Verifying a lawful interception system

US 7,975,046 B2
Filed: 04/03/2008
Issued: 07/05/2011
Est. Priority Date: 04/03/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for verifying a lawful interception system, comprising:

generating, at a computer, data traffic by performing multiple ping requests on an Internet Protocol address and receiving a corresponding echo reply in response to performing each of the multiple ping requests;

recording, at the computer, the data traffic as the computer generates the data traffic;

upon recording the data traffic at the computer, saving, at the computer, the data traffic as a first packet capture and flat file export file, the first packet capture and flat file export file comprising a first source Internet Protocol address of a source computer from which each data frame in the data traffic originates, a first destination Internet protocol address of a destination computer to which the each data frame is transmitted, first protocol information regarding the each data frame, and a first timestamp identifying when the each data frame was recorded;

generating, at the computer, a first export summary file comprising first packet summary lines from the first packet capture and flat file export file;

transmitting, from the computer to a verification system, the first export summary file;

transmitting a copy of the data traffic from the computer to a remote network via a broadband remote access server;

upon transmitting the copy of the data traffic from the computer to the remote network via the broadband access server, intercepting, via a probe, the copy of the data traffic as the copy of the data traffic egresses from a mediation system to a law enforcement agency system;

upon intercepting the copy of the data traffic as the data traffic egresses from the mediation system to the law enforcement agency system, saving, at the law enforcement agency system, the copy of the data traffic as a second packet capture and flat file export file, the second packet capture and flat file export file comprising a second source Internet Protocol address of the source computer from which the each data frame in the data traffic originates, a second destination Internet protocol address of the destination computer to which the each data frame is transmitted, second protocol information regarding the each data frame, and a second timestamp identifying when the each data frame was recorded;

generating, at the law enforcement agency system, a second export summary file comprising second packet summary lines from the second packet capture and flat file export file;

transmitting, from the LEA system to the verification system, the second export summary file; and

comparing, at the verification system, the first export summary file with the second export summary file to verify an accuracy of the mediation system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media provide for verifying a lawful interception system. A first file and a second file are received. The first file is formed by recording data traffic at a computer as the data traffic generated at the computer is transmitted from the computer to a remote network via a broadband remote access server (BRAS), saving the recorded data traffic as a first packet capture and flat file export (PCAP) file, and exporting packet summary lines from the first PCAP file. The second file is formed by intercepting the data traffic as the data traffic egresses from a mediation system to a law enforcement agency (LEA) system, saving the intercepted data traffic as a second PCAP file, and exporting packet summary lines from the second PCAP file. The first file is compared with the second file to verify an accuracy of the mediation system.

Citations

12 Claims

1. A method for verifying a lawful interception system, comprising:
- generating, at a computer, data traffic by performing multiple ping requests on an Internet Protocol address and receiving a corresponding echo reply in response to performing each of the multiple ping requests;
  
  recording, at the computer, the data traffic as the computer generates the data traffic;
  
  upon recording the data traffic at the computer, saving, at the computer, the data traffic as a first packet capture and flat file export file, the first packet capture and flat file export file comprising a first source Internet Protocol address of a source computer from which each data frame in the data traffic originates, a first destination Internet protocol address of a destination computer to which the each data frame is transmitted, first protocol information regarding the each data frame, and a first timestamp identifying when the each data frame was recorded;
  
  generating, at the computer, a first export summary file comprising first packet summary lines from the first packet capture and flat file export file;
  
  transmitting, from the computer to a verification system, the first export summary file;
  
  transmitting a copy of the data traffic from the computer to a remote network via a broadband remote access server;
  
  upon transmitting the copy of the data traffic from the computer to the remote network via the broadband access server, intercepting, via a probe, the copy of the data traffic as the copy of the data traffic egresses from a mediation system to a law enforcement agency system;
  
  upon intercepting the copy of the data traffic as the data traffic egresses from the mediation system to the law enforcement agency system, saving, at the law enforcement agency system, the copy of the data traffic as a second packet capture and flat file export file, the second packet capture and flat file export file comprising a second source Internet Protocol address of the source computer from which the each data frame in the data traffic originates, a second destination Internet protocol address of the destination computer to which the each data frame is transmitted, second protocol information regarding the each data frame, and a second timestamp identifying when the each data frame was recorded;
  
  generating, at the law enforcement agency system, a second export summary file comprising second packet summary lines from the second packet capture and flat file export file;
  
  transmitting, from the LEA system to the verification system, the second export summary file; and
  
  comparing, at the verification system, the first export summary file with the second export summary file to verify an accuracy of the mediation system.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein comparing, at the verification system, the first export summary file with the second export summary file to verify an accuracy of the mediation system comprises:
    - importing, at the verification system, the first export summary file and the second export summary file into a spreadsheet application; and
      
      determining, at the verification system, whether data frames in the data traffic recorded by the computer are equivalent to data frames in the data traffic captured by the mediation system by comparing the first export summary file and the second export summary file via the spreadsheet application.
  - 3. The method of claim 1, wherein comparing, at the verification system, the first export summary file with the second export summary file to verify an accuracy of the mediation system comprises:
    - importing, at the verification system, the first export summary file and the second export summary file into a spreadsheet application; and
      
      determining, at the verification system, a difference between a time at which each data frame in the data traffic is recorded by the computer and a time at which each data frame in the data traffic is captured by the mediation system via the spreadsheet application.
  - 4. The method of claim 1, wherein the data traffic is further generated at the computer by generating a domain name server lookup to a uniform resource locator.

5. A system for verifying a lawful interception system, comprising:
- a computer having a processor and a memory, the computer configured to;
  
  generate data traffic by performing multiple ping requests on an Internet Protocol address and receiving a corresponding echo reply in response to performing each of the multiple ping requests,recording the data traffic as the computer generates the data traffic,upon recording the data traffic at the computer, saving the data traffic as a first packet capture and flat file export file, the first packet capture and flat file export file comprising a first source Internet Protocol address of the source computer from which the each data frame in the data traffic originates, a first destination Internet protocol address of the destination computer to which the each data frame is transmitted, first protocol information regarding the each data frame, and a first timestamp identifying when the each data frame was recorded,generate a first export summary file comprising first packet summary lines from the first packet capture and flat file export file,transmit, to a verification system, the first export summary file, andtransmitting a copy of the data traffic to a remote network via a broadband remote access server;
  
  a probe configured to intercept the copy of the data traffic as the copy of the data traffic egresses from a mediation system to a law enforcement agency system;
  
  the law enforcement agency system configured to;
  
  receive the copy of the data traffic intercepted by the probe;
  
  save the copy of the data traffic as a second packet capture and flat file export file, the second packet capture and flat file export file comprising a second source Internet Protocol address of a source computer from which each data frame in the data traffic originates, a second destination Internet protocol address of a destination computer to which the each data frame is transmitted, second protocol information regarding the each data frame, and a second timestamp identifying when the each data frame was recorded,generate a second export summary file comprising second packet summary lines from the second packet capture and flat file export file, andtransmit, to the verification system, the second export summary file; and
  
  the verification system configured to compare the first export summary file with the second export summary file to verify an accuracy of the mediation system.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein to compare the first export summary file with the second export summary file to verify an accuracy of the mediation system, the verification system is further configured to:
    - import the first export summary file and the second export summary file into a spreadsheet application, anddetermine whether data frames in the data traffic recorded by the computer are equivalent to data frames in the data traffic captured by the mediation system by comparing the first export summary file and the second export summary file via the spreadsheet application.
  - 7. The system of claim 5, wherein to compare the first export summary file with the second export summary file to verify an accuracy of the mediation system, the verification system is further configured to:
    - import the first export summary file and the second export summary file into a spreadsheet application, anddetermine a difference between a time at which each data frame in the data traffic is recorded by the computer and a time at which each data frame in the data traffic is captured by the mediation system via the spreadsheet application.
  - 8. The system of claim 5, wherein the data traffic is further generated at the computer by generating a domain name server lookup to a uniform resource locator.

9. A non-transitory computer-readable medium having instructions stored thereon for execution by a processor to provide a method for verifying a lawful interception system, the method comprising:
- generating, at a computer, data traffic by performing multiple ping requests on an Internet Protocol address and receiving a corresponding echo reply in response to performing each of the multiple ping requests;
  
  recording, at the computer, the data traffic as the computer generates the data traffic;
  
  upon recording the data traffic at the computer, saving, at the computer, the data traffic as a first packet capture and flat file export file, the first packet capture and flat file export file comprising a first source Internet Protocol address of the source computer from which the each data frame in the data traffic originates, a first destination Internet protocol address of the destination computer to which the each data frame is transmitted, first protocol information regarding the each data frame, and a first timestamp identifying when the each data frame was recorded;
  
  generating, at the computer, a first export summary file comprising first packet summary lines from the first packet capture and flat file export file;
  
  transmitting, from the computer to a verification system, the first export summary file;
  
  transmitting a copy of the data traffic from the computer to a remote network via a broadband remote access server;
  
  upon transmitting the copy of the data traffic from the computer to the remote network via the broadband access server, intercepting, via a probe, the copy of the data traffic as the copy of the data traffic egresses from a mediation system to a law enforcement agency system;
  
  upon intercepting the copy of the data traffic as the data traffic egresses from the mediation system to the law enforcement agency system, saving, at the law enforcement agency system, the copy of the data traffic as a second packet capture and flat file export file, the second packet capture and flat file export file comprising a second source Internet Protocol address of a source computer from which each data frame in the data traffic originates, a second destination Internet protocol address of a destination computer to which the each data frame is transmitted, second protocol information regarding the each data frame, and a second timestamp identifying when the each data frame was recorded;
  
  generating, at the law enforcement agency system, a second export summary file comprising second packet summary lines from the second packet capture and flat file export file;
  
  transmitting, from the LEA system to the verification system, the second export summary file; and
  
  comparing, at the verification system, the first export summary file with the second export summary file to verify an accuracy of the mediation system.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory computer-readable of claim 9, wherein comparing, at the verification system, the first export summary file with the second export summary file to verify an accuracy of the mediation system comprises:
    - importing, at the verification system, the first export summary file and the second export summary file into a spreadsheet application; and
      
      determining, at the verification system, whether data frames in the data traffic recorded by the computer are equivalent to data frames in the data traffic captured by the mediation system by comparing the first export summary file and the second export summary file via the spreadsheet application.
  - 11. The non-transitory computer-readable of claim 9, wherein comparing, at the verification system, the first export summary file with the second export summary file to verify an accuracy of the mediation system comprises:
    - importing, at the verification system, the first export summary file and the second export summary file into a spreadsheet application; and
      
      determining, at the verification system, a difference between a time at which each data frame in the data traffic is recorded by the computer and a time at which each data frame in the data traffic is captured by the mediation system via the spreadsheet application.
  - 12. The non-transitory computer-readable of claim 9, wherein the data traffic is further generated at the computer by generating a domain name server lookup to a uniform resource locator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
At&T Delaware Intellectual Property, Inc. (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Sheppard, Scott
Primary Examiner(s)
Avellino, Joseph E
Assistant Examiner(s)
Afolabi, Mark O

Application Number

US12/062,206
Publication Number

US 20090254651A1
Time in Patent Office

1,188 Days
Field of Search

709/220, 709/201, 709/219, 709/217, 709/218, 709/249, 709/238, 709/232, 709224-226, 715/733, 715/736, 715/737, 715/747, 37039224-259, 455/415, 726/1
US Class Current

709/224
CPC Class Codes

H04L 63/30 for supporting lawful inter...

Verifying a lawful interception system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Verifying a lawful interception system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links