Facilitating legal interception of ip connections
First Claim
1. A method of facilitating the legal interception of network connections, where two or more terminals can communicate with each other over insecure networks using a standard security protocol to provide a secure session, the method comprising:
- allocating to each terminal at least one public/private key pair for use in negotiating session encryption keys with other terminals;
where a terminal is coupled to an interconnecting network via an access network, storing the private key of that terminal within the access network; and
when a connection is initiated to or from a terminal on which a legal interception order has been placed, using the private key stored for that terminal within the access network to intercept the communication, wherein the access network for a terminal interposes itself between that terminal and a remote node during the negotiation of session encryption keys between the terminal and the remote node, such that the access network has a knowledge of negotiated session encryption keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of facilitating the legal interception of IP connections, where two or more terminals can communicate with each other over the Internet using IPSec to provide security. The method comprises allocating to each terminal T1,T2 a public/private key pair for use in negotiating IKE and IPSec Security Associations (SAs) with other terminals. Where a terminal T1,T2 is coupled to the Internet via an access network 1,2, the private key of that terminal is stored within the access network at an interception server S1,S2. When an IP connection is initiated to or from a terminal T1,T2 on which a legal interception order has been placed, the private key stored for that terminal T1,T2 within the access network 1,2 is used to intercept the connection.
46 Citations
19 Claims
-
1. A method of facilitating the legal interception of network connections, where two or more terminals can communicate with each other over insecure networks using a standard security protocol to provide a secure session, the method comprising:
-
allocating to each terminal at least one public/private key pair for use in negotiating session encryption keys with other terminals;
where a terminal is coupled to an interconnecting network via an access network, storing the private key of that terminal within the access network; and
when a connection is initiated to or from a terminal on which a legal interception order has been placed, using the private key stored for that terminal within the access network to intercept the communication, wherein the access network for a terminal interposes itself between that terminal and a remote node during the negotiation of session encryption keys between the terminal and the remote node, such that the access network has a knowledge of negotiated session encryption keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A server for use in intercepting IP connections between two or more terminals, the server comprising:
-
a memory for storing the private keys of public/private key pairs of respective terminals, a first processing means for identifying when legal interception is to be carried out on a connection to or from a terminal, a second processing means for interposing the server between that terminal, and a communication means for receiving communications from a remote node during the negotiation of session encryption keys between the terminal and the remote node, such that the access network has a knowledge of negotiated session encryption keys, and a third processing means for intercepting the connection using the private key of the terminal.
-
-
19. A system for facilitating the legal interception of network connections, the system comprising:
-
at least two terminals adapted to communicate with each other over insecure networks using a standard security protocol to provide a secure session, wherein each terminal has instructions for;
a means for allocating a least one public/private key pair for use in negotiating session encryption keys with other terminals;
a means for storing the private key of that terminal within the access network when a terminal is coupled to an interconnecting network via an access network; and
a means for using the private key stored for that terminal within the access network to intercept the communication when a connection is initiated to or from a terminal on which a legal interception order has been placed, and a means for interposing between that terminal and a remote node during the negotiation of session encryption keys between the terminal and the remote node, such that the access network has a knowledge of negotiated session encryption keys.
-
Specification