Lawful interception (LI) requirements for encrypted services such as enhanced internet protocol (IP) multimedia subsystem (IMS) Media Security are detailed in Section 5.7 of Third Generation Partnership Project (3GPP) Technical Specification (TS) 33.106. In one requirement, interception shall be performed in such a manner as to avoid detectability by the target or others. In another requirement, an encryption solution shall not prohibit commencement of interception and decryption of an existing communication.
In the Multimedia Internet KEYing Ticket (MIKEY-TICKET) key exchange protocol, an initiator user equipment (UE) generates a random number RANDRi which is included as a field in a REQUEST_INIT message (i.e., a ticket request message) sent to a key management service (KMS). Also included in the REQUEST_INIT message is the crypto session identity (CS ID) contained in the common header payload (HDR) field. In one implementation of the MIKEY-TICKET protocol, the KMS returns to the initiator UE a traffic encryption key (TEK) for secure communication with a responder UE. In another implementation of the MIKEY-TICKET protocol, the KMS returns to the initiator UE a generating key that is to be used in the generation of the TEK for secure communication with a responder UE. The generating key is called a TEK generation key (TGK) and may be contained in the key data transport payload (KEMAC) field portion of the REQUEST_RESP message from the KMS to the initiator UE. The RANDRi value together with the CS ID and the TGK are used in some implementations by the initiator UE and by a responder UE to generate the TEK used for ciphering in secure realtime transport protocol (SRTP) communication between the initiator UE and the responder UE.
Keying information such as RANDRi, CS ID, TGK and TEK is discarded by the KMS when replying to the initiator UE. As such, information to regenerate the TEK for lawful interception is discarded by, and becomes unavailable to, the KMS. Therefore, mid-call interception of MIKEY-TICKET TEK based SRTP communications between the initiator UE and the responder UE is currently possible only through re-keying. Unfortunately, re-keying is detectable by both the initiator UE and the responder UE, thereby breaking the lawful interception requirements listed above.
Embodiments will now be described by way of example only, with reference to the attached drawings in which:
In accordance with one aspect of the present disclosure, there is provided a method of signalling an interception time period. The method comprises storing at least one keying information used by a KMF to regenerate a key, signalling a start_interception message from an ADMF to a CSCF and signalling a halt_message from the ADMF to the CSCF. In accordance with another aspect of the present disclosure, there is provided a network comprising one or more servers for performing the method of signalling an interception time period.
In accordance with another aspect of the present disclosure, there is provided a method of decrypting an intercepted message. The method comprises receiving one or more values used in generation of an encryption key, storing the one or more values used by a KMF to regenerate the encryption key; generating the encryption key using the one or more values, signalling a start_interception message to a CSCF, decrypting intercepted packets and signalling a halt_message from an ADMF to the CSCF. In accordance with another aspect of the present disclosure, there is provided a network comprising one or more servers for performing the method of decrypting an intercepted message.
In accordance with another aspect of the present disclosure, there is provided a method for regenerating an encryption key. The method comprises receiving one or more values used in generation of an encryption key, storing at least one of the one or more values in a repository and generating the encryption key using the one or more values, including obtaining at least one of the stored values from the repository. In accordance with another aspect of the present disclosure, there is provided a network comprising one or more servers for performing the method for regenerating an encryption key.
A system and method of lawful access to secure communication is provided. In the following description, for the purposes of explanation, specific details are set forth in order to provide a thorough understanding of the present disclosure. It will be apparent, however, to one skilled in the art that the technique may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present disclosure.
Some of the needs identified in the foregoing Background, and other needs and objects that will become apparent from the following description, are achieved by, in one aspect, a system and method of lawful access to secure communication. In other aspects, the disclosure encompasses apparatus and a computer-readable medium configured to carry out the foregoing actions, as well as a data carrier carrying thereon or therein data indicative of instructions executable by processing means to cause those means to carry out the foregoing actions. Examples are CD-ROMs, memory sticks, dongles, transmitted signals, downloaded files, etc. In particular, the method may be implemented in a mobile telecommunications device, with or without voice capabilities, or other electronic devices such as handheld or portable devices.
In overview, existing problems are overcome according to the approaches described below. In the diagram of
A law enforcement agency (LEA) may sometimes require the interception of communications between parties when one or more of the parties are a target under investigation. Unfortunately, when an electronic communication is secured using encryption, the LEA does not have easy access to the communication.
Lawful interception requirements for encrypted services such as enhanced IMS media security are detailed in section 5.7 of Third Generation Partnership Project (3GPP) technical specification (TS) 33.106. In one requirement of lawful interception, interception should be performed in a manner that avoids detectability by a target or by others. In particular, there should not be a significant difference in latency during call setup or during communications compared to a non-intercepted communication. Also, interception of a target should not prevent the use of key exchange applications which provide a user key confirmation mechanism. In another requirement of lawful interception, an encryption solution should not prohibit commencement of interception and decryption of an existing communication.
One type of key exchange protocol in use today is the Multimedia Internet KEYing Ticket (MIKEY-TICKET) key exchange protocol.
Initiators 12 and responders 14 may be any party wishing to communicate securely, including via electronic devices. In the following description, initiators 12 and responders 14 are described from the view of user equipment (UE) and are referred to as initiator UEs 12 and responder UEs 14.
The initiator UE 12 next sends the ticket, RANDRi, and CS ID to a responder UE 14 (32) by transmitting a TRANSFER_INIT message to the responder UE 14. The TRANSFER_INIT message is encoded using a MAC based on the TGK. Once receiving the ticket, the responder UE 14 sends the ticket, by transmitting a RESOLVE_INIT message, to the KMS 16 (34) to obtain the relevant TGK. The RESOLVE_INIT message is protected via a MAC based on the pre-existing trust relationship between the responder UE 14 and the KMS 16. If the responder UE 14 is not authorized to receive the TGK (36), the KMS 16 rejects the request (38). If the responder UE 14 is authorized to receive the TGK (36) encoded in the ticket, the KMS 16 resolves the ticket and sends to the responder UE 14 the TGK in the KEMAC field of the RESOLVE_RESP message (40), enabling the responder to generate the TEK. The responder UE 14 then sends a verification message (42), by transmitting a TRANSFER_RESP message, to the initiator UE 12. The method (20) is complete and both the initiator UE 12 and responder UE 14 have the shared TEK.
The RANDRi value together with a CS ID and the TGK can be used by the initiator UE 12 and by the responder UE 14 to generate the TEK used for ciphering in Secure Realtime Transport Protocol (SRTP) communication between the initiator UE 12 and a responder UE 14. The SRTP includes a process for re-keying, i.e., generating a new TEK, including through the regeneration of the TGK via the MIKEY-TICKET protocol. It is understood that the use of any form of the term “regenerate” in the present disclosure can be interchanged with the equivalent form of the term “generate”, such that the teachings relating to “regeneration” of a key apply to an initial “generation” of that key. Similarly, the use of any form of the term “generate” in the present disclosure can be interchanged with the equivalent form of the term “regenerate” such that the teachings relating to “generation” of a key apply to a subsequent “regeneration” of that key.
Typically, the CS ID, RANDRi and TGK information is discarded by the KMS 16 when replying to the initiator UE 12. As such, information to regenerate the TEK for lawful interception is discarded by, and becomes unavailable to, the KMS 16. Therefore, mid-call interception of MIKEY-TICKET TEK based SRTP communications between the initiator UE 12 and the responder UE 14 is currently possible only through re-keying.
Unfortunately, re-keying is detectable by both the initiator UE 12 and the responder UE 14, thereby breaking the lawful interception requirements listed above. Furthermore, an alternative of storing in the KMS 16 the information required for lawful intercept re-keying may not be a practical solution for a KMS 16 where there may be a high volume of ticket requests, and when combined with the fact that the duration of a session may be unknown or indefinite. Moreover, the CS ID shared in the TRANSFER_INIT and TRANSFER_RESP message would also need to be stored in the KMS 16.
