Systems and methods for controlling authorized intercept
First Claim
1. A method of controlling communications intercepts in a communications system comprising the steps of:
- maintaining a list of subscriber unit IDs at a network intercept facility, each subscriber unit ID appearing in encrypted and plain form, and providing an encrypted intercept order from the network intercept facility to the communications system, the encrypted intercept order comprising the encrypted form of the subscriber unit ID assigned to a subscriber unit whose communication is desired to be intercepted and wherein the encrypted intercept order is encrypted separately from the encrypted subscriber unit ID.
3 Assignments
0 Petitions
Accused Products
Abstract
Authorized intercepts of communications in a communications system such as a satellite communications system (10) are controlled. Each law enforcement agency (LEA) can only intercept communications to subscriber units (SUs) within its jurisdiction. In addition, the identity of each authorized intercept target is known only to the requesting LEA. In one embodiment, a trusted entity, such as a network operations facility (NOF 22, FIG. 3), creates a list of ID'"'"'s corresponding to all SUs within each LEA'"'"'s jurisdiction. Each SU ID is provided both unencrypted and encrypted for one or more network nodes (NN 1-R, FIG. 3). A network intercept facility (IF 201, FIG. 3) selects a target SU ID, generates an intercept order encrypted for one or more NNs, and sends it to one or more NNs for execution.
-
Citations
25 Claims
-
1. A method of controlling communications intercepts in a communications system comprising the steps of:
-
maintaining a list of subscriber unit IDs at a network intercept facility, each subscriber unit ID appearing in encrypted and plain form, and providing an encrypted intercept order from the network intercept facility to the communications system, the encrypted intercept order comprising the encrypted form of the subscriber unit ID assigned to a subscriber unit whose communication is desired to be intercepted and wherein the encrypted intercept order is encrypted separately from the encrypted subscriber unit ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
decrypting the encrypted intercept order that includes the encrypted subscriber unit ID.
-
-
5. The method recited in claim 4 and further comprising the steps of:
-
the network node attempting to decrypted subscriber unit ID;
if successful, the network node executing the intercept order; and
if not successful, the network node not executing the intercept order.
-
-
6. The method recited in claim 2 and further comprising:
a network intercept facility transmitting the intercept order encrypted for a network node in the communications system, the subscriber unit ID within the encrypted intercept order being encrypted by the network operations facility for the network node.
-
7. The method recited in claim 6 and further comprising:
the network node decrypting the encrypted intercept order that includes the encrypted subscriber unit ID.
-
8. The method recited in claim 7 and further comprising:
-
the network node attempting to decrypt the encrypted subscriber unit ID;
if successful, the network node executing the intercept order; and
if not successful, the network node not executing the intercept order.
-
-
9. The method recited in claim 8 wherein the operations are performed in the order recited.
-
10. A communications system comprising at least one data processing system executing at least one computer program controlling intercepts in the communications system, the at least one computer program when executed comprising the operations of:
-
maintaining a list of subscriber unit IDs, each subscriber unit ID appearing in encrypted and plain form, and providing an encrypted intercept order from the data processing system to the communications system, the encrypted intercept order comprising an encrypted subscriber unit ID assigned to a subscriber unit whose communication is desired to be intercepted, and wherein the encrypted intercept order is encrypted separately from the encrypted subscriber unit ID. - View Dependent Claims (11, 12, 13, 14, 15, 16)
a network operations facility that generates the list of subscriber unit IDs based in part upon location data for each subscriber unit whose subscriber unit ID appears on the list, and in part upon a boundary of a jurisdiction within which a communication intercept is authorized.
-
-
12. The communications system recited in claim 11 and further comprising:
network intercept facility that receives the list of subscriber unit IDs from the network operations facility, the network intercept facility generating the encrypted intercept order.
-
13. The communications system recited in claim 12 and further comprising:
a network node that receives the encrypted intercept order from the network intercept facility.
-
14. The communications system of claim 13 and further comprising:
a network management facility coupled between the network intercept facility and the network node.
-
15. The communications system recited in claim 13 wherein the network node decrypts the encrypted intercept order that includes the encrypted subscriber unit ID.
-
16. The communications system recited in claim 15 wherein if the network node decrypts the encrypted subscriber unit ID in the intercept order, it executes the intercept order.
-
17. A communications facility adapted to be used in a communications system in which communications intercepts are executed, the communications facility comprising:
-
at least one data processing system; and
a computer-readable data structure, accessible by the at least one data processing system, and comprising a list of subscriber unit IDs, each subscriber unit ID appearing in encrypted and plain form; and
a computer program executable by the at least one data processing system to thereby generate an intercept order to intercept a communication with a subscriber unit whose subscriber unit ID is in the computer-readable data structure, wherein the intercept order comprises the encrypted form of the subscriber unit ID of the subscriber unit, and wherein the intercept order is encrypted separately from the subscriber unit ID. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A computer-readable medium comprising at least one computer program adapted for use in a communications system in which communications are intercepted, the at least one computer program when executed comprising the steps of:
-
attempting to decrypt an encrypted intercept order received from an entity within the communications system, the encrypted intercept order comprising an encrypted subscriber unit ID, wherein the encrypted subscriber unit ID is encrypted in part based upon location data and in part based upon a boundary of a jurisdiction within which a communications intercept is authorized;
if successful, decrypting the encrypted subscriber unit ID contained within the intercept order and executing the intercept order to thereby intercept information that is communicated to and from a subscriber unit having the decrypted subscriber unit ID; and
if not successful, not executing the intercept order. - View Dependent Claims (24)
directing intercepted information to the entity.
-
-
25. A method of performing a lawful intercept of a subscriber unit operating within a communications system, wherein the subscriber unit has a subscriber unit ID assigned by a network operations facility, the method comprising the steps of:
-
receiving encrypted intercept order from an intercept facility;
decrypting the encrypted intercept order with a key associated with the intercept facility to produce a decrypted intercept orders;
extracting the subscriber unit ID in encrypted form from the decrypted intercept order;
decrypting the subscriber unit ID with a key associated with the network operations facility; and
performing the lawful intercept of the subscriber unit identified by the decrypted subscriber unit ID.
-
Specification