The subject matter described herein relates to communication monitoring. More particularly, the subject matter described herein relates to providing surveillance monitoring in a communication network based on a national surveillance database.
Security has become an ever-growing concern in today's society. As security threats continue to increase, the perpetrators of crimes are enjoying the benefit of increased mobility and the ability to communicate anonymously using modern communication technologies. In order to better combat such security threats, it would be helpful to have the infrastructure and functionality in place to monitor the use of communication resources, such as the public switched telephone network (PSTN), by target individuals based on information collected and stored on a national level. That is, it would be helpful to law enforcement if a national master list of individuals under surveillance that may be administered, for example, by law enforcement was available to be used to monitor subscriber communication attempts/communications in a communication network.
For example, call patterns and call-associated information, such as called party identification information and calling party identification information, for target individuals under surveillance may be monitored. Such information would prove helpful to law enforcement while limiting the exposure of law enforcement personnel to dangerous situations. In addition, it would be desirable that such information be provided to communication service providers real time or near real time, so that law enforcement can respond swiftly to developing events.
Currently, such a national surveillance database does not exist. Another problem with surveillance in modern communication networks is that subscribers have multiple communication identities. For example, a single subscriber may have several directory numbers, correspond to home, work, and mobile phones. In addition, with the advent of IP telephony, subscribers may also have a IP telephony identities, such as session initiation protocol (SIP) uniform resource indicators (URIs). Even if a national surveillance database existed there would still be a need to correlate the identities of a subscriber for surveillance purposes.
Accordingly, there exists a need for methods, systems, and computer program products for providing surveillance monitoring in a communication network based on a national surveillance database and for correlating identities of a subscriber under surveillance.
In one aspect of the subject matter disclosed herein, a method is disclosed for providing surveillance monitoring in a communication network based on a national surveillance database. The method includes receiving, from a national surveillance database that includes communication-related information relating to individuals under surveillance, communication-related information relating to the individuals. The received communication-related information is used to screen signaling messages relating to communications associated with the individuals.
In another aspect of the subject matter disclosed herein, a system is disclosed for providing surveillance monitoring in a communication network based on a national surveillance database. The system includes a communications node that includes a surveillance database function for receiving, from a national surveillance database that includes communication-related information relating to individuals under surveillance, communication-related information relating to the individuals and for storing the communication-related information. The communication node also includes a surveillance screening function for using the received communication-related information to screen signaling messages relating to communications associated with the individuals.
In another aspect of the subject matter disclosed herein, a computer program product is disclosed. The computer program product includes computer executable instructions embodied in a computer-readable medium. The computer executable instructions are for performing steps including receiving, from a national surveillance database that includes communication-related information relating to individuals under surveillance, communication-related information relating to the individuals and using the received communication-related information to screen signaling messages relating to communications associated with the individuals.
Objects and advantages of the present invention will become apparent to those skilled in the art upon reading this description in conjunction with the accompanying drawings, in which like reference numerals have been used to designate like elements, and in which:
To facilitate an understanding of exemplary embodiments, many aspects are described in terms of sequences of actions that can be performed by elements of a computer system. For example, it will be recognized that in each of the embodiments, the various actions can be performed by specialized circuits or circuitry (e.g., discrete logic gates interconnected to perform a specialized function), by program instructions being executed by one or more processors, or by a combination of both.
Moreover, the sequences of actions can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor containing system, or other system that can fetch the instructions from a computer-readable medium and execute the instructions.
As used herein, a “computer-readable medium” can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The computer-readable medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (a non-exhaustive list) of the computer-readable medium can include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CDROM).
Thus, the subject matter described herein can be embodied in many different forms, and all such forms are contemplated to be within the scope of what is claimed.
Each communication node 100 can be an SS7 signal transfer point (STP), an SS7-Internet protocol (IP) signaling gateway, SS7 service control point, a router, a session initiation protocol (SIP) proxy node, an IP multimedia subsystem (IMS) node, a media gateway controller (MGC), a softswitch, a media gateway (MG), a mobile switching center (MSC), a home location register (HLR), an equipment identity register (EIR) node, an authentication center (AuC), a radio access network (RAN) node, or any other communication node.
According to one aspect, national surveillance database 102 includes communication-related information for individuals under surveillance. The communication-related information is downloaded to each communication node 100 using any known communication method. For example, the communication- related information may be provided to each communication node 100 over an IP network via an IP link, either directly or indirectly. For example, according to one implementation, the national surveillance database distributes the communication-related information to one or more regional databases 108, which provide the communication-related information to communication nodes 100. The communication-related information in regional databases 108 may be a copy of the information contained in a national surveillance database 102 or may be a subset of the information that corresponds to a specific region. For example, a regional database may include communication-related information that corresponds to a specific service provider or to a specific region.
According to another aspect, an electronic numbering (ENUM) database 110 provides additional subscriber identities that correspond to a subscriber once one subscriber ID is provided. ENUM database 110 may access a domain name system (DNS) server that includes one or more additional subscriber identifiers that correspond to a subscriber ID. For example, the subscriber ID may be a subscriber's telephone number and the corresponding subscriber identifiers may be one or more SIP URIs. ENUM database generally correlates an E.164 formatted telephone number such as a home number, pager number, mobile number, or fax number, or dialable short code identifier to one or more SIP URIs that can identify an IP address, an e-mail address, a network alias identifier (e.g., a screen name), and other like information associated with the subscriber. Other information may be contained in ENUM database 110 as well, such as phone numbers.
National surveillance database 102 may query ENUM database 110 to obtain the corresponding subscriber identifiers associated with a subscriber identifier in a national surveillance database 102. For example, when a surveillance authority places a subscriber ID, such as phone number “9193803814”, under surveillance, a surveillance application in national surveillance database 102 can query ENUM database 110 using the “9193803814” identifier to obtain all other identifiers to which the number has been associated.
National surveillance database 102 may query ENUM database 110 periodically for updates or as information is needed. In one aspect, ENUM database 110 is adapted to receive a subscription request that is associated with a “watched” subscriber ID and to report to the national surveillance database all ENUM information corresponding to the watched subscriber ID. ENUM database 110 may also be adapted to report all changes to ENUM information.
In one implementation, ENUM database 110 is adapted to respond to queries by national surveillance database 102 with a set of one or more naming authority pointer (NAPTR) records, which contain one or more uniform resource identifier (URI) values associated with the subscriber identifier. The phone number “9193803814” may be transformed into a hostname by reversing the numbers, separating them with dots, and adding an e164.arpa suffix, to yield 4.1.8.3.0.8.3.9.1.9.e164.arpa. A DNS server can then be used to look up Internet addresses for services such as SIP telephony. NAPTR records may be used to translate E.164 addresses to SIP addresses. An exemplary NAPTR record is shown below:
$ORIGIN 2.4.2.4.5.5.5.1.e164.arpa.
IN NAPTR 100 10 “u” “sip+E2U” “!ˆ.*$!sip:phoneme@example.net!”.
The above example specifies that sip:phoneme@example.net is the address for the “sip+E2U” service. The expression provides the ability to map corresponding SIP addresses to subscribers.
The surveillance application receives the NAPTR records and incorporates the URI values into the surveillance database. Alternatively, or in addition, ENUM database 110 may respond to queries by regional databases 108.
According to another aspect of the subject matter disclosed herein, communication nodes 100 are adapted to query ENUM database 110 for ENUM information.
Whether the information is provided directly to communication node 100 by ENUM database 110 or via national surveillance database 102, communication node 100 may use the received ENUM information to screen signaling messages relating to communications associated with the individuals.
National surveillance database 102 preferably includes a master list of individuals under surveillance, with regional databases 108 and/or communication nodes 100 being updated to match corresponding information in national surveillance database 102. For example, updated communication-related information may be provided to the regional databases and/or communication nodes as a periodic update. Communication node 100 may include a data audit function to confirm that the communication-related information in communication node 100 is current and matches the corresponding communication-related permission in the national surveillance database 102 and/or regional databases 108.
The communication-related information may also be encrypted and/or transferred to communication node 100 using a secure connection. For example, a secure connection may be established by using one or more security protocols for transferring the communication-related information over an IP network. Examples of security protocols include Internet protocol security protocol (IPSec), secure sockets layer (SSL), private communications technology (PCT), hypertext transport protocol secure (HTTPS), and secure hypertext transport protocol (SHTTP).
National surveillance database 102 is preferably administered by a law enforcement agency or other authority to provide secure centralized control of the communication-related information. According to one implementation, the communication-related information is not directly accessible or otherwise viewable at communication node 100 for added security.
Exemplary communication-related information that may be received by communication node 100 from national surveillance database 108 is illustrated in Table 1. Table 1 includes a subscriber identifier, corresponding ENUM information, a communication mode identifier, a surveillance action instruction, a surveillance authority contact identifier, a surveillance authority contact mode identifier, a surveillance tap identifier, a surveillance start time indicator, and a surveillance end time indicator. Table 1 may also include other information not shown, such as a text-to-voice conversion preference and a language translation preference.
The subscriber identifier may include, for example, a mobile subscriber identifier (e.g., MSISDN, IMSI, MIN), an E.164 formatted telephone number, a dialable short code identifier, an IP address, an electronic mail address, a network alias identifier, or a SIP URI.
The corresponding ENUM-based information may similarly include, for example, a mobile subscriber identifier, an E.164 formatted telephone number, a dialable short code identifier, an IP address, an electronic mail address, a network alias identifier, and/or a SIP URI. The ENUM-based information corresponds to the subscriber ID and is originated by ENUM database 110.
