POLICY ROUTING-BASED LAWFUL INTERCEPTION IN COMMUNICATION SYSTEM WITH END-TO-END ENCRYPTION
First Claim
1. A method for intercepting encrypted communications exchanged between a first computing device and a second computing device in a communication network, wherein the interception is performed by a third computing device in the communication network, the method comprising:
- the third computing device obtaining one or more packets having a packet address associated with one of the first computing device and the second computing device, wherein the one or more packets are obtained by the third computing device, in response to at least one interception routing policy being implemented in at least one element in the communication network, such that the one or more obtained packets may be decrypted so as to obtain data contained therein;
the third computing device preserving the packet address of the one or more obtained packets; and
the third computing device forwarding the one or more packets toward a packet-destination one of the first computing device and the second computing device such that the packet-destination one of the first computing device and the second computing device is unable to detect from the one or more packets that the one or more packets were intercepted by the third computing device.
6 Assignments
0 Petitions
Accused Products
Abstract
Techniques are disclosed for lawfully intercepting information in communication environments with end-to-end encryption. For example, a method for intercepting encrypted communications exchanged between a first computing device and a second computing device in a communication network, wherein the interception is performed by a third computing device in the communication network, comprises the following steps. The third computing device obtains one or more packets having a packet address associated with one of the first computing device and the second computing device. The one or more packets are obtained by the third computing device, in response to at least one interception routing policy being implemented in at least one element in the communication network, such that the one or more obtained packets may be decrypted so as to obtain data contained therein. The third computing device preserves the packet address of the one or more obtained packets. The third computing device forwards the one or more packets toward a packet-destination one of the first computing device and the second computing device such that the packet-destination one of the first computing device and the second computing device is unable to detect from the one or more packets that the one or more packets were intercepted by the third computing device.
-
Citations
24 Claims
-
1. A method for intercepting encrypted communications exchanged between a first computing device and a second computing device in a communication network, wherein the interception is performed by a third computing device in the communication network, the method comprising:
-
the third computing device obtaining one or more packets having a packet address associated with one of the first computing device and the second computing device, wherein the one or more packets are obtained by the third computing device, in response to at least one interception routing policy being implemented in at least one element in the communication network, such that the one or more obtained packets may be decrypted so as to obtain data contained therein; the third computing device preserving the packet address of the one or more obtained packets; and the third computing device forwarding the one or more packets toward a packet-destination one of the first computing device and the second computing device such that the packet-destination one of the first computing device and the second computing device is unable to detect from the one or more packets that the one or more packets were intercepted by the third computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for intercepting encrypted communications exchanged between a first computing device and a second computing device in a communication network, the apparatus comprising:
-
a memory; and a processor coupled to the memory and operative to; obtain one or more packets having a packet address associated with one of the first computing device and the second computing device, wherein the one or more packets are obtained, in response to at least one interception routing policy being implemented in at least one element in the communication network, such that the one or more obtained packets may be decrypted so as to obtain data contained therein; preserve the packet address of the one or more obtained packets; and forward the one or more packets toward a packet-destination one of the first computing device and the second computing device such that the packet-destination one of the first computing device and the second computing device is unable to detect from the one or more packets that the one or more packets were intercepted. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification