| 摘要 |
<p>A method of facilitating the legal interception of IP connections, where two or more terminals can communicate with each other over the Internet using IPSec to provide security. The method comprises allocating to each terminal T1,T2 a public/private key pair for use in negotiating IKE and IPSec Security Associations (SAs) with other terminals. Where a terminal T1,T2 is coupled to the Internet via an access network 1,2, the private key of that terminal is stored within the access network at an interception server S1,S2. When an IP connection is initiated to or from a terminal T1,T2 on which a legal interception order has been placed, the private key stored for that terminal T1,T2 within the access network 1,2 is used to intercept the connection.</p> |
