Method and apparatus for intercepting events in a communication system
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04K-001/00
G06F-011/00
출원번호
UP-0211790
(2008-09-16)
등록번호
US-7680281
(2010-04-21)
발명자
/ 주소
Fiatal, Trevor
Sutaria, Jay
Nanjundeswaran, Sridhar
Bavadekar, Shailesh
출원인 / 주소
Seven Networks, Inc.
대리인 / 주소
Stolowitz Ford Cowger LLP
인용정보
피인용 횟수 :
103인용 특허 :
98
초록▼
An intercept system provides more effective and more efficient compliance with legal intercept warrants. The intercept system can provide any combination of operations that include near-real-time intercept, capture of intercepted data in structured authenticated form, clear text intercept for commun
An intercept system provides more effective and more efficient compliance with legal intercept warrants. The intercept system can provide any combination of operations that include near-real-time intercept, capture of intercepted data in structured authenticated form, clear text intercept for communications where there is access to encryption keys, cipher text intercept for communications where there is no access to encryption keys, provision of transactional logs to the authorized agency, interception without altering the operation of the target services, and encryption of stored intercepted information.
대표청구항▼
The invention claimed is: 1. A method for intercepting data, comprising: receiving, at a management server, a connection from a remote client, the connection being initiated by the remote client and established outbound from the remote client; negotiating a point-to-point encryption scheme with a r
The invention claimed is: 1. A method for intercepting data, comprising: receiving, at a management server, a connection from a remote client, the connection being initiated by the remote client and established outbound from the remote client; negotiating a point-to-point encryption scheme with a remote mobile device, the point-to-point encryption scheme negotiated between the management server and the remote mobile device; receiving, at the management server, a value identifying an intercept target for a legal intercept and an indication that interception is authorized by a warrant, the intercept target corresponding to the remote mobile device; automatically intercepting, at the management server, data received and/or sent by the intercept target identified by the value, wherein data is intercepted without altering operation of email application services that operate on the remote mobile device; inspecting packets having the intercepted data to distinguish end-to-end encrypted information from other information that is encrypted according to the point-to-point encryption scheme negotiated with the remote mobile device; preserving encryption that is included on the end-to-end encrypted information when received while removing encryption that is included on at least a portion of the other information, said other information decrypted using a key obtained during the point-to-point encryption scheme negotiation; and transferring both the decrypted other information and the end-to-end information from the management server to a remote device. 2. The method of claim 1, wherein the packets are intercepted during a requested time period, and the method further comprises: formatting the data that is intercepted during the requested time period and associated with the target user into one or more first log files, each of the first log files corresponding to a different time segment occurring during the requested time period and indicating one or more intercept events for its corresponding time segment; and formatting one or more second different log files associated with the requested time period, the second log files indicating inactivity and corresponding to different remaining time segments that occur during the requested time period and that are unrepresented by the first log files that indicate the intercept events such that the first and second log files record monitoring for the entire requested time period independently of whether the data is intercepted intermittently during the requested time period. 3. The method of claim 2, wherein the data is intercepted according to an intercept configuration file that includes at least a unique intercept identifier and a user ID identifying the target user. 4. The method of claim 2, wherein the log files record an unbroken sequence of continuous monitoring over the requested time period independently of whether the data is intercepted intermittently. 5. The method of claim 2, further comprising transferring the log files to the remote device. 6. The method of claim 2, further comprising formatting the log files with different time values usable for verifying that communications from the remote mobile device were continuously monitored during the requested time period regardless of whether the data was intercepted intermittently. 7. The method according to claim 1, wherein the encryption that is included on the end-to-end encrypted information uses a security association that is kept secret from the management server such that the end-to-end encrypted information is kept private with respect to employees associated with the management server. 8. The method of claim 1, further comprising determining whether to encrypt at least one of the end-to-end information and the decrypted information prior to said transferring. 9. The method according to claim 1, further comprising: combining, at the management server, the end-to-end encrypted information of the intercepted data with the decrypted other information of the intercepted data in a same log file. 10. The method according to claim 1, further comprising: storing, at the management server, the intercepted data in a structure format that identifies when the data was intercepted and at the same time provides authentication that the stored intercepted data has not been altered or deleted. 11. The method according to claim 10, further comprising monitoring communications between the remote client and the remote mobile device for multiple contiguous time periods. 12. The method according to claim 11, further comprising: generating, using the management server, log files over an intercept period that encompasses the multiple contiguous time periods; storing the log files in a same intercept directory; inserting a warrant identifier received together with the value into the intercept directory; and generating a name for the intercept directory that identifies the intercept target and the intercept period over which the log files were generated. 