iSolv’s eWarrant product is a secure electronic workflow and authorization solution for online submission and processing of electronic warrants for the purpose of lawful interception (LI) applications.

Law Enforcement Agencies (LEAs) in many countries have traditionally relied on manual and paper-based processes for warrant applications, warrant approvals and serving of warrants to service providers for lawful interception (LI) purposes. This is largely due to the standards bodies not specifying secure electronic processes for handling of LI warrants and the slow adoption of electronic signature technology and implementation of electronic signature legislation in these countries. The manual process did not pose a challenge in the past as only a handful of telecommunication service providers (TSPs) were providing LI services to a handful of law enforcement agencies (LEAs).

However, with the worldwide trends of telecommunication deregulation and the migration of voice to packet-switched networks, the number of TSPs that LEAs have to interact with on LI matters have increased significantly.

The volume of LI requests have also increased which has necessitated the delegation of warrant signing authority from a handful of appointed judges to many regional authorized signatories.

These changes in the environment has posed many new challenges to the LEA manual process, most notably:

- increased logistical complexity in managing increased volumes of warrants and increased number of service providers;

- poorer turnaround times in the authorization process from the judge to the service provider; and

- decreased levels of security as service providers often are not in a position to validate the warrant

  signatories’ authority.

eWarrant addresses these issues by replacing the insecure and manual process with a secure, paperless and online process without compromising on security. 

The solution incorporates public-key infrastructure (PKI), fingerprint biometric and smart card technologies to enhance security of the entire online process. Fingerprint biometric and digital identity authentication is used for all judges, LEAs, service providers and other stakeholders accessing the system.

Full transactional non-repudiation and role-based access control are utilized to ensure the highest level of security and auditability for all system activity i.e. a signatory cannot deny having signed a warrant after the fact. Furthermore, all the electronic communication between the judge, law enforcement agency (LEA) and service provider is secured using X.509 standard digital certificates with TLS session encryption.

Many criteria can be specified within an eWarrant request, including:

- target identity

- targeting information (PSTN number, MSISDN, IMEI, IMSI, email address, IP address, SIP URI etc.)

- network operator

- lawful interception identifier (LIID)

- start date and time

- end date and time

- IRI / CC / Both IRI and CC

- IRI delivery address

- CC delivery address

Smart card and biometric logon to the eWarrant portal is required for all users of the system. The smart card is issued on registration of the user and contains the PKI digital credential and fingerprint verification template for the individual. The security on the smart card is based on the fingerprint i.e. the card is not usable without the corresponding fingerprint being presented to the system.

The eWarrant system is provided with its own user registration station, PKI, fingerprint biometric, smart card management and application database system to provide a fully integrated end-to-end solution for the warrant management process.

The built-in reporting module provides several predefined reports to enable each LEA and each service provider to effectively monitor and manage the warrants and requests under its control. The judges and oversight function have reporting that spans 

across all the LEAs and service providers

The eWarrant system is customizable to suit each customer’s unique warrant process requirements. The warrant process rules are fully customizable and may be configured to increase or decrease the number of signatories required per warrant.

Integration to third-party products may also be undertaken on customer request.

For further information or to arrange a demonstration, please contact us directly.

Key Features & Benefits:

Paperless workflow and electronic authorization from

start to finish to improved turnaround times; no manual delivery

Centralised and secure storage of all active and

completed warrants and new warrant requests

Built-in advanced warrant search and categorization

Role-based portal access control based on fingerprint

biometric and smart card

Fine-grained data access control based on PKI

credential (digital certificate)

Real-time reporting capability on all aspects of the warrant process; useful for oversight structures

Electronic validation of signatories’ identity and authorization by service providers 

Support for multiple signatories, multiple targets and multiple service providers per warrant

Support for multiple LEAs with each having a view limited to its own set of warrants

Support for multiple service providers with each having a view limited to its own set of warrants

Amend or extend existing warrant based on additional authorisation signatures

Tamper evidence on all warrant content

Detailed audit trail of activity on the system based on timestamps and electronic signatures

Customizable workflow rules to address country-specific warrant process requirements

 

Technical Specifications:

Supported OSs (Servers):

Microsoft Windows 2003 Enterprise Server

Novell SuSE Linux 8.1 or later

Sun Solaris 10 or later

 

Supported OSs (Clients):

Microsoft Windows XP, SP2 or later

 

Supported Browsers:

Microsoft Internet Explorer

Netscape Navigator

 

Supported Smart cards:

Oberthur Cosmopolic, 

SchlmbergerSema Flex 

All JavaOS OpenPlatform cards

 

Supported Fingerprint readers:

DigitalPersona U.are.U

Sagem Morphotouch

 

Supported card management systems:

TrustFactory™ CMS

Bull CMS

 

Supported web servers:

Apache 2.0 or later

Microsoft IIS

 

Supported LDAP directories:

OpenLDAP

Microsoft ActiveDirectory

 

Supported databases:

PostGRES

Microsoft SQL Server

Oracle 9i or later

IBM DB2

 

Security:

X.509 compliant digital certificates

RSA key length of up to 1,024-bit (on-card generation)

TLS session encryption with 192-bit 3DES or 128-bit RC4

SHA-1 message hashing

Stateful inspection firewall

Network and host-based Intrusion Detection System (IDS)

Role-based access control (RBAC)