Method and apparatus for intercepting events in a communication system

US 7,441,271 B2
Filed: 10/20/2005
Issued: 10/21/2008
Est. Priority Date: 10/20/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for intercepting data, comprising:

receiving, at a management server, a connection from a remote client, the connection being initiated by the remote client and established outbound from the remote client;

negotiating a point-to-point encryption scheme with a remote mobile device, the point-to-point encryption scheme negotiated between the management server and the mobile device;

receiving, at the management server, a warrant identifier for a warrant authorizing a legal intercept;

receiving, at the management server, a user identifier identifying an intercept target for the legal intercept associated with the warrant, the intercept target corresponding to the mobile device;

automatically intercepting, at the management server, data received and/or sent by the intercept target identified by the user identifier, wherein the data is intercepted without altering operation of target services that operate on the mobile device;

inspecting packets having the intercepted data to distinguish end-to-end encrypted channel information from other channel information that is encrypted according to the point-to-point encryption scheme negotiated with the mobile device;

preserving encryption that is included on the end-to-end encrypted channel information when received while removing encryption that is included on at least a portion of the other channel information, said other channel information decrypted using a key obtained during the point-to-point encryption scheme negotiation; and

transferring both the decrypted other channel information and the end-to-end channel information from the management server to a remote computer, wherein the management server encrypts at least one of the end-to-end channel information and the decrypted other channel information before said transferring.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An intercept system provides more effective and more efficient compliance with legal intercept warrants. The intercept system can provide any combination of operations that include near-real-time intercept, capture of intercepted data in structured authenticated form, clear text intercept for communications where there is access to encryption keys, cipher text intercept for communications where there is no access to encryption keys, provision of transactional logs to the authorized agency, interception without altering the operation of the target services, and encryption of stored intercepted information.

Citations

14 Claims

1. A method for intercepting data, comprising:
- receiving, at a management server, a connection from a remote client, the connection being initiated by the remote client and established outbound from the remote client;
  
  negotiating a point-to-point encryption scheme with a remote mobile device, the point-to-point encryption scheme negotiated between the management server and the mobile device;
  
  receiving, at the management server, a warrant identifier for a warrant authorizing a legal intercept;
  
  receiving, at the management server, a user identifier identifying an intercept target for the legal intercept associated with the warrant, the intercept target corresponding to the mobile device;
  
  automatically intercepting, at the management server, data received and/or sent by the intercept target identified by the user identifier, wherein the data is intercepted without altering operation of target services that operate on the mobile device;
  
  inspecting packets having the intercepted data to distinguish end-to-end encrypted channel information from other channel information that is encrypted according to the point-to-point encryption scheme negotiated with the mobile device;
  
  preserving encryption that is included on the end-to-end encrypted channel information when received while removing encryption that is included on at least a portion of the other channel information, said other channel information decrypted using a key obtained during the point-to-point encryption scheme negotiation; and
  
  transferring both the decrypted other channel information and the end-to-end channel information from the management server to a remote computer, wherein the management server encrypts at least one of the end-to-end channel information and the decrypted other channel information before said transferring.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1 wherein the encryption that is included on the end-to-end encrypted channel information uses a security association that is kept secret from the management server such that the end-to-end encrypted channel information is kept private with respect to employees associated with the management server.
  - 3. The method according to claim 1 including:
    - combining, at the management device, the end-to-end encrypted channel information of the intercepted data with the decrypted other channel information of the intercepted data in a same log file.
  - 4. The method according to claim 1 including:
    - storing, at the management device, the intercepted data in a structure format that identifies when data was intercepted and at the same time provides authentication that the stored intercepted data has not been altered or deleted.
  - 5. The method according to claim 4 including monitoring communications between the remote client and the mobile device for multiple contiguous time periods.
  - 6. The method according to claim 5 including:
    - generating, using the management server, log files over an intercept period that encompasses multiple contiguous time periods;
      
      storing the log files in a same intercept directory;
      
      inserting the warrant identifier into the intercept directory; and
      
      generating a name for the intercept directory that identifies the intercept target and the intercept period over which the log files were generated.
  - 7. The method according to claim 6 including:
    - encrypting the log files in the intercept directory with an encryption scheme known by an agency issuing the warrant, said encryption performed using the management server that intercepted the data; and
      
      sending the encrypted intercept directory to an electronic mailbox accessible by the agency.
  - 8. The method according to claim 7 including:
    - generating a Cyclic Redundancy Check (CRC) or other digital signature value for all of the log files in the intercept directory;
      
      encrypting the resulting generated value; and
      
      providing the encrypted generated value to the enforcement agency, said encrypted generated value sent in a different communication than the encrypted intercept directory, said encrypted generated value verifying that the log files have not been altered.
  - 9. The method according to claim 1 including:
    - reading an intercept configuration file that contains the warrant identifier, the user identifier, an enforcement agency known encryption key and an electronic mailbox address;
      
      upon reading the intercept configuration file automatically intercepting data received and/or sent by the mobile device;
      
      formatting any intercepted data into log files that identify when the data was intercepted; and
      
      encrypting the log files using the encryption key.
  - 10. The method according to claim 1 wherein the end-to-end encrypted channel information is associated with content and is protected with an end-to-end encryption scheme that is kept secret from any midpoints located on a call path between transmitting and receiving endpoints, and the other channel information is associated with transaction routing information and is protected with the negotiated point-to-point encryption scheme.

11. A communication management system, comprising:
- one or more processors configured to operate as a legal intercept for intercepting data associated with a target user pursuant to a legal warrant, the processors configured to intercept the data without altering the operation of target services that operate on an endpoint associated with the data;
  
  the processors configured to distinguish between encrypted transaction routing information and end-to-end encrypted channel information included in the intercepted data;
  
  the processors further configured to decrypt the transaction routing information without decrypting the end-to-end encrypted channel information; and
  
  the processors further configured to store the decrypted transaction routing information and the end-to-end encrypted channel information in one or more log files;
  
  wherein the processors are configured to identify unencrypted clear channel information included in the intercepted data, and combine the unencrypted clear channel information with the decrypted transaction routing information and the encrypted end-to-end channel information in a same one of the log files;
  
  wherein the processors are configured to encrypt the unencrypted clear channel information, the decrypted transaction routing information and the end-to-end encrypted channel information before being stored in the log file.
- View Dependent Claims (12, 13, 14)
- - 12. The system according to claim 11 wherein the end-to-end encrypted channel information is encrypted with a first encryption key that is negotiated between a mobile device and a local network and not revealed to the communication management system.
  - 13. The system according to claim 12 wherein the processors are configured to encrypt the end-to-end encrypted channel information and the decrypted transaction routing information stored in the log files.
  - 14. The system according to claim 11 wherein the transaction routing information includes transaction authentication and routing information and the end-to-end encrypted channel information includes the contents of email messages, electronic files, or other electronic data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seven Networks LLC (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
Seven Networks LLC (FIG LLC (d/b/a Fortress Investment Group LLC))
Inventors
Fiatal, Trevor, Sutaria, Jay, Nanjundeswaran, Sridhar, Bavadekar, Shailesh
Primary Examiner(s)
Moise, Emmanuel L
Assistant Examiner(s)
Abyaneh, Ali S

Application Number

US11/255,291
Publication Number

US 20060093135A1
Time in Patent Office

1,097 Days
Field of Search

726/22, 455/405, 380/250, 380/247, 713/150
US Class Current

726/22
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/30   for supporting lawful inter...

H04L 9/0827   involving distinctive inter...

H04L 9/3247   involving digital signatures

Method and apparatus for intercepting events in a communication system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for intercepting events in a communication system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links