WO2002082782A2 - System and method for intercepting telecommunications - Google Patents

System and method for intercepting telecommunications Download PDF

Info

Publication number
WO2002082782A2
WO2002082782A2 PCT/US2001/031548 US0131548W WO02082782A2 WO 2002082782 A2 WO2002082782 A2 WO 2002082782A2 US 0131548 W US0131548 W US 0131548W WO 02082782 A2 WO02082782 A2 WO 02082782A2
Authority
WO
WIPO (PCT)
Prior art keywords
payload
header
subject
termination point
media gateway
Prior art date
Application number
PCT/US2001/031548
Other languages
French (fr)
Other versions
WO2002082782A3 (en
Inventor
Craik R. Pyke
William Hern
Roger L. Thompson
Serge S. Caron
Halima H. Mounji
Charles B. Ewoti
Michael Goerens
Pete J. Streng
Christopher J. Goertzen
Christian Kittlitz
Richard C. Taylor
Michael Welham
Original Assignee
Nortel Networks Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nortel Networks Limited filed Critical Nortel Networks Limited
Priority to DE60133316T priority Critical patent/DE60133316T2/en
Priority to EP01273516A priority patent/EP1362456B1/en
Priority to AU2001297701A priority patent/AU2001297701A1/en
Priority to CA002437275A priority patent/CA2437275A1/en
Priority to US10/181,288 priority patent/US20030179747A1/en
Publication of WO2002082782A2 publication Critical patent/WO2002082782A2/en
Publication of WO2002082782A3 publication Critical patent/WO2002082782A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/006Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13034A/D conversion, code compression/expansion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13196Connection circuit/link/trunk/junction, bridge, router, gateway
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13372Intercepting operator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13389LAN, internet

Definitions

  • lawful intercept Historically, lawful intercept consisted of using alligator clips which a law enforcement agency would physically clip to, thereby tapping into, the telecommunication line of a subject (the monitored party) and monitor calls to or from an associate (a party calling or being called by the subject.)
  • Call data intercept includes monitoring call events, for example, monitoring if the subject originates a call, or if a call is terminated on the subject, or if a call is forwarded elsewhere.
  • This type of monitoring known as pen register, provides the phone number of both the person called and the person calling, along with call events and time-date stamps of when the events occurred.
  • call content includes the actual content of the call, i.e., the conversation that takes place, plus call data. Call content is transmitted to the law enforcement agency in real time so that the law enforcement agency can monitor the conversation as it happens.
  • TDM Multiplexed
  • a switch network fabric provides an access point that allows a law enforcement agency to tap the subject's phone line. This type of centrally located access point is known as an Intercept Access Point (IAP). The resulting information is then provided to the law enforcement agency.
  • IAP Intercept Access Point
  • IP Internet Protocol
  • ATM Asynchronous Transfer Mode
  • the invention results from the realization that a truly efficient and effective system and method for intercepting voice over packet communications is achieved in which a packet communication signal directed to or from a subject is received by a centralized replicator.
  • the header is stripped from the packet leaving only the payload, the payload is replicated, a header is added to the replicated payload and the replicated payload is transmitted to a Law Enforcement Agency.
  • a header is added to the original payload and the packet is retransmitted to the intended recipient.
  • the entire packet can be replicated and the headers stripped off both the original packet and the replicated packet and a new header added to each payload.
  • the payloads are then transmitted to the intended recipient and the Law Enforcement Agency.
  • a method of intercepting a telecommunication signal including receiving a telecommunication packet comprising a predetermined header and a payload, removing the predetermined header from the packet, replicating the payload, adding a new header to replicated payload and directing the replicated payload to the address associated with the new header. It can be determined whether a telecommunication packet is to be monitored.
  • the new header can be associated with one of an intended recipient and a law enforcement agency.
  • the predetermined header can be replaced with a second predetermined header. This replacement can occur before or after replication of the payload.
  • the second predetermined header can be associated with the other of the intended recipient and the law enforcement agency.
  • the payload can be directed to the address associated with the second predetermined header.
  • a system for intercepting a telecommunication signal includes an audio server, responsive to a telecommunication signal, for receiving a telecommunication packet comprising a predetermined header and a payload, a termination point for removing the predetermined header from the packet, for replicating the payload and for adding a new header to replicated payload and a relay point for directing the replicated payload to the address associated with the new header.
  • the new header can be associated with one of an intended recipient and a law enforcement agency.
  • the media gateway controller can include a call discriminator, responsive to the telecommunications signal, for determining that the telecommunication signal is subject to interception.
  • the second predetermined header can be associated with the other of the intended recipient and the law enforcement agency.
  • a method for intercepting a telecommunication signal by receiving a telecommunication packet comprising a predetermined header and a payload, removing the predetermined header from the packet, replicating the payload, adding a new header to replicated payload and directing the replicated payload to the address associated with the new header.
  • the new header can be associated with one of an intended recipient and a law enforcement agency.
  • the predetermined header can be removed from the payload and replaced with a second predetermined header. This replacement can occur before or after replication of the payload.
  • the second predetermined header can be associated with the other of the intended recipient and the law enforcement agency.
  • the payload can be directed to the address associated with second predetermined header.
  • the method includes receiving a telecommunication packet comprising a header and a payload, removing the predetermined header from the packet, adding a second predetermined header to payload and directing the replicated payload to the address associated with the second predetermined header. It can be determined whether a telecommunication packet is to be redirected.
  • the second predetermined header can be associated with one of an intended recipient and a law enforcement agency.
  • the payload can be replicated. This replication can occur before or after the predetermined header is removed.
  • a new header can be added to the replicated payload and the replicated payload can be directed to the address associated with second predetermined header.
  • the new header can be associated with the other of the intended recipient and the law enforcement agency.
  • the method includes determining that a telecommunication signal is subject to being monitored, establishing a connection between a first gateway associated with one of a subject being monitored and an associate and a first termination point representing a second gateway associated with the other of the associate and the subject, establishing a connection between the second gateway and a second termination point representing the first gateway and establishing a connection between the first termination point and the second termination point to establish a bearer channel between the subject and the associate wherein the first and second gateways appear to be connection directly.
  • a connection can be established from at least one of the first termination point and the second termination point to a gateway associated with other than the subject and the associate concurrently with the connection between the first termination point and the second termination point.
  • a method of redirecting a telecommunications signal intended for one of a subject and an associate by associating a first termination point with a first intended termination point of a first media gateway, associating a second termination point with a second intended termination point of a second media gateway, establishing a connection between the first intended termination point and the second termination point, establishing a connection between the second intended termination point and the first termination point and establishing a connection between the first termination point and the second termination point wherein the first intended termination point and the second termination point appear to be connected directly.
  • Figure 1 is a schematic block diagram generally representing a system for intercepting packet communications including a centralized replicator according to the present invention
  • Figure 2 is a more detailed schematic block diagram, similar to Figure 1 , including a media gateway controller associated with each media gateway for implementing the necessary connections to affect interception of packet communications;
  • Figure 3 is a schematic block diagram, similar to Figure 1 , demonstrating the actual and ephemeral connections when implementing the call intercept according to one aspect of the present invention;
  • Figure 4 is a schematic block diagram demonstrating associated connections internal to the centralized replicator for affecting bearer channel tandeming for intercepting packet communications;
  • Figure 5 is a schematic block diagram representing bearer channel tandeming by the call discriminator in response to a requirement to intercept packet communications
  • Figure 6 is a flow chart representing one method of intercepting packet communications according to the present invention.
  • Figure 7 is a schematic block diagram, similar to Figure 2, in which a second associate establishes a call to a subject being monitored and a call waiting feature is invoked;
  • Figure 8 is a schematic block diagram, similar to figure 4, demonstrating the connection topology within the centralized replicator when the call-waiting feature is invoked; and Figure 9 is a schematic block diagram, similar to Figure 8, demonstrating the connection topology within the centralized replicator when a conference call feature is invoked.
  • a system 10, Figure 1 which can intercept a packet telecommunication signal to or from a subject 12 being monitored, for example, by a Law Enforcement Agency (LEA) 14.
  • LEA Law Enforcement Agency
  • a call is initiated between subject 12 and associate 20. It is determined that the telecommunication signal is one targeted for monitoring and is to be intercepted. Accordingly, for a call from associate 20 to subject 18, the telecommunication signal, rather than being sent directly to the intended associate media gateway 18, is redirected from subject media gateway 16 to a centralized replicator 22 which may, for example, comprise a universal audio server associated with LEA 14.
  • a centralized replicator 22 receives the telecommunication signal, comprised of individual packets with each packet including a header and a payload, centralized replicator 22 removes the header from the packet leaving the payload intact.
  • Centralized replicator 22 replicates the payload, adds a header to the replicated payload and transmits the replicated payload to a law enforcement agency gateway 24. Once the payload has been replicated a header is added to the original payload and that packet is retransmitted by centralized replicator 22 to associate media gateway 18/18' for delivery to associate 20/20' .
  • the entire incoming packet can be replicated, including header and payload.
  • the headers of the original and replicated packets are removed.
  • a new header is added to the replicated payload for delivery to law enforcement agency 14 and a new header is added to the original payload for delivery to the respective intended recipient, subject 12 or associate 20.
  • each media gateway 16, 24 and 18 can be a media gateway controller 26, 28 and 30, respectively.
  • a media gateway controller refers to one or more devices whose functionality can include performing media gateway control signaling and call processing functions.
  • Each associated gateway controller can include a call discriminator 32 comprising call processing software that determines that a call from or between associated gateways, for example subject media gateway 16 to associate media gateway 18, is in fact subject to monitoring.
  • subject media gateway controller 26 sends a first message, for example using Media Gateway Control Protocol (MGCP) or H.248 protocol, to LEA media gateway 28 to effect a connection between subject media gateway 16 and centralized replicator 22 and another message to effect a connection between associate media gateway 18 and centralized replicator 22.
  • MGCP Media Gateway Control Protocol
  • H.248 protocol H.248 protocol
  • LEA Media gateway controller 28 effects redirection of the call from the intended recipient and instructs centralized replicator 22 to make internal connections, referred to as bearer channel tandeming, in order to facilitate packet replication as will be discussed further in reference to Figure 4.
  • media gateway controller 28 Once media gateway controller 28 has established the necessary connections between subject media gateway 16, centralized replicator 22 and associate media gateway 18, media gateway controller 28 initiates the connections between centralized replicator 22 and law enforcement agency media gateway 24 which is then connected to LEA 14.
  • a call subject to monitoring will contain packets whose headers have been altered or substituted such that instead of the packets ⁇ being transmitted to and from gateways 16 and 18 directly (the intended recipients), the packets are redirected to centralized replicator 22 for replication.
  • Media gateway controller 28 alters the address information of the messages such that it appears to subject media gateway 16 that the message is coming from associate media gateway 18 and messages sent to associate media gateway 18 appear to come from subject media gateway 16.
  • subject media gateway controller 26 sends a message 27 with the session description information, for example using a protocol such as the Session Description Protocol (SDP), of subject media gateway 16 to LEA media gateway controller 28.
  • Media gateway controller 28 sends a message 29 including the session information of media gateway 16 to associate media gateway controller 30, but with the address of centralized replicator 22.
  • associate media gateway controller 30 sends a message 31 acknowledging the session description of media gateway 16 with the session description of associate media gateway 18.
  • LEA media gateway controller 28 sends a message 33 acknowledging the session description of subject media gateway 16 with the session description of associate media gateway 18, but with the address of centralized replicator 22.
  • a communication path from subject media gateway 16 to associate media gateway 18 is tandemed through centralized replicator 22, but is transparent to subject 12 or associate 20.
  • Figure 4 further demonstrates how bearer channel tandeming can be accomplished through centralized replicator 22 by modifying the association between packet streams and endpoints to affect the connections and representations demonstrated in Figure 3.
  • Packet streams 34, 36, 38 and 40 originate from associated endpoints 42, 44, 46 and 48, respectively. Accordingly, the respective transmit and receive streams 34/36 of endpoint 42, while appearing to be associated with endpoint 46 (associate media gateway 18), are associated with end point 44 within centralized replicator 22. Similarly, respective transmit and receive streams 38/40 of endpoint 46 are associated with end point 48 while appearing to be associated with end point 42 (subject media gateway 16). Finally, internal streams 50 and 52 are associated with end points 44 and 48. Connections to end points 42, 44, 46 and 48 are initiated from media gateway controller 28 ( Figure 3) where endpoints 42 and 46 are the recognized originator and terminator endpoints.
  • Endpoints 42 and 46 are typically configured to convert the TDM information from subject 12 or associate 20 into, for example, IP or ATM packets or cells depending upon the fabric of centralized replicator 22. Similarly, information received at these endpoints from centralized replicator 22 is converted from IP/ATM to TDM. In contrast, endpoints 44 and 48 within centralized replicator 22 are typically configured only as packet relay points and do not provide any transcoding or jitter correction in order to minimize latency and reduce the risk of detection by subject 12 or associate 20 of the monitoring. Flow control buffers (not shown) can be provided to avoid loosing packets.
  • Packet relay endpoints 44 and 48 strip the header off incoming packet streams 34 and 38 that they receive from respective endpoints 42 and 46, replicate the payload, add a new header to the replicated payload and transmit replicated packet streams 54 and 56 to law enforcement agency gateway 24 via endpoints 58 and 60. Packet relay endpoints 44 and 48 also transmit the original payload via streams 50 and 52, respectively, to each other, adding new headers directing the packets to respective gateways 16 and 18. Alternatively, the entire packet may be replicated, then the replicated headers are stripped off and new headers added to redirect the replicated packets to their respective gateways.
  • streams 54 and 56 destined for law enforcement agency 14 should be unidirectional. Accordingly, endpoints 58 and 60 should be configured as send only in the direction of law enforcement agency gateway 24. Endpoints 58, 60 should be from the same resource pool as endpoints 44 and 48 so that the resource pools reflect what endpoints within centralized replicator 22 have internal connections between them so that media gateway controller 28 can send the appropriate connectivity messages to centralized replicator 22. Accordingly, a resource manager 62 is provided.
  • endpoints 58 and 60 should achieve a transmission time between endpoints that maintains low latency such that the total trip delay of the packets, including time to traverse centralized replicator 22, does not exceed the engineered threshold of the echo cancellers of the respective media gateways.
  • Resource manager 62 performs several basic functions to include allocation of resources, returning resources to a free pool and reporting on resources. Resource manager 62 can provide an interface to operating personnel to indicate what resources in centralized replicator 22 are to be used for bearer channel tandeming.
  • the connection to law enforcement agency 14 can occur in several forms to include dedicated lines, switched local links, dedicated trunks or switched remote links without departing from the scope of the invention.
  • law enforcement agency gateway 24 should be able to support all possible CODEC'S that can be negotiated between a subject 12 and an associate 20.
  • system 10 has been described as only performing a single replication for a single law enforcement agency, it should be understood that this is not a limitation of the present invention, as the incoming packet streams can be replicated at endpoints 44 and 48 multiple times, depending on the number of law enforcement agencies monitoring subject 12, by configuring the hardware comprising endpoints 44 and 48 for multiple replications.
  • the standard connectivity message from the call server can either be altered to perform the appropriate connection or the message can be split into multiple messages to perform the requested connection.
  • connection operation from the call server requesting a connection between subject 12 and associate 20 is modified into three separate connectivity operations. This is done by requesting separate connections from endpoints 42 and 44, from endpoints 46 and 48 and from endpoints 44 to 48.
  • a call agent or call processing 68 in response to electronic surveillance software 69, issues a connectivity message 70 to call discriminator 32 to make a subject to associate connection from a discriminator layer in connectivity software 72 to bearer channel tandeming connectivity software 74 which issues three separate media gateway control messages.
  • a first message 76 can initiate a connection from subject media gateway 16 ( Figure 4) to centralized replicator 22.
  • a second message 78 can initiate a connection from associate media gateway 18 to centralized replicator 22.
  • a third message 80 can instruct centralized replicator 22 to make an internal association between the centralized replicator 22 to subject media gateway 16 connection and the centralized replicator 22 to associate media gateway 18 connection.
  • media gateway controller 28 ( Figure 3) initiates the respective connections to law enforcement media gateway 24 by requesting two connections from endpoints 44 to 58 and 48 to 60 ( Figure 4) within centralized replicator 22 to law enforcement media gateway 24, where endpoints 58 and 60 connect to law enforcement media gateway 24, as illustrated in Figure 4 above.
  • a flowchart of the present invention is presented in Figure 6.
  • a call is initiated between a subject and an associate, Block 82.
  • the media gateway controller associated with the subject being monitored determines that the call is to be monitored, Block 84, and redirects the call to the media gateway controller of the LEA by associating the LEA media gateway with the destination (associate) media gateway, Block 86.
  • the media gateway controller associated with the law enforcement agency effects bearer channel tandeming by associating the endpoints of the subject and associate media gateways with endpoints within the centralized replicator, Block 88.
  • packets to and from the subject are redirected to the centralized replicator, Block 90, where the payload is replicated, Block 92, and new headers added to both the replicated payload and the original payload, Block 94.
  • the respective payloads are then transmitted to the recipient subject or associate and the LEA, Block 96.
  • Figure 7 represents generally the situation where a call-waiting feature is invoked.
  • each agent is serviced by a different media gateway controller.
  • a call is originated between subject 12 and first associate 20, as discussed above, until subject 12 and first associate 20 enter the talking state as discussed above with the law enforcement agency 14 receiving the call content.
  • a second associate 20' originates a call to subject 12.
  • Associate media gateway controller 30' performs call processing routing the call to subject media gateway 16 and it is determined that the call is subject to interception.
  • Centralized replicator 22 recognizes that subject 12 is engaged in an existing call.
  • LEA media gateway controller 28 instructs media gateway 16 to play a call waiting tone to subject 12.
  • subject 12 invokes a feature flash to receive the call originated by second associate 20'.
  • Subject media gateway controller 26 ( Figure 7) instructs centralized replicator 22 to break the connection between subject 12 and first associate 20.
  • Tandeming Connectivity software 74 ( Figure 5) intercepts this message, and alters it to only break the connection between endpoints 42 and 44 (shown in phantom).
  • Electronic Surveillance software 69 ( Figure 5) further requests the connections with LEA 14 be broken and thus the connections between endpoint 44 and 58 and 48 and 60 are broken (shown in phantom), but the connection between endpoints 44 and 48 and 48 and 46 remain in tact.
  • Tandeming Connectivity software 74 obtains two more endpoints 44' and 48' from resource manager 62 to tandem the call between subject 12, second associate 20' and LEA 14. Tandeming Connectivity software 74 initiates a connection between end points 42 and 44'. Tandeming Connectivity software 74 further initiates a connection between endpoints 44' and 48' within centralized replicator 22. The session description information of endpoints 42 and 44' are exchanged, and the session description information of 44' and 48' are exchanged to facilitate the completion of the bearer channel.
  • Subject media gateway controller 26 acknowledges endpoint 46' and responds with the session information of endpoint 48', in order to facilitate the completion of the bearer channel configuration.
  • Second associate 20' now enter the talking state with law enforcement agency 14 receiving the call content.
  • Second associate 20' terminates the call and subject 12 invokes a feature flash to return to first associate 20.
  • Subject media gateway controller 26 sends a message to break the connection between subject 12 and the message is intercepted and altered to only break the connection between end points 42 and 44'.
  • the connection with Law enforcement agency 14 is also broken, but the connections between endpoints 44' and 48' and 48' and 46' remain intact.
  • Second associate media gateway controller 30' (not shown) passes a clear forward message to subject media gateway controller 26 instructing connectivity to break the connection with second associate 20'.
  • Tandeming Connectivity software 74 ( Figure 5) intercepts the message and, determining that the other external agent has been removed from ( tf ⁇ e bearer channel tandem, instructs a break of the connections between end points 44' and 48', and 48' and 46'.
  • Endpoints 44' and 46' are returned to resource manager 62 to be reentered into the free pool.
  • Subject media gateway controller 26 ( Figure 7) sends a message to reestablish a connection between subject 12 and first associate 20.
  • Tandeming Connectivity software 74 ( Figure 5) intercepts this message, determines the given communication is already associated with a tandemed connection, and retrieving the endpoints in use, issues connectivity messages to reestablish the connection between endpoints 42 and 44.
  • Endpoints 42 and 44 are exchanged as previously discussed completing the bearer channel tandem.
  • Electronic Surveillance software 69 ( Figure 5) requests notification of the endpoints being used to tandem the bearer channel through centralized replicator 22.
  • Endpoints 58 and 60 are then connected to LEA media gateway 24 in order to provide capture of the call content.
  • Subject 12 and associate 20 are again in a talking state through a bearer channel established via endpoints 42 and 44, 44 and 48 and 48 and 46.
  • a conference call feature is established in a manner similar to call waiting.
  • a call is originated between subject 12 and first associate 20.
  • Subject media gateway controller 26 determines that the call is subject to monitoring and bearer channel tandeming is initiated connecting subject media gateway 16 and associate media gateway 18 via centralized replicator 22 as discussed above by LEA media gateway controller 26 associating respective end points within centralized replicator 22 with subject media gateway 16 and associate media gateway 18.
  • a connection is then initiated between end points within centralized replicator 22.
  • Associate media gateway 18 acknowledges the associated endpoint within centralized replicator 22, as if it were acknowledging subject media gateway 16, as discussed above with reference to Figure 3, and responds with the session description information of associate media gateway 18 and a bearer channel is configured between endpoints 42, 44, 46 and 48 ( Figure 4).
  • Subject 12 and associate 20 now enter a talking state and law enforcement agency 14 receives the replicated packet streams and monitors the call.
  • subject 12 can invoke a flash feature and originate or receive a call with a second associate 20'.
  • Subject media gateway controller 26 ( Figure 7) receives a message from the call agent of subject 12 to break the connection with first associate 20, which is intercepted due to the bearer channel tandeming, and media gateway controller 28 sends a modified message to centralized replicator 22 (rather than to associate media gateway 18) to break the connectivity of endpoints 42 and 44 (shown in phantom).
  • Electronic Surveillance software 69 ( Figure 5) further requests the connections with LEA 14 be broken and thus the connections between endpoint 44 and 58 and 48 and 60 are broken (shown in phantom), but the connection between endpoints 44 and 48 and 48 and 46 temporarily remain in tact.
  • the media gateway determines that the call is subject to monitoring, and two more endpoints 44' and 48' within centralized replicator 22 are allocated by resource manager 62 and configured to tandem the call to second associate 20'. A connection is then initiated between endpoints 42 and 44' and media gateway controller 28 passes the endpoint of 48' to the media gateway controller 30' associated with second associate 20'. A connection is then initiated between 44' and 48' within centralized replicator 22.
  • the session description information of 42 and 44' are exchanged and the session description information of 44' and 48' are exchanged to facilitate the completion of the bearer channel tandeming. At this point a bearer channel is configured between 42 and 44', 44' and 48', and 48' and 46'.
  • a connection is then initiated from centralized replicator 22 to LEA 14 via endpoints 44'and 58' and 48' and 60'.
  • Subject 12 can now talk with second associate 20' and LEA 14 can intercept the content.
  • Subject 12 then invokes a feature flash to join first associate 20 in a three-way call.
  • Connectivity software (Figure 5) requests that all connections associated with the previous legs be broken (shown in phantom) to enable the three-way call. Accordingly, the connection of end points 44 and 48, 48 and 46 and 44' and 48' and 48' and 46' are broken along with the corresponding LEA connection and all resources are returned to the resource pool.
  • Media gateway controller 28 requests a connection between subject 12, first associate 20 and second associate 20' through conferenced ports 98, 100 and 102, as shown in Figure 9.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system and method for intercepting a telecommunication signal (fig. 6 box 86) are generally provided, in which the system and method affect receiving a telecommunication packet, comprising a header and a payload, removing a first header from the packet, replicating the payload (fig. 6 box 92) and adding a second header to the replicated payload (fig. 6 box 94) and directing the replicated payload to the address associated with the second (fig. 6 box 96).

