| 摘要 |
Embodiments of the present invention address deficiencies of the art in respect to security function processing of encrypted data in a security enforcement point and provide a method, system and computer program product for security enforcement point inspection of a traversing encrypted data in a secure, end-to-end communications path. In an embodiment of the invention, a method for security enforcement point inspection of encrypted data in a secure, end-to-end communications path can be provided. The method can include establishing a persistent secure session with a key server holding an SA for an end-to-end secure communications path between endpoints, receiving the SA for the end-to-end secure communications path over the persistent secure session, decrypting an encrypted payload for the end-to-end secure communications path using session key data in the SA, and performing a security function on the decrypted payload.
|
