Inspection of network traffic in a security device at object level

• Main Authors: Halme, Mirja, Airamo, Otto, Syvänne, Tuomo, Rahkonen, Valtteri
• Format: Patent
• Language: English
• Published: 29.09.2020
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the security device such that responses transmitted by the second endpoint in response to the objects transmitted by first endpoint device are modified to their original stream identifiers of the objects transmitted by first endpoint device.