System and method of lawful access to secure communications

US 9,871,827 B2
Filed: 08/01/2016
Issued: 01/16/2018
Est. Priority Date: 01/12/2012
Status: Active Grant

First Claim

Patent Images

1. A call session control function (CSCF), comprising:

a memory; and

at least one hardware processor communicatively coupled with the memory and configured to;

receive a start_interception message from an administration function (ADMF) in a network node over a X1_1 interface, wherein the start_interception message indicates a starting time for an interception time period of a lawful interception;

in response to receiving the start_interception message, initiate a request to a key management service (KMS) to regenerate a key based on stored keying information, wherein the regenerated key is used to decrypt one or more intercepted packets during the interception time period; and

receive a halt_message from the ADMF, wherein the halt_message indicates that the lawful interception is to be stopped.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to systems and methods for secure communications. In some aspects, a method of signalling an interception time period is described. At least one keying information used by a KMF to regenerate a key is stored. A start_interception message is signaled from an ADMF to a CSCF. A halt_message is signaled from the ADMF to the CSCF.

57 Citations

17 Claims

1. A call session control function (CSCF), comprising:
- a memory; and
  
  at least one hardware processor communicatively coupled with the memory and configured to;
  
  receive a start_interception message from an administration function (ADMF) in a network node over a X1_1 interface, wherein the start_interception message indicates a starting time for an interception time period of a lawful interception;
  
  in response to receiving the start_interception message, initiate a request to a key management service (KMS) to regenerate a key based on stored keying information, wherein the regenerated key is used to decrypt one or more intercepted packets during the interception time period; and
  
  receive a halt_message from the ADMF, wherein the halt_message indicates that the lawful interception is to be stopped.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The CSCF of claim 1, wherein the halt_message includes a target user identifier.
  - 3. The CSCF of claim 1, wherein the key is regenerated using at least one keying information included in a TRANSFER_INIT message.
  - 4. The CSCF of claim 1, wherein the key is regenerated using at least one keying information included in a TRANSFER_RESP message.
  - 5. The CSCF of claim 1, wherein the key is regenerated using at least one of RANDRi, RANDRr, Initiator'"'"'s Identity (IDRi), Responder'"'"'s Identity (IDRr), crypto session identity (CS ID), modifier (MOD), header payload (HDR), key data transport payload (KEMAC), traffic encryption key (TEK) generation key (TGK), or TEK generation key (TGK).
  - 6. The CSCF of claim 1, wherein the halt_message is received over the X1_1 interface.

7. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising:
- receiving, at a call session control function (CSCF), a start_interception message from an administration function (ADMF) in a network node over a X1_1 interface, wherein the start_interception message indicates a starting time for an interception time period of a lawful interception,in response to receiving the start_interception message, initiating a request to a key management service (KMS) to regenerate a key based on stored keying information, wherein the regenerated key is used to decrypt one or more intercepted packets during the interception time period; and
  
  receiving, at the CSCF, a halt_message from the ADMF, wherein the halt_message indicates that the lawful interception is to be stopped.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer-readable medium of claim 7, wherein the halt_message includes a target user identifier.
  - 9. The non-transitory computer-readable medium of claim 7, wherein the key is regenerated using at least one keying information included in a TRANSFER_INIT message.
  - 10. The non-transitory computer-readable medium of claim 7, wherein the key is regenerated using at least one keying information included in a TRANSFER_RESP message.
  - 11. The non-transitory computer-readable medium of claim 7, wherein the key is regenerated using at least one of RANDRi, RANDRr, Initiator'"'"'s Identity (IDRi), Responder'"'"'s Identity (IDRr), crypto session identity (CS ID), modifier (MOD), header payload (HDR), key data transport payload (KEMAC), traffic encryption key (TEK) generation key (TGK), or TEK generation key (TGK).
  - 12. The non-transitory computer-readable medium of claim 7, wherein the halt_message is received over the X1_1 interface.

13. A method, comprising:
- receiving, at a call session control function (CSCF), a start_interception message from an administration function (ADMF) in a network node over a X1_1 interface, wherein the start_interception message indicates a starting time for an interception time period of a lawful interception;
  
  in response to receiving the start_interception message, initiating a request to a key management service (KMS) to regenerate a key based on stored keying information;
  
  decrypting the one or more intercepted packets during the interception time period using the regenerated key; and
  
  receiving, at the CSCF, a halt_message from the ADMF, wherein the halt_message indicates that the lawful interception is to be stopped.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the halt_message includes a target user identifier.
  - 15. The method of claim 13, wherein the key is regenerated using at least one keying information included in a TRANSFER_INIT message.
  - 16. The method of claim 13, wherein the key is regenerated using at least one keying information included in a TRANSFER_RESP message.
  - 17. The method of claim 13, wherein the key is regenerated using at least one of RANDRi, RANDRr, Initiator'"'"'s Identity (IDRi), Responder'"'"'s Identity (IDRr), crypto session identity (CS ID), modifier (MOD), header payload (HDR), key data transport payload (KEMAC), traffic encryption key (TEK) generation key (TGK), or TEK generation key (TGK).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited, Certicom Corporation (Blackberry Limited)
Inventors
Campagnan, Matthew John, Zaverucha, Gregory Marc, Buckley, Michael Eoin
Primary Examiner(s)
Lewis, Lisa
Assistant Examiner(s)
BUCKNOR, OLANREWAJU J

Application Number

US15/225,543
Publication Number

US 20160344775A1
Time in Patent Office

533 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/306   intercepting packet switche...

H04L 9/0861   Generation of secret inform...

System and method of lawful access to secure communications

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of lawful access to secure communications

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links