Secure wiretap support for internet protocol security
First Claim
1. A system for allowing controlled access to encrypted networked communication, said system comprising:
- an intermediate device, said intermediate device including memory for storing a policy rule therein, said intermediate device adapted to download said policy rule to a desired location; and
a client coupled to said intermediate device, said client adapted to receive said policy rule when said intermediate device downloads said policy rule to said client, said policy rule causes said client to establish a first encrypted communication session with a first destination device for a monitoring purpose and a second encrypted communication session with a second destination device; and
when said client transmits encrypted communication data to said second destination device via said second encrypted communication session, said policy rule causes said client to transmit a copy of said encrypted communication data to said first destination device via said first encrypted communication session.
6 Assignments
0 Petitions
Accused Products
Abstract
Secure wiretap support for Internet Protocol security. Specifically, one embodiment of the present invention includes a system for allowing controlled access to a networked communication. The system comprises an intermediate device that includes memory. The memory of the intermediate device is for storing a policy rule therein. The intermediate device is adapted to download the policy rules governing access to a desired location. The system further comprises a client which is coupled to the intermediate device. The client is adapted to receive the policy rule when the intermediate device downloads it to the client. As such, any communication data intended to travel between a first destination and the client is forwarded to a second destination. Therefore, the present invention provides a method and system for providing law enforcement agencies the ability to wiretap specific encrypted communications. Moreover, the present invention provides this ability while allowing the established hardware infrastructure of computer networks to remain essentially unchanged. Furthermore, the present invention does not affect the performance of the network while enabling end users to utilize any encryption algorithms for their communications. Additionally, the present invention enables encrypted communication data to remain encrypted during transmittal en route to its destination.
84 Citations
40 Claims
-
1. A system for allowing controlled access to encrypted networked communication, said system comprising:
-
an intermediate device, said intermediate device including memory for storing a policy rule therein, said intermediate device adapted to download said policy rule to a desired location; and
a client coupled to said intermediate device, said client adapted to receive said policy rule when said intermediate device downloads said policy rule to said client, said policy rule causes said client to establish a first encrypted communication session with a first destination device for a monitoring purpose and a second encrypted communication session with a second destination device; and
when said client transmits encrypted communication data to said second destination device via said second encrypted communication session, said policy rule causes said client to transmit a copy of said encrypted communication data to said first destination device via said first encrypted communication session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for allowing controlled access to encrypted networked communication, said system comprising:
an intermediate device having memory adapted for storing a policy rule therein, said intermediate device adapted to download said policy rule to a desired location, said intermediate device adapted to configure a client such that any encrypted communication data intended to travel between a first destination device and said client is also forwarded by said client to a second destination device for monitoring. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
19. A method for allowing controlled access to encrypted network communication, said method comprising:
-
(a) storing a policy rule in memory of an intermediate device; and
(b) downloading said policy rule to a client device;
(c) said policy rule causing said client device to establish a first encrypted communication session with a first destination device for a monitoring purpose;
(d) said policy rule causing said client device to establish a second encrypted communication session with a second destination device; and
(e) in response to said client device transmitting encrypted communication data to said second destination device via said second encrypted communication session, said policy rule causing said client device to transmit a copy of said encrypted communication data to said first destination device via said first encrypted communication session. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. In a computer system having a processor coupled to a bus, a computer readable medium coupled to said bus and having stored therein a computer program that when executed by said processor causes said computer system to implement a method for allowing controlled access to encrypted network communication, said method comprising the steps of:
-
a) storing a policy rule in memory of an intermediate device; and
b) downloading said policy rule to a client such that any encrypted communication data intended to travel between a first destination device and said client is also forwarded to a second destination device by said client. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification