Abstract: Lawful intercept is supported by providing a network communications device target identifiers in encrypted form. Received encrypted target identifiers are stored in a non-volatile storage device. Before communications interception occurs, one or more encrypted target identifiers are loaded into active memory which is secure and not accessible by a network device operating system administrator. A decryption request is sent to a security device and the result loaded into the secure active memory. Plain text target identifier(s) returned by the security device are loaded directly into the active memory without being stored in the operating system administrator accessible storage device. In the case of a reset resulting in the contents of the active memory being lost, the active memory is repopulated by sending decryption requests using the stored encrypted target identifiers to indicate to the security device the target identifiers which need to be decrypted and reloaded into active memory.

Abstract: Methods and apparatus for automatically securing communications between a mediation device (MD) and a law enforcement device, such as an agent’s terminal, to which intercepted communications, e.g., traffic, is sent are described. Based on a desired intercept request to be implemented, a Lawful Interception (LI) administration (admin) device (LID) identifies at least a first mediation device (MD) which will be involved in implementing the intercept request. The LID then proceeds to enable the use of a private certificate authority to automatically generate and provision the MD and a law enforcement device with certificates and private keys via an automated process. Each of the MD and law enforcement device automatically obtain a security certificate and corresponding private key. The security certificates and corresponding private keys are then used, in an automated manner, to establish a mutual TLS connection between the MD and the law enforcement device.

Abstract: Methods and apparatus for automatically securing communications between a point of interception (POI) device and a mediation device (MD), e.g., a lawful interception MD, are described. Based on a desired intercept request to be implemented, a Lawful Interception (LI) administration (admin) device (LID) identifies at least a first mediation device (MD) and point of intercept (POI) device which will be involved in implementing the intercept request. The LI administrator then automatically proceeds to enable the use of a private certificate authority to automatically generate and provision the MD and POI with certificates and private keys, e.g. the MD and POI are each provisioned with a private/public key pair that is then used to support mutual TLS for intercept related communications between the POI and MD. A mutual TLS connection between the MD and POI is automatically established and the used for intercept related communications between the devices.

Abstract: Lawful intercept is supported by providing a network communications device target identifiers in encrypted form. Received encrypted target identifiers are stored in a non-volatile storage device. Before communications interception occurs, one or more encrypted target identifiers are loaded into active memory which is secure and not accessible by a network device operating system administrator. A decryption request is sent to a security device and the result loaded into the secure active memory. Plain text target identifier(s) returned by the security device are loaded directly into the active memory without being stored in the operating system administrator accessible storage device. In the case of a reset resulting in the contents of the active memory being lost, the active memory is repopulated by sending decryption requests using the stored encrypted target identifiers to indicate to the security device the target identifiers which need to be decrypted and reloaded into active memory.

Abstract: Methods and apparatus for filtering lawfully intercepted encrypted traffic are described. A communications service provider network includes a mediation device and a security device. The mediation device receives a provisioned intercept request including a target IP address and one or more unique identifies corresponding to the target. The security device acquires certificates and private keys corresponding to one or more content distribution networks of interest for which intercepted traffic is to be partially or fully discarded. The mediation device receives filtering requests specifying filtering rules to be applied. Intercepted traffic is processed by the mediation device operating in conjunction with the security device to attempt decryption and identify the corresponding CDN network for the intercepted traffic.

Abstract: Lawful intercept is supported by providing a network communications device target identifiers in encrypted form. Received encrypted target identifiers are stored in a non-volatile storage device. Before communications interception occurs, one or more encrypted target identifiers are loaded into active memory which is secure and not accessible by a network device operating system administrator. A decryption request is sent to a security device and the result loaded into the secure active memory. Plain text target identifier(s) returned by the security device are loaded directly into the active memory without being stored in the operating system administrator accessible storage device. In the case of a reset resulting in the contents of the active memory being lost, the active memory is repopulated by sending decryption requests using the stored encrypted target identifiers to indicate to the security device the target identifiers which need to be decrypted and reloaded into active memory.