TREA

LAWFUL ACCESS; STORED DATA HANDOVER ENHANCED ARCHITECTURE

Follow

Information

  • Patent Application
  • 20090234845
  • Publication Number
    20090234845
  • Date Filed
    February 27, 2006
    18 years ago
  • Date Published
    September 17, 2009
    15 years ago
Information
Abstract
The present invention relates to methods in a telecommunication system to provide access to data received to a centralized storage medium from interfacing traffic nodes in the system. The centralized storage medium is part of a Mediation and Delivery Function which is associated with a Law Enforcement Monitoring facility. The method comprises the following steps: Identifying in the Mediation and Delivery Function, a configuration request which comprises a filtering criteria specifying type of data to be accessed.Configuring in the Mediation and Delivery Function, the requested filtering criteria.Receiving data from the system to the centralized storage medium.Establishing that the received data matches the filtering criteria.Retaining the received data in the centralized storage medium and/or forwarding the data to the Law Enforcement Monitoring Facility.
Description
TECHNICAL FIELD OF THE INVENTION

The present invention relates to methods in a telecommunication system to provide access to data received to a centralized storage medium from interfacing traffic nodes in the system.


DESCRIPTION OF RELATED ART

Under data preservation schemes, law enforcement authorities have the opportunity to request electronic service providers to retain particular data on a particular person or persons, whereas data retention schemes provide the retention of traffic data on all users of electronic services. At first glance, data preservation seems an attractive policy option: the number of persons on whom data will be retained and processed for law enforcement purposes is drastically reduced under this option, and consequently the associated costs for industry will be negligible. In fact, data preservation is a very useful tool for law enforcement authorities. Undoubtedly, in those cases where a suspect has been identified, or where an investigation into for example an organised crime group or terrorism cell is underway, requests for preservation of traffic data are an indispensable tool to establish the connections between suspect and their contacts and associates. At the same time, the logical limitations of this approach can be easily explained—with only data preservation as a tool, it is impossible for investigators to go back in time. Data preservation is only useful as of the moment when suspects have been identified—data retention is indispensable in many cases to actually identify those suspects. Data preservation by itself is not enough for law enforcement authorities to actually be able to investigate and solve crime and terrorism cases. To respond to this concern, a number of states have adopted, or planned to adopt, national general data retention measures. Compared to data preservation measures, which are targeted at specific users and for specific data, general data retention measures aim at requiring (some or all) operators to retain traffic data on all users so that they can be used for law enforcement purposes when necessary and allowed.


A data gathering system in general is disclosed in the international patent application WO 00/05852. The international patent application discloses collection and integration of software that reside on multiple interconnected platforms to a single centralized storage medium. The increasing need for and use of traffic information and data in telecommunications system has increased the burdens and costs on service providers and law enforcement alike. Monitoring can be used to provide information from users. An Intercept Mediation and Delivery Unit IMDU used for data preservation belong to prior art and is disclosed in current Lawful Interception standards (see 3GPP TS 33.108 and 3GPP TS 33.107 —Release 6). The IMDU comprises a Law Enforcement Monitoring Function LEMF. The LEMF is connected to three Mediation Functions respectively for ADMF, DF2, DF3 i.e. an Administration Function ADMF and two Delivery Functions DF2 and DF3. The Administration Function and the Delivery Function DF2 are each one connected to the LEMF via standardized handover interfaces HI1 and HI2, and connected to an intercept access point via the interfaces X1 and X2. The messages sent from LEMF to ADMF via HI1 and from the ADMF to the network via the X1 interface comprise identities of a target that is to be monitored. The Delivery Function DF2 receives Intercept Related Information IRI from the network via the X2 interface, and DF2 is used to distribute the IRI to relevant Law Enforcement Agencies via the HI2 interface. The DF3 receives Content of Communication, i.e. speech and data and is connected to LEMF via a standardized interface HI3 and to the access point via an interface X3. Commonly the ADMF, DF2 and DF3 are parts of the service provider domain and located distinctly from the LEMF.


An array of different kinds of stored information and data may be the subject of lawful authorities requests, and may require different legal instruments. For example, some basic information may be made publicly available by the subscriber or may be highly intrusive and revealing of personal behaviour subject to privacy expectations. Such subscriber information and traffic data that are produced and transferred along the network during the normal traffic operation of the telecommunications networks, but the access to them by the external government authority is distributed over several different channels that makes it complicate to seek and rebuild the required information. The timely production and analysis of subscriber information and traffic data has become invaluable to service providers and government authorities for an array of needs related to critical infrastructure protection and the extraction of forensic evidence for law enforcement. The increasing need for and use of this information and data has increased the burdens and costs on service providers and law enforcement alike. At the other extreme, other information are not currently preserved by the telecommunication operator network either because not meaningful for billing purposes or because a post-processing is required at operator network premises. In some other cases, part of the information that is subject to order by the government authorities is not even available (e.g., correlation on subscriber basis of the several service identities the user could use). Examples of stored information and traffic data according to prior art is attached at the end of the description part of this application. To be noted is that the attached referenced framework not necessarily is limited to the mentioned cases, i.e. the type of identities provided in the solution are dependent on national options and can be extended by adding new network elements or new identities in existing network elements. An architecture for delivery of stored information from a Service provider to a lawful Enforcement Agency is disclosed in a draft standards ETSI DTR/LI-00020 V0.0.4 (2005-06).


The draft standards doesn't give a solution on how to collect all the required information in the network and how to correlate them. Even if this is not the core of this invention, in this document a detailed network framework with a centralized database is proposed as pre-requisite to the solution of the identified problems.


In synthesis, the identified lacks/problems of the current standards are:

    • 1. the agencies cannot control the type of information to store, i.e. all information required by the standards are retained.
    • 2. the current standard only foresees a simple provisioning method on demand of the stored data to the agencies (Query and Delivery processes), while it could be effective for lawful intercept purposes to deliver the retained information as soon as they become available.


SUMMARY OF THE INVENTION

The present invention relates to problem how to control type of information to store in a centralized storage medium. A further problem is that the standards only foresee a simple provisioning method on demand of the stored data, while it could be effective for Lawful Intercept purposes to deliver the retained information as soon as they become available.


The problems are solved by the invention by filtering data received to the centralized storage medium, which filtered data is retained in the storage medium and/or forwarded to a Law enforcement Agency or similar.


The solution to the problems more in detail comprises a method in a telecommunication system to provide access to data received to a centralized storage medium from interfacing traffic nodes in the system. The centralized storage medium is part of a Mediation and Delivery Function which is associated with a Law Enforcement Agency. The method comprises the following steps:

    • A configuration request, preferably received from a Law Enforcement Monitoring Facility handled by the Law Enforcement Agency, is identified in the Mediation and Delivery Function. The request comprises a filtering criteria specifying type of data to be further handled.
    • The requested filtering criteria are configured in the Mediation and Delivery Function.
    • Data that fulfils the requested filtering criteria is received from the system to the centralized storage medium.
    • The received data is retained in the centralized storage medium and/or forwarded to the Law Enforcement Agency.


Thus, the object of the invention is to identify data to be accessed for Lawful Intercept purposes. This object and others are achieved by methods, arrangement, systems and articles of manufacture.


An advantage with the invention is that the enhanced system architecture and handover interfaces for data retention functionality lead to added value allowing managing the storage of any information in the network by mean of LI agency configuration.


Another advantage with the invention is that Data Retention and Lawful Intercept convergent architectures lead to:

  • 1) The DR architecture can also be used for lawful interception purposes, like automatic notification of target related information as soon as stored for data retention purposes.
  • 2) Similar interfaces towards the Public Land Mobile Network could be used for both DR and LI.


Further advantages with the invention is that Convergent Data Retention/Lawful Interception solutions will reduce the operations expenses (opex) and enhance overall efficiency and the flexible architecture can be used for fulfilment of any data retention requirements in terms of stored subscriber and traffic information and of their provisioning to agencies (not only query modality, but also push delivery), and furthermore similar interfaces towards the agencies could be used for both Data Retention and Lawful Interception.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 discloses data collection from a Public Land Mobile Network to a centralized storage, and a block schematic illustration of a network based solution used for data handling according to the invention.



FIG. 2 discloses a signal sequence diagram according to the invention for filtering data to be further handled.



FIG. 3 discloses a signal sequence diagram according to the invention for realizing subscription of specified data.



FIG. 4 shows a flow chart illustrating some essential steps of the invention.



FIG. 5 discloses a block schematic illustration of a system according to the invention.





DETAILED DESCRIPTION OF EMBODIMENTS


FIG. 1 discloses a Public Land Mobile Network PLMN. The PLMN comprises in this example Telecommunication Service Providers TSPs such as MSP: Mobile Service Provider, ISP: Internet Service Provider, MMC: Multimedia Messaging Centre, USP: User and Service Profile Database, HSS: Home Subscriber server, HLR: Home Location register, IMS: IP Multimedia system, SGSN: Serving GPRS Support Node, ITO:IT Operator database, MSC: Mobile Services Switching Centre, SCP: Service Control Point, SDP: Service Data Point. The above nodes are all well known and specified in various telecommunication standards. Telecommunication Service Providers TSPs in the course of their business operations, normally acquire and store diverse subscriber information and traffic data related to their service providers. This information and data may be related to service accounts, payments, access, assigned identifiers, and usage. The manner of acquisition and storage of this information and data is determined by a combination of business practices, legal liability protection in case of subscriber disputes, technical system capabilities or requirements, and national and local law or regulation. Examples of information and traffic data according to prior art that can be sent from the system to the data Retention Cluster is attached at the end of the description part of this application. A Mediation and Delivery Function MDF is associated with the network PLMN and with a Law Enforcement Monitoring Facility LEMF. The MDF comprises according to the invention a Data Retention Cluster DR-C that in this example comprises three Data Bases DB1, DB2 and DB3. The cluster of Data Bases is illustrated in the proposal to be as much general as possible. Considering the large quantity of data most likely the implementation of Data Retention DR will foresee a possible distributed Data Base architecture with any kind of distribution (e.g. DB1 for the latest retention year, DB2 for earlier years or DB1 for Voice calls, DB2 for others etc.). The DR-C provides register functions to collect all possible data available in the PLMN to the cluster, when allowed by the telecommunication service. For example, the DR-C will collect MSISDN, IMSI and IMEI provided by the MSC, and will register them as referring to the same subject. Of course, the updating of the cluster depends on the policy regulating the notifications with the user, session or operator related data from the network elements towards the DB cluster (e.g. the notification could occur only at the first service access). The transportation of data from the PLMN to the Data Retention Cluster is schematically shown with filled arrows in FIG. 1. The transportation of data is a pre-requisite for this invention.


The Law Enforcement Monitoring Facility LEMF is handled by a Law Enforcement Agency. The general function of the LEMF is briefly explained in the Description of related art. For the purpose of this invention a new management function ManF and a new Lawful Interception acquisition function LiAF are introduced in the LEMF. A new configuration Function ConF is introduced in the Mediation and Delivery Function MDF. The ConF is associated with the DR-C in the MDF and with the ManF in the LEMF. A new Notification Function NotF in the MDF is introduced. The NotF is associated with the DR-C in the MDF and with the LiAF in LEMF. A new Handover Interface HI is located between the LEMF and the MDF. The purpose of the above new entities will be further explained in the embodiments.


A first embodiment of the invention will now be explained. In this embodiment filtering criteria will be determined by the Law Enforcement Monitoring Facility LEMF and sent to the MDF. Generally, the criteria stem from a search warrant or other authorization from a government or other authorized institution. In this example the criteria are sent from the LEMF but may also be communicated by an intermediary, such as a human operator who receives the command from an authorized source, and then inputs the criteria to the MDF. The filtering criteria specify which data to store and configure in the Data retention Cluster, for example in terms of:

    • type of information: e.g., network operator related, subscriber related, communication type related.
    • Subscriber identity: e.g. list or ranges of IMEI, IMSI, MSISDN, NAI, IP addresses.
    • Information collection time window.
    • Storage duration.
    • Geographical locations.
    • Service type: Speech, Video, Chat, Peer-to-peer, . . .
    • Any other filtering criteria.



FIG. 2 discloses a method according to the first embodiment of the invention. The different entities LEMF, ManF, MDF, ConF, DR-C, DB1 and MSC in FIG. 2 corresponds to the ones that already have been have been shown in FIG. 1. The method according to the invention comprises the following steps:

    • A data retention storage configuration request is sent 1A from the Management Function ManF in the Law Enforcement Monitoring Facility LEMF to the Configuration Function ConF in the Mediation and Delivery Function MDF. The configuration request comprises in this example a retention request indicating that data fulfilling configured filtering criteria are to be stored in the in the centralized storage medium. The retention request can for example be represented by “storage duration>0” in the filter criteria. The request in this example comprises the following filtering criteria:
      • Type of information: network operator related AND subscriber related AND communication type related. With the example of Call Data Records CDR from the MSC, type of communication could be voice, SMS or data. So if the filtering criteria indicated voice, only voice related CDR is to be accessed.
      • Subscriber identity: any IMEI, any IMSI, any MSISDN, any NAI, specific IP address ranges. With this example, the MSC will report either one of MSIDN, IMSI or IMEI, so any sub identity is retained. In case of nodes reporting the IP address, only CDR corresponding to IP addresses within the range is to be accessed.
      • Information collection time window: from 2005-12-01 h 00:00 to 2006-12-31 h 00:00 means that from 2005-12-01 h 00:00 to 2006-12-31 h 00:00 only CDR or any other retrieved info within such time period is to be accessed.
      • Storage duration: 3 years, meaning that after 3 years the info shall be deleted.
      • Geographical locations: Specified jurisdiction regions. Let's for example consider an MSC serving two states, the agency could have authority only on one state, so the info are to be accessed only if the MSC reports that the call was generated by a cell within that state.
      • Service type: Any.


This is an example of a filter from one agency. The system will access certain data if it is requested at least by one agency (i.e. if it matches with the criteria of at least one agency).

    • The data retention storage configuration request including the received filtering criteria is forwarded 1B from the Configuration Function ConF to storage 2 in the Mediation and Delivery Function MDF, for example in DB1. The storage could also be a memory space in a processor unit in the MDF.
    • Call related billing data is sent 3 from the Mobile Services Switching Centre MSC to the MDF.
    • The received billing data is checked against stored filtering criteria received from the Law Enforcement Monitoring Facility LEMF. In this example the billing data fulfils all criterions in the filtering criteria.
    • The data retention storage configuration request stored in the MDF is checked. The indication that data fulfilling configured filtering criteria are to be stored in the centralized storage medium is noted in the MDF and the received billing data is stored/retained 4 in the data base DB1. Once the received information matching the configured filtering criteria is retained, the Agency who sent the filtering criteria can order the acquisition of the data via the Notification Function and via the Lawful Intercept acquisition Function at any time. The acquisition order is sent to MDF via the management function and the configuration function. In an alternative embodiment different agencies can send different filtering criteria to the MDF. Data that fulfils a stored criterion will in that case upon request be sent to the agency who specified the criterion.



FIG. 3 discloses a method according to a second embodiment of the invention. In this embodiment filtering criteria sent from the Law Enforcement Monitoring Facility LEMF will determine which information obtained from the system, the agency wants to subscribe to, and possibly also retain. The different entities LEMF, ManF, LiAF, MDF, NotF, ConF, DR-C, DB1 and MSC in FIG. 3 corresponds to the ones that already have been have been disclosed in FIG. 1. The method according to the invention comprises the following steps:

    • A data retention storage configuration request is sent 11A from the Management Function ManF in the Law Enforcement Monitoring Facility LEMF (handled by an agency) to the Configuration Function ConF in the Mediation and Delivery Function MDF. The configuration request in this example comprises the same filtering criteria as in the first embodiment. The request also comprises a demand, a so called subscriber request, to subscribe to data fulfilling the criteria.
    • The data retention storage configuration request is forwarded 11B from the Configuration Function ConF to the data Retention Cluster DR-C.
    • The received filtering criteria are stored 12 in the Mediation and Delivery Function MDF, for example in DB1.
    • Multi Media Messaging Services MMS data is in this example sent 13 from the Mobile Services Switching Centre MSC to the DR-C.
    • The received MMS data is checked in the MDF against stored filtering criteria received from the Law Enforcement Monitoring Facility LEMF.
    • The data fulfils the filtering criteria.
    • The data retention storage configuration request stored in the MDF is checked. The indication that data fulfilling configured filtering criteria is to be subscribed by the LEMF, is detected in the MDF and the received MMS data is forwarded 15 to the LEMF without being stored, via the Notification Function NotF and via the Lawful Intercept acquisition Function LiAf.


The request 11A sent by the agency from the Manage function ManF in LEMF to the Configuration Function ConF may also comprise a desire for retention of data. In that case, data fulfilling stored criterion will not only be forwarded but also stored in a Data Base in the cluster DR-C. If the agency requested “notification only” by a so-called notification request in 11A then only an indication is notified to the LEMF, else a notification including the target related information, i.e. the data matching the filter, is forwarded. It is for example also possible to give access to specified data in the system to users with certain rights (or roles with different enabled functions). Users with these rights (or with a role allowing the functions of) are aloud to set the filtering criteria used to retain information. Other users are aloud to order query of the information. The first could for example be a minister of the Justice (as the filtering criteria for the retained information depend on the national law). The second may be used when accessing to the system by a specified client in the lawful agencies. This check of access rights may take place in the Mediation and Delivery Function upon receiving a configuration request or an acquisition order.



FIG. 4 discloses a flowchart in which some important steps are shown. The flowchart is to be read together with the earlier shown figures. The flowchart comprises the following steps:

    • The data retention storage configuration request is sent from the Management Function ManF to the Mediation and Delivery Function MDF. A block 101 discloses this step in FIG. 4.
    • The received filtering criteria are stored in the Mediation and Delivery Function MDF. A block 102 discloses this step in FIG. 4.
    • Data is sent from the Mobile Services Switching Centre MSC to the Data Retention Cluster DR-C. A block 103 discloses this step in FIG. 4.
    • The data is checked against stored filtering criteria received from the Law Enforcement Monitoring Facility LEMF. The data fulfils the filtering criteria and the received data is handled according to the configuration request. A block 104 discloses this step in FIG. 4.


A system that can be used to put the invention into practice is schematically shown in FIG. 5. The block schematic constellation corresponds to the one disclosed in FIG. 1. A processor PROC in the Mediation and Delivery Function MDF handles the control of data from the Public Land Mobile Network PLMN and of the configuration request information received from the LEMF. The processor handles storage of received data from the PLMN to the centralized storage medium DB1-DB3 and also storage of received filtering criteria and potentially additional requests from the LEMF. The storage can for example be a memory space within the processor. The comparison of filtering criteria and PLMN data is also handled by the processor. The MDF is connected to the network PLMN and to at least one Law Enforcement Monitoring Facility LEMF. A Request Function ManF in the Law Enforcement Monitoring Facility LEMF is attached to a Receipt Function ConF in the Mediation and Delivery Function MDF, which function pair is used for query processes. A Response function NotF in the Mediation and Delivery Function is attached to an Acquisition Function LiAF in the Law Enforcement Monitoring Facility, which function pair is used for delivery processes. The Handover Interface HI is located between the Request Function and the Receipt Function and between the Response Function and the Acquisition Function. Enumerated items are shown in the figure as individual elements. In actual implementations of the invention, however, they may be inseparable components of other electronic devices such as a digital computer. Thus, actions described above may be implemented in software that may be embodied in an article of manufacture that includes a program storage medium. The program storage medium includes data signal embodied in one or more of a carrier wave, a computer disk (magnetic, or optical (e.g., CD or DVD, or both), non-volatile memory, tape, a system memory, and a computer hard drive.


The invention is not limited to the above described and in the drawings shown embodiments but can be modified within the scope of the enclosed claims. The systems and methods of the present invention may be implemented on any of the Third Generation Partnership Project (3GPP), European Telecommunications Standards Institute (ETSI), American National Standards Institute (ANSI) or other standard telecommunication network architecture, consistent with the Communications Assistance for Law Enforcement Act (CALEA), which is a United States law requiring telephone network architectures be designed to enable authorized electronic interception.


The invention is of course not limited to the above described and in the drawings shown embodiments but can be modified within the scope of the enclosed claims.


Examples of stored data elements possible to send from the nodes in the system to the centralized Data retention Cluster:















Association
Stored Data Element
Description
Network Element/DB







provider
provider name

DR DB Configuration Data


records
provider address

DR DB Configuration Data



provider network identifier

DR DB Configuration Data



provider regulatory identifier

DR DB Configuration Data



provider other identifiers

DR DB Configuration Data



provider law enforcement agency identifier

DR DB Configuration Data



provider contact name

DR DB Configuration Data



provider contact address

DR DB Configuration Data


subscriber
subscriber name

IT Operator DB


records
subscriber status
current, former,
IT Operator DB




limbo, roamer,




prepaid,




transient



subscriber account creation timestamp

IT Operator DB



subscriber account support event

IT Operator DB



subscriber account support event timestamp

IT Operator DB



subscriber account support event description

IT Operator DB



subscriber address

IT Operator DB



subscriber contact name

IT Operator DB



subscriber contact address

IT Operator DB



subscriber account identifier

IT Operator DB



subscriber date of birth

IT Operator DB



subscriber identity type
e.g., Social
IT Operator DB




Security




Number, driver's




license



subscriber identity identifier

IT Operator DB



subscriber payment account type
e.g, credit card,
IT Operator DB




bank



subscriber payment institution identifier

IT Operator DB



subscriber payment institution name

IT Operator DB



subscriber payment institution address

IT Operator DB



subscriber payment account identifier

IT Operator DB



subscriber payment account name

IT Operator DB



subscriber payment account address

IT Operator DB



subscriber payment account expiration date

IT Operator DB



subscriber other identifiers

IT Operator DB



subscriber dealer name
where an
IT Operator DB




intermediary




party exists



subscriber dealer address

IT Operator DB



subscriber dealer account identifier for

IT Operator DB



subscriber



subscriber billed party name

IT Operator DB



subscriber billed party address

IT Operator DB



subscriber billing account identifier

IT Operator DB



subscriber previous billing address

IT Operator DB



subscriber installation address

IT Operator DB



subscriber transient access location
phone booth,
IT Operator DB




hotspot, voyage




identifier



subscriber transient access timestamp

IT Operator DB



subscriber Object Identifier (OID)
when subscriber
IT Operator DB




is an object



subscriber collateral identifiers
e.g. aircraft or
IT Operator DB




train assigned




seat number


network-
network E.164 telecommunications number
includes
ISP NAS, Fixed Net., Messaging


session

telephony, fax,
Servers


identifier

dialup data,


records

ENUM



network Location Routing Number (LRN)

CS Nodes, GPRS



network Mobile Subscriber ISDN (MSISDN)

GPRS, CS Nodes, Messaging





Servers



network International Mobile Subscriber

GPRS, CS Nodes, Messaging



Identifier (IMSI)

Servers



network Urban Fleet Member Identifier



(UFMI)



network Internet Protocol address



network Internet domain name



network ENUM Fully Qualified Domain Name



(FQDN) identifier



network Uniform Resource Identifier (URI)



network File Transfer Protocol (FTP)



identifier



network Session Initiation Protocol (SIP)



identifier



network H.323 identifier



Hypertext Transfer Protocol Secure (HTTPS)



identifier



network session access password


service
service equipment vendor and model

DCR


equipment
service equipment physical serial number

DCR


records
service equipment International Mobile

DCR, EIR



Equipment Identifier (IMEI)



service equipment Electronic Product or



Serial Number (EPN, ESN)



service equipment Mobile Equipment
a 56-bit mobile



IDentifier (MEID)
equipment




identifier used




for new terminals




as the alternative




to the 32-bit ESN



service equipment pseudo-ESN (pESN)
a Pseudo-ESN




0x80 as its




‘Manufacturer




Code’, followed




by the 24 least




significant bits of




the SHA-1 hash




of the 56 bit




MEID is used




when MEID isn't




implemented in a




system



service equipment Mobile Identification



Number (MIN)



service equipment Network media access

ISP NAS



identifier (MAC)



service equipment digital certificate


porting
Location Routing Number (LRN)

Number Portability Swtiching Node


records


(e. SCP)



Jurisdiction Information Parameter (JIP)

Number Portability Swtiching Node





(e. SCP)



Mobile Directory Number (MDN)

Number Portability Swtiching Node





(e. SCP)



SOA E.164 Dialed Number (DN)

Number Portability Swtiching Node





(e. SCP)



SOA subscriber port request received

Number Portability Swtiching Node



timestamp

(e. SCP)



SOA subscriber port request transmitted to

Number Portability Swtiching Node



national portability database system

(e. SCP)



timestamp


telephony
Telephone CDR telephony identifier

BGW


usage detail
Telephone CDR account identifier

BGW


records
Telephone CDR source (switch, subscriber

BGW



database, archive)



Telephone CDR IMSI/MSISDN/IMEI

BGW



mappings



Telephone CDR Record of mobile stored or

BGW



dynamic registration



Telephone CDR start of call timestamp

BGW



Telephone CDR end of call timestamp

BGW



Telephone CDR duration of call

BGW



Telephone CDR type of call (incoming,

BGW



outgoing, conference, forwarded, bearer)



Telephone CDR call number

BGW



physical/presentational/network assigned



Caller Line Identity (CLI)



Telephone CDR call number CLI type

BGW



(physical, presentational, network assigned)



Telephone CDR call number Dialed Number

BGW



Identifier (DNI)



Telephone CDR call number International

BGW



Mobile Subscriber Identifier (IMSI)



Telephone CDR call number International

BGW



Mobile Equipment Identifier (IMEI)



Telephone CDR call number Urban Fleet

BGW



Member Identifier (UFMI)



Telephone CDR call number

BGW



Conference/exchange/divert numbers



Telephone CDR identification numbers of

BGW



connected end user device



Telephone CDR IMEI type (physical,

BGW



presentational, network assigned)



Telephone CDR location data at start and/or

BGW



end of call (lat/long reference or other)



Telephone CDR geographic location of end

BGW



user device,



Telephone CDR cell site data during call

BGW



Telephone CDR cell site location

BGW



IMSI & Mobile Station Integrated Services
global titles of
BGW



Digital Network (MSISDN) global titles
equipment




communicating




with or about the




subscriber


GPRS & 3G
3G encryption key sets of GSM triples

AuC


Call Detail
3G encryption key sets of 3G quintuples

AuC


Record
3G encryption key any other provider keys

AuC


Supplements
3G CDR
[Translated and
BGW




imported ETSI




ASN.1 module




“TS32215-




DataTypes {itu-t




0 identified-




organization 4




etsi 0




mobileDomain 0




umts-Operation-




Maintenance3




ts-32-215 215




informationModel




0 asn1Module




2”], including



3G CDR start of connection timestamp

BGW



3G CDR International Mobile Subscriber

BGW



Identifier (IMSI)



3G CDR IP address assigned

BGW



3G CDR mobile data exchanged with foreign

BGW



operators


Short
MSD message sent timestamp

Messaging Service Provider (e.g.


Message


SMS-C, MMC)


Service
MSD message delivered timestamp

Messaging Service Provider (e.g.


(SMS),


SMS-C, MMC)


Enhanced
MSD message received timestamp

Messaging Service Provider (e.g.


Messaging


SMS-C, MMC)


Service (EMS)
MSD calling number

Messaging Service Provider (e.g.


and


SMS-C, MMC)


Multimedia
MSD calling number IMEI

Messaging Service Provider (e.g.


Messaging


SMS-C, MMC)


Service (MMS)
MSD called number

Messaging Service Provider (e.g.


MessageDetail


SMS-C, MMC)


Records
MSD called number IMEI

Messaging Service Provider (e.g.





SMS-C, MMC)



MSD location data when messages sent and

Messaging Service Provider (e.g.



received (lat/long reference or grid)

SMS-C, MMC)


Instant
Instant Messenger name

Messaging Service Provider (e.g.


Message


SMS-C, MMC)


Service
Instant Messenger password

Messaging Service Provider (e.g.


records


SMS-C, MMC)


Presence and
Geolocation-time correlations
for devices,
Messaging Service Provider


Availability

applications,
(Presence Server)


Management

subscribers


Services
Availability algorithms

Messaging Service Provider





(Presence Server)



Collateral identifiers
e.g. actual
Messaging Service Provider




aircraft or train
(Presence Server)




assigned seat




number



Buddy lists

Messaging Service Provider





(Presence Server)



Availability messages


eMail System
eMail address

E-Mail Server


Usage Detail
eMail Internet Message Access Protocol

E-Mail Server


Records
(IMAP) identifier



eMail Post Office Protocol (POP) identifier

E-Mail Server



eMail server-server protocol
SMTP, X.400,
E-Mail Server




other



eMail server-user client protocol
SMTP/POP,
E-Mail Server




IMAP, HTTP,




SSL, SSH, other



eMail server type
provider MX,
E-Mail Server




backup MX or




remote MX




server



eMail server disposition of outbound

E-Mail Server



bounced messages



eMail server disposition of inbound bounced

E-Mail Server



messages



eMail server SNMP data available

E-Mail Server



eMail subscriber account user name

E-Mail Server



eMail subscriber account privileges

E-Mail Server



eMail subscriber account management
e.g., http
E-Mail Server



protocol



eMail subscriber account management URI

E-Mail Server



eMail subscriber account user digital

E-Mail Server



certificate



eMail subscriber account auto response

E-Mail Server



message



eMail server subscriber access login

E-Mail Server



timestamp



eMail server subscriber access logout
if session
E-Mail Server



timestamp



eMail server subscriber IP address used for

E-Mail Server



access



eMail server subscriber access security

E-Mail Server



protocol



eMail server subscriber account user digital

E-Mail Server



certificate



eMail server subscriber user application

E-Mail Server



client used for access



eMail server subscriber account

E-Mail Server



management feature type


eMail
eMail server subscriber account feature set

E-Mail Server


Message
timestamp


Detail Records
eMail message action
sent, retrieved,
E-Mail Server




received,




autoforwarded



eMail message server timestamp

E-Mail Server



eMail message sender IP address

E-Mail Server



eMail message sender or relay host DNS

E-Mail Server



Fully Quaified Domain Name or X.400



domain name



eMail message sending or relay host IP or

E-Mail Server



other network address



eMail message account user name

E-Mail Server



eMail message message identifier

E-Mail Server



eMail message envelope timestamp

E-Mail Server



eMail message envelope “to” eMail
including all
E-Mail Server



addresses
related types,




e.g., cc, bcc, fcc,




lcc



eMail message envelope “return to” eMail

E-Mail Server



address



eMail message envelope “from” eMail

E-Mail Server



address



eMail message message size

E-Mail Server



eMail message attachment indicators

E-Mail Server



eMail message envelope digital certificate
if signed or
E-Mail Server




encrypted



eMail message forwarded email address

E-Mail Server



eMail message sent forwarded IP address

E-Mail Server



eMail message forwarded timestamp

E-Mail Server



eMail message Iterations to message

E-Mail Server



headers or content rewrite tables used



eMail message alterations to message

E-Mail Server



headers or content retention time of rewrite



tables


directory
directoryMobile Directory Number (MDN)

