Method and apparatus for providing service provider-controlled communication security

US 9,450,752 B2
Filed: 06/10/2011
Issued: 09/20/2016
Est. Priority Date: 04/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising facilitating a processing of data, information, or at least one signal, based, at least in part, on the following:

at least one interception requirement of a first jurisdiction targeted at a first user, a mobile device associated with the first user, or a combination thereof;

a connection request, to an apparatus of a network operator of an access network, for connecting with the mobile device that is an end point of a communications connection, wherein the communications connection is referenced in the connection request;

context information associated with the mobile device, the access network, the first user, the communications connection, or a combination thereof, wherein the context information includes a location of the mobile device at the time of the connection request;

an analysis of a network address associated with the mobile device to verify the location of the mobile device;

a processing of the context information including the location of the mobile device and the communications connection to determine one or more encryption ciphers provided by one or more user privacy requirements of a second jurisdiction as applicable to another end-point of the connection request at the time of the connection request; and

an establishment of the communications connection by the apparatus using at least one of the encryption ciphers provided by the one or more user privacy requirements of the second jurisdiction, wherein the at least one of the encryption ciphers supports the at least one interception requirement of the first jurisdiction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for service provider controlled communication security. A security platform receives a connection request from a client device. The security platform determines context information associated with the device, access network, a user of the device, or a combination thereof, and then processes and/or facilitates a processing of the context information to determine one or more encryption ciphers to offer for the session. Next, the security platform causes, at least in part, establishment of the connection request using, at least in part, the one of the offered encryption ciphers.

44 Citations

View as Search Results

20 Claims

1. A method comprising facilitating a processing of data, information, or at least one signal, based, at least in part, on the following:
- at least one interception requirement of a first jurisdiction targeted at a first user, a mobile device associated with the first user, or a combination thereof;
  
  a connection request, to an apparatus of a network operator of an access network, for connecting with the mobile device that is an end point of a communications connection, wherein the communications connection is referenced in the connection request;
  
  context information associated with the mobile device, the access network, the first user, the communications connection, or a combination thereof, wherein the context information includes a location of the mobile device at the time of the connection request;
  
  an analysis of a network address associated with the mobile device to verify the location of the mobile device;
  
  a processing of the context information including the location of the mobile device and the communications connection to determine one or more encryption ciphers provided by one or more user privacy requirements of a second jurisdiction as applicable to another end-point of the connection request at the time of the connection request; and
  
  an establishment of the communications connection by the apparatus using at least one of the encryption ciphers provided by the one or more user privacy requirements of the second jurisdiction, wherein the at least one of the encryption ciphers supports the at least one interception requirement of the first jurisdiction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method of claim 1, wherein the location of the device is further based, at least in part, on a network code, a country code, or a combination thereof associated with the device.
  - 3. A method of claim 1, wherein the data, information, or at least one signal, are further based, at least in part, on the following:
    - probe data associated with the device; and
      
      a processing of the probe data to verify the network address, wherein the network address is a source internet protocol address.
  - 4. A method of claim 3, wherein the source internet protocol address is verified against the network code, the country code, a one or more sets of probe data or a combination thereof.
  - 5. A method of claim 3, wherein the one or more encryption ciphers operate via one or more cryptographic protocols including, at least in part, a transport layer security protocol or a secure sockets layer protocol,wherein the network address is analyzed during a period since a transmission control protocol connection is established until starting the transport layer security protocol or the secure sockets layer protocol.
  - 6. A method of claim 1, wherein the data, information, or at least one signal, are further based, at least in part, on the following:
    - an input for specifying a range of network addresses; and
      
      a comparison of the network address associated with the device against the range of network addresses,wherein the network address associated with the device is a source internet protocol address, andwherein the one or more encryption ciphers are determined based, at least in part, on the comparison.
  - 7. A method of claim 1, wherein the data, information, or at least one signal, are further based, at least in part, on the following:
    - a processing of the context information to determine a strength of encryption for the connection request,wherein the one or more encryption ciphers are determined based, at least in part, on the strength of the encryption.
  - 8. A method of claim 1, wherein the strength of encryption is specified, at least in part, by a governmental authority, a regulatory entity, a service provider, or a combination thereof.
  - 9. A method of claim 1, wherein the location of the device includes a country of origin, and the data, information, or at least one signal, are further based, at least in part, on the following:
    - a collection of source internet protocol addresses and mobile network code/mobile country code relations in a database; and
      
