Intercepting a communication session in a telecommunication network

US 8,976,968 B2
Filed: 05/08/2012
Issued: 03/10/2015
Est. Priority Date: 04/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

distributing one or more session keys from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;

establishing a secure channel between the key distribution point and a first intercepting endpoint using an authentication protocol;

determining, by one or more hardware processors of the key distribution point, that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and

in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmitting, from the key distribution point to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Intercepting a secure communication session includes distributing a key from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint. A secure channel is established between the key distribution point and an intercepting point. The intercepting endpoint may be determined to be authorized to intercept the secure communication session. The key is provided to the intercepting endpoint only if the intercepting endpoint is authorized to intercept the secure communication session, where the key provides the intercepting endpoint with access to intercept the secure communication session.

Citations

21 Claims

1. A method, comprising:
- distributing one or more session keys from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;
  
  establishing a secure channel between the key distribution point and a first intercepting endpoint using an authentication protocol;
  
  determining, by one or more hardware processors of the key distribution point, that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and
  
  in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmitting, from the key distribution point to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the session key transmitted from the key distribution point to the first intercepting point comprises a control session key for accessing a control stream.
  - 3. The method of claim 1, wherein the one or more session keys comprise a media session key and a control session key for accessing a control stream.
  - 4. The method of claim 3, further comprising transmitting, from the key distribution point to the first intercepting endpoint, the control session key but not the media session key.
  - 5. The method of claim 3, further comprising:
    - determining whether a second interception rule authorizes a second intercepting endpoint for the media session key but not the control session key;
      
      transmitting the media session key but not the control session key to the second intercepting endpoint.
  - 6. The method of claim 1, further comprising:
    - determining whether the interception rule authorizes interception by the first intercepting endpoint based on a caller identity corresponding to the first endpoint.
  - 7. The method of claim 1, wherein:
    - determining whether the interception rule authorizes interception by the first intercepting endpoint on specified dates; and
      
      transmitting the session key to the first intercepting endpoint if the first intercepting endpoint is requesting access on the specified dates.

8. A system, comprising:
- one or more hardware processors executing a key manager operable to distribute one or more session keys in order to establish a secure communication session between a first endpoint and a second endpoint; and
  
  the one or more hardware processors executing an interception manager coupled to the key manager and operable to;
  
  establish a secure channel between the key manager and a first intercepting endpoint using an authentication protocol;
  
  determine that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and
  
  in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmit, from the key manager to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the session key transmitted from the key manager to the first intercepting point comprises a control session key for accessing a control stream.
  - 10. The system of claim 8, wherein the one or more session keys comprise a media session key and a control session key for accessing a control stream.
  - 11. The system of claim 10, the one or more hardware processors executing the interception manager further operable to transmit, from the key distribution point to the first intercepting point, the control session key but not the media session key.
  - 12. The system of claim 10, the one or more hardware processors executing the interception manager further operable to:
    - determine that a second interception rule authorizes a second intercepting endpoint for the media session key but not the control session key;
      
      transmit the media session key but not the control session key to the second intercepting endpoint.
  - 13. The system of claim 8, the one or more hardware processors executing the interception manager further operable to:
    - determine whether the interception rule authorizes interception by the first intercepting endpoint based on a caller identity corresponding to the first endpoint.
  - 14. The system of claim 8, the one or more hardware processors executing the interception manager further operable to:
    - determine whether the interception rule authorizes interception by the first intercepting endpoint on specified dates; and
      
      transmit the session key to the first intercepting endpoint if the first intercepting endpoint is requesting access on the specified dates.

15. Software logic encoded in one or more non-transitory media for execution and when executed by one or more processors operable to:
- distribute one or more session keys from a key distribution point to establish a secure communication session between a first endpoint and a second endpoint;
  
  establish a secure channel between the key distribution point and a first intercepting endpoint using an authentication protocol;
  
  determine, by one or more processors of the key distribution point, that the first intercepting endpoint is authorized to intercept the secure communication session by determining that an interception rule stored in memory authorizes the first intercepting endpoint to receive at least one of the session keys; and
  
  in response to determining that a request to intercept the secure communication session by the first intercepting endpoint is authorized, transmit, from the key distribution point to the first intercepting endpoint, the session key, the session key providing the first intercepting endpoint with access to intercept the secure communication session.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The logic of claim 15, wherein the session key transmitted from the key manager to the first intercepting endpoint comprises a control session key for accessing a control stream.
  - 17. The logic of claim 15, wherein the one or more session keys comprise a media session key and a control session key for accessing a control stream.
  - 18. The logic of claim 17, further operable to transmit, from the key distribution point to the first intercepting endpoint, the control session key but not the media session key.
  - 19. The logic of claim 17, further operable to:
    - determine that a second interception rule authorizes a second intercepting endpoint for the media session key but not the control session key;
      
      transmit the media session key but not the control session key to the second intercepting endpoint.
  - 20. The logic of claim 17, further operable to:
    - determine whether the interception rule authorizes interception by the first intercepting endpoint based on a caller identity corresponding to the first endpoint.
  - 21. The logic of claim 17, further operable to:
    - determine whether the interception rule authorizes interception by the first intercepting endpoint on specified dates; and
      
      transmit the session key to the first intercepting endpoint if the first intercepting endpoint is requesting access on the specified dates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bell, Robert T., Kandasamy, Subbiah, Wing, Daniel G.
Primary Examiner(s)
NGUYEN, TU T

Application Number

US13/466,598
Publication Number

US 20120219153A1
Time in Patent Office

1,036 Days
Field of Search

380/278
US Class Current

380/278
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/102   Entity profiles

H04L 63/30   for supporting lawful inter...

H04L 63/306   intercepting packet switche...

H04L 9/0827   involving distinctive inter...

H04L 9/083   involving central third par...

Intercepting a communication session in a telecommunication network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Intercepting a communication session in a telecommunication network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links