Method and apparatus for intercepting events in a communication system
First Claim
Patent Images
1. A method for intercepting data, comprising:
- receiving, at a management server, a connection from a remote client, the connection being initiated by the remote client and established outbound from the remote client;
negotiating a point-to-point encryption scheme with a remote mobile device, the point-to-point encryption scheme negotiated between the management server and the mobile device;
receiving, at the management server, a warrant identifier for a warrant authorizing a legal intercept;
receiving, at the management server, a user identifier identifying an intercept target for the legal intercept associated with the warrant, the intercept target corresponding to the mobile device;
automatically intercepting, at the management server, data received and/or sent by the intercept target identified by the user identifier, wherein the data is intercepted without altering operation of target services that operate on the mobile device;
inspecting packets having the intercepted data to distinguish end-to-end encrypted channel information from other channel information that is encrypted according to the point-to-point encryption scheme negotiated with the mobile device;
preserving encryption that is included on the end-to-end encrypted channel information when received while removing encryption that is included on at least a portion of the other channel information, said other channel information decrypted using a key obtained during the point-to-point encryption scheme negotiation; and
transferring both the decrypted other channel information and the end-to-end channel information from the management server to a remote computer, wherein the management server encrypts at least one of the end-to-end channel information and the decrypted other channel information before said transferring.
4 Assignments
0 Petitions
Accused Products
Abstract
An intercept system provides more effective and more efficient compliance with legal intercept warrants. The intercept system can provide any combination of operations that include near-real-time intercept, capture of intercepted data in structured authenticated form, clear text intercept for communications where there is access to encryption keys, cipher text intercept for communications where there is no access to encryption keys, provision of transactional logs to the authorized agency, interception without altering the operation of the target services, and encryption of stored intercepted information.
-
Citations
14 Claims
-
1. A method for intercepting data, comprising:
-
receiving, at a management server, a connection from a remote client, the connection being initiated by the remote client and established outbound from the remote client; negotiating a point-to-point encryption scheme with a remote mobile device, the point-to-point encryption scheme negotiated between the management server and the mobile device; receiving, at the management server, a warrant identifier for a warrant authorizing a legal intercept; receiving, at the management server, a user identifier identifying an intercept target for the legal intercept associated with the warrant, the intercept target corresponding to the mobile device; automatically intercepting, at the management server, data received and/or sent by the intercept target identified by the user identifier, wherein the data is intercepted without altering operation of target services that operate on the mobile device; inspecting packets having the intercepted data to distinguish end-to-end encrypted channel information from other channel information that is encrypted according to the point-to-point encryption scheme negotiated with the mobile device; preserving encryption that is included on the end-to-end encrypted channel information when received while removing encryption that is included on at least a portion of the other channel information, said other channel information decrypted using a key obtained during the point-to-point encryption scheme negotiation; and transferring both the decrypted other channel information and the end-to-end channel information from the management server to a remote computer, wherein the management server encrypts at least one of the end-to-end channel information and the decrypted other channel information before said transferring. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A communication management system, comprising:
-
one or more processors configured to operate as a legal intercept for intercepting data associated with a target user pursuant to a legal warrant, the processors configured to intercept the data without altering the operation of target services that operate on an endpoint associated with the data; the processors configured to distinguish between encrypted transaction routing information and end-to-end encrypted channel information included in the intercepted data; the processors further configured to decrypt the transaction routing information without decrypting the end-to-end encrypted channel information; and the processors further configured to store the decrypted transaction routing information and the end-to-end encrypted channel information in one or more log files; wherein the processors are configured to identify unencrypted clear channel information included in the intercepted data, and combine the unencrypted clear channel information with the decrypted transaction routing information and the encrypted end-to-end channel information in a same one of the log files; wherein the processors are configured to encrypt the unencrypted clear channel information, the decrypted transaction routing information and the end-to-end encrypted channel information before being stored in the log file. - View Dependent Claims (12, 13, 14)
-
Specification