Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04M—TELEPHONIC COMMUNICATION
  • H04M3/00—Automatic or semi-automatic exchanges
  • H04M3/22—Arrangements for supervision, monitoring or testing
  • H04M3/2281—Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
  • H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/50—Network services
  • H04L67/54—Presence management, e.g. monitoring or registration for receipt of user log-on information, or the connection status of the users

Definitions

• the invention generally relates to lawful interception. More particularly, but not exclusively, the invention relates to lawful interception in XML (Extensible Markup Language) document management.
• XML Extensible Markup Language
• XDM Open Mobile Alliance
• XML document management XML document management
• XDM defines a common mechanism that makes user-specific service-related information accessible to different service enablers that need them. Such information is stored in the network where it can be located, accessed and manipulated (e.g., created, modified, retrieved, deleted) by service enablers as well as by XDM clients (or users), such as mobile stations.
• service enablers that currently use or can use XDM are PoC (Push-to-Talk over Cellular), Presence, Instant Messaging (IM), and a variety of gaming services.
• FIG. 1 shows a typical XDM framework.
• User-specific service-related information is maintained in group and list documents. These XML documents typically identify a list of members of the group in question. Or, they may contain specific rules generated for the group(s) or user(s) in question.
• PoC access policy documents and PoC group documents are used. Each PoC user has an access policy document, which is used for controlling incoming PoC session invites.
• PoC group documents are used to control PoC group sessions.
• authorization policy documents and presence lists documents such as RLS presence list documents (Resource List Server)
• Authorization policy documents are used to authorize a watcher subscribing to a person's presence information, and presence list documents are used to further personalize the service.
• XML documents are stored in logical repositories in the network, called XML document management servers (XDMS).
• XDMS Uniform resource identifiers
• URL uniform resource locators
• Enabler specific XDMSs 131 are enabler-specific, and their information is used by corresponding enabler servers 120. This means that a PoC server uses a PoC XDMS, a Presence Server uses a Presence XDMS and so on. If, for example, a PoC service is taken as an example, it is typical that a PoC server accesses a PoC XDMS to obtain a particular type of user document, a PoC group document, which provides the member list for a PoC group session. The PoC server uses this information to invite such members to a PoC session.
• Shared XDMSs 132 are repositories to be used by a plurality of service enablers. When the same group or list document is of use in a plurality of services, it is sensible to store this document in a shared XDMS 132 wherefrom each service enabler can access it when needed.
• An XDM client 105 is able to access and manipulate XML documents by using XCAP protocol (XML Configuration Access Protocol). In other words, these kinds of operations are performed using an XCAP layer which resides above the HTTP (Hypertext Transfer Protocol) layer in a protocol stack.
• the client 105 can transmit an XCAP request to an XDMS 131, 132, which takes appropriate action and returns a response to client 105.
• XDM client 105 has a single contact point for XCAP requests, namely an aggregation proxy (AP) 115. Accordingly, transmitted XCAP requests first pass via an XDM-3 interface to aggregation proxy 115.
• AP aggregation proxy
• Aggregation proxy 115 authenticates and routes the received XCAP requests to a correct XDMS 131, 132. Aggregation proxy 115 also forwards the response back to the XDM client 105. XDM client 105 identifies elements inside one XML document stored in an
• XDMS modifies those elements, when needed.
• XDM client 105 manipulates an XML document (i.e., an XDM resource) by invoking (from the XCAP layer) certain HTTP layer operations on the XDM resource in question.
• the XDM resource may be identified by a combination of an application unique ID (AUID) and an XCAP user ID (XUI).
• AUID identifies the application (or service enabler) in question. In this way the correct XDMS also will be identified.
• the XUI identifies the user in question.
• the XDM framework has other defined interfaces: an XDM-I interface between the XDM client 105 and network core 150, an XDM-2 interface between the shared XDMS 132 and the network core 150 and an XDM-4 interface between the aggregation proxy 115 and the shared XDMS 132.
• the network core 150 corresponds to the part of the IP (Internet Protocol) based or other network though which service-related signaling, such as SIP (Session Initiation Protocol) and/or GPRS signaling (GPRS), and payload is communicated. Dashed lines in FIG. 1 indicate enabler-specific reference points for communication.
• Group documents a group document is a list of members of the group in question (PoC group, IM group, etc . . .);
