Method and system for lawful interception of packet switched network services

US 20040255126A1
Filed: 06/05/2003
Published: 12/16/2004
Est. Priority Date: 06/05/2003
Status: Active Grant

First Claim

Patent Images

1. A method for lawful interception of packet switched network services, comprising the steps of:

when a user accesses the network and is identified by a target-ID at a primary interception point of the network, sending the target-ID to an interception management center, checking at the interception management center whether the user is a lawful interception target and sending an encrypted interception instruction set to a secondary interception point, decrypting said interception instruction set at the secondary interception point and performing an interception process in accordance with the interception instruction set, said interception process including the transmission of encrypted interception and dummy data to a mediation device, wherein said dummy data are added for obscuring true interception traffic between the secondary interception point and the mediation device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for lawful interception of packet switched network services, comprising the steps of:

when a user accesses the network and is identified by a target-ID at a primary interception point of the network, sending the target-ID to an interception management center,

checking at the interception management center whether the user is a lawful interception target and sending an encrypted interception instruction set to a secondary interception point,

decrypting said interception instruction set at the secondary interception point and performing an interception process in accordance with the interception instruction set, said interception process including the transmission of encrypted interception and dummy data to a mediation device, wherein said dummy data are added for obscuring true interception traffic between the secondary interception point and the mediation device.

Citations

14 Claims

1. A method for lawful interception of packet switched network services, comprising the steps of:
- when a user accesses the network and is identified by a target-ID at a primary interception point of the network, sending the target-ID to an interception management center, checking at the interception management center whether the user is a lawful interception target and sending an encrypted interception instruction set to a secondary interception point, decrypting said interception instruction set at the secondary interception point and performing an interception process in accordance with the interception instruction set, said interception process including the transmission of encrypted interception and dummy data to a mediation device, wherein said dummy data are added for obscuring true interception traffic between the secondary interception point and the mediation device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said secondary interception point is identical to said primary interception point.
  - 3. The method of claim 1, wherein the dummy data are generated at random.
  - 4. The method of claim 1, wherein the dummy data are based on actual traffic to or from the pertinent user, but this traffic is scrambled such that, even after decryption, the contents thereof may not be reconstructed at the mediation device.
  - 5. The method of claim 1, comprising a step of sending a continuous stream of camouflage packets from the secondary interception point to the mediation device, said camouflage packets including intercepted data in accordance with the demand and being filled up with dummy data to their full length.
  - 6. The method of claim 1, wherein the interception instruction set includes a “
    - conditional interception instruction”
      
      , instructing the PSSP to send intercept related information or to monitor the traffic associated with the target-ID and start the interception of the complete traffic or a portion of the traffic only when a certain trigger condition occurs, said trigger condition being one of;
      
      usage of certain network or content resources or usage of a certain catchword, virus signature or bit-pattern specified in the interception instruction set.
  - 7. A system for carrying out the method as claimed in claim 1, comprising:
    - at least one interception point formed by a node in the network, an interception management center, and a mediation device serving as an interface between the network and a law enforcement agency for which interception services are provisioned, wherein said at least one interception point is adapted to send a target-ID of a user accessing the network to said interception management center, the interception management center is adapted to send to at least one of said interception points an encrypted interception instruction set to be decrypted at the interception point and enabling the same to perform an interception process in the course of which intercepted data are encrypted and sent to said mediation device, and the at least one interception point is further adapted to generate dummy data and to encrypt and send either the intercepted data or the dummy data or a combination of these, such that the occurrence of intercepted data is obscured.
  - 8. The system of claim 7, wherein the at least one interception point is formed by a node of the network that is situated at a subscriber edge of the network, where end users connect to the network.
  - 9. The system of claim 7, wherein the interception point is a switch adapted to connect end users to an IP or Ethernet network.
  - 10. The system of claim 8, wherein the interception point is a switch adapted to connect end users to an IP or Ethernet network.
  - 11. The system of claim 7, comprising a plurality of interception points connected to the same interception management center.
  - 12. The system of claim 7, wherein said interception management center contains means for communicating with said PSSP according to the RADIUS protocol, and means for intercepting RADIUS messages either directly or using a tapping device (42) in a way that is transparent to a RADIUS server.
  - 13. The system of claim 7, wherein said interception management center contains means for communicating with said PSSP according to the RADIUS protocol, and means for acting as RADIUS proxy server towards the client PSSP and a RADIUS server.
  - 14. The system of claim 7, wherein said interception management center is combined with a RADIUS server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Reith, Lothar

Granted Patent

US 7,447,909 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/1408   by monitoring network traff...

H04L 63/30   for supporting lawful inter...

Method and system for lawful interception of packet switched network services

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for lawful interception of packet switched network services

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links