| CPC H04L 63/0281 (2013.01) [H04L 63/0428 (2013.01)] | 20 Claims |
|
1. A system, comprising:
a gateway, interposed on a network between a client device associated with a first network address and a cloud hosted service associated with a second network address, wherein the gateway is configured to:
intercept packets of a communication session on the network between the client device and the cloud hosted service,
transmit the packets to an uploader, and
transmit the packets to a proxy;
the uploader configured to:
transmit the packets to a cloud storage location;
the proxy configured to:
derive a session key associated with the communication session, and
transmit the session key to the cloud storage location; and
a stitcher configured to:
obtain the packets and the session key from the cloud storage location,
correlate the packets of the communication session with the session key,
decrypt the packets using the session key to produce plain-text payloads of the packets, and
generate a synthetic packet stream of bidirectional data representing at least a portion of the communication session between the client device and the cloud hosted service based on the packets and using the plain-text payloads of the packets, wherein to generate the synthetic packet stream comprises:
ordering the packets into a sequential order; and
modifying at least one of a destination network address and a source network address in each packet to one of the first network address and the second network address based on an intended destination and a source of the respective packet.
|