IT Operator DB


records
directory Lightweight Directory Access

IT Operator DB



Protocol (LDAP) identifier



directory X.500 identifier

IT Operator DB



directory IRIS identifier

IT Operator DB



directory Finger identifier

IT Operator DB



directory other

IT Operator DB


security
PKI public key identifier

AAA


application
key passwords

AAA


records


Internet
eMail message alterations to message

ISP NAS


Access
headers or content associated information


System Usage
retained


Detail Records
Internet access system access type
dialup, hotspot,
ISP NAS




always-on



Internet access system connection protocol

ISP NAS



Internet access system access timestamp

ISP NAS



Internet access system dropped timestamp

ISP NAS



Internet access system authentication user

ISP NAS



name



Internet access system password

ISP NAS



Internet access system authentication

ISP NAS



certificate



Internet access system access IP address

ISP NAS



assigned



Internet access system connection speed

ISP NAS



Internet access system subscriber Calling

ISP NAS



Line Identifier (CLI)



Internet access system provider terminal

ISP NAS



server dialup number



Internet access system ADSL end point

ISP NAS



Internet access system MAC address

ISP NAS



Internet access system IPSEC or other

ISP NAS



tunnels



Internet access system security tunnel

ISP NAS



authentication user name



Internet access system security tunnel log-in

ISP NAS



timestamp


Internet
Internet access system security tunnel IP

ISP NAS


Service
address connecting to tunnel


System Detail
Internet service type
WWW, FTP,
ISP NAS


Records

DNS, LDAP,



Internet service access type
provider,
ISP NAS




customer,




shared, agent



Internet service access proxy configuration
in use, fixed, end
ISP NAS




user




configurable



Internet service access ports

ISP NAS



Internet service resource record

ISP NAS



Internet service NAPTR resolution
If resource
ISP NAS




record is NAPTR


Internet
Internet service firewall or autoforwarding

ISP NAS


Service Usage
identifier


Detail Records
Internet service usage type
WWW, FTP,
ISP NAS




DNS, LDAP,




Whois, Rwhois,




SIP, H.323



Internet service usage timestamp

ISP NAS



Internet service usage IP address

ISP NAS



Internet service usage reverse DNS

ISP NAS



resolution name



Internet service query input information

ISP NAS



Internet service usage digital certificate

ISP NAS



Internet service returned information
Includes files
ISP NAS




downloaded,




information




returned



Internet service usage information uploaded
Records,
ISP NAS




response




messages or




files uploaded



Internet service usage feature change

ISP NAS



Internet service usage reverse connection IP

ISP NAS



address


Roaming
Internet service usage reverse data

HSS


System and
transferred to visitor host (e.g., cookie)


Detail Records
roaming detail record access timestamp

HLR/HSS



roaming detail record IMSI data request

HLR



roaming detail record IMSI data returned

HLR



roaming detail record MSISDN data request

HLR


Prepaid
roaming detail record MSIDFN data returned

IN, BGW


Service
Prepaid Service method of activation

IN, BGW


System
Prepaid Service activation timestamp

IN, BGW


Prepaid
Prepaid Service activation means

IN, BGW


Service Call
prepaid service call start timestamp

IN, BGW


Detail Records
prepaid service call end timestamp

IN, BGW



prepaid service call type of service

IN, BGW



prepaid service call user identification

IN, BGW



prepaid service call associated number

IN, BGW


billing records
billing account name

BGW



billing account identifier

BGW



billing statement date timestamp

BGW



billing period start timestamp

BGW



billing period stop timestamp

BGW



billing line item

BGW



billing access and other charges

BGW



billing total amount

BGW



billing associated image file identifier

BGW


payment
payment received timestamp

BGW


records
payment billing reference

BGW



payment received amount

BGW



payment instrument type

BGW



subscriber payment institution identifier

BGW



subscriber payment institution name

BGW



subscriber payment institution address

BGW



subscriber payment account identifier

BGW



subscriber payment account name

BGW



subscriber payment account address

BGW


Management
[specification mechanism needed]
(data elements
OSS


Information

available through


Base records

the network




management




framework. See




IETF STD 58,




RFC3410)


Collateral
prepaid service call location


System and
Retention relative to data to which it is


Detail Data
related



Data needed to interpret other
for example -the



communications data
mapping




between cell




mast identifiers




and their location


Stored content
translation of dialing
as supported by
Messaging Service Provider (e.g.


(including

IN networks
SMS-C, MMC)


voicemail,
Stored content type
voicemail, eMail
Messaging Service Provider (e.g.


eMail and

and SMS
SMS-C, MMC)


SMS)
Stored content stored messages available

Messaging Service Provider (e.g.





SMS-C, MMC)



Stored content access location

Messaging Service Provider (e.g.





SMS-C, MMC)



Stored content access code

Messaging Service Provider (e.g.





SMS-C, MMC)



Stored content length of time messages are



stored


forensic
Stored content length of storage after access

Stored in DR DB Unit


information
Timestamp offset
Measured offset
Stored in DR DB Unit




of furnished




timestamp




values during the




same hour as




collected NTPQ




offset value




determined




against a public




NTP primary or




secondary time




server








Claims
  • 1. Method in a telecommunication system to provide access to data received to a centralized storage medium from interfacing traffic nodes in the system, characterized in that the centralized storage medium is part of a Mediation and Delivery Function which is associated with a Law Enforcement Monitoring facility, which method comprises the following steps: identifying in the Mediation and Delivery Function, a configuration request which comprises a filtering criteria specifying type of data to be accessed;configuring in the Mediation and Delivery Function, the requested filtering criteria;receiving data from the system to the centralized storage medium;establishing that the received data matches the filtering criteria;retaining the received data in the centralized storage medium and/or forwarding the data to the Law Enforcement Monitoring Facility.
  • 2. Method in a telecommunication system to provide access to data received to the centralized storage medium according to claim 1, which configuration request further comprises a retention request indicating that data fulfilling the configured filtering criteria are to be stored in the centralized storage medium.
  • 3. Method in a telecommunication system to provide access to data received to the centralized storage medium according to claim 1, which configuration request is received from, the Law Enforcement Monitoring Facility and which request further comprises a subscription request indicating that data fulfilling the configured filtering criteria are to be forwarded to the Law Enforcement Monitoring facility.
  • 4. Method in a telecommunication system to provide access to data received to the centralized storage medium according to claim 3, which subscription request further comprises a notification request indicating that only a notification of data fulfilling the configured filtering criteria are to be forwarded to the Law Enforcement Monitoring facility.
  • 5. Method in a telecommunication system to provide access to data received to the centralized storage medium according to claim 2, which configuration request is received from the Law Enforcement Monitoring Facility and which method comprises the following further steps: receiving to the Mediation and Delivery Function from the Law Enforcement Monitoring Facility, an acquisition order to acquire the retained data;forwarding the data from the Mediation and Delivery Function to the Law Enforcement Monitoring Facility.
  • 6. Method in a telecommunication system to provide access to data received to the centralized storage medium according to claim 5 whereby a check of access rights takes place in the Mediation and Delivery Function upon receiving a configuration request or an acquisition order.
  • 7. Arrangement in a telecommunication system to provide access to data received to a centralized storage medium from interfacing traffic nodes in the system, characterized in that the centralized storage medium is part of a Mediation and Delivery Function which is associated with a Law Enforcement Monitoring facility, which arrangement comprises: means for identifying in the Mediation and Delivery Function, a configuration request which comprises a filtering criteria specifying type of data to be accessed;means for configuring in the Mediation and Delivery Function, the requested filtering criteria;means for receiving data from the system to the centralized storage medium;means for establishing that the received data matches the filtering criteria;means for retaining the received data in the centralized storage medium and/or forwarding the data to the Law Enforcement Monitoring Facility.
  • 8. Arrangement in a telecommunication system to provide access to data received to the centralized storage medium according to claim 6, which configuration request is received from the Law Enforcement Monitoring Facility and which arrangement further comprises: means for receiving to the Mediation and Delivery Function from the Law Enforcement Monitoring Facility, an acquisition order to acquire the retained data;means for forwarding of the data from the Mediation and Delivery Function to the Law Enforcement Monitoring Facility.
  • 9. Arrangement in a telecommunication system to provide access to data received to the centralized storage medium according to claim 6, which arrangement further comprises: A Request Function in the Law Enforcement Monitoring Facility attached to a Receipt Function in the Mediation and Delivery Function, which function pair is used for query processes;A Response function in the Mediation and Delivery Function attached to an Acquisition Function in the Law Enforcement Monitoring Facility, which function pair is used for delivery processes.
  • 10. Arrangement in a telecommunication system to provide access to data received to the centralized storage medium according to claim 8, which arrangement further comprises a Handover Interface between the Request Function and the Receipt Function and between the Response Function and the Acquisition Function.
  • 11. Arrangement in a telecommunication system to provide access to data received to the centralized storage medium according to claim 7 which arrangement comprises means to check access rights in the Mediation and Delivery Function upon receiving a configuration request or an acquisition order.
  • 12. A system in a telecommunication system to provide access to data received to a centralized storage medium from interfacing traffic nodes in the system, characterized in that the centralized storage medium is part of a Mediation and Delivery Function which is associated with a Law Enforcement Monitoring facility, which system comprises: the Law Enforcement Monitoring Facility capable of sending a configuration request;the Mediation and Delivery Function capable of receiving the request;the Mediation and Delivery Function being capable of storing information received in the request;the Mediation and Delivery Function being capable of receiving data (DI ) from the system;the Mediation and Delivery Function being capable of comparing the received data with the stored filtering criteria;the Mediation and Delivery Function being capable of retaining the received data (DI) in the centralized storage medium and/or forwarding the data to the Law Enforcement Monitoring Facility.
  • 13. Article for manufacture comprising a program storage memory having computer readable program code embodied therein for providing access to data received to a centralized storage medium from interfacing traffic nodes in the system, characterized in that the centralized storage medium is part of a Mediation and Delivery Function which is associated with a Law Enforcement Monitoring facility, the computer readable program code in the article of manufacture comprising: computer readable program code identifying in the Mediation and Delivery Function, a configuration request which comprises a filtering criteria specifying type of data to be accessed;computer readable program code for storing in the Mediation and Delivery Function, the requested filtering criteria;computer readable program code for receiving data from the system to the centralized storage medium;computer readable program code for establishing that the data matches the configured filtering criteria;computer readable program code for retaining the received data in the centralized storage medium and/or forwarding the data to the Law Enforcement Monitoring Facility.
Priority Claims (2)
Number Date Country Kind
2006/0115 Feb 2006 BE national
2006/0607 Dec 2006 BE national
PCT Information
Filing Document Filing Date Country Kind 371c Date
PCT/SE2006/000261 2/27/2006 WO 00 12/23/2008