Method and telecommunications system for monitoring a data flow in a data network
First Claim
1. A method for monitoring a data stream in a data network between a first telecommunications terminal connected to the data network via at least one gateway, and a second telecommunications terminal, at least one authentication server being provided which is set up to perform access control to the data network, comprising:
- determining whether the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network by checking a non-hidden administration database including data indicating whether each of the first and second telecommunications terminals is authorized to access the data network;
in response to determining that the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network, checking a hidden database for a monitoring designation assigned to the first or the second telecommunications terminal to determine whether the data stream between the first telecommunications terminal and the second telecommunications terminal is to be monitored;
wherein the non-hidden administration database indicating whether each telecommunications terminal is authorized to access the data network and the hidden database indicating a monitoring designation for each telecommunications terminal are connected to each other for exchanging data with each other;
if it is determined that the data stream is to be monitored, routing the data stream between the first and second telecommunications terminals via a monitoring server for copying the data stream;
if it is determined that the data stream is not to be monitored, routing the data stream between the first and second telecommunications terminals without routing the data stream via said monitoring server;
wherein during monitoring by the monitoring server, a copy of the data stream is created to which an identifying designation is added, wherein the identifying designation includes an IP address or an encrypted designation of the data stream as well as information relating to onward data transmission, and the copy together with the associated identifying designation is transmitted to at least one LI server and/or directly to an analyzer unit.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a method and telecommunications system (SYS) for monitoring a data flow (DAT) in a data network (WWW) between at least two telecommunications terminals (TEA, TEB), which are connected to the data network via at least one access server (AAA, AAB). When monitoring, the data flow (DAT) between the telecommunications terminals (TEA, TEB) is rerouted from the access server (AAA, AAB) via a monitoring server (PRO), which makes a copy (KOP) of the data flow (DAT) and transmits it to an evaluation unit (ASW).
39 Citations
30 Claims
-
1. A method for monitoring a data stream in a data network between a first telecommunications terminal connected to the data network via at least one gateway, and a second telecommunications terminal, at least one authentication server being provided which is set up to perform access control to the data network, comprising:
-
determining whether the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network by checking a non-hidden administration database including data indicating whether each of the first and second telecommunications terminals is authorized to access the data network; in response to determining that the first telecommunications terminal or the second telecommunications terminal is authorized to access the data network, checking a hidden database for a monitoring designation assigned to the first or the second telecommunications terminal to determine whether the data stream between the first telecommunications terminal and the second telecommunications terminal is to be monitored; wherein the non-hidden administration database indicating whether each telecommunications terminal is authorized to access the data network and the hidden database indicating a monitoring designation for each telecommunications terminal are connected to each other for exchanging data with each other; if it is determined that the data stream is to be monitored, routing the data stream between the first and second telecommunications terminals via a monitoring server for copying the data stream; if it is determined that the data stream is not to be monitored, routing the data stream between the first and second telecommunications terminals without routing the data stream via said monitoring server; wherein during monitoring by the monitoring server, a copy of the data stream is created to which an identifying designation is added, wherein the identifying designation includes an IP address or an encrypted designation of the data stream as well as information relating to onward data transmission, and the copy together with the associated identifying designation is transmitted to at least one LI server and/or directly to an analyzer unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A telecommunications system which is set up for monitoring a data stream in a data network between a first telecommunications terminal connected to the data network via at least one gateway, and a second telecommunications terminal, at least one authentication server being provided which is configured to perform access control to the data network,
the authentication server configured to: -
determine whether the first telecommunications terminal or the second telecommunications device is authorized to access the data network by checking a non-hidden administration database including data indicating whether each of the first and second telecommunications terminals is authorized to access the data network, and in response to determining that the first telecommunications terminal or the second telecommunications device is authorized to access the data network, check a hidden database for a monitoring designation assigned to the first or the second telecommunications terminal to determine whether the data stream between the first telecommunications terminal and the second telecommunications device is to be monitored; wherein the non-hidden administration database indicating whether each telecommunications terminal is authorized to access the data network and the hidden database indicating a monitoring designation for each telecommunications terminal are connected to each other for exchanging data with each other; a controller configured to; route the data stream between the first and second telecommunications terminals via a monitoring server for monitoring the data stream if it is determined that the data stream is to be monitored; route the data stream between the first and second telecommunications terminals without routing the data stream via said monitoring server if it is determined that the data stream is not to be monitored; during monitoring, the telecommunications system is configured to create a copy of the data stream and to add an identifying designation to the copy and to transmit the copy and associated identifying designation to at least one LI server and/or directly to an analyzer unit, wherein the identifying designation includes an IP address or an encrypted designation of the data stream as well as information relating to onward data transmission. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification