公开(公告)号：US20200128032A1

公开(公告)日：2020-04-23

申请号：US16162993

申请日：2018-10-17

申请人： Forcepoint LLC

发明人： Mirja Halme ,  Otto Airamo ,  Valtteri Rahkonen ,  Tuomo Syvänne

IPC分类号： H04L29/06 ,  H04L12/66 ,  H04L12/863

摘要： A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the security device such that responses transmitted by the second endpoint in response to the objects transmitted by first endpoint device are modified to their original stream identifiers of the objects transmitted by first endpoint device.

公开(公告)号：US10791135B2

公开(公告)日：2020-09-29

申请号：US16162993

申请日：2018-10-17

申请人： Forcepoint LLC

发明人： Mirja Halme ,  Otto Airamo ,  Valtteri Rahkonen ,  Tuomo Syvänne

IPC分类号： H04L29/06 ,  H04L12/66 ,  H04L12/863

摘要： A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the security device such that responses transmitted by the second endpoint in response to the objects transmitted by first endpoint device are modified to their original stream identifiers of the objects transmitted by first endpoint device.