13. The method according to claim 12, further comprising: encrypting the log files in the intercept directory with an encryption scheme known by an agency issuing the warrant, said encryption performed using the management server that intercepted the data; and sending the encrypted intercept directory to an electronic mailbox accessible by the agency. 14. The method according to claim 13, further comprising: generating a Cyclic Redundancy Check (CRC) or other digital signature value for all of the log files in the intercept directory; encrypting the resulting generated value; and providing the encrypted generated value to the enforcement agency, said encrypted generated value sent in a different communication than the encrypted intercept directory, said encrypted generated value verifying that the log files have not been altered. 15. The method according to claim 1, further comprising: reading an intercept configuration file that contains a warrant identifier, the value identifying the user, an enforcement agency known encryption key and an electronic mailbox address; upon reading the intercept configuration file automatically intercepting data received and/or sent by the remote mobile device; formatting any intercepted data into log files that identify when the data was intercepted; and encrypting the log files using the encryption key. 16. The method according to claim 1, wherein the end-to-end encrypted information is associated with content and is protected with an end-to-end encryption scheme that is kept secret from any midpoints located on a call path between transmitting and receiving endpoints, and the other information is associated with transaction routing information and is protected with the negotiated point-to-point encryption scheme. 17. A communication management system, comprising: a management server configured to receive a connection initiated by a remote client and established outbound from the remote client; the management server configured to negotiate a point-to-point encryption scheme with a remote mobile device, the point-to-point encryption scheme negotiated between the management server and the remote mobile device; the management server configured to receive a value identifying an intercept target for a legal intercept and an indication that interception is authorized by a warrant, the intercept target corresponding to the remote mobile device; the management server configured to automatically intercept data received and/or sent by the intercept target identified by the value, wherein the data is intercepted without altering operation of email application services that operate on the remote mobile device; the management server configured to inspect packets having the intercepted data to distinguish end-to-end encrypted information from other information that is encrypted according to the point-to-point encryption scheme negotiated with the remote mobile device; the management server configured to preserve encryption that is included on the end-to-end encrypted information when received while removing encryption that is included on at least a portion of the other information, said other information decrypted using a key obtained during the point-to-point encryption scheme negotiation; and the management server configured to transfer both the decrypted other information and the end-to-end information from the management server to a remote device. 18. The communication management system of claim 17, further comprising: the management server configured to automatically format the intercepted data into log files; the management server configured to generate multiple log files that identify any intercepted data for associated contiguous predetermined time periods extending over a continuous intercept period; and the management server configured to generate the log files for back-to-back time periods, the management server further configured to generate each log file by selecting between inserting the intercepted data and an inactivity indication therein such that each of the log files contains at least one selected from the group comprising the intercepted data for the associated time period and an indication that no data was intercepted during the associated time period. 19. The communication management system of claim 18, further comprising: the management server is configured to select a same duration for the time periods according to selectable time interval values included in an intercept configuration file. 20. The communication management system of claim 18, further comprising: the management server configured to encrypt the log files according to an encryption key known by an enforcement agency associated with the warrant before emailing the encrypted log files to a mailbox for the enforcement agency. 21. The communication management system of claim 18, further comprising: the management server configured to identify a first portion of the intercepted data encrypted using a first known security association for which the management server has knowledge of the encryption key and identify a second portion of the intercepted data encrypted using a second unknown security association, the management server configured to decrypt and store the first portion of the intercepted data into an associated one of the log files and combine the encrypted second portion of the intercepted data with the decrypted first portion of the intercepted data in the same associated log file. 22. The communication management system of claim 21, wherein the first portion of the intercepted data is encrypted with a known point-to-point encryption key and the second portion of the intercepted data is encrypted with an unknown end-to-end encryption key. 23. The communication management system of claim 21, further comprising: the management server is configured to encrypt both the decrypted first portion of the intercepted data and the second encrypted portion of the intercepted data. 24. The communication management system of claim 21, wherein the first portion of the intercepted data includes transaction authentication and routing information and the second portion of the intercepted data includes the contents of email messages, electronic files, or other electronic data. 25. The communication management system of claim 17, wherein the management server is configured to process communications exchanged between a local device operating in an enterprise or local network and a mobile wireless device that synchronizes with a portion of the data in the local device.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (98)
Agrawal Prathima ; Kishore Shalinee ; Sivalingam Krishna M., Adaptive frequency channel assignment based on battery power level in wireless access protocols.
