Passive System for Recovering Cryptography Keys

US 20110150211A1
Filed: 12/22/2009
Published: 06/23/2011
Est. Priority Date: 12/22/2009
Status: Active Grant

First Claim

Patent Images

1. A system for use in collecting and decrypting encrypted wireless signals in a wireless communications network (WCN), comprising:

a first passive probe installed on a first interface and configured to monitor messaging possessing encryption keys;

a second passive probe, wherein the second passive probe comprises a wireless network monitor (WNM) configured to monitor transmissions between a WCN base station and a mobile device; and

a correlation processor operatively coupled to the first and second probes and configured to compare information received by each probe and to determine the encryption key, wherein the encryption key is useful to decrypt transmissions between the mobile device and the WCN base station.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Modern cellular wireless communications providers strive to keep their network and subscribers secure through various means. The identity of the subscriber may be obfuscated through the use of a temporary identifier for most network transactions including signaling events, voice calls, SMS messages and data sessions. A subscriber'"'"'s unique identity may only be transmitted over the air in an encrypted form. Similarly, the content of voice calls, SMS messages and data sessions may also be encrypted when transmitted over the air and even when transferred over internal network interfaces. However, the use of encryption presents significant challenges for law enforcement communities when court ordered lawful intercept is required to monitor and locate subscribers utilizing the wireless networks for illegal and/or terrorist purposes. A technique to aid in the determination of a subscriber'"'"'s unique wireless identity and the decryption of encrypted signals would be very useful for lawful intercept. In this document we describe an architecture and technique to aid in the decryption of encrypted wireless signals for lawful intercept by determining the current encryption key. It may also be used to decrypt encrypted signals on internal interfaces of the wireless and wireline networks.

Citations

32 Claims

1. A system for use in collecting and decrypting encrypted wireless signals in a wireless communications network (WCN), comprising:
- a first passive probe installed on a first interface and configured to monitor messaging possessing encryption keys;
  
  a second passive probe, wherein the second passive probe comprises a wireless network monitor (WNM) configured to monitor transmissions between a WCN base station and a mobile device; and
  
  a correlation processor operatively coupled to the first and second probes and configured to compare information received by each probe and to determine the encryption key, wherein the encryption key is useful to decrypt transmissions between the mobile device and the WCN base station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A system as recited in claim 1, wherein said first interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC).
  - 3. A system as recited in claim 1, wherein the system is configured to determine encryption keys of the WCN in accordance with at least one of:
    - Global System for Mobility (GSM), Universal Mobile Telephone System (UMTS), and the Long Term Evolution (LTE).
  - 4. A system as recited in claim 1, wherein the first passive probe comprises a passive tap for obtaining a replica of signal voltages on the first interface;
    - a buffer memory for buffering replica signals;
      
      a central processor; and
      
      an outbound communications processor;
      
      wherein the central processor is configured to parse signals and pass them out through the outbound communications interface to the correlation processor.
  - 5. A system as recited in claim 4, wherein the passive tap comprises a digital access and cross-connect system (DACS) external to the first passive probe.
  - 6. A system as recited in claim 1, wherein the second passive probe comprises a radio network monitor (RNM).
  - 7. A system as recited in claim 6, wherein the RNM comprises:
    - a digital uplink receiver and a digital downlink receiver;
      
      buffer memory coupled to each of the digital uplink and downlink receivers, wherein digital outputs of the uplink and downlink receivers interface to the buffer memory for storage of signals to accommodate for latency in determining the encryption key; and
      
      first and second signal processors coupled to the buffer memory, wherein at least one of the signal processors performs digital signal processing functions on the uplink and downlink signals received, said functions including at least in-phase and quadrature detection, downconversion to baseband, filtering, fine tuning, detection and demodulation of the received signals for recovery of parameters for use in correlation in the correlation processor.
  - 8. A system as recited in claim 7, wherein at least one of the signal processors further performs decryption of encrypted signals with the encryption key from the correlation processor.
  - 9. A system as recited in claim 7, wherein the RNM further comprises a timing receiver configured to provide a time and frequency reference as well as the location of the RNM as latitude and longitude values.
  - 10. A system as recited in claim 1, wherein the correlation processor comprises:
    - a first communications interface;
      
      a first buffer memory coupled to the first communications interface;
      
      a second communications interface;
      
      a second buffer memory coupled to the second communications interface;
      
      a central processor coupled to the first and second buffer memories; and
      
      a third communications interface coupled to the central processor;
      
      wherein the correlation processor is configured to;
      
      receive signals from the first passive probe via the first communications interface;
      
      receive signals from the second passive probe via the second communications interface; and
      
      based on the received signals to determine a current encryption key for the mobile device.
  - 11. A system as recited in claim 10, wherein the correlation processor is configured to take data from each buffer memory, to compare a challenge parameter and a challenge response parameter, and to find an encryption vector with the same challenge parameter and challenge response parameter, wherein the encryption vector contains the challenge parameter, the challenge response parameter and the encryption key for the mobile device.
  - 12. A system as recited in claim 10, wherein the correlation processor is configured to take data from each buffer memory, to compare a challenge response parameter, and to find an encryption vector with the same challenge response parameter, wherein the encryption vector contains the challenge parameter, the challenge response parameter and the encryption key for the mobile device.
  - 13. A system as recited in claim 11, wherein the central processor is further configured to provide at least one of a unique identity and temporary identity of the mobile device.
  - 14. A system as recited in claim 12, wherein the central processor is further configured to provide information including cellular location and channel information for tuning of network-based wireless location system receivers.
  - 15. A system as recited in claim 1, wherein:
    - the first interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC);
      
      the system is configured to determine encryption keys of the WCN in accordance with at least one of;
      
      Global System for Mobility (GSM), Universal Mobile Telephone System (UMTS), and the Long Term Evolution (LTE);
      
      the first passive probe comprises a passive tap for obtaining a replica of signal voltages on the first interface;
      
      a buffer memory for buffering replica signals;
      
      a central processor; and
      
      an outbound communications processor;
      
      wherein the central processor is configured to parse signals and pass them out through the outbound communications interface to the correlation processor; and
      
      wherein the passive tap comprises a digital access and cross-connect system (DACS) external to the first passive probe;
      
      the second passive probe comprises a radio network monitor (RNM), and wherein the RNM comprises;
      
      a digital uplink receiver and a digital downlink receiver;
      
      buffer memory coupled to each of the digital uplink and downlink receivers, wherein digital outputs of the uplink and downlink receivers interface to the buffer memory for storage of signals to accommodate for latency in determining the encryption key; and
      
      first and second signal processors coupled to the buffer memory, wherein at least one of the signal processors performs digital signal processing functions on the uplink and downlink signals received, said functions including at least in-phase and quadrature detection, downconversion to baseband, filtering, fine tuning, detection and demodulation of the received signals for recovery of parameters for use in correlation in the correlation processor; and
      
      wherein at least one of the signal processors further performs decryption of encrypted signals with the encryption key from the correlation processor; and
      
      wherein the RNM further comprises a timing receiver configured to provide a time and frequency reference as well as the location of the RNM as latitude and longitude values; and
      
      the correlation processor comprises;
      
      a first communications interface;
      
      a first buffer memory coupled to the first communications interface;
      
      a second communications interface;
      
      a second buffer memory coupled to the second communications interface;
      
      a central processor coupled to the first and second buffer memories; and
      
      a third communications interface coupled to the central processor;
      
      wherein the correlation processor is configured to;
      
      receive signals from the first passive probe via the first communications interface;
      
      receive signals from the second passive probe via the second communications interface; and
      
      based on the received signals to determine a current encryption key for the mobile device; and
      
      wherein the correlation processor is configured to take data from each buffer memory, to compare a challenge parameter and a challenge response parameter, and to find an encryption vector with the same challenge parameter and challenge response parameter, wherein the encryption vector contains the challenge parameter, the challenge response parameter and the encryption key for the mobile device;
      
      wherein the central processor is further configured to provide at least one of a unique identity and temporary identity of the mobile device; and
      
      wherein the central processor is further configured to provide information including cellular location and channel information for tuning of network-based wireless location system receivers.
  - 16. A system as recited in claim 1, wherein:
    - the first interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC);
      
      the system is configured to determine encryption keys of the WCN in accordance with at least one of;
      
      Global System for Mobility (GSM), Universal Mobile Telephone System (UMTS), and the Long Term Evolution (LTE);
      
      the first passive probe comprises a passive tap for obtaining a replica of signal voltages on the first interface;
      
      a buffer memory for buffering replica signals;
      
      a central processor; and
      
      an outbound communications processor;
      
      wherein the central processor is configured to parse signals and pass them out through the outbound communications interface to the correlation processor; and
      
      wherein the passive tap comprises a digital access and cross-connect system (DACS) external to the first passive probe;
      
      the second passive probe comprises a radio network monitor (RNM), and wherein the RNM comprises;
      
      a digital uplink receiver and a digital downlink receiver;
      
      buffer memory coupled to each of the digital uplink and downlink receivers, wherein digital outputs of the uplink and downlink receivers interface to the buffer memory for storage of signals to accommodate for latency in determining the encryption key; and
      
