US 12,238,177 B1
Mid-link forensic system for remote application environment
James S. Robinson, Indianapolis, IN (US); Vadon Willis, Nashville, TN (US); and John Khotsyphom, St. Louis, MO (US)
Assigned to Netskope, Inc., Santa Clara, CA (US)
Filed by Netskope, Inc., Santa Clara, CA (US)
Filed on Jan. 26, 2024, as Appl. No. 18/424,701.
Int. Cl. H04L 67/1396 (2022.01)
CPC H04L 67/1396 (2022.05) 20 Claims
OG exemplary drawing
 
1. A method for an electronic inspection between a plurality of end-link servers and a plurality of user endpoints of a plurality of tenants by a mid-link server, the method including:
receiving a communication at the mid-link server passing between the plurality of end-link servers and the plurality of user endpoints using a plurality of tunnels, wherein
the mid-link server is configured between the plurality of user endpoints and the plurality of end-link servers;
modeling a plurality of interactions in the plurality of tunnels using a model of an application layer hosted by the mid-link server, wherein the model of the application layer records a plurality of data objects;
differentiating a data object among the plurality of data objects with respect to information and activities of each of the plurality of user endpoints;
analyzing the model and the plurality of data objects within the plurality of tunnels based on a plurality of policies;
determining a context that is a function of the plurality of data objects and the model;
triggering of a policy of the plurality of policies based on the context; and
storing the plurality of data objects and the plurality of interactions upon the triggering of the policy of the plurality of policies.