Gabbe John D. (Little Silver NJ) Judice Charles N. (Lincroft NJ) London Thomas B. (Tinton Falls NJ), Associative information retrieval continuously guided by search status feedback.
Nakada Masahiro (Kawasaki JPX) Utsumi Kenichi (Kawasaki JPX) Tsubokura Takashi (Kawasaki JPX) Nakahara Masaru (Kawasaki JPX) Itami Satoshi (Kawasaki JPX) Suzuki Hiroshi (Kawasaki JPX) Miyabe Kyouko (, Character string retrieval system using index and unit for making the index.
Warrier, Unnikrishnan S.; Lam, Anne T.; Rosado, Carlos; Ramanujam, Gopalakrishnan, Communication system and method for minimizing international roaming costs.
Rybicki Steve G. (Mountain View CA) Palmer Dale L. (Fremont CA), Connection resource manager displaying link-status information using a traffic light iconic representation.
Freund Gregor P. (San Francisco CA) Kahn Philippe R. (Scotts Valley CA) Lee Sonia (Scotts Valley CA), Databank system with methods for efficiently storing non-uniform data records.
Miller William L. (Chagrin Falls OH) Horton Robert E. (Hudson OH) Hayward Peter J. (Hudson OH), Database access machine for factory automation network.
Smith Jeffrey C. ; Bandini Jean-Christophe, Electronic document delivery system in which notification of said electronic document is sent to a recipient thereof.
Noble William B. (Santa Monica CA) Patel Bhadra K. (Anaheim CA) Wang Jenny K. (Cerritos CA), Federated information management (FIM) system and method for providing data site filtering and translation for heterogen.
MacDoran Peter F. ; Mathews Michael B. ; Ziel Fred A. ; Gold Kenn L. ; Anderson Steven M. ; Coffey Mark A. ; Denning Dorothy E., Method and apparatus for authenticating the location of remote users of networked computing systems.
Gennaro Rosario ; Karger Paul Ashley ; Matyas ; Jr. Stephen Michael ; Peyravian Mohammad ; Safford David Robert ; Zunic Nevenko, Method and apparatus for verifiably providing key recovery information in a cryptographic system.
Hawkins Jeffrey C. ; Boyer Monty ; Sipher Joe ; Tzeng Lih-Shyng ; Kucala Greg, Method and apparatus using a pass through personal computer connected to both a local communication link and a computer network for indentifying and synchronizing a preferred computer with a portable.
Grabelsky,David; Borella,Michael S.; Sidhu,Ikhlaq; Nessett,Danny M., Method and system for distributed network address translation with network security features.
Janis Frederick L. (Keller TX), Method and system for providing user access control within a distributed data processing system by the exchange of acces.
Durbin,Winnie C.; Schmidt,John L.; Precord,David; Minogue,Michael; Christanday,Geoffrey; Davantes,Esmeraldo; Keen,Bobby, Method and system to grant access to software options resident on a medical imaging device.
Wechselberger Anthony J. (San Diego CA) Bluestein Leo I. (Rancho Bernardo CA) Jedynak Leo (San Diego CA) Drake David A. (Escondido CA) Simpson Larry W. (Poway CA), Multi-layer encryption system for the broadcast of encrypted information.
Aronov Alex M. ; Munagala Narsimha R. ; Ortiz de Montellano Paul R. ; Kuntz Irwin D. ; Wang Ching C., Substituted 4-phthalimidocarboxanilides as inhibitors of purine salvage phosphoribosyltransferases.
Riggins Mark D. ; Bailes R. Stanley ; Bui Hong O. ; Cowan David I. ; Mendez Daniel I. ; Ng Mason ; Quinlan Sean Michael ; Wagle Prasad ; Ying Christine C. ; Zuleeg Christopher R. ; Aptekar-Strober Jo, System and method for globally accessing computer services.