One possible field that can be used for this purpose is the SRTP Master Key Identifier (MKI) field in the SRTP Header. While currently an optional field it can be made a requirement as an example for services utilizing enhanced IMS media plane security. As shown in
In the case of lawful interception, the LEA observes the SRTP communication at any time, extracts the MKI field from the header of a SRTP packet, and communicates at least the SRTP MKI field to the KMS 16. Since the KMS 16 is given the SRTP MKI field and has the secret key SA stored, the original RANDRi, CS ID and TGK values, and subsequently the SRTP session key TEK, can be regenerated. The KMS 16 could decrypt the SRTP MKI field to obtain the information required to regenerate the TEK. A bit value may also be included in the MKI field that identifies the initiator UE 12 from the parties involved in the communication of the STRP packet. For example, one of the values of zero (0) or one (1) could represent that the sender (or alternatively the recipient) of the STRP packet is the initiator 12. Thus, the KMS 16 would then be able to identify the correct secret key SA of the initiator 12 that is stored in the repository of the KMS 16. The bit value is one possible way of identifying the initiator 12. Other ways may also be used.
The communications may be SRTP communications where the packet is a SRTP packet, the header is an SRTP header and the one or more values are stored in a SRTP MKI field of the SRTP header. The one or more values may include a nonce value, a CS ID and a TGK. The nonce value, together with a secret key SA, is used by an initiator UE 12 to generate the RANDRi sent to the KMS 16 in the REQUEST_INIT message (24). The TGK is the key provided by the KMS 16 in the REQUEST_RESP message (30) and used by both the initiator UE 12 and responder UE 14, to generate the encryption key TEK.
Advantageously, the MIKEY-TICKET key exchange protocol is enhanced to meet the mid-call interception requirement. The reuse of the SRTP MKI field from the SRTP Header which along with a UE specific secret SA can be used to enable lawful intercept.
Since the CS ID is contained in the HDR field and the TGK is contained in the KEMAC, once the REQUEST_RESP message (130) has been received the Initiator 12 has knowledge of the parameters CS ID, RANDRi and TGK. However the Initiator 12 is missing knowledge of the parameters MOD (or equivalently {IDRr, RANDkms}) and RANDRr necessary to generate TEK. Ultimately the Initiator 12 will receive these missing parameters in the TRANSFER_RESP message (142).
As a next step towards this goal, the Initiator 12 sends the TRANSFER_INIT message (132) to the Responder 14 containing the TICKET in addition to the CS ID (in the HDR) and RANDRi parameters. The Responder 14 then requests the KMS 16 to resolve the ticket by sending it a RESOLVE_INIT message (134). This message (134) contains not only the TICKET but also the CS ID (in the HDR), RANDRr parameter newly generated by the Responder 14 and IDRr or Responder's identity. Square brackets in
Once receiving the RESOLVE_INIT message (134), and randomly generating the parameter RANDRkms, the modifier MOD or modifier is (IDRr, RANDRkms) and can be generated by the KMS. After resolving the TICKET, the KMS 16 then generates the key TGK′ from TGK and MOD. The KMS 16 then sends the RESOLVE_RESP (140) message to the Responder 14 containing the parameter RANDRkms and the key TGK′ in the KEMAC field.
On reception of the RESOLVE_RESP message (140) the Responder 14 now has all the information necessary to generate the TEK. In detail, the Responder 14 has the CS ID and RANDRi from the TRANSFER_INIT (132), TGK′ in the KEMAC field from the RESOLVE_RESP (140) and has itself generated RANDRr.
Moreover the Responder 14 also has the parameters missing by the Initiator 12 in the generation of TEK, namely RANDRr, RANDkms and IDRr. These are communicated to the Initiator in the TRANSDER_RESP message (142).
