Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L67/00—Network arrangements or protocols for supporting network services or applications
  • H04L67/01—Protocols
  • H04L67/10—Protocols in which an application is distributed across nodes in the network
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
  • H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04M—TELEPHONIC COMMUNICATION
  • H04M3/00—Automatic or semi-automatic exchanges
  • H04M3/22—Arrangements for supervision, monitoring or testing
  • H04M3/2281—Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04M—TELEPHONIC COMMUNICATION
  • H04M2203/00—Aspects of automatic or semi-automatic exchanges
  • H04M2203/30—Aspects of automatic or semi-automatic exchanges related to audio recordings in general
  • H04M2203/301—Management of recordings
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04M—TELEPHONIC COMMUNICATION
  • H04M3/00—Automatic or semi-automatic exchanges
  • H04M3/42—Systems providing special services or facilities to subscribers
  • H04M3/42136—Administration or customisation of services
  • H04M3/42144—Administration or customisation of services by service provider
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04M—TELEPHONIC COMMUNICATION
  • H04M7/00—Arrangements for interconnection between switching centres
  • H04M7/006—Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer

Definitions

• the invention relates to a method of providing an observer with data relating to at least one user of a telecommunication operator or of Internet services in a network, and an architecture of such an operator comprising technical means for implementing such a process.
• legal interception allows an authority to monitor in real time the communications between specific users in a network and the data retention allows the storage of technical data relating to users in such a network for their use in a network. posteriori by an authority.
• the technical constraints of data retention arise mainly from the large amount of data to be stored; therefore, the query response time can become very important and can be a hindrance to operational efficiency.
• the processing of heterogeneous type data from different types of communication networks is a global difficulty.
• the object of the invention is to improve the prior art by proposing a method making it possible to significantly improve the speed and efficiency of exchanges between telecommunication operators, Internet service providers and the authorities by facilitating the correlation and the merging of information. obtained by those authorities, in particular through better interaction between the functions of legal interception and data retention and anticipation of requests from those authorities.
• the invention proposes a method of providing an observer with data relating to at least one user of a telecommunication operator or of Internet services in a network, said method providing that said observer sends a querying said operator to obtain data in response to said request, said method further comprising:
• the invention proposes an architecture of a telecommunication operator or of Internet services in a network, said architecture comprising at least one database in which data relating to at least one user of said operator is stored.
• architecture comprising means for receiving a request sent by an observer to said operator to obtain data in response to said request, said architecture further comprising:
• At least one data analysis module requested by the observer in response to said request
• At least one automatic construction module for a new request based on the analysis performed by said analysis module; at least one module for using said new request so that said operator transmits to said observer new data in response to said new request;
• At least one administration module comprising means for making the analysis, construction and utilization modules interact with one another so as to transmit to said observer new data in response to said new request.
• FIG. 1 schematically represents an architecture of a telecommunication operator integrating two applications capable of implementing a supply method according to the invention
• Figure 2 schematically shows an application of Figure 1.
• the operator may be in particular a fixed, mobile, voice and / or data communications operator, for example a telecommunications operator such as Orange® or Bouygues Telecom®, or an Internet telephony operator (VoIP). ) and / or videophone and / or an Internet Service Provider.
• a telecommunications operator such as Orange® or Bouygues Telecom®
• VoIP Internet telephony operator
• videophone and / or an Internet Service Provider.
• the architecture comprises means for implementing a method of providing an observer with data relating to at least one user of the operator in the network 1.
• the observer is a legal authority (LEA, for Law Enforcement Agency), for example the National Police or the Gendarmerie Nationale, or a ministry, such as the Ministry of Defense or the Ministry of Justice .
• the architecture includes at least one database in which data relating to at least one user of the operator is stored.
• the architecture integrates a data retention sub-architecture 2 comprising at least a base 3 in which technical data relating to the operator's client users are stored, for example data relating to the identifiers of the data carriers. users of the operator, the type of multimedia communications established by the users, the history of said communications or the contact identifiers of said users participating in said communications.
• the identifiers of the users and / or their contacts may be telephone numbers, Internet protocol (IP) addresses, blog addresses or real-time chat room addresses (for English chat).
• IP Internet protocol
• the identifier can also be the name of said users.
• This data is sent to the database 3 by an information system 4 (SI, for System Information) of the operator, in order to be grouped and stored in said database.
• SI System Information
• the architecture integrates a legal interception sub-architecture 5 comprising at least one platform 6 for the telecommunication operator, said platform comprising at least one interface 7 for an operator network, for example a network of operators. fixed telephony, mobile telephony, or an Internet supply network, said interface giving access to data relating to real-time communications between users in the network 1, at least one of said users being a user of the operator considered.
• a legal interception sub-architecture 5 comprising at least one platform 6 for the telecommunication operator, said platform comprising at least one interface 7 for an operator network, for example a network of operators. fixed telephony, mobile telephony, or an Internet supply network, said interface giving access to data relating to real-time communications between users in the network 1, at least one of said users being a user of the operator considered.
• the data accessible via an interface 7 can be relative to the identifiers of the operator's users and / or to the identifiers of the contacts of said users participating in a real-time communication with said users, or to the type and or the content of said communications in real time.
• the data stored in the database 3 and the data accessible via an interface 7 comprise at least one telephone number of a user and / or at least one telephone number of a contact of said user in the network 1, the observer sending a request to obtain at least one of said numbers as data, in order to set up a legal intercepting method from said number and / or to obtain technical data on said number.
• the method provides that the observer sends a request to the operator to obtain data in response to said request.
• the architecture therefore comprises means for receiving a request sent via the network 1 by the observer to the operator in order to obtain data in response to said request or to make an interception in real time.
• the data retention sub-architecture 2 comprises at least one mediation module 8 which comprises means for receiving a request 9 sent by the observer in order to obtain data stored in the database 3, said data being relative to a user of the operator.
• the module 8 may be in particular a high definition multimedia interface module (HDMI, for High Definition Multimedia Interface) and the request 9 may be sent by the observer to said module via an administrative transmission interface HIA ( Hl, for Handover Interface).
• HDMI high definition multimedia interface module
• HIA Hl, for Handover Interface
• the sub-architecture 2 comprises an interface module 10 capable of making the module 8 interact with the database 3, in order to extract from said database the required data and to transmit to the observer a notification 1 1 in response to the request 9, said notification comprising said data.
• the module 10 can send instructions to the module 8 via an administrative transmission interface HIA, the notification 1 1 can then be transmitted to the observer via an HIB data transmission interface.
• the legal interception sub-architecture 5 comprises at least one mediation module 12 which comprises means for receiving a request 13 sent by an observer in order to obtain data via an interface 7. data being relative to a user of the operator.
• the observer can send a request 13 to the module 12 via a transmission interface HI1 for managing the legal interception functions.
• the sub-architecture 5 comprises an interface module 14 able to make the module 12 interact with the platform 6, in order to obtain, via at least one interface 7, the required data and to transmit to the observer 15 in response to the request 13, said notification comprising said data.
• the data accessible via an interface 7 are transmitted in real time to an observer in notifications without there being any real storage of said data within the sub-architecture 5 of legal interceptions. .
• the module 14 can send instructions to the module 12 via a transmission interface HI1 for managing the legal interception functions, the notification 15 can then be transmitted to the observer via a user interface.
• HI2 transmission if it includes technical data relating to a real-time communication of the user in the network 1, or via a transmission interface HI3 if it includes data relating to the content of such a communication.
• the method provides for analyzing the data requested by the observer in response to the request 9, 13, in particular before obtaining said data by said observer.
• the architecture comprises at least one module 16 analysis of the data requested by the observer in response to the request 9, 13.
• the requested data can be analyzed by means of filtering rules.
• filtering rules can in particular be generated from an analysis of a history of the previous requests 9, 13 sent by the observer and data obtained in response to said previous requests.
• These filtering rules can also be built by an architecture administrator with recommendations from the observer.
• the architecture comprises at least one filter rule generation module 17 comprising means for analyzing a history of the previous requests 9, 13 sent by the observer and data obtained in response to said previous requests, and means for generating filtering rules from said analysis.
• the module 16 is able to analyze the data requested by the observer by means of the filtering rules generated by the module 17.
• the filtering rules depend on the nature of the observer's activity and his working methods and can in particular relate to the requests that the observer usually sends to the operator after having received a certain type of data.
• the analysis means of the module 17 may be able to identify this habit and the means for generating said module may be able to generate a filtering rule relating to said identified habit.
• the new query constructed corresponds in particular to the request that would have been issued by the user. observer after having obtained and analyzed the data he has requested and thus anticipates the behavior of said observer.
• the method provides for using the newly constructed query so that the operator transmits new data to the observer in response to said new request.
• the architecture comprises at least one module 19 for using the new one and at least one administration module 20 comprising means for making the analysis modules 16, the construction module 18 and the use modules interact with one another. 19 to transmit to the observer new data in response to said new request.
• the administration module 20 may comprise means for enabling the observer to manually generate filtering rules and means for sending said generated rules to the generation module 17.
• the new data obtained in response to the new queries constructed are stored locally, for example in a base (not shown) of the corresponding sub-architecture 2, 5, before being transmitted to the observer, in order to avoid any loss of data between the operator and the observer.
• the user module 19 may include means for securing the use of the new request, in particular by ensuring the integrity and confidentiality of said use by means of an encryption code and / or confidentiality certificates.
• the analysis modules 16, generation of rules 17, construction 18, use 19 and administration 20 are grouped together in an application 21, said application being implemented in the architecture of FIG. a telecommunication or Internet service operator for implementing the method, in particular in at least one of the sub-architectures 2, 5.
• the data retention 2 and legal interception architectures 5 respectively comprise an application 21, each of said applications comprising the modules described above, in particular a module 19 for using the new requests.
• the results of new queries built can be indexed in a database.
• the module 18 of the sub-architecture 2 can comprise means for indexing in a data retention database the new requests that it has constructed, for example by creating logical links for said new requests, the module 19 being able to make the mediation module 8 interact with this database by using said logical links so that the module 8 extracts from the database 3 new data in response to said new requests.
• the module 18 of the sub-architecture 5 can comprise means for preparing, from the new queries built, routing tables, a virtual private network (VPN) configuration, or other techniques, so that the mediation module 12 interact with at least one interface 7 of the platform 6 to obtain new data in response to said new requests.
• VPN virtual private network
• the method may provide that, if the request sent by the observer is a data retention request 9 - respectively a legal interception request 13 -, the new constructed request is also a data retention request - respectively a request for data retention. legal interception.
• the module 19 of the application 21 implemented in said sub-architecture locally transmits said new request module 8, 12 mediation of said sub-architecture.
• the module 16 of the application 21 implemented in said sub-architecture can, in collaboration with the module 17 of said application, apply the filtering rules corresponding to this habit for the module 18 to build a new request and the module 19 transmits locally said new request to module 8.
• the module 16 of the application 21 implanted in said sub-architecture can, in collaboration with the module 17 of said application, apply the filtering rules corresponding to this habit so that the module 18 builds a new request and the module 19 locally transmits said new request to the module 12.
• the method may also provide that, if the request sent by the observer is a data retention request 9 - respectively a lawful interception request 13 -, the newly constructed request is a lawful interception request - respectively a request for data intercept. data retention.
• the module 19 of the application 21 integrated in said sub-architecture transmits so secure said new request to the module 8, 12 of mediation of the other sub-architecture 2, 5.
• the module 16 of the application 21 implanted in said sub-architecture can, in collaboration with the module 17 of said application, apply the filtering rules corresponding to this habit so that the module 18 automatically builds a new request for legal interception.
• the new request 22 is then transmitted by the module 19 of the application 21 implemented in the data retention sub-architecture 2 to the mediation module 12 of the legal interception architecture 5, so that the module 12 interacts with the platform 6 to implement the legal interception for the seven contacts.
• the module 16 of the application 21 implanted in said sub-architecture can, in collaboration with the module 17 of said application, apply the filtering rules corresponding to this usual so that the module 18 build a new request 23 for data retention.
• the new request 23 is then transmitted by the module 19 of the application 21 implanted in the legal interception sub-architecture 5 to the mediation module 8 of the data retention architecture 2, so that the module 8 extracted from the base 3 the telephone number of the said contact.
• an interaction between the data retention 2 and legal interception architectures 5 is established and makes it possible to significantly improve the efficiency and the speed of these two sub-architectures 2, 5 by automatically building new ones. requests anticipating the requests of the observer, making said sub-architectures real tools of investigation and decision-making aid for the authorities.

Landscapes

• Engineering & Computer Science (AREA)
• Signal Processing (AREA)
• Technology Law (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Computer Hardware Design (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Data Exchanges In Wide-Area Networks (AREA)
• Mobile Radio Communication Systems (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=44310860

Family Applications (1)

Country Status (4)

Citations (1)

Family Cites Families (9)

• 2011
  • 2011-01-13 FR FR1100123A patent/FR2970613B1/fr not_active Expired - Fee Related
• 2012
  • 2012-01-13 US US13/995,030 patent/US20130297740A1/en not_active Abandoned
  • 2012-01-13 EP EP12701328.2A patent/EP2664127A1/de not_active Withdrawn
  • 2012-01-13 WO PCT/EP2012/050500 patent/WO2012095522A1/fr active Application Filing

Patent Citations (1)

Also Published As

Similar Documents

Legal Events