      first and second signal processors coupled to the buffer memory, wherein at least one of the signal processors performs digital signal processing functions on the uplink and downlink signals received, said functions including at least in-phase and quadrature detection, downconversion to baseband, filtering, fine tuning, detection and demodulation of the received signals for recovery of parameters for use in correlation in the correlation processor; and
      
      wherein at least one of the signal processors further performs decryption of encrypted signals with the encryption key from the correlation processor; and
      
      wherein the RNM further comprises a timing receiver configured to provide a time and frequency reference as well as the location of the RNM as latitude and longitude values; and
      
      the correlation processor comprises;
      
      a first communications interface;
      
      a first buffer memory coupled to the first communications interface;
      
      a second communications interface;
      
      a second buffer memory coupled to the second communications interface;
      
      a central processor coupled to the first and second buffer memories; and
      
      a third communications interface coupled to the central processor;
      
      wherein the correlation processor is configured to;
      
      receive signals from the first passive probe via the first communications interface;
      
      receive signals from the second passive probe via the second communications interface; and
      
      based on the received signals to determine a current encryption key for the mobile device; and
      
      wherein the correlation processor is configured to take data from each buffer memory, to compare a challenge response parameter, and to find an encryption vector with the same challenge response parameter, wherein the encryption vector contains the challenge response parameter and the encryption key for the mobile device;
      
      wherein the central processor is further configured to provide at least one of a unique identity and temporary identity of the mobile device; and
      
      wherein the central processor is further configured to provide information including cellular location and channel information for tuning of network-based wireless location system receivers.

17. A system for use in collecting and decrypting encrypted wireless signals in a Global System for Mobility (GSM) wireless communications network (WCN), comprising:
- a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure encryption vectors including RAND and SRES vectors and an encryption key, and to obtain identification and network information including IMSI, MS-ISDN, mobile device country code, network code and system code, whereby an approximate location of a mobile device is determined;
  
  a radio probe for passively monitoring the air interface between the mobile device and at least one WCN base station, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the mobile device a WCN base station; and
  
  a correlation processor operatively coupled to the network and radio probes and configured to compare information received by each probe and to determine the encryption key, wherein the correlation processor is further configured to determine mobile identifiers, collection time stamps and location information, the association of the RAND and SRES vectors collected from the air interface with RAND and SRES obtained from the D interface, and to determine a current encryption key, Kc, for the mobile device.
- View Dependent Claims (18, 19, 20)
- - 18. A system as recited in claim 17, further comprising a decryption processor configured to receive the encryption key from the correlation processor and to use the encryption key to decrypt encrypted information.
  - 19. A system as recited in claim 18, further comprising a lawful intercept monitoring system (LIMS) and a database for storing information from the RNM and the decryption processor.
  - 20. A system as recited in claim 17, wherein the network probe further comprises a tap for monitoring an A interface between a base station controller (BSC) and the MSC or VLR of the WCN.

21. A system for use in collecting and decrypting encrypted wireless signals in a Global System for Mobility (GSM) wireless communications network (WCN), comprising:
- a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure encryption vectors including the SRES challenge response and an encryption key, and to obtain identification and network information including IMSI, MS-ISDN, mobile device country code, network code and system code, whereby an approximate location of a mobile device is determined;
  
  a radio probe for passively monitoring the air interface between the mobile device and at least one WCN base station, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the mobile device a WCN base station; and
  
  a correlation processor operatively coupled to the network and radio probes and configured to compare information received by each probe and to determine the encryption key, wherein the correlation processor is further configured to determine mobile identifiers, collection time stamps and location information, the association of the SRES challenge response collected from the air interface with SRES obtained from the D interface, and to determine a current encryption key, Kc, for the mobile device.
- View Dependent Claims (22, 23, 24)
- - 22. A system as recited in claim 21, further comprising a decryption processor configured to receive the encryption key from the correlation processor and to use the encryption key to decrypt encrypted information.
  - 23. A system as recited in claim 22, further comprising a lawful intercept monitoring system (LIMS) and a database for storing information from the RNM and the decryption processor.
  - 24. A system as recited in claim 21, wherein the network probe further comprises a tap for monitoring an A interface between a base station controller (BSC) and the MSC or VLR of the WCN.

