LEGAL INTERCEPT OF COMMUNICATION TRAFFIC PARTICULARLY USEFUL IN A MOBILE ENVIRONMENT
First Claim
1. A method for facilitating a lawful intercept of IP traffic for a target user, said method comprising:
- requesting a first authentication, authorization, and accounting system (AAA system) associated with a first sub-net to provide a network connection descriptor for a target user;
receiving the network connection descriptor for the target user from the first AAA system, said network connection descriptor comprising a network address identifier for a first device associated with the target user which is connected to the first sub-net, or comprising an indication that no device associated with the target user is connected to the first sub-net; and
conveying an intercept descriptor to a mediation module in response to any change in target user connection status, said intercept descriptor comprising a target address corresponding to the network address identifier, and further comprising a mediation command to indicate how the intercept descriptor should be processed to carry out the intercept of IP traffic for the first target device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, structures, and systems are disclosed for implementing legal intercept of data which provide real-time correlation of broadband user information to network addresses (or other identifiers) across multiple and different authentication systems and user databases. In certain embodiments, an intercept coordinator module interacts with each authentication system to determine real-time a target address for a target user device, which it then uses to update mediation devices, external databases, etc., involved in performing a lawful intercept under the CALEA process. Probes are not required within the network to perform authentication system captures. A modular interface system provides support for existing CALEA equipment, and support for implementing additional interface modules for new or updated CALEA equipment. Exemplary intercept coordinator modules may communicate with multiple AAA systems, in multiple different sub-nets or networks, including geographically distant networks, and provides for pooling of common CALEA equipment resources for use in multiple networks simultaneously.
59 Citations
31 Claims
-
1. A method for facilitating a lawful intercept of IP traffic for a target user, said method comprising:
-
requesting a first authentication, authorization, and accounting system (AAA system) associated with a first sub-net to provide a network connection descriptor for a target user; receiving the network connection descriptor for the target user from the first AAA system, said network connection descriptor comprising a network address identifier for a first device associated with the target user which is connected to the first sub-net, or comprising an indication that no device associated with the target user is connected to the first sub-net; and conveying an intercept descriptor to a mediation module in response to any change in target user connection status, said intercept descriptor comprising a target address corresponding to the network address identifier, and further comprising a mediation command to indicate how the intercept descriptor should be processed to carry out the intercept of IP traffic for the first target device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer readable medium encoding instructions executable on a processor, said instructions arranged to:
-
request a first authentication, authorization, and accounting system (AAA system) associated with a first sub-net to provide a network connection descriptor for a target user; receive the network connection descriptor for the target user from the first AAA system, said network connection descriptor comprising a network address identifier for a first device associated with the target user which is connected to the first sub-net, or comprising an indication that no device associated with the target user is connected to the first sub-net; and convey an intercept descriptor to a mediation module in response to any change in target user connection status, said intercept descriptor comprising a target address corresponding to the network address identifier, and further comprising a mediation command to indicate how the intercept descriptor should be processed to carry out the intercept of IP traffic for the first target device. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. An intercept coordinator module comprising:
-
a first interface for communicating with a first authentication, authorization, and accounting system (AAA system) associated with a first sub-net, for requesting and receiving from the first AAA system a network connection descriptor for any device associated with a target user and connected to the first subnet; and a second interface for communicating with a mediation module, for conveying to the mediation module an intercept descriptor for any target user device if a received network connection descriptor represents a change in connection status of the target user; wherein each network connection descriptor comprises a network address identifier for a device associated with the target user which is connected to the first sub-net, or comprising an indication that no device associated with the target user is connected to the first sub-net; and wherein said intercept descriptor comprises a target address corresponding to the network address identifier and a mediation command to indicate how the intercept descriptor should be processed to carry out the intercept of IP traffic for the first target device. - View Dependent Claims (27, 28)
-
-
29. A method for facilitating a lawful intercept of IP traffic for a target user, said method comprising:
-
for each of one or more sub-nets to which a target user is authorized to connect, querying an authentication, authorization, and accounting system (AAA system) associated with the sub-net to provide a respective network connection descriptor for any target user device that is connected to the sub-net; in response to any received network connection descriptor that represents a change in target user connection status for any of the connected target user devices, forming a respective intercept descriptor corresponding to the network connection descriptor; and conveying the respective intercept descriptor to a mediation module to carry out the intercept.
-
-
30. A system comprising:
-
a mediation module; an intercept coordinator module logically coupled to the mediation module, said intercept coordinator module for querying an authentication, authorization, and accounting system (AAA system) associated with a sub-net to provide a respective network connection descriptor for any device associated with a target user and connected to the sub-net, and in response to any change in connection status for any connected target user device, for conveying a respective intercept descriptor corresponding to the network connection descriptor to the mediation module to carry out the intercept. - View Dependent Claims (31)
-
Specification