While the current lawful interception protocol detailed in
An alternate approach would be to escrow the TEK session key or information with which the TEK can be regenerated along with the identity of the Initiator 12 and Responder 14 (IDRi and IDRr) and CS ID. Similarly the SALT (i.e., a random string of bits used as one of several inputs to a one-way function) can be cached directly or information with which the SALT can be regenerated can be cached. The cached information need not be co-located with the KMS 16 but should be accessible to the KMS 16. Furthermore the keying information may be extracted from the REQUEST_INIT and RESOLVE_INIT messages and parameters generated by the KMS 16 itself as opposed to the TRANSFER_INIT and TRANSFER_RESP messages.
Parameters used in the regeneration of the TEK can include the modifier MOD, Responder identity IDRr, RANDRr, RANDRi, CS ID, HDR, TGK and TGK′. Parameters used in the regeneration if the SALT can include the KEMAC.
A characteristic of this solution is the MF/DF2 can request the TEK, SALT and CS_ID used by the target from the KMS 16, without waiting for the TRANSFER_INIT (332) or TRANSFER_RESP (342) messages. This can be done either through a new message on the Xk interface from the MF/DF2 to the KMS 16 containing the target identity or by reusing the existing get_keys message with the KMS 16 ignoring the TRANSFER_INIT (332) and TRANSFER_RESP (342) portions. The target identity may include the initiator identity (IDRi) or responder identity (IDRr).
In order to provide an LEA with the context of the interception, in addition to returning the CS ID, TEK and SALT keys, the KMS 16 can also indicate whether interception commenced mid-call or at the start of the call.
A lawful interception occurs with judicial approval and should occur over an associated fixed time period. The fixed time period may be signaled to both the CSCF and the KMS 16. Signaling could consist of a start_interception message containing a timestamp explicitly detailing up to when lawful interception is allowed, or a validity period indicating how long lawful interception should occur after receipt of the start_interception message. A start_interception message on the Xk interface could consist of the get_keys message containing either a timestamp or validity period. Alternatively instead of signaling a time period, the halting of interception could be signaled by the ADMF to the CSCF and the KMS 16. The signaling could be a halt message containing the target user's ID and a message type indicator indicating the message is a halt_message.
However, while the Initiator KMS 412 can escrow necessary information for lawful interception from the REQUEST_INIT and RESOLVE_INIT messages, the Responder KMS 414 does not have access to the REQUEST_INIT message (424). Therefore, as the Initiator KMS 412 has received the RANDRi parameter as part of the REQUEST_INIT message, the Initiator KMS 412 can regenerate the TEK by accessing or generating the parameters CS_ID, RANDRi, RANDRr and TGK′, while the Responder KMS 414 does not have access to the parameter RANDRi in the current 3GPP implementation.
One approach would be to require the Responder 14 to communicate the RANDRi parameter either directly (not shown) to its KMS 414 or as an additional field in a modified RESOLVE_INIT message (not shown). However this may be undesirable as the Responder 14 could then become aware of a communication whose sole purpose is for lawful interception.
An alternate solution is to require the Initiator's KMS 412 to communicate at least one value associated with the RANDRi (439) (such as the RANDRi value itself, or a parameter containing or derived from RANDRi or containing RANDRi such as the REQUEST_INIT message) to the Responder's KMS 414. With the additional value associated with the RANDRi, the Responder's KMS 414 can then generate the TEK encryption key. Preferably, this communication (439) related to RANDRi is received by the Responder's KMS 414 before the Responder's KMS 414 forwards (440) the RESOLVE_RESP message (437) to the Responder 14. The RANDRi parameter could be appended to the RESOLVE_RESP message (437) or communicated in a separate message (439) either before or after the sending of the Resolve_Resp message (437). However, if the RANDRi parameter is appended, this appendage is preferably removed by the Responder's KMS 414 before transmission to the Responder 14. Information can be provided to (or received by) a KMS to obtain (i.e., generate) the RANDRi value. Alternatively, the RANDRi value maybe obtained (i.e., received by a KMS) via a communication. The communication of at least one value associated with the RANDRi includes the sending or receiving of the at least one value associated with the RANDRi, or the sending or receiving of the RANDRi value itself.
