DE102007032675A1 - Regulatory monitoring measures i.e. lawful interception architecture, and electronic account information executing method for use in e.g. bank, involves transferring relevant information to account balance and/or financial transactions - Google Patents

Abstract

The method involves adjusting reference configuration, realized for regulatory monitoring measures i.e. lawful interception architecture, around a hardware and/or program controlled delivery function (DF4) such that the function is configured, parameterized and operated by an additional interface (X1-4) on a part of an administration device (ADMF). Relevant information is transferred to an account balance and/or financial transactions in connection with participant accounts, fee accounts, and prepaid balance, in the delivery function.

Description

State of the art, problems u. disadvantage

Within The telecommunications industry has owned mobile networks for years the biggest growth rate. In connection with the large spread of mobile devices (Mobile Station MS) are increasingly moving financial transactions using the MS in the public interest.

The mobile radio system

From The numerous radio networks is the standardized cellular mobile radio system GSM (Global System for Mobile Communication) according to ETSI specification (European Telecommunications Standard Institute).

The GSM system has been around since 1982 in the effort a pan-European mobile standard from the Group Spècial Mobile of the CEPT (Conférence Europeénne specified by the administration of the Post et de Telecommunications, since the founding of the European Telecommunications Standard Institute ETSI published in 1989 as European Standard and introduced in different stages since about 1991 and is now in over 180 countries worldwide with well over 500 million participants in use. In the Federal Republic of Germany was the penetration in the first quarter 2006 with more than 80 million participants in 98.2% of the population. The four mobile network operators (providers) T-Mobile, Vodafone, Eplus and O2 share the market.

The circuit-switched GSM network, for example, in the leading German mobile network operators (mobile service providers) to the packet-oriented GPRS (General Packet Radio System), which uses the same wireless infrastructure in combination with additional special packet exchanges and the forward-looking UMTS Extended Mobile Broadcasting System (IMM) extended as an implementation variant of IMT-2000 (International Mobile Telecommunications) according to 3GPP standardization (3rd Generation Partnership Project / 3GPP) and used in this combination ( www.3gpp.org ).

The extensive standardization allows a limitation of the explanations to network and communication structure at this point on the related properties and component ( 4 ).

One Mobile GSM terminal (MS) communicates in circuit-switched Mode (for example, telephone service). Communication takes place via the next wireless base station BTS (Base Tranceiver Station) to the control facility BSC (Base Station Controller), which each several BTS are assigned. The Abis interface has 16 kbit / s Submultiplex traffic channels that are within the A interface between BSC and Trau (Transcoder Unit) within 64 kbit / s channels be multiplexed. The MSC (Mobile Switching Center) is the central office in the GSM mobile network. A gateway MSC forwards the call into the public analog network (PSTN, Public Switching Telecommunication Network), into the integrated services digital ISDN network, in neighboring Mobile networks (Public Mobile Land Network PMLN) or alternatively via an additional interface converter IWF (Interworking Function) into a packet data network PDN (generally Public Date Network, specifically z. B. Datex-P, etc.) on. The connection to the data network is useful only in data transmission services within the voice channels by means of bit rate adaptation / modem operation operate. Here, data rates up to 9.6 kbit / s can be usefully used. Advanced channel coding allows for greater technical Effort up to 14.4 kbit / s. In special cases are also interconnected channels for larger Bandwidths offered in the data transmission. The so-called HSCSD (High-Speed Circuit Swiched Date) service the transmission of up to 57.6 kbit / s, but blocked because of the circuit-switched basic principle of transmission at least 4 complete consecutive channels, thus allowing for Voice applications are no longer available. These Channels must be reserved even if none of the network participants uses HSCSD traffic. EDGE (Enhanced Data Rate for GSM Evolution) allows transmission; up to approx. 200 kbit / sec with improved modulation methods in combination with chained channels.

The packet data service GPRS (General Packet Radio Service), which has been integrated in the active network since 2000, uses the same GSM radio network (Base Station Subsystem, BSS) and occupies a maximum of 8 time slots with up to a total of 115 kbit / s for a shared data connection. Unlike HSCSD, however, these channels are not statically allocated, but can vary depending on traffic and voice / non voice distribution strategy can be used dynamically completely or arbitrarily in part for voice or data. The GPRS data transmission takes place in the packet mode, all users share the available channels in multiplex mode. The used bandwidth can be selected and tariffed as a value-added service.

The Data packets are transmitted via Gb interface via a Bit Rate Adaptation to the Packet Switching Center SGSN (Switching GPRS Support node). The SGSN serves all registered GPRS users within their area. He is in the mobile network or in its infrastructure on the same hierarchical Level such as the MSC (Mobile Switching Center) and VLR (Visitor Location Register, s. u.). The SGSN is for entry and exit the GPRS subscriber including user identification and encryption responsible. He works at devices that both data as well as telephone are (classes A and B), with the one responsible for telephony or line switching MSC / VLR together and keeps the "logical" connection for the data packet traffic to the terminal upright (SMS text messages and layer-three signaling between network and device).

Of the SGSN Encapsulates Packets with Internet Protocol Architecture (IP_Packages) and directs (routes) them using the PDP context (Packet Data Protocol) via the GPRS backbone network to the appropriate GGSN (Gateway GPRS Support Node).

The Packet Data Protocol controls important parameters, such as the name the access point, the required quality of service and which Gateway GPRS Support Node is to use.

Of the SGSN additionally generates invoice data telegrams for Classifying the GPRS service and forwarding it to the CCBS (Customer Care & Billing Center, s. u.).

Of the GGSN decapsulates the data packets and passes them to external IP networks, such as the public Internet. In this context, the GGSN is for identification the user to external networks, the passage (Tunneling) data packets in both directions and finally responsible for creating billing data for the CCBS.

Current The status of the IP protocol structure in the GPRS network is IPv4 (according to specification the Internet Engineering Task Force, IETF).

A UMTS transmission takes place in a comparable way, whereby here larger bandwidths up to 2 Mbit / s be available. In contrast to circuit-switched transmission UMTS also uses packet-switched transmission technology in the GSM network for voice transmission. Between the network node comes while the asynchronous transfer mode ATM (Asynchronous Transfer Mode) are used. In addition, in UMTS the transmission quality (Quality of Service QoS) reliably secured or in different classes are regulated and tariffed, whereby For example, higher quality voice services are feasible. UMTS has a clear separation of layers in traffic (connectivity), signaling (control) and services (Sevice warehouse). This division is also reflected in the technical Realization of the UMTS-specific MSC again.

The essential intermediation and transmission components A Mobile Network, Radio Network (RN) and Core Network (CN) are used by the service control network SCN (Service Control Network) added that for the connection control and the operation of basic and value-added services as well as for the Customer management is required.

The essential components for connection control are HLR (Home Location Register), EIR (Equipment Identity Register), AU (Authentication Center) and VLR (Visitor Location Register). You are over one own network via central channel signaling system no. 7 (Signaling SS7 system) in accordance with CCITT / ITU-T with the MSCs.

The home-stay register HLR is the central database for subscriber data. It includes permanent and semi-permanent subscriber data, such as location, phone number etc. for all subscribers assigned to the respective HLR. In today's network sizes, several HLRs are in use. Mobility management is based on a two-tier database infrastructure. The HLR points to the current subnet where a device is located. The VLR, on the other hand, maintains a temporary network address for each device in its location, which is used when a device is "called out" in all access points of the localization area in which the user is registered There are different handover procedures to take perform non-disruptive connections in the mobile operation of the subscriber (movement state) within and between different subnets. The VLR contains each copied subscriber records from the HLR.

The IP protocol has a problem here. It was originally not in terms of mobility management, but for the Device connection within a local network developed. At the time of specification, computer equipment was due her physical size for the mobile operation little suitable. The problem is solved by a hybrid approach, on the one hand the GGSN initial and Endpoint for a tunneling mechanism to the Internet represents (Scheduling point) and transparently forward the packets to the GPRS network and on the other hand the proven mechanisms of mobility management for voice terminals in the GSM network in adapted Form for the localization of the GPRS packet data terminal come into use.

The GSM network operates a considerable effort for authentication its participants, their safety and integrity as well for all transmitted information.

The Affiliate identity also needs in case of acute subscriber mobility be reliably maintained, on the one hand the high safety standard is available without interruption and on the other hand, the participant for the respective Service is always safely accessible.

in the GSM network is this an exchangeable chip card, the so-called SIM (Subscriber Identity Module) in combination with the terminal used. The SIM is clearly a natural or assigned to legal entity and is regulated by law only in connection with an identification control (ID control) contracted output. This procedure forms the legally unambiguous and practical basis for sovereign surveillance measures according to Telecommunications Surveillance Ordinance TKÜV in the Federal Republic of Germany or comparable provisions in other countries.

The SIM authenticates the subscriber in the GSM network, whereby the network internally for security reasons a temporary identifier instead of the subscriber number assigns.

The Radio transmission is always encrypted in the GSM network, Optionally every single conversation can be different can be encrypted. The security key become new every time a connection is established between the SIM and the GSM network negotiated. For this purpose, the IMSI entry (International Mobile Subscriber Identity), which can be found both on the SIM and in the Subscriber Identification Center AUC (Authentication Center) is located, for encryption the data required. The MSC requests the data for connection establishment at the responsible VLR, which in turn supplies AUC-side becomes. Authentication and key generation done by chip card, where also the appropriate data deposited and the algorithms are stored. So that the IMSI on the air interface it can not be spied out, it gets through the temporary IMSI (Temporary Mobile Subscriber Identity) issued by the VLR is valid only within the Location Area (LA), replaced. Likewise, there is an MSRN (Mobile Station Roaming Number), consisting of Visitor Country Code (VCC), Visitor National Destination Code (VNDC), the MSC identifier and the subscriber number.

The Device Register (Equipment Identity Register EIR) managed the terminal-specific IMSI (International Mobile Equipment Identity) together with the associated usage rights / service identifications.

Equipment, who are out of order or stolen can assist with the EIR data is blocked and / or localized.

at GPRS takes place the authentication according to the GSM procedure, whereby on Reason of the fact that no services at the network layer, but pure IP transmission capacity available is provided, no service IDs are present, their compatibility network side would have to be guaranteed. The IP address is temporarily, for example by RADIUS method (Remote Access Dial In User Service according to IETF).

in the UMTS will provide person mobility through a UMTS SIM (USIM) supported. The module is backward compatible to GSM. Substantial innovation to the GSM SIM is the mutual authentication, d. H. In addition, an authentication of the Net against the participant.

The CCN (Cervice Control Network) shown in the figure is not fully owned by ETSI Depending on the current range of different competitive products (Value Added Services VAS) and / or depending on the implementation of network management and billing system shows different detailed structures in the different providers within the different mobile networks. Likewise, different technical implementations of the CCN manufacturers are formed here.

The Network management, d. H. Configuration, parameterization, function control, Error message, error diagnosis and error correction are under Use of the network management center OMC.

The Customer care is provided using the customer and billing center CCBS (Customer Care & Billing Center). Here are all customer specific and contract relevant Data saved. Additional here are the communication and service costs of the customers for services used recorded and in compliance with the contract Tariffs calculated and summed. The CCBS arranges the monthly Invoice and is linked to a collection agency for this purpose. Technical interfaces (so-called mediation devices) combine this CCBS with the technical facilities relevant to the costs the mobile network. These compounds are numerous and partial individually, since all network components must be contacted, the necessary information regarding claimed Services whose service parameters (service, time, Duration, QoS, data volume, bandwidth etc.), but also information about the destination or source network (network internal, external network external, external network foreign, Mobile originated / destinated call etc.) are to be captured, different network operators sometimes different Use tariffing. In any case, the network nodes are MSC and GGSN fee-relevant.

in the In extreme cases, a network operator could also be an alternative a permanent tariff (Flatrate) offer and on with the appropriate Data collection in the network associated high technical effort and the likewise associated high security costs at least partially refrain. In cross-network communication Charges must be settled with other network operators become. To do this, go to the corresponding records Clearing to a central clearing office of all network operators, so that each network later its share of the fee volume receives. Separate procedures are also available from external service providers (ESP) required, the fee-based services offer in the mobile network and mostly on the mobile billing settle up. These methods are also realized individually and outside the ETSI specification.

The Management of prepaid services (prepaid services) but not, as we have based on the above logically, in the CCBC. The CCBS is out For safety reasons, not via communication interfaces reach the network, which in turn the query of the account balance Participants on mobile phone difficult or in certain Traffic situations prevented (for example, SMS traffic abroad). For this reason, the prepaid account balances of the participants managed in the IN system (Intelligent Network System) and are over the GSM USSD message type (Unstructured Supplementary Service Data) by speed dial. In practice, the chooses Prepaid subscribers have a speed dial number and will be provided by IN system via voice over the current account balance of his payment card informed.

The SCN (Service Control Network) covers all components in the broadest sense for the management and control of services, terminals and Attendees. The SCN made the network quasi "intelligent", historically enabled the first value-added telephone services VAS (Value Added Services). It was therefore consistently considered intelligent System (Intelligent Network, or IN system). intelligent Services are for example prepaid, televoting, special telephone number treatment (0180 .. etc.), Virtual Private Network VPN, ringback tones, subscriber localization Etc.). Already the first message service (Short Message Service SMS) was with an additional component, the SMS-C (Short Message Service - Center) technically easier and also independent, d. H. realized cheaper. Depending on how you look at it, the SMS-C is part of the IN system or not. In the context of the present invention counts it in any case to the SCN. In this sense, additional components to the IN system are CAMEL, WAP, MExE, USAT, SMS, MMS etc, here only to be mentioned by way of example.

The so-called Service Control Functions (SCF) are over standardized interfaces to the core network (Core Network CN) turned on. The trigger events (trigger points TPs) for IN functions are implemented in the core network and for example, according to 3GPP standards such. B. CAMEL (customized application for mobile enhanced logic) realized. IP-based services are usually associated with special ones Realized service servers.

The unique subscriber and device identification service primarily for network-specific device-specific treatment of comfortable additional services (Value Addet Services VAS), cost accounting of communication services (even in foreign networks) as well to carry out surveillance measures according to the regulation on technical and organizational implementation of monitoring measures Telecommunications (Telecommunications Surveillance Ordinance TKÜV, current status 09.11.2005).

Regulatory surveillance

No later than since September 11, 2001, the date of the terrorist attacks to the World Trade Center in New York / USA, is reinforced Regulatory interest in information over a wide area Populations for the purpose of crime education and prevention. In this context, there are tightening the sovereign surveillance measures in accordance with the Telecommunications Surveillance Ordinance TKÜV in the Federal Republic of Germany or equivalent Provisions in other countries. The technical specification ETSI TS 133 107, for example, describes the monitoring architecture (Lawful Interception Architecture and Functions) for the 2G / 3GPP Mobile Network (3rd Generation Mobile Communication System), which in the Federal Republic of Germany in the expression of the universal mobile telecommunication system UMTS system.

Ref. 4 German Patent 10046556 : Method for recording user-specific transmission costs when carrying out monitoring measures in packet-oriented telecommunications networks, (owner T-Mobile International GmbH and Co. Kg, inventor Walter Keller) defines, for example, a cost accounting system between monitoring users and telecommunications companies, the growing Traffic in this regard.

The Listening measures described in the available literature refer to the interception of communications and the storage of connection data in communication links (Speech and data connections) especially in telecommunication networks (Ref. 5, ETSI TS 133 107) and also with regard to retention of connection data on internet communication.

The supervision or observation of financial transactions within and in combination with mobile networks, however, is not known.

With ref. 3 ( European Patent 10117998 , Method for carrying out monitoring measures and requests for information in telecommunications and data networks with, for example, IP protocol, owner T-Mobile International GmbH and Co. Kg, inventor Walter Keller) is a method for storing addressing parameters in IP-based telecommunications and data networks, For example, in the mobile and Internet area known in which both the network-internal identifiers (usually private IP addresses, TCP port numbers, proxy session identifiers, NAT addresses, etc.), as well as the external associated identifiers (usually the public IP address) in a communication for the purpose of subsequent subsequent identification and traceability of the complete voice and data connections.

In order to may also request information from the authorities in accordance with the Telecommunications Act TKG be technically realized, the external connections via include a telecommunications network.

The Retention of connection data is the basis for official "subsequent" requests for information and is used throughout the EU.

On At European level, Parliament voted in favor of the European Union on 14 December 2005 with 378 votes (197 votes against, 30 Abstentions) for the Data Retention Directive in the participating states.

At the On 21 February 2006, the Council voted by the Council without further discussion Minister of the Interior and Justice also majority for the Directive.

The deadline for transposition of the Data Retention Directive expires on 15 September 2007 in accordance with Article 15 (1) of the Directive, but may be deferred until 15 March 2009 for Internet access, Internet telephony and e-mail. For this a special declaration of the member states is necessary. One such statement was made by 16 of the 25 Member States, including Germany and Austria.

The Federal Cabinet adopted in April 2007 a draft law on Reorganization of covert investigative measures in criminal proceedings decided. The bill also contains regulations to implement the Data Retention Directive. The law will be adopted by the Bundestag in autumn 2007 at the latest and enter into force on 1 January 2008.

The current legislative requirements relate to telecommunications and data networks (such as the Internet) to the observation and subsequent detection of conventional speech and speech Data services (including fax services) and innovative Voice over IP (Voice over IP VoIP) and the message dispatch (eMail).

A Observation of subscriber accounts in telecommunication networks or Accounts with Internet service providers with, for example, trigger options according to amount, transfer destination or transfer origin in financial transactions o. Ä. Is not required and not discussed publicly.

The may be because conventional accounts in telecommunications networks serve only to cover the telecommunication costs and in the national / international financial transfers play no role. Postpaid accounts (Lending) always have a negative shortfall, the Customers in certain time units, for example monthly in Billed and from its side by bank transfer or automatically paid by account. With prepaid accounts (Debit procedure) are usually pre-paid manageable Amounts (usually up to about 50 EUR), which the customer subsequently for communication purposes or so-called Micro-Paiment (payment at the machine). There are also flatrate offers fixed monthly amount, by standing order or account collection is paid.

The Storage and / or retrieval of account balances and possible transfer amounts in connection with telecommunications accounts are sometimes not known.

Advanced financial services

With reference 1 ( German patent application 102007006658.0 , Coupling of banking and telecommunications networks), a method is known in which the customer / subscriber accounts can be used as "normal" bank accounts for different financial transactions and the mobile operator is connected as a full-fledged bank to the cash clearing system of the banks In Germany, for example, it can be the RTGSplus system of the Deutsche Bundesbank or, alternatively, it can be linked to the house bank system of the Deutsche Bundesbank, which in turn provides access to the RTGSplus system.This technical measure enables any directional transactions between the banking world and the mobile world to be implemented Figure 1 also contains a description of the common mobile transaction services.

Lit. 1 describes this procedure using the mobile banking account number introduced there according to the invention, Mobile bank code and international mobile phone account number IMAN.

For the entire account management and financial system becomes a special one System using MFS (Mobile Finance System).

The MFS consists of the interface coupling between mobile network and the clearing system of the credit institutions, the CCG (Cash Clearing Gateway), a database (mobile phone accounts directory MAR Mobile Account Register), the Finance System Interface FSI with docking to the SCN, the Terminal Access Interface TAI for connecting further Networks, the Terminal Network Interface TNI for connecting the machine world and the Finance Control System FCS as central control of the Facility.

In reference 2 ( German patent application DPMA no. 102007006659.9 , Mobile real-time payment method) is described on the system architecture of Lit. 1 building Bezahiverfahren, which can act as a replacement or supplement to the previously known card methods electronic cash, debit card, credit cards and direct debit and can help the mobile payment method to much more acceptance.

If such technical possibilities exist in mobile networks as well as in the Internet area, security of the financial transaction for all customers is due to the associated customer advantages in terms of mobility participating in real-time bank transfer or real-time account collection in the future with mobile financial services to a considerable extent.

Therefore can also preventively future here Knowledge desires of the authorities. In the field of the banking industry are certain procedures established for account information. On the other hand, in mobile and IP networks innovative total technological solutions which offers particularly comfortable and advanced monitoring and / or information measures compared to the banking environment which is also implemented cost-effectively if they are in the system specification from the beginning inflow and not grafted afterwards become.

Consequently there is a need for the invention of technical procedures for the realization of financial services and information procedures in mobile communications and IP data networks useful with the present invention is covered. First, a consideration of the established Procedures in the Banking Industry Regarding. portability carried out by solution approaches.

Payments and monetary policy in the Federal Republic of Germany

The Central Bank plays on the example of the Federal Republic of Germany one important role in payment transactions. On the one hand, monetary policy needs the payment system for the smooth and rapid provision of Central bank money on the banks' accounts. On the other hand monetary policy instruments provide the necessary liquidity Settlement of payments available.

Legal basis

by virtue of As a result of this close interdependence, the payment system became one of the Core tasks of the European System of Central Banks (ESCB) into the Maastricht Treaty. Then livers the German Bundesbank as an integral part of the ESCB the "smooth Functioning of the payment systems "(Article 105 (2) of the EC Treaty, Art. 3 ECB / ESCB Statute).

About that In addition, Section 3 of the Federal Banking Act states that the German Bundesbank for bankruptcy of domestic and international payments, and Stability of payment and settlement systems. The clearing systems also include securities settlement systems, which especially with regard to the collateral to be provided in the lending business of the Deutsche Bundesbank and the Eurosystem are of particular importance are.

Electronic payments in the Federal Republic of Germany and in the EU area

to Rationalization of non-cash payments operates the German Bundesbank real-time gross payment system RTGSplus (Real-time Gross Settlement System). RTGSplus is also the German one Component of the TARGET composite system of the European system central banks.

TARGET stands for Trans-European Automated Real-time Gross Settlement Express Transfer is the real-time gross settlement system of central banks the EU for the euro. It consists of 15 national real-time gross payment systems (RTGS systems) and the European Payment System Central Bank (EPM) linked together are, so that a platform for processing cross-border Payments arise.

By the use of internationally recognized SWIFT standards and communication methods RTGS a broad gateway and creates the basis for a fully automated payment process. in the Frame of the electronic opening.

Single Euro Payments Area - SEPA

Payment transactions in Germany have so far largely been determined by national requirements. 99% of the payment traffic volume in Germany is national payment transactions and only 1% are cross-border transactions. Therefore, it is understandable that there is not yet a European payment system in the systemic sense. Only in the beginning are European standards and a European payment traffic infrastructure available. With the introduction of the euro as currency and in particular with the introduction of the euro, in the form of banknotes and coins, the requirements have changed considerably. European integration also requires the creation of the European payment system The Single Euro Payments Area (SEPA), which allows cross-border payments in the single currency, the euro, to be handled just as easily, conveniently, quickly and securely as comparable national payments. To achieve this goal, the European financial industry, led by European banking associations, founded the European Payments Council (EPC) in June 2002. After an initial constituent phase and transformation into a Belgian company, as well as the integration of the ten EU accession countries, the EPC was constituted in June 2004 for its second session and with the presentation of the "SEPA Roadmap 2004-2010" the objectives and the milestones set for the coming years. Essentially, it is about creating European payment instruments that enable their use in domestic and European countries. A payment within Germany may not be different from a cross-border euro payment from one EU country to another. The European Central Bank expects the banking industry to make the Single Euro Payments Area a reality for the EU citizen from 2008 onwards. The "SEPA Roadmap" focuses on the creation of three SEPA payment instruments: the SEPA direct debit, the SEPA credit transfer and the SEPA debit card. The European Payments Council has committed itself in its document to having created the Euro Payments Area (SEPA) by the year 2010, integrating national payments. The technology to implement these measures needs to be involved, ie new standards, new procedures and new infrastructure must be created.

The European Parliament (EP) has now updated on 25.04.2007 for the introduction of the Single Euro Payments Area Pronounced SEPA. After the final approval of the EU Council of Ministers could Member States the directive to implement by November 2009. It should enter into force in 2010. The banking industry has voluntarily committed to introducing SEPA in 2008.

Future also need for transfers within Germany the international bank account number (IBAN) and international Bank number (BIC) of the recipient can be specified. Already From 1 January 2008, it should be a standardization of cross-border credit transfers give. That's what the European Banking Association is planning (EBF). The old payment methods should initially be parallel continue to the new ones. During this time, the bank customers should get used to the new specifications. By 2012, the vast majority Be part of the bulk payment, so that the means of payment sometime completely disappear in the previous form.

Electronic payments on international level

For International payments became international Merger of financial institutions (SWIFT - Society for Worldwide Interbank Financial Telecommunication) founded in 1973. It maintains a telecommunications network (SWIFT network) for electronic financial transactions between the participating financial institutions with common technical standard for the safe handling of the financial transactions. Swift handles the financial traffic of about 7,800 financial institutions in more than 200 countries with daily about 11 million transactions. The seat is in La Hulpe / Belgium.

The SWIFT network includes two high availability data centers OPC Operating Center in Zoeter Woude, The Netherlands and Culpeter, USA.

In Each Member State has national concentrators. The big ones Credit institutions usually have their own leased lines.

The Communication takes place via a secured network with bilateral exchanged electronic keys.

Each SWIFT participant (financial institution) has its own SWIFT address (also known as SWIFT code), the so-called Bank Identification Code BIC (Bank Identifier Code) in accordance with ISO 9362 SWIFT is authorized by ISO as Registration Authority RA for the implementation of the standard.

to technical realization of financial transactions used SWIFT specially defined message types (MT - Message Types). These are not directly financial transactions handled between customer accounts but messages between international banks regarding existing transfers etc., on the basis of which the Bank bookings are made (Financial Telecommunication).

Due to the existing level of trust in the secured SWIFT network, the participating banks As a rule, the required transactions are immediately or partially automated according to the SWIFT message.

specific National extensions such as RTGS (see below) allow also the direct fully automatic handling of transactions under Use of the Swift network. At present there is a changeover on standardized transmission protocols according to TCP / IP standard a change of proprietary message formats in XML-Extensible Markup Language according to specification of the World Wide Web Consortium (W3C).

Electronic account information EKI

about The RTGS system can be the legislature, or rather its own Authorities, security authorities and other authorized entities, Account information about checking, credit and deposit accounts catch up and deliver daily statements. The receipt The information is available both via the Swift-FIN network and via the electronic opening possible over uniform technical communication points based on manufacturer-independent, internationally standardized communication protocols (ISO / OSI-FTAM protocol and X.400) works. A collection of account information about the international SWIFT network is in need of a lack of legal agreements and lack of implementation appropriate technical precautions and protocol elements are not possible.

A simultaneous automatic monitoring, as in the telecommunications sector comparatively with legal interception requirements However, there is no such thing in the banking industry. The request for information is defined as a status message for the account balance.

No later than since September 11, 2001, the date of the terrorist attacks to the World Trade Center in New York / USA, is reinforced Regulatory interest in information continues to populations for the purpose of crime education and prevention. Additional information needs develop social services and other public facilities. So was over the media known, for example, intelligence agencies and authorities United States of America via SWIFT headquarters Millions of individual transactions to evaluate international Received cash flows.

There the internal structures of banks and telecommunication networks are different, a banking solution can not be taken over immediately However, it may make sense to make comparable entries for the authorities to be technical does not need to be changed.

invention task

Of the present invention is based on the object, a possibility to find financial transactions and / or accounts in mobile networks for regulatory surveillance and / or subsequent requests for information close. This task is solved by the characteristic Features of claim 1 and the corresponding dependent claims.

invention solution

Established official surveillance measures in mobile networks

4 shows the architecture scheme from Ref. 1. 3 provides an overview of the structural financial transaction possibilities of such a network. 3 is also taken from Ref. 1 and extended in the context of the present patent application by the Regulatory Monitoring Measures (LEA).

The corresponding Law Enforcement Agency (LEA) is connected to the mobile network via its own interface (HI handover interface) The classic procedure according to, for example, reference 4 ETSI TS 133 107 is in 2 displayed. The demand carrier (LEMF) is coupled via interfaces (HI1..3), interface converter (MF) to the L1 system (Legal Interception) of the mobile network with the administration facility for monitoring measures (ADMF) and the so-called delivery functions DF2 and DF3.

financial transactions can not be observed in this standardized configuration The configuration is for typical telecommunications services (Telephony and data transmission) optimized.

Delivery Functions 2 (DF2) and 3 (DF3) are delivery functions with filter option, for the transmission of information about Art and scope of the communication (interface X0_2) as well as the communication content (Interface X0_3). The delivery functions prepare them the telecommunications network (here, for example, 3G MSC and / or 3G GSN) supplied information / data with system-specific interfaces according to the required transmission method and the transfer requirements of the LEA for a secure transmission. This can include surveillance measures also optional for different users be done so that the same data from the side DF2 and / or DF3 also transmitted several times to different LEA Need to become. DF2 and DF3 are accordingly over the ability to temporarily store Dates.

The transferred Data from the XO_2 interface is usually included as well Intercept Related Information (IRI) as well as the interface XO_3 with Intercept Data Product (IDP)

Inventive solution as an extension of the existing monitoring equipment

The The invention will be described using drawing figures incorporated herein just one possible exemplary embodiment the coupling between a banking system and a mobile network in a schematic representation, explained, wherein Based on the drawing figures further fields of application and claims result. The solution is exemplary and is analogous in Any telecommunications and data networks, for example for accounts in institutions of Internet service providers of all Art after the public Internet feasible. The use of the term mobile network applies to the others Explanatory remarks therefore not restrictive, but synonymous for all conceivable applications.

1 shows the procedure according to the invention. According to the invention, the known reference configuration according to ETSI specification ETSI TS 133 107 is extended by the necessary functions for the transmission of financial service information. Alternative technical implementations would also be conceivable. The selected variant, however, by the extension of a conventional method, allows commercial and procedural advantages in the introduction and operation of such a solution. For example, such a solution can be specified with little effort as an extension of the present international standardization and implemented as an extension of the existing hardware and software solutions. Also, in this solution variant monitoring measures for telecommunications links on the one hand and financial transactions on the other hand, for example, the same group of people realized with a single administration, which would have to be performed multiple times with different independent solutions and would be associated with corresponding greater effort, time delay of monitoring and additional error potential.

This also concerns organizational advantages. In addition to the effort reduction is to take into account that the existing monitoring equipment with the network operators already of particularly authorized and sworn Specialists in specially protected rooms made become and an extension of administrative processes for example, using the existing screen facilities and control surfaces especially economical and can be introduced and operated at short notice.

technical realization

For the technical realization of interception and information measures, a new delivery function will be added to the existing standardized monitoring structure (eg ETSI TS 133 107) called DF4 ( 1 ) for the purpose of monitoring and / or providing electronic account information specifically used for the transmission of financial information and administered by ADMF for regulatory oversight tasks, requests for information and / or electronic account information through a specific interface X1_4. In order to harmonize the system architecture, the DF4 includes a corresponding interface converter for the operation of the customer-specific interfaces HI4. The DF4 has at least one interface to the components required for the handling and storage of financial services-relevant information in the mobile radio network, such as the service control network SCN (CCBS, IN system, VAS system, HLR etc.) and / or the mobile financial services system Mobile Finance System MFS, if one is installed and manages the financial services accounts of customers.

The type and extent of the information to be transmitted is administered by ADMF, optionally or in combination with the MSISDN, IMSI, IMEI, the subscriber account number (in connection with, for example, the associated bank code) or an alternative suitable subscriber or terminal identifier (Also, for example, participant name, address, etc.) as addressing mechanism, or in contrast to previous interception measures commonly stored in the CCBS contract relevant parameters, such as participant name, participant address, etc. can be used.

The X and HI interfaces to DF4 are preferably with Internet Protocol (TCP / IP) realized. In this procedure can the data in a preferred embodiment using secured Protocol (for example, a tunnel protocol, such as Virtual Privit Network VPN, or Secure Socket Layer SSL or similar) over public Networks, such as the Internet to the demand carriers transferred be, with special expensive leased lines can be omitted.

Special Advantages arise in this implementation variant in the combined Admistration of surveillance measures for Financial and telecommunications services that also offer combined solutions such as setting trigger thresholds in financial transactions and simultaneous localization of the transferring Person.

Such Solutions are not possible in the banking industry there information requests there based on stored data in all Usually done later.

In case of alternative use of the existing technical facilities of the authorities without technical changes / extensions, which in the banking industry will make a request for information (ECI) on the clearing institution of the banks (eg TARGET Rtgs) with eg ISO / OSI-FTAM protocol and X.400 additionally or alternatively, the establishment of a corresponding access in the mobile radio or IP data network when connected to the cash clearing system of the banks created in such a way that the corresponding interface (interface) component of the mobile or data network, such as cash clearing Gateway CCG in MFS ( 4 ) can handle the protocol elements required for the EKI and re-communicate with the corresponding control devices of the network, for example the FCS, automatically retrieving the required EKI data from the respective databases, for example the mobile radio database MAR or the database after previous authentication of the process appropriate institutions of the control network SCN, for example, the CCBS, the IN system and / or VAS components to obtain, filter and, if necessary, to encrypt and automatically transfer via the interface to the cash clearing system or at least an alternative authorities interface. In this context, access to, for example, HLR is also useful, for example, to obtain subscriber identifications in the mobile radio area as an access or selection criterion for individual accesses to mobile radio components.

A alternative variant is that the ADMF with either the Interface device CCG directly or other facilities of the MFS (typically FSI via FCS) or alternatively via a separate interface with the banks cash clearing system authorities, with the corresponding ones Information about ADMF optionally also administrated automatically and over the interfaces of the DF4 from the mobile components be procured to then over the interface HI4 optional to the demand carriers, the cash clearing system of the banks, or to the MFS (eg via FSI, FCS and CCG) as To transport the interface component.

Drawings and equipment

1 Extended reference configuration from ETSI TS 133 107 according to the invention

2 : Reference configuration from ETSI TS 133 107

3 : Mobile network with financial transactions and regulatory surveillance

• Lit. 1 Patentanmeldung DPMA-Nr. 102007006658.0 , Kopplung von Bank – und Telekommunikationsnetzen, Erfinder Walter Keller)
• Lit. 2 Patentanmeldung DPMA-Nr. 102007006659.9 Mobiles Echtzeit Bezahlverfahren, Erfinder Walter Keller)
• Lit. 3 Europäischen Patent 10117998 , Verfahren zur Durchführung von Überwachungsmaßnahmen und Auskunftsersuchen in Telekommunikations- und Datennetzen mit beispielsweise IP-Protokoll, (Inhaber T-Mobile International GmbH und Co. Kg, Erfinder Walter Keller)
• Lit. 4 Deutsches Patent 10046556 Verfahren zur Erfassung von Bedarfsträger-spezifischen Übertragungskosten bei der Durchführung von Überwachungsmaßnahmen in paketorientierten Telekommunikationsnetzen T-Mobile International GmbH und Co. Kg, Erfinder Walter Keller)
• Lit. 5, ETSI TS 133 107 Universal Mobile Telecommunications System UMTS, 3G Security, Lawful Interception Architecture and Functions

Bezugszeichenliste LEMF Behördliche Beobachtungseinrichtung (Law Enforcement Monitoring Facility) HI1...3 Schnittstellen (Handover Interface 1...3) MF Schnittstellen-Umsetzer (Mediation Function) ADMF Administrationsfunktion (Administration Function) DF_2.._4 Lieferfunktionen (Delivery Function 2 & 3) X.. Schnittstellen (Interfaces) 3G MSC Leitungsvermittlungsstelle (3rd Generation Mobile Switching Center) 3G GSN Paketvermittlungsstelle (3rd Generation Serving GPRS Support Node) SCN Netzwerk für Dienste und Applikationen (Service Control Network) MFS Mobilfunk Finanzsystem (Mobile Finance System) KI Kreditinstitut SCN Dienste Kontroll Netzwerk (Service Control Network) BLZ-D Bankleitzahl-Datei IL Schnittstelle (Interlinking) MFS Mobilfunk Finanzdienstleistungssystem (Mobile Finance System) HBV Hausbankverfahren RTGS Nationales Echtzeit-Bruttto-Zahlungssystem RTGSplus RTGS-Komponente in Deutschland CCG Cash Clearing Gateway TNI Terminal Netzwerk Schnittstelle (Terminal Network Interface) TAI Terminal Zugangs Schnittstelle (Terminal Access Interface) PMLN Öffentliches landgestütztes Mobilfunknetz (Publik Mobile Land Network) RN Funk-Netzwerk (Radio Network) FSI Schnittstelle des Finanzdienstleistungssystems (Finance System Interface) fci Finance Clearing Interface CN Kern-Netzwerk (Core Network) FCS Finanzdienstleistungs-Kontroll-Einrichtung (Finance Control System) fti Finanzdienstleistungs-Terminal Schnittstelle (Finance Terminal Interface) PTN/Internet Öffentliches Telekommunikationsnetz, auch Internet (Publik Telecommunication Network/Internet) MAR Mobilfunk Konto-Speicherstelle (Mobile Account Register) 4 : Coupling of mobile and banking network

• Ref. 1 patent application DPMA no. 102007006658.0 , Coupling of banking and telecommunication networks, inventor Walter Keller)
• Ref. 2 patent application DPMA no. 102007006659.9 Mobile real-time payment method, inventor Walter Keller)
• Ref. 3 European Patent 10117998 , Method for carrying out monitoring measures and requests for information in telecommunication and data networks with, for example, IP protocol, (owner T-Mobile International GmbH and Co. Kg, inventor Walter Keller)
• Ref. 4 German Patent 10046556 Method for recording user-specific transmission costs when carrying out monitoring measures in packet-oriented telecommunications networks T-Mobile International GmbH and Co. Kg, inventor Walter Keller)
• Ref 5, ETSI TS 133 107 Universal Mobile Telecommunications System UMTS, 3G Security, Lawful Interception Architecture and Functions

LIST OF REFERENCE NUMBERS LEMF Official observation facility (Law Enforcement Monitoring Facility) HI 1 ... 3 interfaces (Handover Interface 1 ... 3) MF Interface Converters (Mediation function) ADMF Administration function (Administration Function) DF_2 .._ 4 delivery functions (Delivery Function 2 & 3) X .. interfaces (Interfaces) 3G MSC Line switch (3rd Generation Mobile Switching Center) 3G GSN Packet switching center 3rd Generation Serving GPRS Support Node SCN Network for services and applications (Service Control Network) MFS Mobile financial system (Mobile Finance System) KI credit institution SCN Services control network (Service Control Network) BLZ-D Sort code file IL interface (Interlinking) MFS Mobile financial services system (Mobile Finance System) HBV Access Mechanism RTGS National real-time gross payment system RTGSplus RTGS component in Germany CCG Cash Clearing Gateway TNI Terminal network interface (Terminal Network Interface) TAI Terminal access interface (Terminal Access Interface) PMLN Public land mobile network (Public Mobile Land Network) RN Wireless network (Radio Network) FSI Interface of the financial services system (Finance System Interface) february Finance Clearing Interface CN Core network (Core Network) FCS Financial services control facility (Finance Control System) fti Financial service terminal interface (Finance Terminal Interface) PTN / Internet Public telecommunication network, also Internet (Publik Telecommunication Network / Internet) MAR Mobile account storage location (Mobile Account Register)

QUOTES INCLUDE IN THE DESCRIPTION

This list The documents listed by the applicant have been automated generated and is solely for better information recorded by the reader. The list is not part of the German Patent or utility model application. The DPMA takes over no liability for any errors or omissions.

Cited patent literature

• - DE 10046556 [0037, 0099]
• - EP 10117998 [0040, 0099]
• - DE 102007006658 [0051]
• - DE 102007006659 [0055, 0099]
• - DE 1020076658 [0099]

Cited non-patent literature

• - www.3gpp.org [0004]
• - ISO 9362 [0072]
• - ETSI TS 133 107 Universal Mobile Telecommunications System UMTS, 3G Security, Lawful Interception Architecture and Functions [0099]

Claims (7)

Method for carrying out official surveillance measures and electronic account information for subscriber accounts and financial transactions in connection with telecommunications and IP data networks, characterized in that the lawful interception architecture implemented in the mobile communications sector and known from ETSI TS 133 107 is a further hardware and / or program-controlled delivery function, the Delivery Function DF4 according to 1 is extended such that the DF4 can be configured, parameterized and operated by means of an additional interface X1_4 on the part of the administration device ADMF (Administration Function) and continue the DF4 at least one own additional interface X4 to the relevant for the implementation and / or storage of financial services monitoring - And account, or transaction information, such as account balance, financial transactions, etc. in accordance with network components in the mobile network 4 , such as SCN (service control network with, for example, intelligent network IN, value-added services center VAS, location register HLR and customer control center CCBS) and / or at least one mobile financial services system MFS with financial service database MAR, for example, and at least one of these facilities relevant information on account balances and / or financial transactions in connection with subscriber accounts, fee accounts, prepaid funds, etc. are transferred to the DF4 where they are appropriately prepared, filtered, concentrated, compiled and / or cached for the purpose of transport and provision to the users (LEMF): Procedure for carrying out official surveillance measures ... according to claim 1, characterized that on the part of ADMF alternatively different characteristic criteria to initiate and / or implement specific surveillance measures of participant or financial accounts or for the initiation of electronic Account information EKI used by specific mobile subscribers such as the typical subscriber or terminal identifiers MSISDN, IMSI and IMSI, as well in contrast to the usual procedures now According to the invention, the subscriber account number (optional in connection with the mobile bank sort code) and / or one of the usual ones stored in the CCBS contract relevant parameters, such as participant name, Participant address etc. can be used, with either a unique identifier is sufficient and the ADMF via connected interfaces to the mobile devices is able to become more affiliated Optionally, automatically obtain identifiers for access to other network components as, for example, order or storage criterion can be helpful. Procedure for carrying out official surveillance measures according to at least one of the preceding claims, characterized in that the X and HI interfaces to DF4 optional and preferably implemented with Internet Protocol (TCP / IP) become. In this procedure, the data in one preferred embodiment by means of secure protocol (for example a tunnel protocol, such as Virtual Private Network VPN, or Secure Socket Layer SSL or similar) via public Networks, such as the Internet to the demand carriers transferred become. Method for carrying out official surveillance measures ... according to at least one of the preceding claims, characterized in that at least the in 1 illustrated addition of the ETSI reference configuration TS 133 107, consisting of the components DF4 (with MF) and at least the required for configuration and operation of this component portion of the ADMF with the relevant internal interfaces X1_4, the interface X4 to the appropriate to be monitored devices ( For example, MFS) and the interface HI4 to the demand carriers (LEMF) within any communication network with IP protocol, such as an Internet service provider is set up to implement by this measure regulatory monitoring measures, for example, financial transactions even within these networks, optionally other components of the existing reference components compared to the usual application in a mobile radio network provided therefor, come in the manner appropriate modified used that any IP connections can be monitored, but at least Voice over IP voice communications over IP networks, for example via the public Internet. Method for carrying out official surveillance measures ... according to at least one of the preceding claims, characterized in that the administration of the monitoring and / or electronic account information measure within the ADMF is implemented as a functional extension of the existing menus for the administration of surveillance measures of the telecommunications services by means of software algorithms the simultaneous start and conclusion of combined actions of the same persons as well as economic and operational savings in the administration of measures and the shared use of hardware components, personnel and specific premises with elaborate safety standards. Procedure for carrying out official surveillance measures according to at least one of the preceding claims, characterized in that the ADMF is optional with cash clearing System of banks and / or the cash clearing system of the mobile and / or data networks or optionally the information-requiring Authorities directly via a logical or physical Interface or optionally via the one assigned to the MFS Interface device CCG (for example via FCS and FSI) with appropriate communication protocols, for example ISO / OSI FTAM protocol and X.400, communicating to at least Electronic account information optionally automatically clearing System of banks and associated authorities. Method for carrying out official surveillance measures ... according to at least one of the preceding claims, characterized in that an alternative embodiment for implementing the electronic account information in mobile radio and IP data networks is realized in such a way that additionally or alternatively the establishment of a corresponding Access in the mobile or IP data network when connected to the cash clearing system of the banks and / or the cash clearing system of the mobile and / or data networks in such a way that the corresponding interface (interface) component of the mobile or data network, for example the cash clearing gateway CCG in MFS ( 4 ) can handle the protocol elements required for the EKI and in turn is in communication with the corresponding control devices of the network, for example the FCS, to automatically retrieve the required EKI data from the respective databases, for example the mobile phone accounts database MAR or after prior authentication of the process to procure, filter and, if necessary, encrypt the requisite facilities of the control network SCN, for example the CCBS, the IN system and / or VAS components or any alternative storage locations of account and / or financial data in any networks and facilities and automatically transmit over the interface to the cash clearing system or via at least one alternative government agency interface. In this connection, access to, for example, HLR is realized in order, for example, to obtain subscriber identifications in the mobile radio area as an access or selection criterion for individual access to other mobile radio components, this solution variant being particularly advantageous in IP data networks, for example e-mail or Internet access providers or the Internet Service providers, who do not have the need for official wiretaps and thus do not have LI facilities according to, for example, ETSI TS 133 107, and therefore only have to provide information requests to EKIs.