Intercepting a communication session in a telecommunication network
First Claim
Patent Images
1. A method, comprising:
- distributing one or more session keys from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;
establishing a secure channel between the key distribution point and a first intercepting endpoint using an authentication protocol;
determining, by one or more hardware processors of the key distribution point, that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and
in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmitting, from the key distribution point to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session.
0 Assignments
0 Petitions
Accused Products
Abstract
Intercepting a secure communication session includes distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint. A secure channel is established between the key distribution point and an intercepting point. The intercepting endpoint may be determined to be authorized to intercept the secure communication session. The key is provided to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, where the key provides the intercepting endpoint with access to intercept the secure communication session.
-
Citations
21 Claims
-
1. A method, comprising:
-
distributing one or more session keys from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint; establishing a secure channel between the key distribution point and a first intercepting endpoint using an authentication protocol; determining, by one or more hardware processors of the key distribution point, that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmitting, from the key distribution point to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
one or more hardware processors executing a key manager operable to distribute one or more session keys in order to establish a secure communication session between a first endpoint and a second endpoint; and the one or more hardware processors executing an interception manager coupled to the key manager and operable to; establish a secure channel between the key manager and a first intercepting endpoint using an authentication protocol; determine that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmit, from the key manager to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. Software logic encoded in one or more non-transitory media for execution and when executed by one or more processors operable to:
-
distribute one or more session keys from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint; establish a secure channel between the key distribution point and a first intercepting endpoint using an authentication protocol; determine, by one or more processors of the key distribution point, that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmit, from the key distribution point to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification