Lawful intercept trigger support within service provider networks

US 7,657,011 B1
Filed: 05/01/2006
Issued: 02/02/2010
Est. Priority Date: 03/16/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving an intercept request for a subscriber with an administration device;

configuring two or more trigger rules for the subscriber on a network device via a command line interface (CLI) of the network device based on the intercept request, wherein each of the trigger rules comprises a precedence level; and

intercepting packets associated with one or more subscriber sessions on the network device when the one or more subscriber sessions match one or more of the trigger rules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is directed to techniques for initiating lawful intercept of packets associated with subscriber sessions on a network device of a service provider network based on identification triggers. A law enforcement agency may send an intercept request for a subscriber to an administration device of the service provider network. The administration device may then configure one or more identification triggers for the subscriber based on the intercept request. The techniques described herein initiate lawful intercept when one or more subscriber sessions on a network device match the one or more identification triggers. The techniques described herein include configuring trigger rules that include identification triggers for subscribers on a network device via a command line interface (CLI) of the network device. In addition, the techniques described herein include configuring identification triggers in a subscriber profile on an authentication device connected to a network device.

Citations

56 Claims

1. A method comprising:
- receiving an intercept request for a subscriber with an administration device;
  
  configuring two or more trigger rules for the subscriber on a network device via a command line interface (CLI) of the network device based on the intercept request, wherein each of the trigger rules comprises a precedence level; and
  
  intercepting packets associated with one or more subscriber sessions on the network device when the one or more subscriber sessions match one or more of the trigger rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein receiving an intercept request comprises receiving an intercept request for a subscriber with an administration device from a law enforcement agency.
  - 3. The method of claim 1, further comprising:
    - persistently storing the trigger rules in trigger information included on the network device; and
      
      explicitly removing the trigger rules from the trigger information via the CLI of the network device.
  - 4. The method of claim 1, wherein each of the trigger rules includes one of an account session ID, a calling station ID, a client Internet Protocol (IP) address and virtual router, a user name and virtual router, or a network access server (NAS) port ID for the subscriber via the CLI of the network device.
  - 5. The method of claim 1, wherein configuring the two or more trigger rules comprises configuring two or more identification triggers for the subscriber and specifying two or more mirroring policies to be applied to the subscriber.
  - 6. The method of claim 1, further comprising configuring a mirroring policy for the subscriber on the network device for each of the two or more trigger rules via the CLI of the network device based on the intercept request.
  - 7. The method of claim 6, further comprising storing the mirroring policy in policy information included on the network device.
  - 8. The method of claim 6, wherein configuring the mirroring policy comprises configuring at least one of a Layer 2 Transmission Protocol (L2TP) mirroring policy and an Internet Protocol (IP) mirroring policy for the subscriber.
  - 9. The method of claim 1, further comprising generating a first CLI command on the network device that configures a mirroring policy for the subscriber, wherein configuring one of the two or more trigger rules comprises generating a second CLI command on the network device that configures an identification trigger for the subscriber and specifies the mirroring policy created by the first CLI command.
  - 10. The method of claim 9, further comprising explicitly removing the one of the two or more trigger rules for the subscriber from the network device by generating a third CLI command on the network device that is a “
    - no”
      
      version of the second CLI command.
  - 11. The method of claim 1, further comprising comparing currently active subscriber sessions on the network device with the two or more trigger rules.
  - 12. The method of claim 1, further comprising comparing subsequent subscriber logins to the network device with the two or more trigger rules.
  - 13. The method of claim 1, wherein intercepting packets comprises:
    - applying two or more mirroring policies specified by the two or more trigger rules to the one or more subscriber sessions; and
      
      mirroring packets associated with the one or more subscriber sessions in accordance with the mirroring policies.
  - 14. The method of claim 13, further comprising:
    - sending mirrored packets from the network device to an analyzer device specified in the mirroring policies;
      
      performing analysis of the mirrored packets with the analyzer device; and
      
      providing packet analysis information to a law enforcement agency from the analyzer device.
  - 15. The method of claim 13, further comprising forwarding the packets associated with the one or more subscriber sessions in accordance with routing information included in the network device.
  - 16. The method of claim 1, wherein configuring the two or more trigger rules comprises configuring two or more identification triggers with different precedence levels for the subscriber and specifying a mirroring policy to be applied to the subscriber for each of the two or more identification triggers.
  - 17. The method of claim 1, further comprising:
    - comparing subscriber sessions on the network device with the two or more trigger rules; and
      
      selecting one of the two or more trigger rules with the highest precedence level when the one or more subscriber sessions match more than one of the trigger rules,wherein intercepting packets comprises applying a mirroring policy specified by the selected one of the trigger rules to the one or more subscriber sessions, and mirroring packets associated with the one or more subscriber sessions in accordance with the mirroring policy.
  - 18. The method of claim 1, further comprising:
    - receiving intercept requests for a plurality of subscribers with the administration device; and
      
      configuring trigger rules for the plurality of subscribers on the network device via the CLI of the network device.
  - 19. The method of claim 18, wherein configuring the trigger rules for the plurality of subscribers comprises configuring up to 100 trigger rules.

20. A system comprising:
- an administration device that receives an intercept request for a subscriber; and
  
  a network device that includes a command line interface (CLI) through which the administration device configures two or more trigger rules for the subscriber on the network device based on the intercept request, wherein each of the two or more trigger rules comprises a precedence level, and an intercept module that intercepts packets associated with one or more subscriber sessions on the network device when the one or more subscriber sessions match one or more of the trigger rules.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 21. The system of claim 20, further comprising a law enforcement agency that sends the intercept request to the administration device.
  - 22. The system of claim 20,wherein the network device includes trigger information that persistently stores the trigger rules, andwherein the administration device explicitly removes the trigger rules from the trigger information via the CLI of the network device.
  - 23. The system of claim 20, wherein the trigger rules each include one of an account session ID, a calling station ID, a client Internet Protocol (IP) address and virtual router, a user name and virtual router, or a network access server (NAS) port ID for the subscriber via the CLI of the network device.
  - 24. The system of claim 20, wherein the administration device configures an identification trigger for the subscriber and specifies a mirroring policy to be applied to the subscriber.
  - 25. The system of claim 20, wherein the administration device configures a mirroring policy for the subscriber on the network device via the CLI of the network device based on the intercept request.
  - 26. The system of claim 25, wherein the network device includes policy information that stores the mirroring policy.
  - 27. The system of claim 25, wherein the administration device configures at least one of a Layer 2 Transmission Protocol (L2TP) mirroring policy and an Internet Protocol (IP) mirroring policy for the subscriber.
  - 28. The system of claim 20, wherein the administration device:
    - generates a first CLI command on the network device that configures a mirroring policy for the subscriber; and
      
      generates a second CLI command on the network device that configures an identification trigger for the subscriber and specifies the mirroring policy created by the first CLI command.
  - 29. The system of claim 28, wherein the administration device explicitly removes one of the trigger rules for the subscriber from the network device by generating a third CLI, command on the network device that is a “
    - no”
      
      version of the second CLI command.
  - 30. The system of claim 20, wherein the network device includes a comparison module that compares currently active subscriber sessions on the network device with the two or more trigger rules.
  - 31. The system of claim 20, wherein the network device comprises a comparison module that compares subsequent subscriber logins to the network device with the two or more trigger rules.
  - 32. The system of claim 20, wherein the intercept module of the network device:
    - applies two or more mirroring policies specified by two or more trigger rules to the one or more subscriber sessions; and
      
      mirrors packets associated with the one or more subscriber sessions in accordance with the mirroring policies.
  - 33. The system of claim 32, further comprising an analyzer device specified in the mirroring policies that receives mirrored packets from the network device, performs, analysis of the mirrored packets, and provides packet analysis information to a law enforcement agency.
  - 34. The system of claim 32, wherein the network device forwards the packets associated with the one or more subscriber sessions in accordance with routing information included in the network device.
  - 35. The system of claim 20, wherein the administration device configures two or more identification triggers with different precedence levels for the subscriber and specifies a mirroring policy to be applied to the subscriber for each of the two or more identification triggers.
  - 36. The system of claim 20,wherein the network device includes a comparison module that compares subscriber sessions on the network device with the two or more trigger rules, and selects one of the two or more trigger rules with the highest precedence level when the one or more subscriber sessions match more than one of the trigger rules, andwherein the intercept module of the network device applies a mirroring policy specified by the selected one of the trigger rules to the one or more subscriber sessions, and mirrors packets associated with the one or more subscriber sessions in accordance with the mirroring policy.
  - 37. The system of claim 20, wherein the administration device receives intercept requests for a plurality of subscribers, and configures trigger rules for the plurality of subscribers on the network device via the CLI of the network device.
  - 38. The system of claim 37, wherein the administration device configures up to 100 trigger rules for the plurality of subscribers on the network device.

39. A method comprising:
- receiving an intercept request for a subscriber with an administration device;
  
  configuring two or more identification triggers for the subscriber within a subscriber profile on an authentication device, wherein each of the two or more identification triggers has a precedence level;
  
  sending an intercept message for the subscriber that includes the two or more identification triggers to a network device connected to the authentication device;
  
  selecting one of the two or more identification triggers with the highest precedence level with the network device; and
  
  intercepting packets associated with one or more subscriber sessions on the network device when the one or more subscriber sessions match the selected one of the identification triggers.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47)
- - 40. The method of claim 39, wherein receiving an intercept request comprises receiving an intercept request for a subscriber with an administration device from a law enforcement agency.
  - 41. The method of claim 39, wherein configuring two or more identification triggers comprises configuring two or more identification triggers for the subscriber from a group consisting of an account session ID, a calling station ID, a client Internet Protocol (IP) address and virtual router, a user name and virtual router, and a network access server (NAS) port ID.
  - 42. The method of claim 39, further comprising:
    - receiving a subscriber login from the network device; and
      
      authenticating the subscriber login, wherein sending the intercept message comprises sending an authentication response for the subscriber that includes the intercept message to the network device.
  - 43. The method of claim 39, wherein sending the intercept message comprises sending the intercept message for the subscriber to the network device during the one or more subscriber sessions one the network device.
  - 44. The method of claim 39, further comprising assigning a mirroring policy to each of the two or more identification triggers with the network device.
  - 45. The method of claim 44, wherein intercepting packets with the network device comprises:
    - applying the mirroring policy specified by the selected one of the identification triggers to the one or more subscriber sessions on the network device; and
      
      mirroring packets associated with the one or more subscriber sessions in accordance with the mirroring policy.
  - 46. The method of claim 45, further comprising:
    - sending mirrored packets from the network device to an analyzer device specified in the mirroring policy;
      
      performing analysis of the mirrored packets with the analyzer device; and
      
      providing packet analysis information to a law enforcement agency from the analyzer device.
  - 47. The method of claim 45, further comprising forwarding the packets associated with the one or more subscriber sessions in accordance with routing information included in the network device.

48. A system comprising:
- an administration device that receives an intercept request for a subscriber;
  
  an authentication device that includes a subscriber profile within which the administration device configures two or more identification triggers for the subscriber, wherein each of the two or more identification triggers has a precedence level, and a network device module that sends an intercept message for the subscriber that includes the two or more identification triggers to a network device connected to the authentication device; and
  
  a network device that selects one of the two or more identification triggers with the highest precedence level, and intercepts packets associated with one or more subscriber sessions on the network device when the one or more subscriber sessions match the selected one of the identification triggers.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56)
- - 49. The system of claim 48, further comprising a law enforcement agency that sends the intercept request to the administration device.
  - 50. The system of claim 48, wherein the administration device configures two or more identification triggers for the subscriber from a group consisting of an account session ID, a calling station ID, a client Internet Protocol (IP) address and virtual router, a user name and virtual router, and a network access server (NAS) port ID.
  - 51. The system of claim 48, wherein the authentication device receives a subscriber login from the network device and authenticates the subscriber login, and wherein the network device module included in the authentication device sends an authentication response for the subscriber that includes the intercept message to the network device.
  - 52. The system of claim 48, wherein the network device module included in the authentication device sends the intercept message for the subscriber to the network device during the one or more subscriber sessions on the network device.
  - 53. The system of claim 48, wherein the network device assigns a mirroring policy to each of the two or more identification triggers.
  - 54. The system of claim 53, wherein the network device comprises an intercept module that applies the mirroring policy specified by the selected one of the identification triggers to the one or more subscriber sessions on the network device, and mirrors packets associated with the one or more subscriber sessions in accordance with the mirroring policy.
  - 55. The system of claim 54, further comprising an analyzer device specified in the mirroring policy that receives mirrored packets from the network device, performs analysis of the mirrored packets, and provides packet analysis information to a law enforcement agency.
  - 56. The system of claim 54, wherein the network device forwards the packets associated with the one or more subscriber sessions in accordance with routing information included in the network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Juniper Networks Incorporated
Inventors
Zielinski, Margaret, Raison, Paul
Primary Examiner(s)
Woo; Stella L

Application Number

US11/414,974
Time in Patent Office

1,373 Days
Field of Search

379/93.02, 379/90.01, 379/35, 370/352
US Class Current

379/93.02
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

G06Q 50/18   Legal services

H04L 41/0894   Policy-based network config...

H04L 41/40   using virtualisation of net...

H04L 43/028   by filtering

H04L 43/18   Protocol analysers

H04L 43/20   the monitoring system or th...

H04L 63/00   Network architectures or ne...

H04L 63/30   for supporting lawful inter...

H04L 63/306   intercepting packet switche...

H04M 3/2281   Call monitoring, e.g. for l...

H04M 7/006   Networks other than PSTN/IS...

Lawful intercept trigger support within service provider networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

Lawful intercept trigger support within service provider networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links