The communication mode identifier is used to specify a particular mode or communication medium. The communication mode identifier may include, for example, a voice service mode identifier, a short message service mode identifier, multimedia message service mode identifier, instant message service mode identifier, and/or an electronic mail service mode identifier.
The surveillance action instruction specifies actions that are to be taken if the associated subscriber is involved in a call or a call setup attempt. The surveillance action instruction may include, for example, providing a notification message to a surveillance authority, generating a log entry in surveillance log, generating a call detail record (CDR), redirecting the call, and/or blocking the call.
The surveillance authority contact identifier may be used for sending notification messages or other required communications with a surveillance authority. The surveillance authority contact identifier may include, for example, a mobile subscriber identifier, a plain old telephone service telephone number, a dialable short code identifier, an IP address, an electronic mail address, a network alias identifier, or a SIP URI.
The surveillance authority contact mode identifier may be used to specify a particular mode of contact with a designated surveillance authority. The surveillance authority contact mode identifier may include, for example, electronic mail, instant message, short message service, multimedia message service, voice, and voicemail.
The surveillance tap identifier identifies a second communication node to route a call to for monitoring. A surveillance tap identifier may be included with respect to calls that require a real-time tap of the bearer stream, where a bearer stream may include audio, video, or other streaming data (e.g., WEB browsing session). The surveillance tap identifier may be used to identify a particular node in the network through which a watched call is to be forcibly routed/re-routed. Examples of a surveillance tap ID may include an IP address, an SS7 point code address, or a network alias routing address, such as an SS7 location routing number. The surveillance tap ID may, for instance, identify a law enforcement equipped tandem office, or media gateway.
The surveillance start date and end date may include date and/or time information indicating when surveillance should start and end.
Additional parameters not shown in exemplary Table 1 include a text-to-voice conversion preference and a language translation preference, The text-to-voice conversion preference may be specified with respect to the surveillance of messaging service messages (e.g., SMS, IM, MMS). The text-to-voice conversion preference identifies whether to translate an intercepted text message from text to voice prior to communicating the message contents to a surveillance authority.
The language translation preference identifies whether to translate an intercepted text message into a language required by a surveillance authority. More particularly, with respect to international applications, it may be useful for the database to associate a language preference with a surveillance authority, such that an intercepted text message may be translated into a language required by a surveillance authority. For example, a text message that is written in German may be translated into French, so that a French surveillance authority may quickly and easily review/interpret the contents of the intercepted German text message. The same language translation preference may be specified with respect to text-to-voice conversions.
Surveillance screening function 302 uses the received communication-related information to screen signaling messages, such as SS7 message signaling units (MSUs) relating to communications associated with the individuals. Surveillance screening function screens signaling messages to determine, for example, whether a called party and/or a calling party associated with the signaling message corresponds to a subscriber ID included in the communication-related information. The signaling messages that may be screened include, for example, SS7 integrated services user part (ISUP), SS7 signaling connection control part (SCCP), transaction capabilities application part (TCAP), signaling transport (SIGTRAN) message transfer part 3 user adaptation layer (M3UA), SIGTRAN SCCP user adaptation layer (SUA), SIP, and H.323 signaling messages. Surveillance screening function 302 communicates with surveillance database function 300 to determine if the called and/or calling party associated with a screened signaling message is in local database 103.
Surveillance action function 304 performs a surveillance action in response to surveillance screening function 302 to determine whether the called party and/or the calling party associated With the screened signaling message corresponds to a subscriber identifier included in the communication-related information. For example, surveillance action function 304 may provide a notification message to a surveillance authority, generate a log entry in surveillance log, generate a call detail record (CDR), redirect a call associated with the screen signaling message, and/or block a call associated with the screen signaling message. Surveillance action function 304 may send a surveillance action message to another network entity to carry out the surveillance action or may perform the surveillance action at communication node 100.
The subject matter described herein is not limited to performing surveillance screening using functions associated with a communication node. In an alternative implementation, some or all of the screening functions illustrated in
As discussed above, surveillance actions include providing a notification message to a surveillance authority, generating a log entry in surveillance log, generating a call detail record (CDR), redirecting a call associated with the screen signaling message, and blocking a call associated with the screen signaling message. In response to determining that a called party and/or calling party associated with the message corresponds to the subscriber ID in step 508, the message is processed normally. In either case, the next message is received and processed accordingly.
It will be understood that various details of the invention may be changed without departing from the scope of the claimed subject matter. Furthermore, the foregoing description is for the purpose of illustration only, and not for the purpose of limitation, as the scope of protection sought is defined by the claims as set forth hereinafter together with any equivalents thereof entitled to.