Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices

Invention Grant

US10666640B2 Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices 有权

Please log in to see more content

Patent Title: Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices
Application No.: US15848645

Application Date: 2017-12-20
Publication No.: US10666640B2

Publication Date: 2020-05-26
Inventor: David McGrew , Blake Harrell Anderson , Subharthi Paul , William Michael Hudson, Jr. , Philip Ryan Perricone
Applicant: Cisco Technology, Inc.
Applicant Address: US CA San Jose
Assignee: Cisco Technology, Inc.
Current Assignee: Cisco Technology, Inc.
Current Assignee Address: US CA San Jose
Agency: Behmke Innovation Group LLC
Agent James M. Behmke; Jonathon P. Western
Main IPC: H04L29/06
IPC: H04L29/06 ; G06F21/55 ; H04L29/08 ; H04L9/32

Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices

Abstract:

In one embodiment, a device in a network observes traffic between a client and a server for an encrypted session. The device makes a determination that a server certificate should be obtained from the server. The device, based on the determination, sends a handshake probe to the server. The device extracts server certificate information from a handshake response from the server that the server sent in response to the handshake probe. The device uses the extracted server certificate information to analyze the traffic between the client and the server.

Public/Granted literature

US20190190961A1 SEMI-ACTIVE PROBING FRAMEWORK TO GATHER THREAT INTELLIGENCE FOR ENCRYPTED TRAFFIC AND LEARN ABOUT DEVICES Public/Granted day:2019-06-20

Information query

Espacenet