IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 10044691 B1

PDFFull Text
Date of Patent:
Aug. 07, 2018

Filed:

Feb. 12, 2018

Decrypting network traffic on a middlebox device using a trusted execution environment

Applicant:

Symantec Corporation, Mountain View, CA (US);

Inventors:

Yuqiong Sun, Mountain View, CA (US);

Daniel Marino, Los Angeles, CA (US);

Susanta K. Nanda, San Jose, CA (US);

Saurabh Shintre, Sunnyvale, CA (US);

Brian T. Witten, Hermosa Beach, CA (US);

Ronald A. Frederick, Mountain View, CA (US);

Qing Li, Cupertino, CA (US);

Assignee:

SYMANTEC CORPORATION, Mountain View, CA (US);

Attorney:

Maschoff Brennan

Primary Examiner:

Oleg Korsak

Int. Cl.
CPC ...
H04L 29/06 (2006.01); G06F 21/62 (2013.01);
U.S. Cl.
CPC ...
H04L 63/0435 (2013.01); G06F 21/6263 (2013.01);
Abstract

Decrypting network traffic on a middlebox device using a trusted execution environment (TEE). In one embodiment, a method may include loading a kernel application inside the TEE, loading a logic application outside the TEE, intercepting, by the logic application, encrypted network traffic, forwarding, from the logic application to the kernel application, the encrypted network traffic, decrypting, at the kernel application, the encrypted network traffic, inspecting, at the kernel application, the decrypted network traffic according to a sensitivity policy to determine whether the decrypted network traffic includes sensitive data, forwarding, from the kernel application to the logic application, filtered decrypted network traffic that excludes the sensitive data, processing, at the logic application, the filtered decrypted network traffic, forwarding, from the logic application to the kernel application, the filtered decrypted network traffic after the processing by the logic application, and forwarding, from the kernel application, the encrypted network traffic.

Find Patent Forward Citations

Loading…