	US 12,231,545 B2
	Key broker for a network monitoring device, and applications thereof
John Watson, Falls Church, VA (US); Christopher Roosenraad, Vienna, VA (US); Peter P. Kofira, Powhatan, VA (US); Travis Scheponik, Midlothian, VA (US); and Aaron Eppert, Lawrenceburg, IN (US)
Assigned to Capital One Services, LLC, McLean, VA (US)
Filed by Capital One Services, LLC, McLean, VA (US)
Filed on Oct. 20, 2022, as Appl. No. 17/969,798.
Application 17/969,798 is a continuation of application No. 16/891,871, filed on Jun. 3, 2020, granted, now 11,483,141.
Prior Publication US 2023/0040466 A1, Feb. 9, 2023
Int. Cl. H04L 9/08 (2006.01); H04L 9/40 (2022.01); H04L 43/12 (2022.01); H04L 69/22 (2022.01)

CPC H04L 9/083 (2013.01) [H04L 9/0891 (2013.01); H04L 9/0894 (2013.01); H04L 43/12 (2013.01); H04L 63/306 (2013.01); H04L 69/22 (2013.01)]

20 Claims

1. A system for managing distribution of digital security keys, the system comprising:

one or more network sensors comprising network terminal access points (TAPs) configured to intercept encrypted packets on a computer network;

one or more servers including:

a website category service configured to identify the encrypted packets that should or should not be decrypted based on a privacy policy, wherein the privacy policy designates the encrypted packets related to health care or personal banking data as the encrypted packets that should not be decrypted;

a key broker configured to:

remove one or more decryption keys for the encrypted packets based on a storage limit and a priority of the one or more decryption keys, and

examine the encrypted packets to determine whether they should be decrypted based on the privacy policy; and

a key ingestion service configured to remove the one or more decryption keys identified as those that should not be decrypted based on the privacy policy.