Description

Cross Reference to Related Applications
This application claims priority to United States Provisional Patent Application serial number 60/239,048, filed October 10, 2000, entitled LAWFUL INTERCEPT VIA CENTRALIZED REPLICATOR and is incorporated herein by this reference.
Background of the Invention
In law enforcement, it is sometimes necessary to monitor an individual or group of individuals to support allegations of illegal activity. Indeed, many countries mandate that telecommunications service providers and equipment manufacturers provide a law enforcement agency the ability to perform lawful interception of telecommunications to and from a subject being monitored.
Historically, lawful intercept consisted of using alligator clips which a law enforcement agency would physically clip to, thereby tapping into, the telecommunication line of a subject (the monitored party) and monitor calls to or from an associate (a party calling or being called by the subject.)
There are two categories of intercept, call data and call content. Call data intercept includes monitoring call events, for example, monitoring if the subject originates a call, or if a call is terminated on the subject, or if a call is forwarded elsewhere. This type of monitoring, known as pen register, provides the phone number of both the person called and the person calling, along with call events and time-date stamps of when the events occurred. In contrast, call content includes the actual content of the call, i.e., the conversation that takes place, plus call data. Call content is transmitted to the law enforcement agency in real time so that the law enforcement agency can monitor the conversation as it happens.
This transmission must be transparent to the subject and the associates so that they are not aware that they are being monitored. As telecommunications equipment evolved, modules were provided in the telecommunication switch that provided the law enforcement agency the ability to lawfully intercept telecommunications. For example in a Time Division
Multiplexed (TDM) switch such as the Nortel Networks DMS -100, a switch network fabric provides an access point that allows a law enforcement agency to tap the subject's phone line. This type of centrally located access point is known as an Intercept Access Point (IAP). The resulting information is then provided to the law enforcement agency.
As telecommunications have evolved to packet based communications, to include Internet Protocol (IP) and Asynchronous Transfer Mode (ATM) protocols, the changing architecture of the telecommunications switches has necessarily made the interception of content more difficult.
In September of 1998, the Federal Communications Committee (FCC) ruled that new TDM equipment must have lawful intercept capability built in.
Moreover, in August of 1999 the FCC ruled that packet communications interception capability will be required by September 30, 2001.
Accordingly, there is a need to be able to intercept voice over packet communications in a manner that satisfies governmental requirements, is transparent to the subject and the associate, in real time, and works with standard protocols such as IP and ATM applications.
Summary of the Invention
The invention results from the realization that a truly efficient and effective system and method for intercepting voice over packet communications is achieved in which a packet communication signal directed to or from a subject is received by a centralized replicator. The header is stripped from the packet leaving only the payload, the payload is replicated, a header is added to the replicated payload and the replicated payload is transmitted to a Law Enforcement Agency. A header is added to the original payload and the packet is retransmitted to the intended recipient. Alternatively, the entire packet can be replicated and the headers stripped off both the original packet and the replicated packet and a new header added to each payload. The payloads are then transmitted to the intended recipient and the Law Enforcement Agency. In one embodiment, there is provided a method of intercepting a telecommunication signal including receiving a telecommunication packet comprising a predetermined header and a payload, removing the predetermined header from the packet, replicating the payload, adding a new header to replicated payload and directing the replicated payload to the address associated with the new header. It can be determined whether a telecommunication packet is to be monitored. The new header can be associated with one of an intended recipient and a law enforcement agency. The predetermined header can be replaced with a second predetermined header. This replacement can occur before or after replication of the payload. The second predetermined header can be associated with the other of the intended recipient and the law enforcement agency. The payload can be directed to the address associated with the second predetermined header.
In another embodiment there is provided a system for intercepting a telecommunication signal. The system includes an audio server, responsive to a telecommunication signal, for receiving a telecommunication packet comprising a predetermined header and a payload, a termination point for removing the predetermined header from the packet, for replicating the payload and for adding a new header to replicated payload and a relay point for directing the replicated payload to the address associated with the new header.
The new header can be associated with one of an intended recipient and a law enforcement agency. There can be a media gateway for directing the telecommunication signal to the audio server and also a media gateway controller, responsive to the media gateway, for determining that the telecommunication packet is to be intercepted. The media gateway controller can include a call discriminator, responsive to the telecommunications signal, for determining that the telecommunication signal is subject to interception. There can be a second termination point for adding a second predetermined header to the payload. The second predetermined header can be associated with the other of the intended recipient and the law enforcement agency. There can be a second relay point for directing the payload to the address associated with the second predetermined header. In yet another embodiment, there is provided a method for intercepting a telecommunication signal by receiving a telecommunication packet comprising a predetermined header and a payload, removing the predetermined header from the packet, replicating the payload, adding a new header to replicated payload and directing the replicated payload to the address associated with the new header.
It can be determined whether the telecommunication packet is to be intercepted. The new header can be associated with one of an intended recipient and a law enforcement agency. The predetermined header can be removed from the payload and replaced with a second predetermined header. This replacement can occur before or after replication of the payload. The second predetermined header can be associated with the other of the intended recipient and the law enforcement agency. The payload can be directed to the address associated with second predetermined header.
There is further provided a method of redirecting a telecommunication signal. The method includes receiving a telecommunication packet comprising a header and a payload, removing the predetermined header from the packet, adding a second predetermined header to payload and directing the replicated payload to the address associated with the second predetermined header. It can be determined whether a telecommunication packet is to be redirected. The second predetermined header can be associated with one of an intended recipient and a law enforcement agency. The payload can be replicated. This replication can occur before or after the predetermined header is removed. A new header can be added to the replicated payload and the replicated payload can be directed to the address associated with second predetermined header. The new header can be associated with the other of the intended recipient and the law enforcement agency.
There is still further provided a method of monitoring a telecommunication signal to or from a subject being monitored from or to an associate. The method includes determining that a telecommunication signal is subject to being monitored, establishing a connection between a first gateway associated with one of a subject being monitored and an associate and a first termination point representing a second gateway associated with the other of the associate and the subject, establishing a connection between the second gateway and a second termination point representing the first gateway and establishing a connection between the first termination point and the second termination point to establish a bearer channel between the subject and the associate wherein the first and second gateways appear to be connection directly. A connection can be established from at least one of the first termination point and the second termination point to a gateway associated with other than the subject and the associate concurrently with the connection between the first termination point and the second termination point. There is provided even still further a method of redirecting a telecommunications signal intended for one of a subject and an associate by associating a first termination point with a first intended termination point of a first media gateway, associating a second termination point with a second intended termination point of a second media gateway, establishing a connection between the first intended termination point and the second termination point, establishing a connection between the second intended termination point and the first termination point and establishing a connection between the first termination point and the second termination point wherein the first intended termination point and the second termination point appear to be connected directly.
Brief Description of the Drawings
Figure 1 is a schematic block diagram generally representing a system for intercepting packet communications including a centralized replicator according to the present invention;
Figure 2 is a more detailed schematic block diagram, similar to Figure 1 , including a media gateway controller associated with each media gateway for implementing the necessary connections to affect interception of packet communications; Figure 3 is a schematic block diagram, similar to Figure 1 , demonstrating the actual and ephemeral connections when implementing the call intercept according to one aspect of the present invention; Figure 4 is a schematic block diagram demonstrating associated connections internal to the centralized replicator for affecting bearer channel tandeming for intercepting packet communications;
Figure 5 is a schematic block diagram representing bearer channel tandeming by the call discriminator in response to a requirement to intercept packet communications;
Figure 6 is a flow chart representing one method of intercepting packet communications according to the present invention;
Figure 7 is a schematic block diagram, similar to Figure 2, in which a second associate establishes a call to a subject being monitored and a call waiting feature is invoked;
Figure 8 is a schematic block diagram, similar to figure 4, demonstrating the connection topology within the centralized replicator when the call-waiting feature is invoked; and Figure 9 is a schematic block diagram, similar to Figure 8, demonstrating the connection topology within the centralized replicator when a conference call feature is invoked.
Detailed Description
According to the present invention there is generally provided a system 10, Figure 1 , which can intercept a packet telecommunication signal to or from a subject 12 being monitored, for example, by a Law Enforcement Agency (LEA) 14. There is a first, or subject, media gateway 16 associated with subject 12 being monitored and a second, or associate, media gateway 18 associated with an associate 20 who is calling or being called by subject 12. There can also be a wireless associate media gateway 18' where an associate 20' is communicating with subject 12 over a wireless phone.
A call is initiated between subject 12 and associate 20. It is determined that the telecommunication signal is one targeted for monitoring and is to be intercepted. Accordingly, for a call from associate 20 to subject 18, the telecommunication signal, rather than being sent directly to the intended associate media gateway 18, is redirected from subject media gateway 16 to a centralized replicator 22 which may, for example, comprise a universal audio server associated with LEA 14. When centralized replicator 22 receives the telecommunication signal, comprised of individual packets with each packet including a header and a payload, centralized replicator 22 removes the header from the packet leaving the payload intact. Centralized replicator 22 replicates the payload, adds a header to the replicated payload and transmits the replicated payload to a law enforcement agency gateway 24. Once the payload has been replicated a header is added to the original payload and that packet is retransmitted by centralized replicator 22 to associate media gateway 18/18' for delivery to associate 20/20' .
Alternatively, the entire incoming packet can be replicated, including header and payload. Once the packet has been replicated, the headers of the original and replicated packets are removed. A new header is added to the replicated payload for delivery to law enforcement agency 14 and a new header is added to the original payload for delivery to the respective intended recipient, subject 12 or associate 20.
Referring now to Figure 2, associated with each media gateway 16, 24 and 18, can be a media gateway controller 26, 28 and 30, respectively. As used herein, a media gateway controller refers to one or more devices whose functionality can include performing media gateway control signaling and call processing functions. Each associated gateway controller can include a call discriminator 32 comprising call processing software that determines that a call from or between associated gateways, for example subject media gateway 16 to associate media gateway 18, is in fact subject to monitoring. There can be included within discriminator 32, for example, a lawful intercept database that identifies subscribers, e.g., subject 12, who are subject to a surveillance order. Once it has been determined that the call is subject to monitoring, subject media gateway controller 26 sends a first message, for example using Media Gateway Control Protocol (MGCP) or H.248 protocol, to LEA media gateway 28 to effect a connection between subject media gateway 16 and centralized replicator 22 and another message to effect a connection between associate media gateway 18 and centralized replicator 22. The redirection of the call through centralized replicator 22 is transparent to call processing and service functions and the call appears to be set up normally as if subject media gateway 16 and associate media gateway 18 were connected directly. The above example assumes that subject 12 and associate 20 do not share a common gateway. However, a shared gateway would not change the operation of the subject invention as call discrimination and packet replication would take place in the same manner, transparent to the caller.
LEA Media gateway controller 28 effects redirection of the call from the intended recipient and instructs centralized replicator 22 to make internal connections, referred to as bearer channel tandeming, in order to facilitate packet replication as will be discussed further in reference to Figure 4. Once media gateway controller 28 has established the necessary connections between subject media gateway 16, centralized replicator 22 and associate media gateway 18, media gateway controller 28 initiates the connections between centralized replicator 22 and law enforcement agency media gateway 24 which is then connected to LEA 14.
Accordingly, a call subject to monitoring will contain packets whose headers have been altered or substituted such that instead of the packets^being transmitted to and from gateways 16 and 18 directly (the intended recipients), the packets are redirected to centralized replicator 22 for replication. Media gateway controller 28 alters the address information of the messages such that it appears to subject media gateway 16 that the message is coming from associate media gateway 18 and messages sent to associate media gateway 18 appear to come from subject media gateway 16.
As shown in Figure 3, subject media gateway controller 26 sends a message 27 with the session description information, for example using a protocol such as the Session Description Protocol (SDP), of subject media gateway 16 to LEA media gateway controller 28. Media gateway controller 28 sends a message 29 including the session information of media gateway 16 to associate media gateway controller 30, but with the address of centralized replicator 22. Similarly, associate media gateway controller 30 sends a message 31 acknowledging the session description of media gateway 16 with the session description of associate media gateway 18. LEA media gateway controller 28 sends a message 33 acknowledging the session description of subject media gateway 16 with the session description of associate media gateway 18, but with the address of centralized replicator 22.
Accordingly, a communication path from subject media gateway 16 to associate media gateway 18 is tandemed through centralized replicator 22, but is transparent to subject 12 or associate 20.
Figure 4 further demonstrates how bearer channel tandeming can be accomplished through centralized replicator 22 by modifying the association between packet streams and endpoints to affect the connections and representations demonstrated in Figure 3.
Packet streams 34, 36, 38 and 40 originate from associated endpoints 42, 44, 46 and 48, respectively. Accordingly, the respective transmit and receive streams 34/36 of endpoint 42, while appearing to be associated with endpoint 46 (associate media gateway 18), are associated with end point 44 within centralized replicator 22. Similarly, respective transmit and receive streams 38/40 of endpoint 46 are associated with end point 48 while appearing to be associated with end point 42 (subject media gateway 16). Finally, internal streams 50 and 52 are associated with end points 44 and 48. Connections to end points 42, 44, 46 and 48 are initiated from media gateway controller 28 (Figure 3) where endpoints 42 and 46 are the recognized originator and terminator endpoints.
Endpoints 42 and 46 are typically configured to convert the TDM information from subject 12 or associate 20 into, for example, IP or ATM packets or cells depending upon the fabric of centralized replicator 22. Similarly, information received at these endpoints from centralized replicator 22 is converted from IP/ATM to TDM. In contrast, endpoints 44 and 48 within centralized replicator 22 are typically configured only as packet relay points and do not provide any transcoding or jitter correction in order to minimize latency and reduce the risk of detection by subject 12 or associate 20 of the monitoring. Flow control buffers (not shown) can be provided to avoid loosing packets. Packet relay endpoints 44 and 48, respectively, strip the header off incoming packet streams 34 and 38 that they receive from respective endpoints 42 and 46, replicate the payload, add a new header to the replicated payload and transmit replicated packet streams 54 and 56 to law enforcement agency gateway 24 via endpoints 58 and 60. Packet relay endpoints 44 and 48 also transmit the original payload via streams 50 and 52, respectively, to each other, adding new headers directing the packets to respective gateways 16 and 18. Alternatively, the entire packet may be replicated, then the replicated headers are stripped off and new headers added to redirect the replicated packets to their respective gateways.
In order to ensure transparency to subject 12 and associate 20 of the intercept, streams 54 and 56 destined for law enforcement agency 14 should be unidirectional. Accordingly, endpoints 58 and 60 should be configured as send only in the direction of law enforcement agency gateway 24. Endpoints 58, 60 should be from the same resource pool as endpoints 44 and 48 so that the resource pools reflect what endpoints within centralized replicator 22 have internal connections between them so that media gateway controller 28 can send the appropriate connectivity messages to centralized replicator 22. Accordingly, a resource manager 62 is provided. Moreover, endpoints 58 and 60, as with packet relay endpoints 44 and 48, should achieve a transmission time between endpoints that maintains low latency such that the total trip delay of the packets, including time to traverse centralized replicator 22, does not exceed the engineered threshold of the echo cancellers of the respective media gateways. Resource manager 62 performs several basic functions to include allocation of resources, returning resources to a free pool and reporting on resources. Resource manager 62 can provide an interface to operating personnel to indicate what resources in centralized replicator 22 are to be used for bearer channel tandeming. The connection to law enforcement agency 14 can occur in several forms to include dedicated lines, switched local links, dedicated trunks or switched remote links without departing from the scope of the invention. A monitoring point 64 within law enforcement agency 14, which may include an audio device, can receive the call content via a TDM multiplexed mixing bridge 66. Monitoring point 64 receives the call content in real time, thus at the same time subject 12 hears the ring from associate 20, law enforcement agency 14 also hears the ring back. As will be apparent to those skilled in the art, law enforcement agency gateway 24 should be able to support all possible CODEC'S that can be negotiated between a subject 12 and an associate 20.
While system 10 has been described as only performing a single replication for a single law enforcement agency, it should be understood that this is not a limitation of the present invention, as the incoming packet streams can be replicated at endpoints 44 and 48 multiple times, depending on the number of law enforcement agencies monitoring subject 12, by configuring the hardware comprising endpoints 44 and 48 for multiple replications.
Despite the changes in the connection messages as described above, neither subject 12 nor associate 20 are provided an indication that the call is being redirected through centralized replicator 22.
When it is determined that a call is to be monitored, the standard connectivity message from the call server can either be altered to perform the appropriate connection or the message can be split into multiple messages to perform the requested connection.
By way of example, the connection operation from the call server requesting a connection between subject 12 and associate 20 is modified into three separate connectivity operations. This is done by requesting separate connections from endpoints 42 and 44, from endpoints 46 and 48 and from endpoints 44 to 48.
As shown in Figure 5, a call agent or call processing 68, in response to electronic surveillance software 69, issues a connectivity message 70 to call discriminator 32 to make a subject to associate connection from a discriminator layer in connectivity software 72 to bearer channel tandeming connectivity software 74 which issues three separate media gateway control messages. A first message 76 can initiate a connection from subject media gateway 16 (Figure 4) to centralized replicator 22. A second message 78 can initiate a connection from associate media gateway 18 to centralized replicator 22. A third message 80 can instruct centralized replicator 22 to make an internal association between the centralized replicator 22 to subject media gateway 16 connection and the centralized replicator 22 to associate media gateway 18 connection.
Once the associated connection between subject 12 and associate 20 has been configured, media gateway controller 28 (Figure 3) initiates the respective connections to law enforcement media gateway 24 by requesting two connections from endpoints 44 to 58 and 48 to 60 (Figure 4) within centralized replicator 22 to law enforcement media gateway 24, where endpoints 58 and 60 connect to law enforcement media gateway 24, as illustrated in Figure 4 above. A flowchart of the present invention is presented in Figure 6. A call is initiated between a subject and an associate, Block 82. The media gateway controller associated with the subject being monitored determines that the call is to be monitored, Block 84, and redirects the call to the media gateway controller of the LEA by associating the LEA media gateway with the destination (associate) media gateway, Block 86. The media gateway controller associated with the law enforcement agency effects bearer channel tandeming by associating the endpoints of the subject and associate media gateways with endpoints within the centralized replicator, Block 88.
Once tandeming of the bearer channel has been affected, packets to and from the subject are redirected to the centralized replicator, Block 90, where the payload is replicated, Block 92, and new headers added to both the replicated payload and the original payload, Block 94. The respective payloads are then transmitted to the recipient subject or associate and the LEA, Block 96.
Figure 7 represents generally the situation where a call-waiting feature is invoked. For illustrative purposes, each agent is serviced by a different media gateway controller. A call is originated between subject 12 and first associate 20, as discussed above, until subject 12 and first associate 20 enter the talking state as discussed above with the law enforcement agency 14 receiving the call content.
A second associate 20' originates a call to subject 12. Associate media gateway controller 30' performs call processing routing the call to subject media gateway 16 and it is determined that the call is subject to interception. Centralized replicator 22 recognizes that subject 12 is engaged in an existing call. LEA media gateway controller 28 instructs media gateway 16 to play a call waiting tone to subject 12. Referring now to Figure 8, subject 12 invokes a feature flash to receive the call originated by second associate 20'. Subject media gateway controller 26 (Figure 7) instructs centralized replicator 22 to break the connection between subject 12 and first associate 20. However, Tandeming Connectivity software 74 (Figure 5) intercepts this message, and alters it to only break the connection between endpoints 42 and 44 (shown in phantom). Electronic Surveillance software 69 (Figure 5) further requests the connections with LEA 14 be broken and thus the connections between endpoint 44 and 58 and 48 and 60 are broken (shown in phantom), but the connection between endpoints 44 and 48 and 48 and 46 remain in tact.
Tandeming Connectivity software 74 obtains two more endpoints 44' and 48' from resource manager 62 to tandem the call between subject 12, second associate 20' and LEA 14. Tandeming Connectivity software 74 initiates a connection between end points 42 and 44'. Tandeming Connectivity software 74 further initiates a connection between endpoints 44' and 48' within centralized replicator 22. The session description information of endpoints 42 and 44' are exchanged, and the session description information of 44' and 48' are exchanged to facilitate the completion of the bearer channel.
Subject media gateway controller 26 acknowledges endpoint 46' and responds with the session information of endpoint 48', in order to facilitate the completion of the bearer channel configuration.
At this point a bearer channel is configured between end points 42 and 44', 44' and 48' and 48'and 46'. Subject 12 and second associate 20' now enter the talking state with law enforcement agency 14 receiving the call content. Second associate 20' terminates the call and subject 12 invokes a feature flash to return to first associate 20. Subject media gateway controller 26 sends a message to break the connection between subject 12 and the message is intercepted and altered to only break the connection between end points 42 and 44'. The connection with Law enforcement agency 14 is also broken, but the connections between endpoints 44' and 48' and 48' and 46' remain intact. Second associate media gateway controller 30' (not shown) passes a clear forward message to subject media gateway controller 26 instructing connectivity to break the connection with second associate 20'. Tandeming Connectivity software 74 (Figure 5) intercepts the message and, determining that the other external agent has been removed from(tfιe bearer channel tandem, instructs a break of the connections between end points 44' and 48', and 48' and 46'.
Endpoints 44' and 46' are returned to resource manager 62 to be reentered into the free pool. Subject media gateway controller 26 (Figure 7) sends a message to reestablish a connection between subject 12 and first associate 20. Tandeming Connectivity software 74 (Figure 5) intercepts this message, determines the given communication is already associated with a tandemed connection, and retrieving the endpoints in use, issues connectivity messages to reestablish the connection between endpoints 42 and 44.
The session information of end points 42 and 44 are exchanged as previously discussed completing the bearer channel tandem. Electronic Surveillance software 69 (Figure 5) requests notification of the endpoints being used to tandem the bearer channel through centralized replicator 22. Endpoints 58 and 60 are then connected to LEA media gateway 24 in order to provide capture of the call content. Subject 12 and associate 20 are again in a talking state through a bearer channel established via endpoints 42 and 44, 44 and 48 and 48 and 46.
Referring to Figure 7 once again, a conference call feature is established in a manner similar to call waiting. A call is originated between subject 12 and first associate 20. Subject media gateway controller 26 determines that the call is subject to monitoring and bearer channel tandeming is initiated connecting subject media gateway 16 and associate media gateway 18 via centralized replicator 22 as discussed above by LEA media gateway controller 26 associating respective end points within centralized replicator 22 with subject media gateway 16 and associate media gateway 18. A connection is then initiated between end points within centralized replicator 22. Associate media gateway 18 acknowledges the associated endpoint within centralized replicator 22, as if it were acknowledging subject media gateway 16, as discussed above with reference to Figure 3, and responds with the session description information of associate media gateway 18 and a bearer channel is configured between endpoints 42, 44, 46 and 48 (Figure 4). A connection between law enforcement agency gateway 24 and end points within centralized replicator 22 as discussed in Figure 4 above, is established. Subject 12 and associate 20 now enter a talking state and law enforcement agency 14 receives the replicated packet streams and monitors the call.
Referring again to Figure 8, subject 12 can invoke a flash feature and originate or receive a call with a second associate 20'. Subject media gateway controller 26 (Figure 7) receives a message from the call agent of subject 12 to break the connection with first associate 20, which is intercepted due to the bearer channel tandeming, and media gateway controller 28 sends a modified message to centralized replicator 22 (rather than to associate media gateway 18) to break the connectivity of endpoints 42 and 44 (shown in phantom). Electronic Surveillance software 69 (Figure 5) further requests the connections with LEA 14 be broken and thus the connections between endpoint 44 and 58 and 48 and 60 are broken (shown in phantom), but the connection between endpoints 44 and 48 and 48 and 46 temporarily remain in tact.
With respect to the new caller, the media gateway determines that the call is subject to monitoring, and two more endpoints 44' and 48' within centralized replicator 22 are allocated by resource manager 62 and configured to tandem the call to second associate 20'. A connection is then initiated between endpoints 42 and 44' and media gateway controller 28 passes the endpoint of 48' to the media gateway controller 30' associated with second associate 20'. A connection is then initiated between 44' and 48' within centralized replicator 22. The session description information of 42 and 44' are exchanged and the session description information of 44' and 48' are exchanged to facilitate the completion of the bearer channel tandeming. At this point a bearer channel is configured between 42 and 44', 44' and 48', and 48' and 46'. A connection is then initiated from centralized replicator 22 to LEA 14 via endpoints 44'and 58' and 48' and 60'. Subject 12 can now talk with second associate 20' and LEA 14 can intercept the content. Subject 12 then invokes a feature flash to join first associate 20 in a three-way call. Connectivity software (Figure 5) requests that all connections associated with the previous legs be broken (shown in phantom) to enable the three-way call. Accordingly, the connection of end points 44 and 48, 48 and 46 and 44' and 48' and 48' and 46' are broken along with the corresponding LEA connection and all resources are returned to the resource pool. Media gateway controller 28 requests a connection between subject 12, first associate 20 and second associate 20' through conferenced ports 98, 100 and 102, as shown in Figure 9.

Claims

Claims
What is claimed is: 1. A method of intercepting a telecommunication signal, the method comprising: (a) receiving a telecommunication packet comprising a predetermined header and a payload; (b) removing the predetermined header from the packet; (c) replicating the payload; (d) adding a new header to replicated payload; and (e) directing the replicated payload to the address associated with the new header.
2. The method of claim 1 further comprising the step of determining that a telecommunication packet is to be monitored.
3. The method of claim 1 further comprising the step of associating the new header with one of an intended recipient and a law enforcement agency.
4. The method of claim 3 further comprising the step of replacing the predetermined header with a second predetermined header.
5. The method of claim 4 further comprising the step of associating the second predetermined header with the other of the intended recipient and the law enforcement agency.
6. The method of claim 4 in which the step of replacing occurs after the step of replicating.
7. The method of claim 5 further comprising the step of directing the payload to the address associated with the second predetermined header.
8. A system for intercepting a telecommunication signal, the system comprising:
(a) an audio server, responsive to a telecommunication signal, for receiving a telecommunication packet comprising a predetermined header and a payload;
(b) a termination point for removing the predetermined header from the packet, for replicating the payload and for adding a new header to replicated payload; and
(c) a relay point for directing the replicated payload to the address associated with the new header.
9. The system of claim 8 further comprising a media gateway for directing the telecommunication signal to the audio server.
10 The system of claim 8 in which the new header is associated with one of an intended recipient and a law enforcement agency.
11. The system of claim 9 further comprising a media gateway controller, responsive to a media gateway, for determining that a telecommunication packet is to be intercepted.
12. The system of claim 11 in which the media gateway controller includes a call discriminator, responsive to the telecommunications signal, for determining that the telecommunication signal is subject to interception.
13. The system of claim 12 further comprising a second termination point for adding a second predetermined header to the payload.
14. The system of claim 13 in which the second predetermined header is associated with the other of the intended recipient and the law enforcement agency.
15. The system of claim 14 further comprising a second relay point for directing the payload to the address associated with second predetermined header.
16. A method of intercepting a telecommunication signal, the method comprising: (a) receiving a telecommunication packet comprising a predetermined header and a payload; (b) removing the predetermined header from the packet; (c) replicating the payload; (d) adding a new header to replicated payload; and (e) directing the replicated payload to the address associated with the new header.
17. The method of claim 16 further including the step of determining that a telecommunication packet is to be intercepted.
18. The method of claim 16 further comprising the step of associating the new header with one of an intended recipient and a law enforcement agency.
19. The method of claim 18 further including the step of replacing the predetermined header removed from the payload with a second predetermined header.
20. The method of claim 19 further comprising the step of associating the second predetermined header with the other of the intended recipient and the law enforcement agency.
21. The method of claim 19 in which the step of replacing occurs after the step of replicating.
22. The method of claim 20 further comprising the step of directing the payload to the address associated with second predetermined header.
23. A method of redirecting a telecommunication signal, the method comprising: (a) receiving a telecommunication packet comprising a header and a payload; (b) removing the predetermined header from the packet; (c) adding a second predetermined header to payload; and (d) directing the replicated payload to the address associated with the second predetermined header.
24. The method of claim 23 further comprising the step of determining that a telecommunication packet is to be redirected.
25. The method of claim 23 further comprising the step of replicating the payload.
26. The method of claim 25 wherein the step of replicating includes replicating the payload before the predetermined header is removed.
27. The method of claim 23 further comprising the step of associating the second predetermined header with one of an intended recipient and a law enforcement agency.
28. The method of claim 27 further comprising the step of adding a new header to the replicated payload.
29. The method of claim 28 further comprising the step of associating the new header with the other of the intended recipient and the law enforcement agency.
30. The method of claim 29 further comprising the step of directing the replicated payload to the address associated with the new header.
31. A method of monitoring a telecommunication signal to or from a subject being monitored from or to an associate, the method comprising the steps of: (a) determining that a telecommunication signal is subject to being monitored; (b) establishing a connection between a first gateway associated with one of a subject being monitored and an associate and a first termination point representing a second gateway associated with the other of the associate and the subject; (c) establishing a connection between the second gateway and a second termination point representing the first gateway; and (d) establishing a connection between the first termination point and the second termination point to establish a bearer channel between the subject and the associate wherein the first and second gateways appear to be connection directly.
32. The method of claim 31 , further comprising the step of establishing a connection from at least one of the first termination point and the second termination point to a gateway associated with other than the subject and the associate concurrently with the connection between the first termination point and the second termination point.
33. A method of redirecting a telecommunications signal intended for one of a subject and an associate, the method comprising: (a) associating a first termination point with a first intended termination point of a first media gateway; (b) associating a second termination point with a second intended termination point of a second media gateway; (c) establishing a connection between the first intended termination point and the second termination point; (d) establishing a connection between the second intended termination point and the first termination point; and (e) establishing a connection between the first termination point and the second termination point wherein the first intended termination point and the second termination point appear to be connected directly.
PCT/US2001/031548 2000-10-10 2001-10-09 System and method for intercepting telecommunications WO2002082782A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
DE60133316T DE60133316T2 (en) 2000-10-10 2001-10-09 SYSTEM AND METHOD FOR TERMINATING TELECOMMUNICATIONS
EP01273516A EP1362456B1 (en) 2000-10-10 2001-10-09 System and method for intercepting telecommunications
AU2001297701A AU2001297701A1 (en) 2000-10-10 2001-10-09 System and method for intercepting telecommunications
CA002437275A CA2437275A1 (en) 2000-10-10 2001-10-09 System and method for intercepting telecommunications
US10/181,288 US20030179747A1 (en) 2000-10-10 2001-10-09 System and method for intercepting telecommunications

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US23904800P 2000-10-10 2000-10-10
US60/239,048 2000-10-10

Publications (2)

Publication Number Publication Date
WO2002082782A2 true WO2002082782A2 (en) 2002-10-17
WO2002082782A3 WO2002082782A3 (en) 2003-04-24

Family

ID=22900376

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/031548 WO2002082782A2 (en) 2000-10-10 2001-10-09 System and method for intercepting telecommunications

Country Status (6)

Country Link
US (1) US20030179747A1 (en)
EP (1) EP1362456B1 (en)
AU (1) AU2001297701A1 (en)
CA (1) CA2437275A1 (en)
DE (1) DE60133316T2 (en)
WO (1) WO2002082782A2 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2383921A (en) * 2002-01-08 2003-07-09 Siemens Plc Replicating packets of a communications signal for recording
WO2005034369A2 (en) 2003-10-01 2005-04-14 Santera Systems, Inc. Methods and systems for providing lawful intercept of a media stream in a media gateway
EP1879368A1 (en) * 2006-07-13 2008-01-16 Aastra Matra Telecom Recording communications in a telecommunications network
US7688823B2 (en) 2002-06-04 2010-03-30 Alcatel-Lucent Usa Inc. Efficient mechanism for wire-tapping network traffic
US9137385B2 (en) 2006-11-02 2015-09-15 Digifonica (International) Limited Determining a time to permit a communications session to be conducted
US9143608B2 (en) 2006-11-29 2015-09-22 Digifonica (International) Limited Intercepting voice over IP communications and other data communications
US9154417B2 (en) 2009-09-17 2015-10-06 Digifonica (International) Limited Uninterrupted transmission of internet protocol transmissions during endpoint changes
EP1782607B1 (en) * 2004-08-20 2016-05-25 Nokia Solutions and Networks GmbH & Co. KG Method and device for tapping useful data of multimedia connections in a packet-oriented network
US9505897B2 (en) 2011-06-01 2016-11-29 Compagnie Generale Des Etablissements Michelin Tyre, the tread of which comprises a heat-expandable rubber composition reducing noise during travel
US9565307B2 (en) 2007-03-26 2017-02-07 Voip-Pal.Com, Inc. Emergency assistance calling for voice over IP communications systems
US10880721B2 (en) 2008-07-28 2020-12-29 Voip-Pal.Com, Inc. Mobile gateway

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7152103B1 (en) * 2001-01-10 2006-12-19 Nortel Networks Limited Lawful communication interception—intercepting communication associated information
JP4073754B2 (en) * 2002-10-29 2008-04-09 富士通株式会社 Frame transfer device
US20040095894A1 (en) * 2002-11-15 2004-05-20 Jaana Eloranta Method and system for handling connection information in a communication network
US7436835B2 (en) * 2003-05-30 2008-10-14 Lucent Technologies Inc. Forced bearer routing for packet-mode interception
US7492728B1 (en) * 2003-07-17 2009-02-17 Nortel Networks Limited Call handling in a packet voice network
EP1528774A1 (en) * 2003-10-30 2005-05-04 Alcatel Method and system of providing lawful interception of calls
ATE328424T1 (en) * 2004-06-08 2006-06-15 France Telecom SYSTEM AND METHOD FOR TESTING A ROUTER
US8116307B1 (en) 2004-09-23 2012-02-14 Juniper Networks, Inc. Packet structure for mirrored traffic flow
PL1825662T3 (en) * 2004-12-16 2018-06-29 Telefonaktiebolaget Lm Ericsson (Publ) Lawful interception of personalized ring back tones
EP1889440B1 (en) * 2005-05-31 2011-11-23 Telefonaktiebolaget LM Ericsson (publ) Lawful interception method and architecture for transparent transmission of interception information
CN100384160C (en) * 2005-07-14 2008-04-23 华为技术有限公司 Method and apparatus for monitoring video-calling
US20070121812A1 (en) * 2005-11-22 2007-05-31 Samsung Electronics Co., Ltd. System and method for lawful intercept detection of call data and call content
US7657011B1 (en) 2006-03-16 2010-02-02 Juniper Networks, Inc. Lawful intercept trigger support within service provider networks
DE102006014921A1 (en) * 2006-03-30 2007-10-18 Siemens Ag Lawful interception method for call forwarding in a packet-oriented telecommunications network
EP1885138B1 (en) * 2006-07-11 2012-06-06 Hewlett-Packard Development Company, L.P. Signalling gateway
US20080031259A1 (en) * 2006-08-01 2008-02-07 Sbc Knowledge Ventures, Lp Method and system for replicating traffic at a data link layer of a router
US8599747B1 (en) * 2006-12-20 2013-12-03 Radisys Canada Inc. Lawful interception of real time packet data
US8427981B2 (en) * 2007-02-23 2013-04-23 Interactive Intelligence, Inc. System and method for recording and monitoring communications using a media server
US7978620B2 (en) * 2007-05-14 2011-07-12 Cisco Technology, Inc. Dynamically troubleshooting voice quality

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6147994A (en) * 1996-05-28 2000-11-14 Sprint Communications Company, L.P. Telecommunications system with a connection processing system
US6246688B1 (en) * 1999-01-29 2001-06-12 International Business Machines Corp. Method and system for using a cellular phone as a network gateway in an automotive network
US6356546B1 (en) * 1998-08-11 2002-03-12 Nortel Networks Limited Universal transfer method and network with distributed switch

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5138614A (en) * 1990-04-12 1992-08-11 At&T Bell Laboratories Transformation method for network conference connections
US5940595A (en) * 1996-09-23 1999-08-17 Motorola, Inc. Electronic network navigation device and method for linking to an electronic address therewith
CA2218218A1 (en) * 1996-11-08 1998-05-08 At&T Corp. Promiscuous network monitoring utilizing multicasting within a switch
FI106509B (en) * 1997-09-26 2001-02-15 Nokia Networks Oy Legal interception in a telecommunications network
US6178430B1 (en) * 1998-05-11 2001-01-23 Mci Communication Corporation Automated information technology standards management system
US6757290B1 (en) * 1998-08-04 2004-06-29 At&T Corp. Method for performing gate coordination on a per-call basis
US6870845B1 (en) * 1998-08-04 2005-03-22 At&T Corp. Method for providing privacy by network address translation
US6438695B1 (en) * 1998-10-30 2002-08-20 3Com Corporation Secure wiretap support for internet protocol security
US6577865B2 (en) * 1998-11-05 2003-06-10 Ulysses Holdings, Llc System for intercept of wireless communications
EP1142218B1 (en) * 1999-01-14 2007-10-31 Nokia Corporation Interception method and system
US6271946B1 (en) * 1999-01-25 2001-08-07 Telcordia Technologies, Inc. Optical layer survivability and security system using optical label switching and high-speed optical header generation and detection
US6850985B1 (en) * 1999-03-02 2005-02-01 Microsoft Corporation Security and support for flexible conferencing topologies spanning proxies, firewalls and gateways
US6678270B1 (en) * 1999-03-12 2004-01-13 Sandstorm Enterprises, Inc. Packet interception system including arrangement facilitating authentication of intercepted packets
AU3517899A (en) * 1999-03-12 2000-10-04 Nokia Networks Oy Interception system and method
US7436851B1 (en) * 1999-03-29 2008-10-14 Lucent Technologies Inc. Destination call routing apparatus and method
US6563797B1 (en) * 1999-08-18 2003-05-13 At&T Corp. IP voice call surveillance through use of non-dedicated IP phone with signal alert provided to indicate content of incoming call prior to an answer as being a monitored call
US6839323B1 (en) * 2000-05-15 2005-01-04 Telefonaktiebolaget Lm Ericsson (Publ) Method of monitoring calls in an internet protocol (IP)-based network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6147994A (en) * 1996-05-28 2000-11-14 Sprint Communications Company, L.P. Telecommunications system with a connection processing system
US6356546B1 (en) * 1998-08-11 2002-03-12 Nortel Networks Limited Universal transfer method and network with distributed switch
US6246688B1 (en) * 1999-01-29 2001-06-12 International Business Machines Corp. Method and system for using a cellular phone as a network gateway in an automotive network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1362456A2 *

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2383921A (en) * 2002-01-08 2003-07-09 Siemens Plc Replicating packets of a communications signal for recording
US7688823B2 (en) 2002-06-04 2010-03-30 Alcatel-Lucent Usa Inc. Efficient mechanism for wire-tapping network traffic
WO2005034369A2 (en) 2003-10-01 2005-04-14 Santera Systems, Inc. Methods and systems for providing lawful intercept of a media stream in a media gateway
EP1676431A2 (en) * 2003-10-01 2006-07-05 Santera Systems Inc. Methods and systems for providing lawful intercept of a media stream in a media gateway
EP1676431A4 (en) * 2003-10-01 2006-12-13 Santera Systems Inc Methods and systems for providing lawful intercept of a media stream in a media gateway
EP1782607B1 (en) * 2004-08-20 2016-05-25 Nokia Solutions and Networks GmbH & Co. KG Method and device for tapping useful data of multimedia connections in a packet-oriented network
EP1879368A1 (en) * 2006-07-13 2008-01-16 Aastra Matra Telecom Recording communications in a telecommunications network
FR2903841A1 (en) * 2006-07-13 2008-01-18 Aastra Matra Telecom Soc Par A RECORDING COMMUNICATIONS IN A TELECOMMUNICATIONS NETWORK
US11171864B2 (en) 2006-11-02 2021-11-09 Voip-Pal.Com, Inc. Determining a time to permit a communications session to be conducted
US10218606B2 (en) 2006-11-02 2019-02-26 Voip-Pal.Com, Inc. Producing routing messages for voice over IP communications
US9179005B2 (en) 2006-11-02 2015-11-03 Digifonica (International) Limited Producing routing messages for voice over IP communications
US9935872B2 (en) 2006-11-02 2018-04-03 Voip-Pal.Com, Inc. Producing routing messages for voice over IP communications
US9998363B2 (en) 2006-11-02 2018-06-12 Voip-Pal.Com, Inc. Allocating charges for communications services
US9537762B2 (en) 2006-11-02 2017-01-03 Voip-Pal.Com, Inc. Producing routing messages for voice over IP communications
US9137385B2 (en) 2006-11-02 2015-09-15 Digifonica (International) Limited Determining a time to permit a communications session to be conducted
US9948549B2 (en) 2006-11-02 2018-04-17 Voip-Pal.Com, Inc. Producing routing messages for voice over IP communications
US9813330B2 (en) 2006-11-02 2017-11-07 Voip-Pal.Com, Inc. Producing routing messages for voice over IP communications
US9826002B2 (en) 2006-11-02 2017-11-21 Voip-Pal.Com, Inc. Producing routing messages for voice over IP communications
US9549071B2 (en) 2006-11-29 2017-01-17 Voip-Pal.Com, Inc. Intercepting voice over IP communications and other data communications
US10038779B2 (en) 2006-11-29 2018-07-31 Voip-Pal.Com, Inc. Intercepting voice over IP communications and other data communications
US9143608B2 (en) 2006-11-29 2015-09-22 Digifonica (International) Limited Intercepting voice over IP communications and other data communications
US9565307B2 (en) 2007-03-26 2017-02-07 Voip-Pal.Com, Inc. Emergency assistance calling for voice over IP communications systems
US11172064B2 (en) 2007-03-26 2021-11-09 Voip-Pal.Com, Inc. Emergency assistance calling for voice over IP communications systems
US10880721B2 (en) 2008-07-28 2020-12-29 Voip-Pal.Com, Inc. Mobile gateway
US10021729B2 (en) 2009-09-17 2018-07-10 Voip-Pal.Com, Inc. Uninterrupted transmission of internet protocol transmissions during endpoint changes
US9154417B2 (en) 2009-09-17 2015-10-06 Digifonica (International) Limited Uninterrupted transmission of internet protocol transmissions during endpoint changes
US10932317B2 (en) 2009-09-17 2021-02-23 VolP-Pal.com, Inc. Uninterrupted transmission of internet protocol transmissions during endpoint changes
US9505897B2 (en) 2011-06-01 2016-11-29 Compagnie Generale Des Etablissements Michelin Tyre, the tread of which comprises a heat-expandable rubber composition reducing noise during travel

Also Published As

Publication number Publication date
DE60133316D1 (en) 2008-04-30
US20030179747A1 (en) 2003-09-25
CA2437275A1 (en) 2002-10-17
WO2002082782A3 (en) 2003-04-24
AU2001297701A1 (en) 2002-10-21
EP1362456A4 (en) 2005-05-25
EP1362456B1 (en) 2008-03-19
EP1362456A2 (en) 2003-11-19
DE60133316T2 (en) 2008-07-10

Similar Documents

Publication Publication Date Title
EP1362456B1 (en) System and method for intercepting telecommunications
US7092493B2 (en) Methods and systems for providing lawful intercept of a media stream in a media gateway
US7277528B2 (en) Call-content determinative selection of interception access points in a soft switch controlled network
US6671263B1 (en) Multimedia call handling
US6870905B2 (en) Wiretap implemented by media gateway multicasting
US20100220715A1 (en) Technique for providing translation between the packet environment and the pstn environment
US6201805B1 (en) Apparatus and method for computer telephone integration in packet switched telephone networks
JPH1093689A (en) Method for providing broadband subscriber with service function by using narrowband server
EP1083730B1 (en) Callback system and method for internet phone
KR100279641B1 (en) Signal exchange apparatus and method
EP1330913B1 (en) Internet protocol telephony using legacy switching systems
CN112653661B (en) Media recovery method and system under VoIP network limitation
US6904027B1 (en) System and method for call transfer in packet switched local area networks
US7058044B2 (en) Hybrid type telephony system
JP2000349901A (en) Internet protocol network bypass system
EP1722544B1 (en) A method of transmitting telephone conversations data over a second call path
KR100406234B1 (en) Method For Exchange V5.2 Subscriber Status On Access Network
CN101018197A (en) A method, system and device for media stream transmission
JPH11177631A (en) Gateway device
KR20000040818A (en) Method for diverting receipt terminal by network switch connected to receipt terminal in atm public network
JPS6397052A (en) Packet conference exchange system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 10181288

Country of ref document: US

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2001273516

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2437275

Country of ref document: CA

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2001273516

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP