Patent Grant
9204293
This application is a 35 U.S.C. §371 National Phase Entry Application from PCT/EP2008/052143, filed Feb. 21, 2008, and designating the United States.
The present invention relates to methods and arrangements in a telecommunications system comprising Data Retention (DR) sources and/or Intercepting Control Elements (ICEs) for providing data to lawful interception requesting entities. More in detail, the telecommunications systems in which the present invention can be implemented comprise service nodes acting as DR source or ICE for the retention or interception of services data, respectively.
In many countries operators and Internet service providers are today obliged by legal requirements to provide stored traffic data generated from public telecommunications and Internet services for the purpose of detection, investigation and prosecution of crime and criminal offences, including terrorism.
There are also a number of initiatives within the European Union (EU) to regulate the legal basis for data retention. The EU Parliament adopted a set of amendments and by that approved the Council's proposed directive on data retention (Directive 2006/24/EC). In this directive, initial requirements and how an extension of the directive will be handled are described. Consequently, an essential part of operator's effort to comply with current legislation is to secure that processes and tools can be adapted to handle an expansion of the scope for data retention.
Technical specification ETSI DTS/LI-00039 gives guidance for the delivery and associated issues of retained data of telecommunications and subscribers. In particular, ETSI DTS/LI-00039 provides a set of requirements relating to Handover Interfaces for the retained traffic data and subscriber data by law enforcement and other authorized requesting authorities. The requirements are to support implementation of Directive 2006/24/EC of the European Parliament and of the Council of 15 Mar. 2006 regarding the retention of data. Technical Specification ETSI DTS/LI-00033 contains handover requirements and a handover specification for the data that is identified in EU Directive 2006/24/EC on retained data.
The data exchanged between the CSP 1 and the Requesting Authority 4 comprises requests from the Requesting Authority 4, corresponding responses from the DRS and other DR information, such as results of the requests and acknowledgements of receipt. The interfaces through which the CSP and DRS exchange the above data with the Requesting Authority are denoted as Handover Interfaces.
The generic Handover Interface adopts a two-port structure in which administrative request/response information and Retained Data Information are logically separated. In particular, a first Handover Interface port HI-A 5 is configured to transport various kinds of administrative, request and response information from/to the Requesting Authority 4 and an organization at the CSP 1 that is responsible for Retained Data matters, identified by an Administration Function 7.
A second Handover Interface HI-B 6 is configured to transport the retained data information stored in a repository 9 from the CSP 1 to the Requesting Authority 4. The individual retained data parameters have to be sent to the Requesting Authority 4 at least once (if available). To this aim, a Mediation/Delivery function 8 is provided, for retrieving the retained data from the memory means 9 and forward such data to the Requesting Authority 4 in a suitable format through the HI-B 6.
A second system for accessing communications related data is the well-known Lawful Interception (LI) system, which is depicted in
The architecture 10 further comprises one or more Law Enforcement Monitoring Facilities (LEMFs) 12 through which respective LEAs receive interception information.
An Administration Function (ADMF) entity 13 is further configured for sending the target identity and LI authorization data from the LEAs to the ICE. The ADMF 13 interfaces through a first Handover Interface 14 (HI1) with all the LEAs that may require interception in the intercepting network, keeps the intercept activities of individual LEAs separate and interfaces to the intercepting network. The ADMF 13 is also used to hide from the ICE 11 that there might be multiple activations by different LEAs on the same target. The ADMF 13 may be partitioned to ensure separation of the provisioning data from different agencies.
Every physical ICE 11 is linked to the ADMF by means of its own X1_1 interface. Consequently, every single ICE performs interception, i.e. activation, deactivation, interrogation as well as invocation, independently from other ICEs.
In order to deliver the intercepted information to the LEAs, two Delivery Functions (DF) entities are provided, each exchanging respective portions of information with the ADMF 13 (through X1_2 and X1_3 interfaces) and the LEMF 12.
In particular, a DF2 entity 15 is configured to receive Intercept Related Information (IRI) from the ICE, through an X2 interface, and to convert and distribute the IRI to the relevant LEAs via a second Handover Interface 16 (HI2) by means of a Mediation Function (MF) 17.
The IRI is a collection of information or data associated with telecommunication services involving the target identity, such as call associated information or data (e.g. unsuccessful call attempts), service associated information or data (e.g. service profile management by subscriber) and location information.
A DF3 entity 18, instead, is configured to receive Content of Communications (CC) information from the ICE 11 through an X3 interface, and to convert and distribute such information to the relevant LEA through an MF 19 and a third Handover Interface 20 (HI3).
The CC is information different from the IRI, which is exchanged between two or more users of a telecommunications service and, more in general, includes information which may, as part of some telecommunications service, be stored by one user for subsequent retrieval by another user.
In the most recent developments, current IP networks can be provided with a deep packet inspection feature for improving the operator's existing infrastructure with better service and subscriber awareness.
With reference to
The Content Analyzer 22 is configured to parse the user incoming traffic 23, delimit the flows according to the protocol being used, and extract several parameters that are used by a traffic classification engine 24, according to configurable classification rules.
The result of the deep packet inspection is to classify raw traffic packets into a number of configurable traffic categories or Virtual Classes. Examples of traffic categories are: Web navigation to a certain site, IP traffic, FTP downloads, and so on. A Virtual Session is an entity that represents all the traffic of the same type within a user data session.
The packet analysis is the process whereby a packet is identified as belonging to certain protocols and useful information is extracted from it.
Packet analysis is performed by a Protocol Engine 24 of the Content Analyzer 22. The Protocol Engine 24 is composed of several Protocol Analyzers 25, one for each of the supported protocols. Protocol Analyzers 25 are linked with one another to build a protocol analysis stack.
The collection of parameters obtained by the analysis of one packet is referred to as the Packet Context. The Packet Context contains parameters that have been obtained by several Protocol Analyzers.
The Rule Engine 26 of the Classification Engine 29 is configured to classify the traffic packets 27 once the Protocol Engine 24 has analyzed those packets and their Packet Context has been extracted. Databases 30a, 30b, and 30c are repositories of rules used to analyze the packets.
An example of Classification Engine 29 is shown in
The protocol fields and states that are exposed by the different protocol analyzers, can be used to create traffic classification rules 28a, 28b, 28c and can be included in Event Detail Records (EDRs).
An EDR represents the report of the deep packet inspection and contains a first set of fields which are shared by all protocol analyzers and other sets of fields specific for the traffic analyzed by the corresponding protocol analyzer, e.g. HTTP fields and IP fields.
EDRs are usage records generated with information that is totally configurable by the operator, thus achieving a great flexibility, EDR flexibility is provided in two areas: EDR fields and EDR generation rules.
To facilitate integration, EDRs may use industry standards for their format, such as CSV and XML.
When integrating a data retention or lawful interception solution for IP services, there are some data retention sources or Intercepting Control Elements (ICEs) from which it is possible to retrieve information related to communications at different TCP/IP stack layers, by using packet inspection features.
A problem exists at the DR/LI Handover Interfaces with the data/interception requesting authority, because the communications exchanged through the Handover Interfaces relate to different TCP/IP stack layers. For instance, in the known DR systems which can retrieve information related to communications at different TCP/IP stack layers, the requesting LEA receives from the DR system retained data separately for each of the stack layers, e.g. retained data at the application layer (Layer 5), at the transport layer (Layer 4), at the network layer (Layer 3) and at the data link layer (Layer 2).
Similarly, in the known LI systems which can retrieve information related to communications at different TCP/IP stack layers, the LEA/LEMF can separately receive from the LI Mediation Function 2 IRIs containing application layer information, IRIs containing transport layer information, IRIs containing network layer and IRIs containing data link layer information.
In some cases, data from different communications stack layers may be collected from a plurality of different sources and it is not possible to correlate them. For instance, GPRS nodes may provide a private IP address which, through a NAT function, is translated into a public IP address which finally arrives at a Messaging Server. In such case, the IP addresses would not be enough for correlating the communications at different layers.
As a consequence, there is currently no possibility of correlating communications at different stack layers on the Handover Interfaces.
The aim of the present invention is to provide a method and DR/LI system nodes that overcome the above drawbacks.
This aim and other objects which will become better apparent hereinafter are achieved by a method for providing a Law Enforcement Agency LEA with retention or interception data related to a target user. At a data retention source node or at an interception control element of a telecommunications network, traffic packets involving the target user are inspected and a plurality of usage data records based on the inspected traffic packets are generated. Each record comprises information relating to a certain service class and to a respective communications stack layer. For each communications session involving a plurality of different communications stack layers, at the data retention source node or, respectively, the interception control element, the plurality of usage data records are provided with a same correlation identity number for correlating the data at the different communications stack layers. Then, the usage data records comprising the correlation identity number to the LEA are sent, for instance to the LI system or the data Retention System, respectively.
Preferably, the correlation identity number identifies the lowest communications stack layer of the communications stack layers. The correlation identity number may be a unique Communications Identity Number CIN assigned to the communications session in the lowest communications stack layer. In this case, each usage data record may already comprise a further CIN identifying a respective session in a respective communications stack layer, which accompanies the unique CIN.
The data retention source node and the intercepting control element may be a Service Aware Support Node SASN.
The above aim and objects are also achieved by a data retention source node comprising packet inspection means and means for communicating with a Data Retention system. The packet inspection means are configured to generate a plurality of usage data records based on inspected traffic packets. Each record comprises information relating to a certain service class and to a respective communications stack layer. The packet inspection means are further configured to provide, for each communications session involving a plurality of different communications stack layers, the plurality of usage data records with a same correlation identity number for correlating the data at the different communications stack layers. The data retention source node further comprises means for sending the usage data records comprising the correlation identity number to the Data Retention system.
Moreover, the aim and the objects of the invention are achieved by an Intercepting Control Element (ICE) comprising packet inspection means for providing Intercept Related Information (IRI) and Content of Communication (CC) to a Lawful Interception (LI) system. The packet inspection means are configured to generate a plurality of IRIs based on inspected traffic packets, each IRI comprising information relating to a certain service class and to a respective communications stack layer. The packet inspection means are further configured to provide, for each communications session involving a plurality of different communications stack layers, the plurality of IRIs with a same correlation identity number for correlating the data at the different communications stack layers. The ICE also comprises means for sending the IRIs comprising the correlation identity number to the LI system.
The present invention also concerns computer programs comprising portions of software codes in order to implement the method as described above when operated at a processor of a data retention source node or of an ICE. Such a computer program can be stored on a computer readable medium. The computer-readable medium can be a permanent or rewritable memory within the data retention source node or the ICE or can be located externally. The respective computer program can be also transferred to the data retention source node or to the ICE, for example via a cable or a wireless link as a sequence of signals.
According to a particular aspect of the invention, a computer program is provided, which is loadable into a processor of a data retention source node or of an intercepting control element and which comprises code adapted to
a) inspect traffic packets involving the target user;
b) generate a plurality of usage data records based on the inspected traffic packets, wherein each record comprises information relating to a certain service class and to a respective communications stack layer;
c) for each communications session involving a plurality of different communications stack layers, provide the plurality of usage data records with a same correlation identity number for correlating the data at the different communications stack layers;
d) send the usage data records comprising the correlation identity number to a Lawful Enforcement Agency.
The invention advantageously allows to correlate data related to communications at different stack layers, be them TCP/IP layers or OSI layers, in particular to correlate data at different layers by employing existing DR and LI functionalities.
A more efficient and complete scenario related to services, such as Internet services, to be detected for investigation purposes is achieved. In particular, LEAs are provided with more detailed information about the communications of a target user, allowing the LEAs to retrieve traffic data related to IP services, both narrowband and broadband, fixed and mobile, covering any type of existing or future network services.
The invention even makes a location identification mechanism possible on the Handover Interfaces based on the connection in which the target user is involved.
Further characteristics and advantages of the invention will become better apparent from the detailed description of particular but not exclusive embodiments, illustrated by way of non-limiting examples in the accompanying drawings, wherein:
With reference to
The DRS 32 comprises an Administration Function 32a configured to exchange administrative, request and response information with a Law Enforcement Agency (LEA) 40 via the Handover Interface HI-A 40a.
Additionally, the DRS 32 includes a Mediation/Delivery Function 32b configured to retrieve retained data from storage means 32c of the DRS 32 and forward such data in a format according to the invention to the LEA 40, through the Handover Interface HI-B 40b.
The SASN 21 preferably comprises the content analyzer 22, the protocol engines 24-25, the classification engine 24 and the rule engine 26 as discussed above and is further configured in accordance to the invention. The SASN may also comprise further processing/classifying elements.
In general, the SASN 21 is able to filter the content of communication related to specific services, in particular to capture IP traffic packets and to analyze them through deep packet inspection features, in order to provide service awareness.
The SASN 21 can be located in any point of the IP network 30 in the path of the traffic which has to be monitored, e.g. it can be connected to the gateway 33 as in
With this type of nodes it is possible to retrieve both information as provided by service unaware nodes like GGSN, SGSN, PDSN, or other nodes of networks 34, 35a, 35b, 36, 37 and 38, as well as information as provided by the other service aware nodes.
For instance, the information provided by a GGSN of network 34 regards the access of mobile users (identified by the IMSI and the MSISDN), the cell id and the PDP address.
As another example, the information provided by an Internet Access Service (IAS) via the Internet 37 may be data related to the internet access (e.g. Access_attempt, Access_failed, Session_start, etc.), the username (or other token used for identification), the type of Internet access (e.g. dial up, ADSL, cable modem, LAN access), the assigned IP address, the MAC address of the target CPE for layer 2 access or the target PSTN/ISDN number for dial up.
The SASN 21 is configured to build separate usage data records such as Event Detail Records EDRs for each stack layer and for each service class and send the same to the DRS 32, to which the SASN 21 is bidirectionally connected by a communication channel 39. In particular, the Mediation Function of the DRS 32 is configured to retrieve the usage data records from the SASN 21 (for instance, using the SFTP protocol) and collect the usage data records for further processing.
The SASN 21 is characterized in that it is configured to introduce a unique correlation identity number to report the requesting agency 40 that the data being reported is related to the same user session.
The unique correlation identity is introduced in each usage record for a certain service and for a certain stack layer and is identical for all the usage records of a user session. Preferably, the unique correlation identity is a unique Communications Identity Number (CIN).
As it is known, a CIN is used in the header of messages such as IRIs to correlate the data within a single communications session and for the same stack layer. In the preferred embodiments of the invention, instead, a single CIN is used for correlating the data within a single communications session at more than one stack layer, such as at a plurality or all of the stack layers.
Having regard to the standard ETSI TS 102 232, an identifier of a communications session consists of a Network Identifier (NID), the Communications Identity Number (CIN) and a Delivery Country Code (DCC).
The CIN is used to identify uniquely the communications session. All the results of the interrogation within a single communications session have the same CIN. The CIN allows the data at a certain layer to be accurately associated.
With the SASN defined as data retention source (as in
Preferably, the SASN is configured to deliver the CIN identifying a low layer session as additional CIN when delivering higher level layer sessions. In this way, it is possible to report the LEA the information that the higher level sessions related data are obtained from the inspection of the lower layer session.
With reference to a DR system, the unique CIN is delivered via the usage data records and may be the CIN identifying the lowest layer session when delivering the higher level layer sessions.
The Handover Interface HI-B is configured to use the unique CIN to correlate the information of different stack layers collected at the DRS storage. In particular, different flows are correlated and delivered to the LEA 40 by the Mediation/Delivery function 32b.
The telecommunications system 30 may operate as follows. With reference to
In step 101, the SASN 21 transfers to the Mediation Function 32b the usage data records with the application layer information for the IP services and with the application layer CIN (CIN4) and the unique CIN (CIN1).
Similarly, in step 102 the SASN 21 transfers the usage data records with the transport layer information for the IP services and with the transport layer CIN (CIN3) and the unique CIN (CIN1).
Again, in steps 103 and 104 the SASN 21 transfers the usage data records respectively with the network and the data link layer information, the records comprising the unique CIN CIN1. The records with the network layer information carry the network layer CIN (CIN2), while the records with the data link layer information carry the data link CIN (CIN1), which is also identically present in all of the usage data records transmitted in steps 101-104.
The above usage data records are transferred from the SASN 21 to the Mediation Function 32 using, for instance, the SFTP protocol.
In steps 105-108 the mediated usage records generated by the Mediation function 32b based on the received usage data records and comprising the additional unique CIN are stored in the DRS repository 32c.
In step 109, the LEA 40 uses the HI-A interface to hand over the requests for IP Services Retained Data (such as FTP downloads, Web based downloads, or streaming) related to a user.
In response to the request, in steps 110-113 the DRS 32 delivers to the LEA 40, via the HI-B interface, the requested retained data at the application transport, network and data link layers, respectively, correlating the information at higher layers with the information at lower layers via the CIN1.
With reference to
The LI 42 comprises an Administration Function 50 configured to exchange administrative, request and response information with a Law Enforcement Monitoring Function (LEMF) 43 via the Handover Interface H11.
Additionally, the LI 42 includes a Delivery Function 251 configured to receive Intercept Related Information (IRI) from the SASN 41 acting as an ICE, through an X2 interface, and to convert and distribute the IRI to the LEMF 43 via a second Handover Interface H12 by means of a Mediation Function (MF) 51a.
The LI 42 further comprises a Delivery Function 352, which is configured to receive Content of Communications (CC) information from the SASN 41 through an X3 interface, and to convert and distribute such information to the LEMF 43 through a Mediation Function 52a and a third Handover Interface HI3.
The SASN preferably comprises the content analyzer, the protocol engines, the classification engine and the rule engine as discussed above in relation to
The SASN 41 can be located in any point of the IP network. For instance, the SASN is connected to a gateway 44 as in
The SASN 41 is configured to build separate IRIs for each service class and send the same to the LI 42 via the X2 interface. The IRIs comprise a unique correlation identity for reporting the LEMF 43 that the data being reported is related to the same user session.
The LI system of
In step 202 the ADMF 50 requests the SASN 41 for the activation of a service aware interception related to the specified target.
The target is accordingly detected when using a certain service, e.g. while surfing the web. The SASN 41 then uses its deep packet inspection capabilities to generate separate IRIs for each service class. In particular, the SASN 41 intercepts and filters only relevant traffic, based on the specific services, and forwards IRIs to the MF2/DF251. In addition to the existing CIN (CIN1, CIN2, CIN3, CIN3) used to correlate the data for the same layer, an additional CIN (CIN1) is included to correlate the information at different stack layers.
For instance, in step 203 the SASN 41 provides the MF2/DF2 with raw IRIs containing application layer information, the CIN4 and the unique CIN, which is chosen to be the CIN relating to a low stack layer (CIN1), such as Layer 2.
In step 204 the MF2/DF251 converts the intercepted traffic into the required standard format and sends it to a collection function running at the LEMF 43 via the HI2.
Similarly, in step 205 the SASN 41 sends the MF2/DF2 raw IRIs containing transport layer information, the CIN3 and the unique identifier CIN1. Such IRIs, after suitable conversion, are forwarded to the LEMF 43 in step 206.
In step 207 the SASN 41 sends the MF2/DF2 raw IRIs containing network layer information, the CIN2 and the unique identifier CIN1. Then, in step 208, the MF/DF2 converts such IRIs and forwards them to the LEMF 43.
Finally, in step 209 the SASN 41 sends the MF2/DF2 raw IRIs containing Layer 2 information, the CIN1 and the unique identifier CIN1. The MF2/DF2 will convert the received intercept information into the suitable format and send it to the LEMF in step 210.
The LEMF will finally correlate the received IRIs with the received CCs among the various stack layers by using the unique CIN (CIN1) as a correlation number.
In
The skilled in the art easily understands that the steps described in relation to
It is noted that the correlation mechanism according to the invention allows to introduce location identification functionalities in data retention or lawful interception systems, as it provides the source/destination IP address linked to the service to be retained or intercepted.
As it is known, the location information is related to the IP address and the layer 2 access information (e.g. MAC address). An IP address and the layer 2 access information can be used not only to identify a connected device but also to describe the “location” of the device.
For instance, considering IPv6 addresses, it is possible to divide a 128-bit address into two parts, a 64 bit routing segment and a 64-bit identity segment, which allows each device wired/wireless to have a unique IP address independent of its current point of attachment to the Internet, More particularly, IPv6 addresses have a network prefix that describes the location of an IPv6-capable device in a network and an interface ID that provides a unique identification number for the device. The network prefix can change based on the user's location in a network, while the interface ID can remain static. The static interface ID allows a device with a unique address to maintain a consistent identity while its location in a network can change.
As another example, in IPv4, the approach to mobility is to use two IP addresses to fully describe a mobile device. The mobile device uses a constant IP address, representing the device's identity.
Such identity IP address is passed to the local mobile base station, which then informs the mobile device's home station of the mobile device's identity address, as well as the address of the current mobile base.
Once a packet reaches the home base station the packet is encapsulated in an IP transport header, with the new destination IP address (of the most recent mobile base station). At the mobile base station the outer IP transport header is stripped off and the original packet is directly passed to the mobile device.
In the invention, by using the correlated information, the law enforcement agencies will be able to receive details related to the IP services used, linked to identification and location information which will be always provided through the unique CIN as correlation identity. In fact, through the unique CIN, the LEA will be always able to correlate the received information, e.g., at the application layer, with the IP address provided in the network layer information. From such IP address the LEA will finally retrieve the location of the target through conventional means.
It has been shown that the invention fully achieves the intended aim and objects, since it provides a data retention or lawful interception requesting agency with information adapted to correlate data at different stack layers, which data is usually separately transmitted from a data retention source or an ICE to the requesting agency.
The data may be even collected from different sources and could nevertheless be correlated to one another at the various stack layers.
Clearly, several modifications will be apparent to and can be readily made by the skilled in the art without departing from the scope of the present invention. Therefore, the scope of the claims shall not be limited by the illustrations or the preferred embodiments given in the description in the form of examples, but rather the claims shall encompass all of the features of patentable novelty that reside in the present invention, including all the features that would be treated as equivalents by the skilled in the art.
Where technical features mentioned in any claim are followed by reference signs, those reference signs have been included for the sole purpose of increasing the intelligibility of the claims and accordingly, such reference signs do not have any limiting effect on the interpretation of each element identified by way of example by such reference signs.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/EP2008/052143 | 2/21/2008 | WO | 00 | 10/7/2010 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2009/103340 | 8/27/2009 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 2152032 | Rice | Mar 1939 | A |
| 5101402 | Chiu et al. | Mar 1992 | A |
| 5455953 | Russell | Oct 1995 | A |
| 5553242 | Russell et al. | Sep 1996 | A |
| 5617570 | Russell et al. | Apr 1997 | A |
| 6131163 | Wiegel | Oct 2000 | A |
| 6549613 | Dikmen | Apr 2003 | B1 |
| 6654589 | Haumont | Nov 2003 | B1 |
| 6678270 | Garfinkel | Jan 2004 | B1 |
| 6681258 | Ratcliff et al. | Jan 2004 | B1 |
| 6684251 | Qiu et al. | Jan 2004 | B1 |
| 6721274 | Hale et al. | Apr 2004 | B2 |
| 6741595 | Maher et al. | May 2004 | B2 |
| 6754834 | Miettinen et al. | Jun 2004 | B2 |
| 7152103 | Ryan et al. | Dec 2006 | B1 |
| 7310331 | Sjoblom | Dec 2007 | B2 |
| 7460484 | Roberts et al. | Dec 2008 | B2 |
| 7471683 | Maher et al. | Dec 2008 | B2 |
| 7529200 | Schmidt et al. | May 2009 | B2 |
| 7564854 | Pong | Jul 2009 | B2 |
| 7657011 | Zielinski et al. | Feb 2010 | B1 |
| 7764768 | Davis et al. | Jul 2010 | B2 |
| 7835722 | Munje et al. | Nov 2010 | B2 |
| 7839846 | Ko | Nov 2010 | B2 |
| 7843902 | Imbimbo et al. | Nov 2010 | B2 |
| 7958233 | Fernandez Gutierrez | Jun 2011 | B2 |
| 7965674 | Sengupta et al. | Jun 2011 | B2 |
| 8041022 | Andreasen et al. | Oct 2011 | B1 |
| 8090349 | Munje et al. | Jan 2012 | B2 |
| 8127005 | Fernandez Gutierrez | Feb 2012 | B2 |
| 8160021 | Ohba et al. | Apr 2012 | B2 |
| 8179803 | Parsons | May 2012 | B2 |
| 8189584 | Fernandez Gutierrez | May 2012 | B2 |
| 8190739 | Fernandez Gutierrez | May 2012 | B2 |
| 8260258 | Li et al. | Sep 2012 | B1 |
| 8265077 | Imbimbo et al. | Sep 2012 | B2 |
| 8340292 | Schnellbacher et al. | Dec 2012 | B1 |
| 8400927 | Attanasio et al. | Mar 2013 | B2 |
| 8548132 | Zielinski et al. | Oct 2013 | B1 |
| 8570869 | Ojala et al. | Oct 2013 | B2 |
| 20020049913 | Lumme et al. | Apr 2002 | A1 |
| 20020141336 | Hale et al. | Oct 2002 | A1 |
| 20020143986 | Hale et al. | Oct 2002 | A1 |
| 20020150096 | Sjoblom | Oct 2002 | A1 |
| 20020156896 | Lin et al. | Oct 2002 | A1 |
| 20030018808 | Brouk et al. | Jan 2003 | A1 |
| 20030078041 | Dikmen et al. | Apr 2003 | A1 |
| 20030101356 | Miettinen et al. | May 2003 | A1 |
| 20030227917 | Maher et al. | Dec 2003 | A1 |
| 20040165709 | Pence et al. | Aug 2004 | A1 |
| 20040186891 | Panec et al. | Sep 2004 | A1 |
| 20040202295 | Shen et al. | Oct 2004 | A1 |
| 20040205192 | Olson et al. | Oct 2004 | A1 |
| 20040215770 | Maher et al. | Oct 2004 | A1 |
| 20050073964 | Schmidt et al. | Apr 2005 | A1 |
| 20050135428 | Hellgren | Jun 2005 | A1 |
| 20050152275 | Laurila et al. | Jul 2005 | A1 |
| 20050174937 | Scoggins et al. | Aug 2005 | A1 |
| 20050210127 | Pohja et al. | Sep 2005 | A1 |
| 20050265353 | Sengupta et al. | Dec 2005 | A1 |
| 20060050644 | Roberts et al. | Mar 2006 | A1 |
| 20060072550 | Davis et al. | Apr 2006 | A1 |
| 20060080446 | Bahl | Apr 2006 | A1 |
| 20060094354 | Munje et al. | May 2006 | A1 |
| 20060227754 | Ko | Oct 2006 | A1 |
| 20060259928 | Di Serio et al. | Nov 2006 | A1 |
| 20070088670 | Laurila | Apr 2007 | A1 |
| 20070165655 | Haumont | Jul 2007 | A1 |
| 20070183365 | Ohba et al. | Aug 2007 | A1 |
| 20080069116 | Pong | Mar 2008 | A1 |
| 20080276294 | Brady | Nov 2008 | A1 |
| 20090154495 | Ojala et al. | Jun 2009 | A1 |
| 20090177784 | Olson et al. | Jul 2009 | A1 |
| 20090190479 | Parsons | Jul 2009 | A1 |
| 20090196301 | Parsons | Aug 2009 | A1 |
| 20090207751 | Attanasio et al. | Aug 2009 | A1 |
| 20090279432 | Solis et al. | Nov 2009 | A1 |
| 20100161790 | Sheppard | Jun 2010 | A1 |
| 20100199189 | Ben-Aroya et al. | Aug 2010 | A1 |
| 20100235453 | Attanasio et al. | Sep 2010 | A1 |
| 20100291906 | DeLuca et al. | Nov 2010 | A1 |
| 20110058519 | Munje et al. | Mar 2011 | A1 |
| 20110145396 | Kim et al. | Jun 2011 | A1 |
| 20110191467 | Imbimbo et al. | Aug 2011 | A1 |
| 20120096145 | Le et al. | Apr 2012 | A1 |
| 20120243549 | Lyons et al. | Sep 2012 | A1 |
| 20130041934 | Annamalaisami et al. | Feb 2013 | A1 |
| 20130159510 | Cahill | Jun 2013 | A1 |
| Number | Date | Country |
|---|---|---|
| 1389864 | Feb 2004 | EP |
| 2152032 | Feb 2010 | EP |
| 0119036 | Mar 2001 | WO |
| 2007097667 | Aug 2007 | WO |
| Entry |
|---|
| “Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic”, ETSI TS 101 671, ETSI Standards, LIS, Sophia Antipolis, Cedex, France, vol. LI; Sec-LI, No. V3.2.1, Dec. 1, 2007, 124 pages, XP014040473. |
| “Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 2: Service-specific details for E-mail services”; ETSI TS 102 232-2, ETSI Standards, LIS, Sophia Antipolis, Cedex, France, vol. LI, No. V2.1.1, Dec. 1, 2006, 42 pages, XP014039775. |
| “Lawful Interception (LI); Retained Data; Requirements of Law Enforcement Agencies for handling Retained Data”, ETSI TS 102 656, ETSI Standards, LIS Sophia Antipolis, Cedex, France, No. V1.1.2, Dec. 1, 2007, 17 pages, XP014040515. |
| Number | Date | Country | |
|---|---|---|---|
| 20110029667 A1 | Feb 2011 | US |