• Presence lists a Presence list is used to subscribe, on behalf of a watcher, to the presence status of a list of presentities (presentities are users whose presence information the watcher is interested in);
• Presence authorization rules these define who is authorized to subscribe to a presentity's presence information
• Presence rules may, for example, define which information is sent to each watcher; depending on the watcher, different information can be sent.
• lawful interception means an action, authorized by law and performed by a network operator, access provider and/or service provider (hereinafter referred to as an operator), whereby certain information is made available and provided to a law enforcement monitoring facility (LEMF).
• LEMF law enforcement monitoring facility
• the term "law enforcement monitoring facility” (“LEMF”) in turn, means a law enforcement facility designated as the transmission destination for the results of lawful interception activity relating to a particular interception subject.
• interception subject means a person or persons, specified in a lawful authorization, whose telecommunications are to be intercepted.
• the block diagram depicted in FIG. 2 shows a conventional system for performing lawful interception.
• the prior-art system comprises devices and functions both within the domain of an operator and within the domain of law enforcement agencies (LEA).
• law enforcement agency means an organization acting pursuant to a lawful authorization based on a national law that requests telecommunications interception measures and receives the results of telecommunications interceptions performed in accordance with telecommunications interception measures.
• the law enforcement monitoring facility (LEMF) 220 communicates with the operator domain via the lawful interception handover interface, i.e., the HI interface.
• the handover interface is a physical and logical interface across which interception measures are requested from the operator domain, and the results of interception are delivered by the operator domain to LEMF 220.
• LEMF 220 communicates with the operator's administration function 211 via handover interface port 1 (HIl). By communicating with the administration function 211, LEMF 220 can place persons under surveillance and remove persons from surveillance.
• HIl handover interface port 1
• LEMF 220 communicates with an IRI (intercept related information) mediation function 212 via handover interface port 2 (HI2). From IRI mediation function 212, LEMF 220 receives information or data associated with telecommunication services, other than the actual payload. This information or data may involve a target identity, specifically communication-associated information or data (e.g. unsuccessful communications attempts), service-associated information or data and location information.
• IRI intercept related information
• LEMF 220 receives information or data associated with telecommunication services, other than the actual payload. This information or data may involve a target identity, specifically communication-associated information or data (e.g. unsuccessful communications attempts), service-associated information or data and location information.
• LEMF 220 communicates with a CC (content of communication) mediation function 213 via handover interface port 3 (HI3). From CC mediation function 213, LEMF 220 receives the actual content of communication (payload, user data).
• content of communication means information exchanged between two or more users of a telecommunications service (e.g., speech, data), excluding intercept related information. This includes information that may, as part of some telecommunications service, be stored by one user for subsequent retrieval by another.
• the IRI mediation iunction 212 typically obtains the intercept-related information and the CC mediation function 213 obtains the content of communication to be sent to the LEMF 220 from the network's internal functions 205.
• the network's internal functions 205 may specifically provide an internal intercepting function (HF), which is a point within a network or network element at which the content of communication (CC) and the intercept-related information (IRI) are made available.
• HF internal intercepting function
• the IRI and CC are sent to mediation iunctions 212 and 213 via an internal network interlace (INI) or similar.
• IRI internal network interlace
• LEAs currently have to rely on SIP and IP core-level lawful interception, which does not capture information contained in XDMSs. Accordingly, it has been observed that LEAs do not have access to the above-mentioned valuable information.
• the mentioned information is not available in the normal content of communication (CC), which can be taken from the GPRS- level or similar. Neither is it available in interception related information (IRI), which is taken from SIP-signalling and/or GPRS-signalling or similar.
• IRI interception related information
• LEAs are able to access CC from/towards a monitored user (e.g., PoC call data) and IRI from/towards a target (GPRS and/or SIP signaling information) from network core.
• a monitored user e.g., PoC call data
• IRI from/towards a target
• target GPRS and/or SIP signaling information
• LEAs cannot typically identify all participants in a PoC group if all participants do not first send a speech burst.
• a method in a group and list management system in which user-specific service-related information is contained in at least one of group and list documents stored in network repositories, wherein the method comprises: sending information concerning the at least one of group and list documents to a law enforcement agency.
• the information is sent by a network element or function (such as an aggregation proxy of an XDM system) which performs security procedures (e.g., authentication of XDM clients) as well as request forwarding procedures (e.g., for HTTP traffic).
• security procedures e.g., authentication of XDM clients
• request forwarding procedures e.g., for HTTP traffic.
• the aggregation proxy functions as a contact point for accessing XML documents stored in XDMSs.
• the aggregation proxy performs authentication of XDM clients and routes individual XCAP requests to correct XDMS based on AUID identifier.
• the aggregation proxy provides an interlace for sending intercept related information to authorities.
• a group and list management system adapted to store user-specific service-related information in at least one of group and list documents in network repositories, wherein the system comprises: a network element for sending information concerning the at least one of group and list documents to a law enforcement agency.
• a network element for a group and list management system in which system user-specific service-related information is contained in at least one of group and list documents stored in network repositories, wherein the network element comprises: means for sending information concerning the at least one of group and list documents to a law enforcement agency.
• the network element is a server. It can be a list management server (LMS) located between clients of the system and the storage elements (or local repositories in a network, e.g., XDMSs) in which the group and list documents are stored.
• LMS list management server
• the computer program may comprise software code and it may be stored on a data medium, such as a memory.
• a physical memory medium storing a computer program as defined in claim 34.
• FIG. 1 shows functional entities in XML document management architecture
• FIG. 2 shows a traditional model for lawful interception
• FIG. 3 shows an XML document management interception configuration in accordance with an embodiment of the invention.
• FIGS. 1 and 2 have been described in the preceding. That description is used to support the following description.
• FIG. 3 shows an XML document management (XDM) interception configuration in accordance with an embodiment of the invention.
• XDM represents an example of a group and list management function.
• the invention is not restricted to XDM only, but is applicable to other current and future group and list management functions and systems, too.
• the aggregation proxy 115 is provided with a mechanism for lawful interception of XDM.
• the aggregation proxy 115 comprises a set of logical functions represented by blocks 310 - 312: an LI functions block 310 (lawiul interception functions); an ADMF block 311 (administrative function); and a DF2 block 312 (delivery function 2 for intercept related function (IRI)). These functions co-operate to implement the HIl and HI2 interfaces (or ports) towards LEMF 220.
• the ADMF block 311 is adapted to communicate administrative information with LEMF 220 via HIl interface. It is adapted to receive from LEMF 220 requests for setting interception subject(s) under surveillance as well as requests for removing them from surveillance, and to send to LEMF 220 responses to said requests.
• the ADMF block 311 forwards this kind of administrative information to LI functions block 310, which gathers IRI information concerning interception subjects and keeps track of interception subjects in an internal database 314 of the aggregation proxy 115.
• the DF2 block 312 is adapted to communicate IRI information to LEMF 220 via HI2 interface.
• the DF2 block 312 receives the IRI from LI functions block 310, which gathers said information from the enabler specific XDMSs 131 or shared XDMS 132.
• the LI functions block 310 gathers IRI from different messages passing the aggregation proxy 115.
• LEMF 220 is provided with information about the contents of the group and list documents of the interception subject in question.
• the aggregation proxy 115 generates an XCAP retrieve request (above HTTP protocol or similar) and sends it to XDMSs within its domain (operator domain) to get definitions of existing groups, user access policies, presence lists, presence rules and presence authorization rules of the intercepted subject in question and forwards these documents to LEA domain over HI2 interface. This can be done at the time of LI activation over the HIl interface.
• Information of activated LI subjects is stored in the internal database 314 of the aggregation proxy 115.
• LI Flag TRUE or similar
• authorities expressly request interception subject related information (indirectly) from XDMSs by sending a request over HIl interface to the aggregation proxy 115.
• the aggregation proxy 115 forwards this request to XDMSs within its domain again with additional LI flag set TRUE included in the XCAP request for including that response to this request shall not be sent to the user (interception subject, or XDM client), but will be sent to LEMF 220 instead.
• the XDMSs 131, 132 return those documents to the aggregation proxy 115 in which the requested user (or interception subject) is found, and the aggregation proxy 115 forward those documents to LEMF 220. This process can be done during the time of LI activation, or afterwards, if needed.
• Requested information can be, for example, as follows:
• LEMF 220 is provided with information about manipulation of the group and list documents (or other IRI) of the interception subject in question.
• the aggregation proxy 115 checks, for all incoming and outcoming messages (XCAP requests and/or XCAP responses), the XUI (XCAP User Identifier). If the XUI has been set as lawful interception subject in the internal database (list) 314, the aggregation proxy 115 copies this XCAP request/response and sends a copy of it towards LEMF 220 over HI2 interface for a lawful interception purpose.
• XCAP requests and/or XCAP responses XCAP User Identifier
• lawful interception is set for a user, who is, for the purpose of this example, named Joe Criminal. His SIP URI "sip:joe.criminal@example.com" is set as lawful interception subject in the internal database 314 of the aggregation proxy 115.
• the aggregation proxy 115 For the retrieval of all lists of the intercepted subject from all different XDMSs within its domain, by using XCAP protocol, the aggregation proxy 115 generates an HTTP GET request based on all appropriate AUIDs and the XUI.
• the AUID identifies the application (or service enabler) in question.
• the XUI identifies the user whose documents are requested. In other words, the AUID and the XUI indicate the correct XDMS and user, respectively.
• An additional LI flag is set to these requests for differentiate them from requests received from XDM clients 105 (and thus subsequent responses to these requests are sent only to LEMF 220 (via the aggregation proxy 115), not to the interception subject, as he/she should not be made aware of the lawful interception).
• the HTTP GET request sent, for example, to a Presence XDMS (RLS XDMS) 131 would appear as follows:
• the RLS XDMS 131 After the RLS XDMS 131 has performed the appropriate authorization checks on the request originator and noticed that LEA is authorized to perform this operation, the RLS XDMS 131 sends an HTTP "200 OK" response including the requested document in the body of the response message. The RLS XDMS 131 will add the received LI flag also to the response to indicate that this is not a normal user originated request. The response would appear as follows:
• the aggregation proxy 115 notices the LI flag and routes the response to LEMF 220 over HI2 interface.
• Terminating interception can be initiated by the LEMF 220, or it can be regulated by a timer. In the latter case, the aggregation proxy 115 may set up a timer at the time of LI activation. When the timer expires, the interception subject is automatically removed from surveillance. The aggregation proxy 115 informs LEMF 220 of the termination of interception by sending an appropriate message via HIl interlace.
• the aggregation proxy mentioned in the embodiments of the invention can be implemented by a suitable combination of hardware and software in a suitable server or network element, for example in a list management server (LMS).
• the mentioned software comprises program code for identifying information that is to be transmitted to LEA. Further, it comprises program code for controlling transmissions (such as IRI transmission) to LEA as well as for handling requests (such as requests to set a person as an interception subject) received from LEA.
• the XUI (which may be a SIP URI or TEL URI or similar) identifies the user whose documents are requested.
• an identifier other than the XUI is generated and sent in XCAP requests. The purpose of this identifier is to identify the requester.
• the aggregation proxy checks the value of this identifier, for all incoming requests. If the value of this identifier indicates an interception subject, the aggregation proxy copies the XCAP request in question and sends a copy of it towards LEA over HI2 interface.

Landscapes

• Engineering & Computer Science (AREA)
• Signal Processing (AREA)
• Computer Networks & Wireless Communication (AREA)
• Technology Law (AREA)
• Computer Security & Cryptography (AREA)
• Computer Hardware Design (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Mobile Radio Communication Systems (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=37942344

Family Applications (1)

Country Status (2)

Families Citing this family (4)

Family Cites Families (2)

• 2006
  • 2006-10-13 EP EP06794157A patent/EP1943803A1/de not_active Withdrawn
  • 2006-10-13 WO PCT/FI2006/050441 patent/WO2007042624A1/en active Application Filing

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events