From request to seal.

The officer logs into the EasyWarrant officer portal using MFA-enforced credentials (AAL2). They create a new warrant request, enter the required details, and upload the warrant document — which is encrypted immediately on upload using AES-256 with agency-controlled keys.

• Multi-factor authentication (AAL2) enforced at login
• Warrant document encrypted with AES-256 on upload
• Agency-controlled encryption keys via Azure Key Vault
• Warrant request queued in the judge portal automatically
• Full audit event logged: officer ID, timestamp, document hash

EasyWarrant establishes an end-to-end encrypted video session between the officer and judge. Both parties authenticate independently. The session uses DTLS-SRTP for media encryption — no plaintext Criminal Justice Information traverses any external network at any point.

• End-to-end encrypted via DTLS-SRTP (AES for media, DTLS for key exchange)
• Judge authenticates independently via AAL2 MFA
• Session keys generated fresh per session — never reused
• Man-in-the-Middle protection enforced (CJIS SC-23)
• Session timer visible to both parties — CJIS 1-hour inactivity rule enforced

With the video session active, the judge reviews the warrant document within the judge portal. The officer presents sworn testimony over the live video connection. The judge may ask questions, request clarification, or request amendments — all within the encrypted session.

• Warrant document rendered in-browser — no download to judge device required
• Document served via encrypted session — never cached outside the session
• Judge may annotate or request amendments within the portal
• All session activity logged with precise timestamps
• Officer sworn testimony occurs live over the encrypted video channel

The judge approves the warrant and applies a PKI-based e-signature. The signature is issued under an agency-level Certificate Authority and timestamped by a trusted Timestamp Authority (TSA). DocuSign eNotary provides the legally defensible judicial signature workflow.

• PKI e-signature via DocuSign eNotary (CJIS compliance documentation available)
• Judicial signature issued under agency-level CA (CJIS SC-17)
• Trusted TSA timestamp applied at signing — tamper-evident
• Warrant status updated to Sealed in the audit log
• Signed document stored encrypted in Azure Blob Storage (Gov)

The sealed warrant is stored encrypted in US-jurisdiction Azure Government infrastructure. A tamper-evident audit trail covering the complete lifecycle is available for immediate export by the agency. The session terminates and all ephemeral session keys are destroyed.

• Sealed warrant stored in Azure Blob Storage (Gov) — AES-256, US jurisdiction only
• Complete audit trail: officer ID, judge ID, timestamps, document hash, session duration
• Audit log is agency property — exported on demand, not accessible by Brigade Management staff
• Session keys destroyed on session termination
• Retention policy configurable per agency per CJIS requirements