Method and telecommunications system for monitoring a data flow in a data network

US 7,979,529 B2
Filed: 03/07/2002
Issued: 07/12/2011
Est. Priority Date: 03/21/2001
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring a data stream in a data network between a first telecommunications terminal connected to the data network via at least one gateway, and a second telecommunications terminal, at least one authentication server being provided which is set up to perform access control to the data network, comprising:

determining whether the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network by checking a non-hidden administration database including data indicating whether each of the first and second telecommunications terminals is authorized to access the data network;

in response to determining that the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network, checking a hidden database for a monitoring designation assigned to the first or the second telecommunications terminal to determine whether the data stream between the first telecommunications terminal and the second telecommunications terminal is to be monitored;

wherein the non-hidden administration database indicating whether each telecommunications terminal is authorized to access the data network and the hidden database indicating a monitoring designation for each telecommunications terminal are connected to each other for exchanging data with each other;

if it is determined that the data stream is to be monitored, routing the data stream between the first and second telecommunications terminals via a monitoring server for copying the data stream;

if it is determined that the data stream is not to be monitored, routing the data stream between the first and second telecommunications terminals without routing the data stream via said monitoring server;

wherein during monitoring by the monitoring server, a copy of the data stream is created to which an identifying designation is added, wherein the identifying designation includes an IP address or an encrypted designation of the data stream as well as information relating to onward data transmission, and the copy together with the associated identifying designation is transmitted to at least one LI server and/or directly to an analyzer unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method and telecommunications system (SYS) for monitoring a data flow (DAT) in a data network (WWW) between at least two telecommunications terminals (TEA, TEB), which are connected to the data network via at least one access server (AAA, AAB). When monitoring, the data flow (DAT) between the telecommunications terminals (TEA, TEB) is rerouted from the access server (AAA, AAB) via a monitoring server (PRO), which makes a copy (KOP) of the data flow (DAT) and transmits it to an evaluation unit (ASW).

39 Citations

View as Search Results

30 Claims

1. A method for monitoring a data stream in a data network between a first telecommunications terminal connected to the data network via at least one gateway, and a second telecommunications terminal, at least one authentication server being provided which is set up to perform access control to the data network, comprising:
- determining whether the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network by checking a non-hidden administration database including data indicating whether each of the first and second telecommunications terminals is authorized to access the data network;
  
  in response to determining that the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network, checking a hidden database for a monitoring designation assigned to the first or the second telecommunications terminal to determine whether the data stream between the first telecommunications terminal and the second telecommunications terminal is to be monitored;
  
  wherein the non-hidden administration database indicating whether each telecommunications terminal is authorized to access the data network and the hidden database indicating a monitoring designation for each telecommunications terminal are connected to each other for exchanging data with each other;
  
  if it is determined that the data stream is to be monitored, routing the data stream between the first and second telecommunications terminals via a monitoring server for copying the data stream;
  
  if it is determined that the data stream is not to be monitored, routing the data stream between the first and second telecommunications terminals without routing the data stream via said monitoring server;
  
  wherein during monitoring by the monitoring server, a copy of the data stream is created to which an identifying designation is added, wherein the identifying designation includes an IP address or an encrypted designation of the data stream as well as information relating to onward data transmission, and the copy together with the associated identifying designation is transmitted to at least one LI server and/or directly to an analyzer unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method according to claim 1, wherein the LI server establishes on the basis of the identifying designation whether at least one secondary copy of the copy is to be created, and to whom the copy and/or the secondary copy, of which there is at least one, is/are to be delivered.
  - 3. The method according to claim 2, wherein the LI server creates the secondary copy, of which there is at least one, of the copy.
  - 4. The method according to claim 1, the LI server performs interface adaptation to the analyzer unit.
  - 5. The method according to claim 1, wherein in the event of deletion of user authentication data in an administration database, assigned monitoring designations are deleted in the hidden database.
  - 6. The method according to claim 5, wherein a call controller diverts the data stream via the monitoring server which creates the copy.
  - 7. The method according to claim 6, wherein the at least one authentication server controls the monitoring server.
  - 8. The method according to claim 1, wherein the data stream is transmitted as a Voice over IP data stream.
  - 9. The method according to claim 8, wherein the controller controls both the gateway and the monitoring server.
  - 10. The method according to claim 1, wherein, if monitoring is to take place, the authentication server diverts the data stream via the monitoring server.
  - 11. The method according to claim 1, wherein the data access is tunneled from the gateway through to the monitoring server.
  - 12. The method according to claim 1, wherein the copy of the data stream is buffered on the monitoring server.
  - 13. The method according to claim 1, wherein the copy of the data stream is buffered on the LI server.
  - 14. The method according to claim 1, wherein the identifying designation is a header comprising the IP address of the telecommunication terminal and the IP address of the other telecommunication terminal and information relating to onward data transmission.
  - 15. The method according to claim 1, wherein the information relating to onward data transmission comprises at least one information selected from the group consisting of information about the type of communication, information about the length of the header, information about an operator ID, and information about a call identification number and an authorized agency identifier.
  - 16. The method according to claim 1, wherein the information relating to onward data transmission comprises information about the type of communication, information about the length of the header, information about an operator ID, and information about a call identification number an authorized agency identifier.

17. A telecommunications system which is set up for monitoring a data stream in a data network between a first telecommunications terminal connected to the data network via at least one gateway, and a second telecommunications terminal, at least one authentication server being provided which is configured to perform access control to the data network,the authentication server configured to:
- determine whether the first telecommunications terminal or the second telecommunications device is authorized to access the data network by checking a non-hidden administration database including data indicating whether each of the first and second telecommunications terminals is authorized to access the data network, andin response to determining that the first telecommunications terminal or the second telecommunications device is authorized to access the data network, check a hidden database for a monitoring designation assigned to the first or the second telecommunications terminal to determine whether the data stream between the first telecommunications terminal and the second telecommunications device is to be monitored;
  
  wherein the non-hidden administration database indicating whether each telecommunications terminal is authorized to access the data network and the hidden database indicating a monitoring designation for each telecommunications terminal are connected to each other for exchanging data with each other;
  
  a controller configured to;
  
  route the data stream between the first and second telecommunications terminals via a monitoring server for monitoring the data stream if it is determined that the data stream is to be monitored;
  
  route the data stream between the first and second telecommunications terminals without routing the data stream via said monitoring server if it is determined that the data stream is not to be monitored;
  
  during monitoring, the telecommunications system is configured to create a copy of the data stream and to add an identifying designation to the copy and to transmit the copy and associated identifying designation to at least one LI server and/or directly to an analyzer unit, wherein the identifying designation includes an IP address or an encrypted designation of the data stream as well as information relating to onward data transmission.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 18. The telecommunications system according to claim 17, wherein the LI server is configured to establish, on the basis of the identifying designation, whether at least one secondary copy of the copy is to be created, and to whom the copy and/or the secondary copy, of which there is at least one, is/are to be delivered.
  - 19. The telecommunications system according to claim 18, wherein the LI server is configured to create the secondary copy, of which there are at least one, of the copy.
  - 20. The telecommunications system according to claim 17, wherein the L1 server is configured to perform an interface adaptation to the analyzer unit.
  - 21. The telecommunications system according to claim 17, wherein the telecommunications system is configured to delete assigned monitoring designations in the hidden database when user authentication data being deleted in the administration database.
  - 22. The telecommunications system according to claim 17, wherein the data stream is a Voice over IP data stream.
  - 23. The telecommunications system according to claim 22, wherein a call controller is provided which is configured to divert the data stream via the monitoring server if monitoring is to take place.
  - 24. The telecommunications system according to claim 23, wherein the call controller is configured to control both the gateway and the monitoring server.
  - 25. The telecommunications system according to claim 17, wherein the authentication server is configured to divert the data stream via the monitoring server if monitoring is to take place.
  - 26. The telecommunications system according to claim 25, wherein the authentication server is configured to control the monitoring server.
  - 27. The telecommunications system according to claim 17, wherein the telecommunications system is configured set up to tunnel the data access from the gateway through to the monitoring server.
  - 28. The telecommunications system according to claim 17, wherein the monitoring server is configured to buffer the copy of the data stream.
  - 29. The telecommunications system according to claim 17, wherein the LI server is configured to buffer the copy of the data stream.
  - 30. The telecommunications system according to claim 17, wherein the monitoring server has proxy server functionality.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Kreusch, Norbert, Pfahler, Wolfgang, Stifter, Helmut
Primary Examiner(s)
Lin, Kenny S
Assistant Examiner(s)
Sciacca, Scott M

Application Number

US10/472,607
Publication Number

US 20040181599A1
Time in Patent Office

3,414 Days
Field of Search

379/70, 379/133, 709217-219, 709223-232
US Class Current

709/224
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 63/306   intercepting packet switche...

H04L 65/103   in the network

H04L 65/1046   Call controllers; Call servers

H04L 65/1101   Session protocols

H04L 65/80   Responding to QoS

H04L 67/306   User profiles

H04L 67/563   Data redirection of data ne...

H04L 67/564   Enhancement of application ...

H04L 67/568   Storing data temporarily at...

H04L 69/329   in the application layer [O...

H04M 3/2281   Call monitoring, e.g. for l...

H04M 7/006   Networks other than PSTN/IS...

Method and telecommunications system for monitoring a data flow in a data network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and telecommunications system for monitoring a data flow in a data network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links