Intercepting a communication session in a telecommunication network

US 20060245595A1
Filed: 04/28/2005
Published: 11/02/2006
Est. Priority Date: 04/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method for intercepting a secure communication session, comprising:

distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;

establishing a secure channel between the key distribution point and an intercepting point;

determining if the intercepting endpoint is authorized to intercept the secure communication session; and

providing the key to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, the key providing the intercepting endpoint with access to intercept the secure communication session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Intercepting a secure communication session includes distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint. A secure channel is established between the key distribution point and an intercepting point. The intercepting endpoint may be determined to be authorized to intercept the secure communication session. The key is provided to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, where the key provides the intercepting endpoint with access to intercept the secure communication session.

19 Citations

View as Search Results

20 Claims

1. A method for intercepting a secure communication session, comprising:
- distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;
  
  establishing a secure channel between the key distribution point and an intercepting point;
  
  determining if the intercepting endpoint is authorized to intercept the secure communication session; and
  
  providing the key to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, the key providing the intercepting endpoint with access to intercept the secure communication session.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - the call session communicates a media stream; and
      
      the key provides access to the media stream.
  - 3. The method of claim 1, wherein determining if the intercepting endpoint is authorized to intercept the secure communication session further comprises:
    - accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining whether the intercepting endpoint is authorized; and
      
      determining that the intercepting endpoint is authorized if the intercepting endpoint satisfies the interception rule.
  - 4. The method of claim 1, wherein:
    - determining if the intercepting endpoint is authorized to intercept the secure communication session further comprises accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining one or more conditions under which the intercepting endpoint is authorized; and
      
      providing the key to the intercepting endpoint further comprises providing the key only under the one or more conditions.
  - 5. The method of claim 1, wherein:
    - determining if the intercepting endpoint is authorized to intercept the secure communication session further comprises accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining a time period during which the intercepting endpoint is authorized; and
      
      providing the key to the intercepting endpoint further comprises providing the key only during the time period.
  - 6. The method of claim 1, further comprising recording information describing the interception of the communication session.

7. A system for intercepting a secure communication session, comprising:
- a key manager operable to distribute a key in order to establish a secure communication session between a first endpoint and a second endpoint; and
  
  an interception manager coupled to the key manager and operable to;
  
  establish a secure channel between the key distribution point and an intercepting point;
  
  determine if the intercepting endpoint is authorized to intercept the secure communication session; and
  
  provide the key to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, the key providing the intercepting endpoint with access to intercept the secure communication session.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein:
    - the call session communicates a media stream; and
      
      the key provides access to the media stream.
  - 9. The system of claim 7, the interception manager further operable to determine if the intercepting endpoint is authorized to intercept the secure communication session by:
    - accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining whether the intercepting endpoint is authorized; and
      
      determining that the intercepting endpoint is authorized if the intercepting endpoint satisfies the interception rule.
  - 10. The system of claim 7, the interception manager further operable to:
    - determine if the intercepting endpoint is authorized to intercept the secure communication session by accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining one or more conditions under which the intercepting endpoint is authorized; and
      
      provide the key to the intercepting endpoint by providing the key only under the one or more conditions.
  - 11. The system of claim 7, the interception manager further operable to:
    - determine if the intercepting endpoint is authorized to intercept the secure communication session by accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining a time period during which the intercepting endpoint is authorized; and
      
      provide the key to the intercepting endpoint by providing the key only during the time period.
  - 12. The system of claim 7, the interception manager further operable to record information describing the interception of the communication session.

13. Logic for intercepting a secure communication session, the logic embodied in a medium and operable to:
- distribute a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;
  
  establish a secure channel between the key distribution point and an intercepting point;
  
  determine if the intercepting endpoint is authorized to intercept the secure communication session; and
  
  provide the key to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, the key providing the intercepting endpoint with access to intercept the secure communication session.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The logic of claim 13, wherein:
    - the call session communicates a media stream; and
      
      the key provides access to the media stream.
  - 15. The logic of claim 13, further operable to determine if the intercepting endpoint is authorized to intercept the secure communication session by:
    - accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining whether the intercepting endpoint is authorized; and
      
      determining that the intercepting endpoint is authorized if the intercepting endpoint satisfies the interception rule.
  - 16. The logic of claim 13, further operable to:
    - determine if the intercepting endpoint is authorized to intercept the secure communication session by accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining one or more conditions under which the intercepting endpoint is authorized; and
      
      provide the key to the intercepting endpoint by providing the key only under the one or more conditions.
  - 17. The logic of claim 13, further operable to:
    - determine if the intercepting endpoint is authorized to intercept the secure communication session by accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining a time period during which the intercepting endpoint is authorized; and
      
      provide the key to the intercepting endpoint by providing the key only during the time period.
  - 18. The logic of claim 13, further operable to record information describing the interception of the communication session.

19. A system for intercepting a secure communication session, comprising:
- means for distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;
  
  means for establishing a secure channel between the key distribution point and an intercepting point;
  
  means for determining if the intercepting endpoint is authorized to intercept the secure communication session; and
  
  means for providing the key to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, the key providing the intercepting endpoint with access to intercept the secure communication session.

20. A method for intercepting a secure communication session, comprising:
- distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint, the call session communicating a media stream;
  
  establishing a secure channel between the key distribution point and an intercepting point;
  
  determining if the intercepting endpoint is authorized to intercept the secure communication session, the intercepting endpoint determined to be authorized by;
  
  accessing an interception rule corresponding to the intercepting endpoint, the interception rule defining whether the intercepting endpoint is authorized, the interception rule defining one or more conditions under which the intercepting endpoint is authorized, the interception rule defining a time period during which the intercepting endpoint is authorized; and
  
  determining that the intercepting endpoint is authorized if the intercepting endpoint satisfies the interception rule;
  
  providing the key to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, the key providing the intercepting endpoint with access to the media stream to intercept the secure communication session, the key provided to the intercepting endpoint by;
  
  providing the key only under the one or more conditions; and
  
  providing the key only during the time period; and
  
  recording information describing the interception of the communication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wing, Daniel G., Bell, Robert T., Kandasamy, Subbiah

Granted Patent

US 8,175,277 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/102   Entity profiles

H04L 63/30   for supporting lawful inter...

H04L 63/306   intercepting packet switche...

H04L 9/0827   involving distinctive inter...

H04L 9/083   involving central third par...

Intercepting a communication session in a telecommunication network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Intercepting a communication session in a telecommunication network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others