Lawful interception of end-to-end encrypted data traffic
First Claim
1. A method of facilitating the lawful interception of a data session between two or more terminals, wherein said session uses encryption to secure traffic, the method comprising:
- storing a key allocated to at least one of said two or more terminals, at the at least one terminal and at a node within a network through which said session is conducted or at a node coupled to that network;
prior to the communication of a session setup request from a calling terminal to a called terminal, exchanging a seed value between the at least one terminal and said node;
using the key and the seed value at the at least one terminal to generate a pre-master key, the pre-master key subsequently becoming known to each other terminal involved in the data session and using a key exchange procedure to transmit a first cross-parameter from the said at least one terminal to another terminal and to transmit a second cross-parameter from the other terminal to the said at least one terminal; and
directly or indirectly using said pre-master key to encrypt and decrypt traffic associated with said session.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of facilitating the lawful interception of an IP session between two or more terminals 12,13, wherein session uses encryption to secure traffic. The method includes storing a key allocated to at least one of terminals 12,13 or to at least one of the subscribers using one of the terminals 12,13, at the terminal 12,13 and at a node 5,8 within a network 1,6 through which session is conducted, or a node coupled to that network. Prior to the creation of session, a seed value is exchanged between the terminal 12,13 at which the key is stored and node 5,8. The key and the seed value are used at both the terminal 12,13 and the node 5,8 to generate a pre-master key. The pre-master key becomes known to each of the terminals 12,13 involved in the IP session and to the network node 5,8. The pre-master key is used, directly or indirectly, to encrypt and decrypt traffic associated with IP session.
-
Citations
38 Claims
-
1. A method of facilitating the lawful interception of a data session between two or more terminals, wherein said session uses encryption to secure traffic, the method comprising:
-
storing a key allocated to at least one of said two or more terminals, at the at least one terminal and at a node within a network through which said session is conducted or at a node coupled to that network; prior to the communication of a session setup request from a calling terminal to a called terminal, exchanging a seed value between the at least one terminal and said node; using the key and the seed value at the at least one terminal to generate a pre-master key, the pre-master key subsequently becoming known to each other terminal involved in the data session and using a key exchange procedure to transmit a first cross-parameter from the said at least one terminal to another terminal and to transmit a second cross-parameter from the other terminal to the said at least one terminal; and directly or indirectly using said pre-master key to encrypt and decrypt traffic associated with said session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of facilitating the lawful interception of a data session between two or more terminals, wherein said session uses encryption to secure traffic and at least one of the terminals is a mobile wireless device, the method comprising:
-
storing a first key allocated to said at least one terminal, at the at least one terminal and at a node within the at least one terminal'"'"'s home network; using the first key to authenticate the at least one terminal when the at least one terminal registers with the home network or a visited network; using the first key and a seed value sent from the home network to the at least one terminal to encrypt traffic end-to-end during said data session; generating a second key at the mobile terminal using the seed value and the first key; and performing a Diffie-Hellman exchange using said second key. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method of securing data transmitted between a plurality of terminals, each of which is attached to a communications network, at least one of the terminals having allocated to it a home network, the method comprising:
-
sending a seed value from the home network to the at least one terminal, via the corresponding communications network, as part of a call signalling level authentication procedure; and using said seed value at the at least one terminal to generate one or more traffic encryption keys for use in the end-to-end encryption of traffic associated with a call between terminals; and forwarding said seed value to a lawful interception authority to allow that authority to compute the traffic decryption keys, whereby when a call is setup encrypted traffic can be forwarded to the authority for decryption. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A method of communicating data between a first terminal and a second terminal on an end-to-end security basis, the first terminal being served by a first network, and the second terminal being served by a second network, the method comprising:
-
a first authentication and key agreement sub-procedure involving transmitting a first set of values from the first terminal'"'"'s designated home operator to the first network and on the basis thereof deriving at least one first encryption parameter to be used by the first terminal; a second authentication and key agreement sub-procedure involving transmitting a second set of values from the second terminal'"'"'s designated home operator to the second network and on the basis thereof deriving at least one second encryption parameter to be used by the second terminal; a key exchange sub-procedure involving transmitting a first cross-parameter from the first terminal to the second terminal and transmitting a second cross-parameter from the second terminal to the first terminal, and a communication phase where the first terminal and the second terminal exchange information via a connection being end-to-end encrypted in the first terminal on the basis of the at least one first encryption parameter and the second cross-parameter, and in the second terminal on the basis of the at least one second encryption parameter and the first cross-parameter. - View Dependent Claims (26)
-
-
27. A first terminal for communicating data with at least one other terminal on an end-to-end security basis, the first terminal being served by a first network, the at least one other terminal being served by a second network, the first terminal comprising:
-
a first encryption unit, adapted to request a first set of values from the first terminal'"'"'s designated home operator and receive at least one first encryption parameter; a memory for storing a key allocated to at least one of said terminals, at the first terminal and at a node within a network through which said session is conducted or at a node coupled to the network; means for exchanging a seed value between the first terminal at which the key is stored and said node prior to the communication of a session setup request from the first terminal to the at least one other terminal; means for generating a pre-master key using the key and the seed value at the terminal, wherein the pre-master key subsequently also becomes known to each other terminal involved in the data session; means for using the pre-master key to directly or indirectly decrypt data at the node within the network or at another node to which the pre-master key is sent; a key exchange unit, adapted to transmit a first cross-parameter to the at least one other terminal and receive a second cross-parameter from the at least one other terminal; and a data transceiver for exchanging information with the at least one other terminal via a connection being end-to-end encrypted on the basis of the at least one first encryption parameter and the second cross-parameter.
-
-
28. A method of facilitating the lawful interception of a data session between two or more terminals, wherein said session uses encryption to secure traffic, the method comprising:
-
storing a key allocated to at least one of said terminals, at the terminal and at a node within a network through which said session is conducted or at a node coupled to that network; prior to the communication of a session setup request from a calling terminal to a called terminal exchanging a seed value between the terminal at which the key is stored and said node; using the key and the seed value at the terminal to generate a pre-master key, wherein the pre-master key subsequently also becomes known to each other terminal involved in the data session; generating the pre-master key at said node and using the pre-master key to directly or indirectly decrypt data at that node or at another node to which the pre-master key is sent; directly or indirectly using said pre-master key to encrypt and decrypt traffic associated with said session; and using a key exchange procedure to transmit a first cross-parameter from the said at least one terminal to another terminal and to transmit a second cross-parameter from the other terminal to the said at least one terminal. - View Dependent Claims (29, 30, 31, 32, 33)
-
-
34. The method of 28, wherein the pre-master key is used by the terminals involved in the data session to generate one or more traffic encryption keys, the one or more traffic encryption keys being used to encrypt the traffic associated with the data session.
-
35. The method of 28, wherein said node is a node of the home network with which the user of said at least one terminal has a subscription.
- 36. The method of 28, wherein said at least one terminal is attached to a foreign network, and the seed value is sent to the terminal via the foreign network.
-
38. The method of 28, wherein said data session is an IP data session.
Specification