Methods and systems for enabling legal-intercept mode for a targeted secure element
First Claim
1. A method comprising:
- embedding a first key-negotiation parameter associated with a target client device into an intercept secure encryption element;
configuring an encryption-management device to receive the intercept secure encryption element and to receive a second key-negotiation parameter associated with the target client device and obtained from a service-provider system, the encryption-management device configured to embed the second key-negotiation parameter into the intercept secure encryption element; and
providing the intercept secure encryption element to a communications-intercept system configured to obtain intercepted messages associated with the target client device, the intercepted messages comprising session-key-negotiation messages and associated data messages encrypted with a corresponding negotiated session key, wherein the intercept secure encryption element is configured to (i) identify the negotiated session key based on the session-key-negotiation messages and the first and second key-negotiation parameters and (ii) decrypt the data messages with the negotiated session key.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed herein are methods and systems for enabling legal-intercept mode for a targeted secure element. In an embodiment, a method includes embedding a first key-negotiation parameter associated with a target client device into an intercept secure encryption element; configuring an encryption-management device to receive the intercept secure encryption element and to receive a second key-negotiation parameter associated with the target client device and obtained from a service-provider system, the encryption-management device configured to embed the second key-negotiation parameter into the intercept secure encryption element; and providing the intercept secure encryption element to a communications-intercept system configured to obtain intercepted messages associated with the target client device, the intercepted messages comprising session-key-negotiation messages and associated data messages encrypted with a corresponding negotiated session key, wherein the intercept secure encryption element is configured to (i) identify the negotiated session key based on the session-key-negotiation messages and the first and second key-negotiation parameters and (ii) decrypt the data messages with the negotiated session key.
-
Citations
20 Claims
-
1. A method comprising:
-
embedding a first key-negotiation parameter associated with a target client device into an intercept secure encryption element; configuring an encryption-management device to receive the intercept secure encryption element and to receive a second key-negotiation parameter associated with the target client device and obtained from a service-provider system, the encryption-management device configured to embed the second key-negotiation parameter into the intercept secure encryption element; and providing the intercept secure encryption element to a communications-intercept system configured to obtain intercepted messages associated with the target client device, the intercepted messages comprising session-key-negotiation messages and associated data messages encrypted with a corresponding negotiated session key, wherein the intercept secure encryption element is configured to (i) identify the negotiated session key based on the session-key-negotiation messages and the first and second key-negotiation parameters and (ii) decrypt the data messages with the negotiated session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving an intercept secure encryption element containing an embedded first key-negotiation parameter associated with a target client device; obtaining, from a service-provider system, a second key-negotiation parameter associated with the target client device; embedding the second key-negotiation parameter into the intercept secure encryption element; obtaining intercepted messages associated with the target client device, the intercepted messages comprising session-key-negotiation messages and associated data messages encrypted with a corresponding negotiated session key; identifying, with the intercept secure encryption element, the negotiated session key based on the session-key-negotiation messages and the first and second key-negotiation parameters; and decrypting the data messages with the intercept secure encryption element and the negotiated session key. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
negotiating cryptographic session keys with remote devices using randomly generated secret keys, and encrypting and decrypting data with the negotiated session keys during communication sessions with the remote devices; and receiving and authenticating an intercept-mode command, and responsively negotiating a predictable cryptographic session key at least in part by; accessing a first key-negotiation parameter originating in a secure-encryption-element provider and a second key-negotiation parameter originating in a service provider; generating a pseudorandom secret key based on the first and second key-negotiation parameters; generating and sharing a first shared intermediate value based on the pseudorandom secret key; receiving a second shared intermediate value; generating the predictable cryptographic session key based on the pseudorandom secret key and the second shared intermediate value; and encrypting and decrypting data with the generated predictable cryptographic session key during a communication session with a remote device. - View Dependent Claims (19, 20)
-
Specification