An alternative approach (not shown) to communicating the RANDRi parameter as a separate message could be for the Initiator's KMS 412 to forward the REQUEST_INIT message (424) to the Responder's KMS 414. Furthermore, in some modes of MIKEY-TICKET, the Initiator 12 reuses a TICKET. In such cases the Initiator 12 may generate a new RANDRi parameter but not communicate the new RANDRi value to the Initiator's KMS 412. In such cases, the Responder 14 can communicate the RANDRi or a parameter containing or derived from RANDRi to the Initiator's KMS 412. Methods by which this can be achieved include communicating a new message or appending the RANDRi to the REQUEST_INIT message.
Where mobile station 900 is enabled for two-way communication, it will incorporate a communication subsystem 911, including both a receiver 912 and a transmitter 914, as well as associated components such as one or more, preferably embedded or internal, antenna elements 916 and 918, local oscillators (LOs) 913, and processing means such as a processing module such as a digital signal processor (DSP) 20. As will be apparent to those skilled in the field of communications, the particular design of the communication subsystem 911 will be dependent upon the communication network in which the device is intended to operate. For example, mobile station 900 may include a communication subsystem 911 designed to operate within the Mobitex™ mobile communication system, the DataTAC™ mobile communication system, GPRS network, UMTS network, EDGE network or LTE network.
Network access requirements will also vary depending upon the type of network 902. For example, in the Mobitex and DataTAC networks, mobile station 900 is registered on the network using a unique identification number associated with each mobile station. In LTE, UMTS and GPRS networks, however, network access is associated with a subscriber or user of mobile station 900. A GPRS mobile station therefore requires a subscriber identity module (SIM) card in order to operate on a GPRS network. Without a valid SIM card, a GPRS mobile station will not be fully functional. Local or non-network communication functions, as well as legally required functions (if any) such as “911” emergency calling, may be available, but mobile station 900 will be unable to carry out any other functions involving communications over the network 902. The SIM interface 944 is normally similar to a card-slot into which a SIM card can be inserted and ejected like a diskette or PCMCIA card. The SIM card can have approximately 64K of memory and hold many key configuration 951, and other information 953 such as identification, and subscriber related information.
When required network registration or activation procedures have been completed, mobile station 900 may send and receive communication signals over the network 902. Signals received by antenna 916 through communication network 902 are input to receiver 912, which may perform such common receiver functions as signal amplification, frequency down conversion, filtering, channel selection and the like, and in the example system shown in
Mobile station 900 preferably includes processing means such as a microprocessor 938 which controls the overall operation of the device. Communication functions, including at least data and voice communications, are performed through communication subsystem 911. Microprocessor 938 also interacts with further device subsystems such as the display 922, flash memory 924, random access memory (RAM) 926, auxiliary input/output (I/O) subsystems 928, serial port 930, keyboard 932, speaker 934, microphone 936, a short-range communications subsystem 940 and any other device subsystems generally designated as 942.
Some of the subsystems shown in
Operating system software used by the microprocessor 938 is preferably stored in a persistent store such as flash memory 924, which may instead be a read-only memory (ROM) or similar storage element (not shown). Those skilled in the art will appreciate that the operating system, specific device applications, or parts thereof, may be temporarily loaded into a volatile memory such as RAM 926. Received communication signals may also be stored in RAM 926.
As shown, flash memory 924 can be segregated into different areas for both computer programs 958 and program data storage 950, 952, 954 and 956. These different storage types indicate that each program can allocate a portion of flash memory 924 for their own data storage requirements. Microprocessor 938, in addition to its operating system functions, preferably enables execution of software applications on the mobile station. A predetermined set of applications that control basic operations, including at least data and voice communication applications for example, will normally be installed on mobile station 900 during manufacturing. A preferred software application may be a personal information manager (PIM) application having the ability to organize and manage data items relating to the user of the mobile station such as, but not limited to, e-mail, calendar events, voice mails, appointments, and task items. Naturally, one or more memory stores would be available on the mobile station to facilitate storage of PIM data items. Such PIM application would preferably have the ability to send and receive data items, via the wireless network 902. In a preferred embodiment, the PIM data items are seamlessly integrated, synchronized and updated, via the wireless network 902, with the mobile station user's corresponding data items stored or associated with a host computer system. Further applications may also be loaded onto the mobile station 900 through the network 902, an auxiliary I/O subsystem 928, serial port 930, short-range communications subsystem 940 or any other suitable subsystem 942, and installed by a user in the RAM 926 or preferably a non-volatile store (not shown) for execution by the microprocessor 938. Such flexibility in application installation increases the functionality of the device and may provide enhanced on-device functions, communication-related functions, or both. For example, secure communication applications may enable electronic commerce functions and other such financial transactions to be performed using the mobile station 900.
In a data communication mode, a received signal such as a text message or web page download will be processed by the communication subsystem 911 and input to the microprocessor 938, which preferably further processes the received signal for output to the display 922, or alternatively to an auxiliary I/O device 928. A user of mobile station 900 may also compose data items such as email messages for example, using the keyboard 932, which is preferably a complete alphanumeric keyboard or telephone-type keypad, in conjunction with the display 922 and possibly an auxiliary I/O device 928. Such composed items may then be transmitted over a communication network through the communication subsystem 911.
For voice communications, overall operation of mobile station 900 is similar, except that received signals would preferably be output to a speaker 934 and signals for transmission would be generated by a microphone 936. Alternative voice or audio I/O subsystems, such as a voice message recording subsystem, may also be implemented on mobile station 900. Although voice or audio signal output is preferably accomplished primarily through the speaker 934, display 922 may also be used to provide an indication of the identity of a calling party, the duration of a voice call, or other voice call related information for example.
Serial port 930 in
Other communications subsystems 940, such as a short-range communications subsystem, is a further optional component which may provide for communication between mobile station 900 and different systems or devices, which need not necessarily be similar devices. For example, the subsystem 940 may include an infrared device and associated circuits and components or a Bluetooth™ communication module to provide for communication with similarly enabled systems and devices.
When mobile device 900 is used as a UE, protocol stacks 946 include apparatus and a method for a system and method of user equipment state transition.
In the foregoing specification, the disclosure has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the scope of the technique. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.
It is to be noted that the methods as described have actions being carried out in a particular order. However, it would be clear to a person skilled in the art that the order of any actions performed, where the context permits, can be varied and thus the ordering as described herein is not intended to be limiting.
It is also to be noted that where a method has been described it is also intended that protection is also sought for a device arranged to carry out the method and where features have been claimed independently of each other these may be used together with other claimed features.
Furthermore it will be noted that the apparatus described herein may comprise a single component such as a UE or MKS or other user equipment or access network components, a combination of multiple such components for example in communication with one another or a sub-network or full network of such components.
Embodiments have been described herein in relation to the MIKEY-TICKET specification. However the method and apparatus described are not intended to be limited to the specification or the versions thereof referred to herein but may be applicable to current and future versions or other specifications.
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
This application is a continuation of and claims priority to U.S. patent application Ser. No. 13/739,620, filed Jan. 11, 2013, which claims priority to U.S. Provisional Application No. 61/586,074 entitled “System and Method of Lawful Access to Secure Communications,” filed on Jan. 12, 2012, and to U.S. Provisional Application No. 61/622,854 entitled “System and Method of Lawful Access to Secure Communications,” filed on Apr. 11, 2012; the entire contents of both priority applications are hereby incorporated by reference.
