| 摘要 |
A method of facilitating the legal interception of IP connections, where two or more terminals can communicate with each other over the Internet using IPSec to provide security. The method comprises allocating to each terminal T 1 ,T 2 a public/private key pair for use in negotiating IKE and IPSec Security Associations (SAs) with other terminals. Where a terminal T 1 ,T 2 is coupled to the Internet via an access network 1,2 , the private key of that terminal is stored within the access network at an interception server S 1 ,S 2 . When an IP connection is initiated to or from a terminal T 1 ,T 2 on which a legal interception order has been placed, the private key stored for that terminal T 1 ,T 2 within the access network 1,2 is used to intercept the connection.
|
