Method and system for lawful interception of packet switched network services
First Claim
Patent Images
1. A method for lawful interception of packet switched network services, comprising the steps of:
- when a user accesses the network and is identified by a target-ID at a primary interception point of the network, sending the target-ID to an interception management center,checking at the interception management center whether the user is a lawful interception target and sending an encrypted interception instruction set to a secondary interception point,decrypting said interception instruction set at the secondary interception point and performing an interception process in accordance with the interception instruction set, said interception process including the transmission of encrypted interception and dummy data to a mediation device, wherein said dummy data are added for obscuring true interception traffic between the secondary interception point and the mediation device, and wherein an amount of the dummy data is determined based on actual traffic load,wherein the interception instruction set includes a conditional interception instruction, instructing a PSSP (Packet Switching Service Point) to send intercept related information or to monitor the traffic associated with the target-ID and start the interception of the complete traffic or a portion of the traffic only when a certain trigger condition occurs, said trigger condition being one of;
usage of certain network or content resources or usage of a certain catchword, virus signature or bit-pattern specified in the interception instruction set.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for lawful interception of packet switched network services, comprising the steps of:
- when a user accesses the network and is identified by a target-ID at a primary interception point of the network, sending the target-ID to an interception management center,
- checking at the interception management center whether the user is a lawful interception target and sending an encrypted interception instruction set to a secondary interception point,
- decrypting said interception instruction set at the secondary interception point and performing an interception process in accordance with the interception instruction set, said interception process including the transmission of encrypted interception and dummy data to a mediation device, wherein said dummy data are added for obscuring true interception traffic between the secondary interception point and the mediation device.
-
Citations
15 Claims
-
1. A method for lawful interception of packet switched network services, comprising the steps of:
-
when a user accesses the network and is identified by a target-ID at a primary interception point of the network, sending the target-ID to an interception management center, checking at the interception management center whether the user is a lawful interception target and sending an encrypted interception instruction set to a secondary interception point, decrypting said interception instruction set at the secondary interception point and performing an interception process in accordance with the interception instruction set, said interception process including the transmission of encrypted interception and dummy data to a mediation device, wherein said dummy data are added for obscuring true interception traffic between the secondary interception point and the mediation device, and wherein an amount of the dummy data is determined based on actual traffic load, wherein the interception instruction set includes a conditional interception instruction, instructing a PSSP (Packet Switching Service Point) to send intercept related information or to monitor the traffic associated with the target-ID and start the interception of the complete traffic or a portion of the traffic only when a certain trigger condition occurs, said trigger condition being one of;
usage of certain network or content resources or usage of a certain catchword, virus signature or bit-pattern specified in the interception instruction set. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for lawful interception of packet-switched network services in a network, comprising:
-
at least one interception point formed by a node in the network, an interception management center, and a mediation device serving as an interface between the network and a law enforcement agency for which interception services are provisioned, wherein said at least one interception point is adapted to send a target-ID of a user accessing the network to said interception management center, the interception management center is adapted to send to the at least one interception point an encrypted interception instruction set to be decrypted at the interception point and enabling the interception point to perform an interception process in the course of which intercepted data are encrypted and sent to said mediation device, and the at least one interception point is further adapted to generate dummy data and to encrypt and send either the intercepted data or the dummy data or a combination of these, such that the occurrence of intercepted data is obscured, wherein said interception management center contains means for communicating with said node according to a RADIUS protocol, and means for acting as a RADIUS proxy server. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for lawful interception of packet-switched network services in a network, comprising:
-
at least one interception point formed by a node in the network, an interception management center, and a mediation device serving as an interface between the network and a law enforcement agency for which interception services are provisioned, wherein said at least one interception point is adapted to send a target-ID of a user accessing the network to said interception management center, the interception management center is adapted to send to the at least one interception point an encrypted interception instruction set to be decrypted at the interception point and enabling the interception point to perform an interception process in the course of which intercepted data are encrypted and sent to said mediation device, and the at least one interception point is further adapted to generate dummy data and to encrypt and send either the intercepted data or the dummy data or a combination of these, such that the occurrence of intercepted data is obscured, wherein said interception management center is combined with a RADIUS server.
-
-
12. A node to perform lawful interception of data in a network, comprising:
an intercept function comprising hardware and software to; send an interception instruction request including a target-ID to a mediation point; receive an encrypted lawful interception instruction set responsive to the interception instruction request from the mediation point, the encrypted lawful interception instruction set specifying instructions regarding interception of data; and according to the instructions of the encrypted lawful intercept instruction set, intercept data communicated in the network, wherein the encrypted lawful interception instruction set is received from an interception management center of the mediation point, and wherein the intercept function is configured to send the intercepted data to a mediation device in the mediation point, the mediation device serving as an interface between the network and a law enforcement agency. - View Dependent Claims (13, 14, 15)
Specification