The computer program product as described in claim 17 wherein the program code operative to divert the session initiation request message to the local process includes: program code operative to create a child socket associated with the listener; and program code operative to add the child socket to a queue associated with the lis

Assignees

Inventors

Classifications

H04L63/0428
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
H04L63/166
at the transport layer · CPC title
H04L63/0823
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L63/04
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title

Patent family

Related publications grouped by family.

View patent family 55792938

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016119374A1 cover?: A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session …
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Apr 28 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).