Number | Name | Date | Kind |
---|---|---|---|
6823185 | Comer | Nov 2004 | B1 |
7382881 | Uusitalo et al. | Jun 2008 | B2 |
8218456 | Yared | Jul 2012 | B2 |
8400927 | Attanasio et al. | Mar 2013 | B2 |
8448235 | Langham | May 2013 | B2 |
8477730 | Rajagopalan | Jul 2013 | B2 |
8549614 | Kumar | Oct 2013 | B2 |
8625787 | Brusilovsky et al. | Jan 2014 | B2 |
8769288 | Sundaram | Jul 2014 | B2 |
8792505 | Iovieno | Jul 2014 | B2 |
8837737 | Blom | Sep 2014 | B2 |
9143321 | Senese | Sep 2015 | B2 |
20020049913 | Lumme | Apr 2002 | A1 |
20020078384 | Hippelainen | Jun 2002 | A1 |
20030200433 | Stirbu | Oct 2003 | A1 |
20040228362 | Maki | Nov 2004 | A1 |
20050063544 | Uusitalo et al. | Mar 2005 | A1 |
20050149732 | Freeman | Jul 2005 | A1 |
20050152275 | Laurila | Jul 2005 | A1 |
20050254656 | Rose et al. | Nov 2005 | A1 |
20060037041 | Zhang | Feb 2006 | A1 |
20070237144 | Adhikari et al. | Oct 2007 | A1 |
20070297418 | Lee | Dec 2007 | A1 |
20080267395 | Deishi | Oct 2008 | A1 |
20080279705 | Wago et al. | Nov 2008 | A1 |
20090129271 | Ramankutty et al. | May 2009 | A1 |
20090207751 | Attanasio et al. | Aug 2009 | A1 |
20090220091 | Howard | Sep 2009 | A1 |
20090279705 | Sun et al. | Nov 2009 | A1 |
20100185852 | Ogawa et al. | Jul 2010 | A1 |
20100205448 | Tarhan et al. | Aug 2010 | A1 |
20100260141 | Chowdhury et al. | Oct 2010 | A1 |
20100262472 | Gautam et al. | Oct 2010 | A1 |
20100268937 | Blom et al. | Oct 2010 | A1 |
20110032840 | Di Donato | Feb 2011 | A1 |
20110044326 | Tasker et al. | Feb 2011 | A1 |
20110055567 | Sundaram et al. | Mar 2011 | A1 |
20110075675 | Koodli et al. | Mar 2011 | A1 |
20110078281 | Imbimbo | Mar 2011 | A1 |
20110107082 | Blom et al. | May 2011 | A1 |
20110134804 | Maes | Jun 2011 | A1 |
20110141947 | Li et al. | Jun 2011 | A1 |
20110170411 | Wang | Jul 2011 | A1 |
20110170694 | Brusilovsky et al. | Jul 2011 | A1 |
20110206205 | Seleznev et al. | Aug 2011 | A1 |
20110213958 | Lindholm et al. | Sep 2011 | A1 |
20120066496 | Blom et al. | Mar 2012 | A1 |
20120207284 | Tian et al. | Aug 2012 | A1 |
20120254403 | Imbimbo et al. | Oct 2012 | A1 |
20120288092 | Cakulev et al. | Nov 2012 | A1 |
20130182840 | Campagna et al. | Jul 2013 | A1 |
20130182841 | Campagna et al. | Jul 2013 | A1 |
20130182843 | Campagna et al. | Jul 2013 | A1 |
20130286869 | Woelker | Oct 2013 | A1 |
20130288652 | Ciriaco | Oct 2013 | A1 |
20130326631 | Cartmell | Dec 2013 | A1 |
20150074396 | Naslund | Mar 2015 | A1 |
Number | Date | Country |
---|---|---|
2472769 | Jul 2012 | EP |
2007023286 | Mar 2007 | WO |
2010145233 | Dec 2010 | WO |
2011031439 | Mar 2011 | WO |
2011087989 | Jul 2011 | WO |
2011131070 | Oct 2011 | WO |
Entry |
---|
3GPP TS 33.108 V11.1.0; 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Handover Interface for Lawful Interception (LI) (Release 11); Sep. 2011; 194 pages. |
Alcatel-Lucent; “MIKEY-IBAKE and LI Requirements”: Power Point; .2010; 12 pages. |
Alcatel-Lucent; “MIKEY-IBAKE and LI”; 3GPP TSG-SA3LI, SA3#41LI;SA3L111—067; May 10-12, 2011; Philadelphia, US; 6 pages. |
Alcatel-Lucent; “MIKEY-IBAKE and LI Approaches”; SA3LI11—098; Power Point; 2010; 10 pages. |
Alcatel-Lucent; “MIKEY-IBAKE and LI—Open Issues”; Power Point; 2010; 7 pages. |
Alcatel-Lucent; “Pseudo-Random Number Generator LI approach for MIKEY-IBAKE”; 3GPP TSG-SA3LI, SA3#42LI; SA3LI11—100; Aug. 30-Sep. 1, 2011; Malta; 3 pages. |
Alcatel Lucent, Rogers Wireless; “Proposed Table of Contents for the Living Document on LI Solutions for IMS Media Plane Security Based on MIKEY-IBAKE”; 3GPP TSG-SA3LI, SA3#43LI; SA3LI11—124; Nov. 15-17, 2011; San Francisco, California; 3 pages. |
Baugher et al.; “The Secure Real-Time Transport Protocol (SRTP)”; RFC3711; Network Working Group; Mar. 2004; 57 pages. |
Mattsson et al.; “MIKEY-Ticket: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY)”; RFC 6043; Internet Engineering Task Force (IEFT); Mar. 3, 2011; 59 pages. |
McGrew et al.; “Encrypted Key Transport for Secure RTP”; Internet-Draft; Network Working Group; Oct. 26, 2009; 45 pages. |
3GPP TS 33.107, v11.0.0, “Technical Specification Group Services and System Aspects, 3G Security; Lawful interception architecture and functions,” Release 11, Sep. 2011, 136 pages. |
3GPP TS 33.106, v11.1.0, “Technical Specification Group Services and System Aspects, 3G security, Lawful interception requirements,” Release 11, Sep. 26, 2011, 17 pages. |
3GPP TSG-SA3LI, SA3#41LI, SA3L111—083, “MIKEY-IBAKE for LI,” May 10-12, 2011; 6 pages. |
3GPP TS 33.328, v9.2.0, “Universal Mobile Telecommunications System (UMTS); LTE; IP Multimedia Subsystem (IMS) Media Plane Security,” Release 9; Jul. 2010; 44 pages. |
Mattson, J.; Ericsson; Tian; “MIKEY-Ticket: An Additional Mode of Key Distribution in Multimedia Internet KEYing (MIKEY),” draft-mattsson-m1key-t1cket-03, Apr. 8, 2010, ZTE; 55 pages. |
International Search Report and Written Opinion issued in International Application No. PCT/CA2013/050013 dated Apr. 9, 2013; 8 pages. |
International Search Report and Written Opinion issued in international Application No. PCT/CA2013/050014 dated Mar. 27, 2013; 11 pages. |
International Search Report and Written Opinion issued in International Application No. PCT/CA2013/050015 dated Apr. 17, 2013; 9 pages. |
Extended European Search Report in European Application No. 13735922.0, dated Aug. 21, 2015, 6 pages. |
Extended European Search Report In European Application No. 13736421.2, dated Aug. 19, 2015, 7 pages. |
Extended European Search Report in European Application No. 13736112.7, dated Aug. 20, 2015, 5 pages. |
Communication Pursuant to Article 94(3) issued in European Application No. 13736421.2, dated Jun. 30, 2.016. |
Number | Date | Country | |
---|---|---|---|
20160344775 A1 | Nov 2016 | US |
Number | Date | Country | |
---|---|---|---|
61622854 | Apr 2012 | US | |
61586074 | Jan 2012 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 13739620 | Jan 2013 | US |
Child | 15225543 | US |