| CPC H04L 63/0428 (2013.01) [H04L 63/166 (2013.01); H04L 67/141 (2013.01); H04L 69/18 (2013.01)] | 13 Claims |
|
1. A system for processing QUIC communications in a network, the system comprising:
a QUIC gateway including at least one processor, a client stub, and a server stub for establishing proxied QUIC communications between a client and a server;
the server stub for receiving a QUIC connection request from the client;
the QUIC gateway for modifying the QUIC connection request and forwarding the modified QUIC connection request to the server via the client stub;
wherein the client stub implements a client side of a QUIC handshake with the server to establish a first QUIC connection between the client stub and the server;
wherein the server stub implements a server side of a QUIC handshake with the server to establish a second QUIC connection between the server stub and the client;
wherein the QUIC gateway is configured for:
receiving, via the first QUIC connection, encrypted QUIC data comprising a plurality of streams;
decrypting the encrypted QUIC data, resulting in decrypted QUIC data;
extracting each of the streams from the decrypted QUIC data, resulting in a plurality of extracted streams;
packaging at least one of the extracted streams into a non-QUIC protocol format, resulting in at least one packaged stream;
re-encrypting the decrypted QUIC data and transmitting the re-encrypted QUIC data to the server via the client stub; and
a second network interface implemented on the QUIC gateway for transmitting the packaged stream to a network security tool, wherein the network security tool is configured to process the packaged stream in the non-QUIC protocol format and the network security tool comprises one or more of: a firewall, a deep packet inspection tool, an intrusion detection system (IDS), an intrusion prevention system (IPS), and a data leakage protection tool.
|