25. A system for use in collecting and decrypting encrypted wireless signals in a Universal Mobile Telephone System (UMTS) wireless communications network (WCN), comprising:
- a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure RAND, XRES, AUTN, encryption key CK, IK encryption parameters and IMSI and MS-ISDN identity parameters contained in signaling over said D interface;
  
  a radio probe for passively monitoring the air interface (U_U) between the UE and a Node B, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the UE and the Node B, and to measure RAND, XRES, AUTN and TMSI parameters contained in the transmissions; and
  
  a correlation processor operatively coupled to the network and radio probes, wherein the RAND, XRES, AUTN and TMSI from the radio probe and the RAND, XRES, AUTN, encryption key CK, IK and IMSI and MS-ISDN from the network probe are passed to the correlation processor for correlation to determine a current CK for the UE, and wherein the CK is passed to a decryption processor for decryption of radio messaging collected by the radio probe.
- View Dependent Claims (26)
- - 26. A system as recited in claim 25, further comprising alternate network probe points including Iu-CS, Iu-PS and Gr interfaces of the WCN.

27. A system for use in collecting and decrypting encrypted wireless signals in a Universal Mobile Telephone System (UMTS) wireless communications network (WCN), comprising:
- a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure XRES, AUTN, encryption key CK, IK encryption parameters and IMSI and MS-ISDN identity parameters contained in signaling over said D interface;
  
  a radio probe for passively monitoring the air interface (U_U) between the UE and a Node B, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the UE and the Node B, and to measure XRES, AUTN and TMSI parameters contained in the transmissions; and
  
  a correlation processor operatively coupled to the network and radio probes, wherein the XRES, AUTN and TMSI from the radio probe and the XRES, AUTN, encryption key CK, IK and IMSI and MS-ISDN from the network probe are passed to the correlation processor for correlation to determine a current CK for the UE, and wherein the CK is passed to a decryption processor for decryption of radio messaging collected by the radio probe.
- View Dependent Claims (28)
- - 28. A system as recited in claim 27, further comprising alternate network probe points including Iu-CS, Iu-PS and Gr interfaces of the WCN.

29. A system for use in collecting and decrypting encrypted wireless signals in a Universal Mobile Telephone System (UMTS) wireless communications network (WCN), comprising:
- a network probe installed on a D interface and configured to monitor messaging possessing encryption keys, wherein said D interface is between a mobile switching center (MSC) or visitor location register (VLR) and a home location register (HLR) or authentication center (AuC) of the WCN, and wherein the network probe is configured to monitor the D interface and to measure XRES encryption key CK, IK encryption parameters and IMSI and MS-ISDN identity parameters contained in signaling over said D interface;
  
  a radio probe for passively monitoring the air interface (U_U) between the UE and a Node B, wherein the radio probe comprises a radio network monitor (RNM) configured to monitor transmissions between the UE and the Node B, and to measure XRES and TMSI parameters contained in the transmissions; and
  
  a correlation processor operatively coupled to the network and radio probes, wherein the XRES, and TMSI from the radio probe and the XRES encryption key CK, IK and IMSI and MS-ISDN from the network probe are passed to the correlation processor for correlation to determine a current CK for the UE, and wherein the CK is passed to a decryption processor for decryption of radio messaging collected by the radio probe.
- View Dependent Claims (30)
- - 30. A system as recited in claim 29, further comprising alternate network probe points including Iu-CS, Iu-PS and Gr interfaces of the WCN.

31. A system for use in collecting encrypted wireless signals in a wireless communications network (WCN) and correlating a control channel assignment to a user identification, for uplink location, comprising:
- a first passive probe installed on a first interface and configured to monitor messaging possessing encryption keys;
  
  a second passive probe, wherein the second passive probe comprises a wireless network monitor (WNM) configured to monitor transmissions between a WCN base station and a mobile device; and
  
  a correlation processor operatively coupled to the first and second probes and configured to compare information received by each probe and to determine a vector, including at least one of a signed response (SRES) generated by the mobile device and a random challenge (RAN) generated by the WCN, and to correlate a control channel assignment to a user identifier.
- View Dependent Claims (32)
- - 32. A system as recited in claim 31, wherein the control channel is a standalone dedicated control channel (SDCCH) of a Global System for Mobility (GSM) WCN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skyhook Holding, Inc. (Liberty Broadband Corp.)
Original Assignee
TruePosition Incorporated
Inventors
Anderson, Robert J.

Granted Patent

US 8,675,863 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/1
CPC Class Codes

H04L 63/30   for supporting lawful inter...

H04W 12/033   of the user plane, e.g. use...

H04W 12/037   of the control plane, e.g. ...

H04W 12/041   Key generation or derivation

H04W 12/80   Arrangements enabling lawfu...

Passive System for Recovering Cryptography Keys

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Passive System for Recovering Cryptography Keys

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links