Mendez, Daniel J.; Riggins, Mark D.; Wagle, Prasad; Bui, Hong Q.; Ng, Mason; Quinlan, Sean Michael; Ying, Christine C.; Zuleeg, Christopher R.; Cowan, David J.; Aptekar-Strober, Joanna A.; Bailes, R., System and method for globally and securely accessing unified information in a computer network.
Hossain K. Omar (Midland MI) Whyte James J. (Mount Pleasant MI), System and method for maintaining codes among distributed databases using a global database.
DeJaco, Andrew P.; Han, Charles S., System and method for preparing and sending an electronic mail communication using a wireless communications device.
Gossman William E. ; Hartmaier Peter J., System and method for providing data to a wireless device upon detection of activity of the device on a wireless network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for securely synchronizing multiple copies of a workspace element in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for securely synchronizing multiple copies of a workspace element in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for synchronizing electronic mail between a client site and a central site.
Ng Mason ; Quinlan Sean Michael ; Ruan Tom ; Mendez Daniel J. ; Zhu Jing ; Cheng ; Jr. Martin ; Williams Matt ; Riggins Mark D., System and method for updating a remote database in a network.
Mendez Daniel J. ; Riggins Mark D. ; Wagle Prasad ; Ying Christine C., System and method for using a global translator to synchronize workspace elements across a network.
Chang Albert (Austin TX) Neuman Grover H. (Austin TX) Shaheen-Gouda Amal A. (Austin TX) Smith Todd A. (Austin TX), System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networ.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
Seazholtz John W. ; Farris Robert D., Use of cellular digital packet data (CDPD) communications to convey system identification list data to roaming cellular subscriber stations.
Cary Richard W. (Los Gatos CA) Guyon Richard D. (Mountain View CA), Version management system using plural control fields for synchronizing two versions of files in a multiprocessor system.
Fiatal, Trevor A.; Boynton, Lee R.; Burke, Scott M.; Gustafson, Brian D.; Raj, Binu; Alvarado, William; Benitez, Juan; Duncan, Fred J., Connection architecture for a mobile network.
Luna, Michael; Ponomarenko, Andrei, Distributed system for cache defeat detection and caching of content addressed by identifiers intended to defeat cache.
Luna, Michael, Dynamic bandwidth adjustment for browsing or streaming activity in a wireless network based on prediction of user behavior when interacting with mobile applications.
Bott, Ross, Enhanced customer service for mobile carriers using real-time and historical mobile application and traffic or optimization data associated with mobile devices in a mobile network.
Brown, David Andrew; Little, Herbert Anthony; Celaya, Marcel Luis, Method, system and apparatus for enabling access of a first mobile electronic device to at least one network accessible by a second mobile electronic device.
Luna, Michael, Mobile device and method to utilize the failover mechanism for fault tolerance provided for mobile traffic management and network/device resource conservation.
Alisawi, Rami, Mobile device equipped with mobile network congestion recognition to make intelligent decisions regarding connecting to an operator network.
Luna, Michael, Mobile device having content caching mechanisms integrated with a network operator for traffic alleviation in a wireless network and methods therefor.
Fiatal, Trevor A.; Boynton, Lee R.; Burke, Scott M.; Gustafson, Brian D.; Raj, Binu; Alvarado, William; Benitez, Juan; Duncan, Fred J., Mobile device power management in data synchronization over a mobile network with or without a trigger notification.
Backholm, Ari; Bott, Ross; Luna, Michael, Mobile network reporting and usage analytics system and method aggregated using a distributed traffic optimization system.
Wendling, Michael; Kokhanovskyi, Andrii; Backholm, Ari; Bott, Ross, Optimized and selective management of policy deployment to mobile clients in a congested network to prevent further aggravation of network congestion.
Backholm, Ari; Luna, Michael; Pan, Yixin, Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol.
Backholm, Ari; Luna, Michael; Pan, Yixin, Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol.
Sutaria, Jay; Nanjundeswaran, Sridhar; Gustafson, Brian; van Gent, Robert, System and method for tracking billing events in a mobile wireless network for a network operator.
Luna, Michael, System of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.