      a determination of the country of origin based, at least in part, on the database.
  - 10. A method of claim 1, wherein the at least one user privacy requirement of the first jurisdiction provides one or more encryption ciphers that are weaker than the one or more encryption ciphers provided by the one or more user privacy requirements of the second jurisdiction.
  - 11. A method of claim 1, wherein the data, information, or at least one signal, are further based, at least in part, on the following:
    - when the one or more encryption ciphers provided by the one or more user privacy requirements of the second jurisdiction do not support the at least one interception requirements of the first jurisdiction, a change of the one or more encryption ciphers by the apparatus into one encryption cipher supporting the at least one interception requirements for the communications connection, while privacy of one or more other communications connections remains protected with the one or more encryption ciphers provided by the one or more user privacy requirements.

12. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code for one or more programs,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus of a network operator of an access network to perform at least the following;
  
  receive at least one interception requirement of a first jurisdiction targeted at a first user, a mobile device associated with the first user, or a combination thereof;
  
  receive a connection request for connecting with the mobile device that is an end point of a communications connection, wherein the communications connection is referenced in the connection request;
  
  determine context information associated with the mobile device, the access network, the first user, the communications connection, or a combination thereof, wherein the context information includes a location of the mobile device at the time of the connection request;
  
  analyze a network address associated with the mobile device to verify the location of the mobile device;
  
  process and/or facilitate a processing of the context information including the location of the mobile device and the communications connection to determine one or more encryption ciphers provided by one or more user privacy requirements of a second jurisdiction as applicable to another end-point of the connection request at the time of the connection request; and
  
  establish the communications connection by the apparatus using at least one of the encryption ciphers provided by the one or more user privacy requirements of the second jurisdiction, wherein the at least one of the encryption ciphers supports the at least one interception requirement of the first jurisdiction.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. An apparatus of claim 12, wherein the location of the device is further based, at least in part, on a network code, a country code, or a combination thereof associated with the device.
  - 14. An apparatus of claim 12, wherein the apparatus is further caused to:
    - determine probe data associated with the device; and
      
      process and/or facilitate a processing of the probe data to verify the network address, wherein the network address is a source internet protocol address.
  - 15. An apparatus of claim 14, wherein the source internet protocol address is verified against the network code, the country code, a one or more sets of probe data or a combination thereof.
  - 16. An apparatus of claim 12, wherein the apparatus is further caused to:
    - receive an input for specifying a range of network addresses; and
      
      cause, at least in part, a comparison of the network address associated with the device against the range of network addresses,wherein the network address associated with the device is a source internet protocol address, andwherein the one or more encryption ciphers are determined based, at least in part, on the comparison.
  - 17. An apparatus of claim 12, wherein the apparatus is further caused to:
    - process and/or facilitate a processing of the context information to determine a strength of encryption for the connection request,wherein the one or more encryption ciphers are determined based, at least in part, on the strength of the encryption.
  - 18. An apparatus of claim 12, wherein the strength of encryption is specified, at least in part, by a governmental authority, a regulatory entity, a service provider, or a combination thereof.
  - 19. An apparatus of claim 12, wherein the location of the device includes a country of origin, and the apparatus is further caused to:
    - determine to collect source internet protocol addresses and mobile network code/mobile country code relations in a database; and
      
      determine the country of origin based, at least in part, on the database.
  - 20. An apparatus of claim 12, wherein the one or more encryption ciphers operate via one or more cryptographic protocols including, at least in part, a transport layer security protocol or a secure sockets layer protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Vimpari, Markku Kalevi, Alakontiola, Jukka Sakari
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
FABBRI, ANTHONY E

Application Number

US13/158,148
Publication Number

US 20120275598A1
Time in Patent Office

1,929 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/107   wherein the security polici...

H04L 63/205   involving negotiation or de...

H04L 63/30   for supporting lawful inter...

H04L 63/304   intercepting circuit switch...

H04L 9/0872   using geo-location informat...

H04L 9/088   Usage controlling of secret...

H04L 9/14   using a plurality of keys o...

Method and apparatus for providing service provider-controlled communication security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing service provider-controlled communication security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links