[go: up one dir, main page]

ES2410681B1 - METHOD AND SYSTEM FOR PERFORMING ANALYSIS AND CONTROL WHEN EXCHANGED FLOWS OF ENCRYPTED DATA - Google Patents

METHOD AND SYSTEM FOR PERFORMING ANALYSIS AND CONTROL WHEN EXCHANGED FLOWS OF ENCRYPTED DATA Download PDF

Info

Publication number
ES2410681B1
ES2410681B1 ES201131889A ES201131889A ES2410681B1 ES 2410681 B1 ES2410681 B1 ES 2410681B1 ES 201131889 A ES201131889 A ES 201131889A ES 201131889 A ES201131889 A ES 201131889A ES 2410681 B1 ES2410681 B1 ES 2410681B1
Authority
ES
Spain
Prior art keywords
encrypted data
encrypted
user
control
channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn - After Issue
Application number
ES201131889A
Other languages
Spanish (es)
Other versions
ES2410681A2 (en
ES2410681R1 (en
Inventor
Antonio Manuel Amaya Calvo
Juan ROLDÁN PARRA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonica SA
Original Assignee
Telefonica SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonica SA filed Critical Telefonica SA
Priority to ES201131889A priority Critical patent/ES2410681B1/en
Priority to PCT/EP2012/072074 priority patent/WO2013075948A1/en
Publication of ES2410681A2 publication Critical patent/ES2410681A2/en
Publication of ES2410681R1 publication Critical patent/ES2410681R1/en
Application granted granted Critical
Publication of ES2410681B1 publication Critical patent/ES2410681B1/en
Withdrawn - After Issue legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Facsimiles In General (AREA)

Abstract

Sistema y método para realizar análisis y control eficaz cuando se intercambian flujos de datos cifrados.#En el método de la invención dichos flujos de datos cifrados se envían por medio de un canal cifrado principal entre un usuario y un servidor y hay un analizador de tráfico que intercepta el tráfico cifrado.#Comprende:#- establecer un primer canal cifrado entre dicho usuario y dicho analizador de tráfico usando parámetros de sesión de cifrado;#- analizar, dicho analizador de tráfico, al menos parte de los flujos de datos cifrados recibidos a través de dicho primer canal cifrado con el fin de determinar si debería permitirse la comunicación entre dicho usuario y dicho servidor;#- realizar, dicho analizador de tráfico, un traspaso de dichos parámetros de sesión de cifrado entre dicho servidor y dicho usuario si se determina que se permite dicha comunicación; y#- establecer dicho canal cifrado principal usando al menos dichos primeros parámetros de sesión de cifrado.#El sistema de la invención está dispuesto para implementar el método de la invención.System and method for performing efficient analysis and control when encrypted data streams are exchanged. # In the method of the invention said encrypted data streams are sent via a main encrypted channel between a user and a server and there is a traffic analyzer. which intercepts the encrypted traffic. # Includes: # - establishing a first encrypted channel between said user and said traffic analyzer using encryption session parameters; # - analyzing, said traffic analyzer, at least part of the encrypted data streams received through said first encrypted channel in order to determine whether communication between said user and said server should be allowed; # - perform, said traffic analyzer, a transfer of said encryption session parameters between said server and said user if determines that such communication is allowed; and # - establishing said main encryption channel using at least said first encryption session parameters. # The system of the invention is arranged to implement the method of the invention.

Description

imagen1image 1

imagen2image2

imagen3image3

imagen4image4

imagen5image5

imagen6image6

imagen7image7

imagen8image8

Claims (1)

imagen1image 1 imagen2image2 imagen3image3
ES201131889A 2011-11-23 2011-11-23 METHOD AND SYSTEM FOR PERFORMING ANALYSIS AND CONTROL WHEN EXCHANGED FLOWS OF ENCRYPTED DATA Withdrawn - After Issue ES2410681B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
ES201131889A ES2410681B1 (en) 2011-11-23 2011-11-23 METHOD AND SYSTEM FOR PERFORMING ANALYSIS AND CONTROL WHEN EXCHANGED FLOWS OF ENCRYPTED DATA
PCT/EP2012/072074 WO2013075948A1 (en) 2011-11-23 2012-11-07 A method and a system to perform analysis and control when exchanging ciphered data flows

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
ES201131889A ES2410681B1 (en) 2011-11-23 2011-11-23 METHOD AND SYSTEM FOR PERFORMING ANALYSIS AND CONTROL WHEN EXCHANGED FLOWS OF ENCRYPTED DATA

Publications (3)

Publication Number Publication Date
ES2410681A2 ES2410681A2 (en) 2013-07-02
ES2410681R1 ES2410681R1 (en) 2013-12-18
ES2410681B1 true ES2410681B1 (en) 2014-12-16

Family

ID=47324041

Family Applications (1)

Application Number Title Priority Date Filing Date
ES201131889A Withdrawn - After Issue ES2410681B1 (en) 2011-11-23 2011-11-23 METHOD AND SYSTEM FOR PERFORMING ANALYSIS AND CONTROL WHEN EXCHANGED FLOWS OF ENCRYPTED DATA

Country Status (2)

Country Link
ES (1) ES2410681B1 (en)
WO (1) WO2013075948A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040015725A1 (en) * 2000-08-07 2004-01-22 Dan Boneh Client-side inspection and processing of secure content
US6988147B2 (en) * 2001-05-31 2006-01-17 Openwave Systems Inc. Method of establishing a secure tunnel through a proxy server between a user device and a secure server
GB2378009B (en) * 2001-07-27 2005-08-31 Hewlett Packard Co Method of establishing a secure data connection
US8214635B2 (en) * 2006-11-28 2012-07-03 Cisco Technology, Inc. Transparent proxy of encrypted sessions
US8190879B2 (en) * 2009-12-17 2012-05-29 Cisco Technology, Inc. Graceful conversion of a security to a non-security transparent proxy

Also Published As

Publication number Publication date
WO2013075948A1 (en) 2013-05-30
ES2410681A2 (en) 2013-07-02
ES2410681R1 (en) 2013-12-18

Similar Documents

Publication Publication Date Title
CL2014000495A1 (en) Method and system to determine the location of a mobile device and use said location to control access to the content service, where the method comprises communicating a request for content from a mobile device to a network header, requesting the location data by coordinates geographical of the mobile device and control said device in response to a first, second and third geographical region associated with the device.
CL2017000865A1 (en) Methods, devices and systems for network analysis
BR112018068975A2 (en) channel access priority class selection
EP3435627A4 (en) METHOD FOR CONTROLLING SERVICE TRAFFIC BETWEEN DATA CENTERS, DEVICE, AND SYSTEM
BRPI1101898A8 (en) message transmission apparatus, and, authentication method on an image transmission apparatus
DK3494723T3 (en) Methods and devices for indicating data traffic transmitted over an unlicensed spectrum
EP2982216A4 (en) APPARATUS, SYSTEM AND METHOD FOR ROUTING TRAFFIC CENTERED ON USER EQUIPMENT (UE)
BR112018002250A2 (en) methods for switching connection capacity
EP4243372A3 (en) Method and system for intercepting and decrypting fingerprint protected media traffic
BR112018001939A2 (en) wifi network access management system, wifi network access management method, and non-transient readable media
MX360484B (en) EFFICIENT NETWORK COAT FOR IPV6 PROTOCOL.
WO2012096532A3 (en) Method and device for setting channel status information measuring resource in a wireless communication system
BR112013016988A2 (en) methods for transporting a plurality of media streams over a shared mbms bearer in a 3gpp compliant communication system
BR112016025506A2 (en) Methods and Equipment for Integrating Bluetooth Devices with Neighbor-Aware Networks
EP3777066C0 (en) PDU SESSION FOR ENCRYPTED TRAFFIC DETECTION
BR112016028758A2 (en) d2d communications feedback control
BR112014027950A2 (en) method, system and apparatus for exchanging data between client devices.
MX2018009569A (en) Protecting network devices by a firewall.
BRPI0813767A2 (en) mobility management entity, mobile telecommunications device, methods for operating user equipment on a telecommunications network and for providing voice service, and the evolved universal mobile telecommunications system terrestrial radio access network.
EP3018852A4 (en) METHOD FOR DETERMINING PRECODING MATRIX INDICATOR, RECEIVING DEVICE, AND TRANSMITTING DEVICE
ATE477638T1 (en) METHOD, SYSTEM AND DEVICE FOR DEALING WITH AN ENCRYPTION KEY SHARED BY UE AND EXTERNAL DEVICES
BR112019006507A2 (en) method on a network node, method on a wireless device, network node, and wireless device
GB2545824A (en) Surfactant selection methods for wetting alteration in subterranean formations
FR2956541B1 (en) CRYPTOGRAPHIC METHOD FOR COMMUNICATING CONFIDENTIAL INFORMATION.
EP2971721A4 (en) DATA COMPRESSION FOR PRIORITY-BASED DATA TRAFFIC AT AGGREGATED TRAFFIC LEVEL IN MULTI-STREAM COMMUNICATION SYSTEM

Legal Events

Date Code Title Description
FG2A Definitive protection

Ref document number: 2410681

Country of ref document: ES

Kind code of ref document: B1

Effective date: 20141216

FA2A Application withdrawn

Effective date: 20150415