[go: up one dir, main page]

WO2015119604A1 - Lawful intercept reporting - Google Patents

Lawful intercept reporting Download PDF

Info

Publication number
WO2015119604A1
WO2015119604A1 PCT/US2014/015016 US2014015016W WO2015119604A1 WO 2015119604 A1 WO2015119604 A1 WO 2015119604A1 US 2014015016 W US2014015016 W US 2014015016W WO 2015119604 A1 WO2015119604 A1 WO 2015119604A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
attachment
lawful intercept
reporting
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2014/015016
Other languages
French (fr)
Inventor
David Williamson
Anders Askerup
John AYERS
Bradley KENYON
Daryl GAUMER
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Priority to PCT/US2014/015016 priority Critical patent/WO2015119604A1/en
Publication of WO2015119604A1 publication Critical patent/WO2015119604A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting

Definitions

  • Lawful interception generally refers to obtaining network data from communication networks fo providing the network data to a lawful authority, such as a law enforcement agency, an intelligence services agency, or a regulatory agency.
  • the reporting of Li data to the lawful authority is referred to as lawful intercept reporting,
  • the network data may be intercepted as it traverses a communication network and may be reported to the lawful authority.
  • Li capability is prcvided in communication networks based on various standards, such as the standards developed by the 3rd Generation Partnership Project (3GPP).
  • 3GPP 3rd Generation Partnership Project
  • a LI management entity may be provided in the communication network to direct one or more network devices, on the initiation of LI by a lawful authority, to intercept and report the desired network data,
  • Figure 1 illustrates an example communication network environment implementing lawful intercept reporting, according to an example of the present subject matter
  • Figure 2 illustrates an example communication server for implementing lawful intercept reporting, according to an example of th present subject matter .
  • FIGSI Figures 3a, 3b, and 3c illustrate example call flow diagrams for implementing lawful intercept reporting, according to different examples of the present subject matter.
  • Figure 4 illustrates an example method for lawful Intercept reporting, according to an example of the present subject matter.
  • Figure 5 illustrates example method for lawful intercept reporting, according to another example of the present subject matter.
  • Figure 6 illustrates an example network environment Implementing a non-transitory computer readable medium for lawful intercept reporting, according to an example of the present subject matter.
  • a network domain for example, can refer to a network of devices that use a common set of protocols and procedures for data communication.
  • 2G and 3 ? ⁇ d Generation (3G) technologies can be considered to be one network domain
  • 4G and Long Term Evolution (LIE) can be considered to be another network domain
  • a user can subscribe for receiving telecommunication services from a service provider in one or more network domains in a coverage location.
  • the coverage location can include various geographical areas in which the user can receive the services and can include a home location and roaming locations.
  • the home location is, fo example, a cellular region from where the services were first initiated for a mobile device of the user.
  • the roaming locations include the other coverage locations that are outside the home location.
  • the roaming locations m thus include a plurality of cellular regions outside the home location and ma be serviced by a service provider with whom the user is subscribed or by a different service provider. Further, the roaming locations may be spread over disperse geographical areas.
  • a taw enforcement agency may initiate lawful Intercep reporting for tracking the location of a mobile devios of the user. Accordingly, whenever the mobile device registers to a communication network from a roaming location or moves between a home location and a roaming location, a lawful intercept report may be provided to the law enforcement agency,
  • a request for registration is sent from the mobile device to a communication system in the vicinity of the mobile device.
  • the communication system determines, from a managing server of the mobile device, the services that the mobile device is allowed to use. in this process, the communication system aiso sends an update of the location of the mobile device to the managing server. Based on a response received from the managing server, the communication system may register the mobile device and provide the allowed services to the mobile device or may deny registration.
  • a managing server of a mobile device may be a server in the home location of the mobile device that manages the subscription Information of the mobile device and authorizes or denies services to the mobile device based on the subscription information.
  • the managing server may use a home location register (HLR) to manage the subscription information
  • the managing serve may be a home subscriber server (HSS) that manages the subscription information and authorizes registration of the mobile device with communication systems.
  • HLR home location register
  • HSS home subscriber server
  • the HLR and the HSS may both independently manage respective subscription Information related to the user.
  • the managing server of tha network domain receives a location update from the communication system and can accordingly trigger the lawful intercept reporting.
  • the mobile device may register on different network domains in different locations. For example, a mobile device that was previously registered on a 4G network in the home location may register with a 3G network in a roaming location, Further, the mobile device may return from the roaming location and register with the 4 ⁇ 3 network in the home location.
  • the HSS since the subscription on the 4G network and the 30 network are managed independently by the HSS and the HLR respectively, the HSS may not detect that the mobile device is returning to the home location from the roaming location.
  • the mobile device was previously registered in the home location and has remained in the home location. This is because the HSS does not know that t e mobile device later connected to a 30 network in a roaming location. Thus, no lawful interce t reporting will be triggered b the HSS in this case.
  • allowing the HSS to receive previous registration information for the mobile device from the HLR and vice-versa may not resolve this as it may entail complex time-stamp analysis before it can be determined whether the mobile device changed locations .
  • the previous registratio Information may get reset and hence may not be available tor triggering the lawful intercept reporting.
  • aspects of the present subject matter relate to systems and methods for lawful intercept reporting for a mobile device irrespective of the network domain with which the mobile device registers.
  • a communication server such as a managing server of the mobile device, can receive a request for authorizing an incoming connection between the .mobile devi.ce. and a communication system. Further, the communication server may be communicatively connected to a user database that includes subscription information for the various mobile devices that are managed by the communication server.
  • the user database may manage subscription information related to multiple network domains, i.e., the user database can include the subscription information irrespective of the network domains to which the various mobile devices are subscribed.
  • the communication server can determine, from th user database,, the services to which the mobile device is subscribed and may accordingly provide or deny the authorization for the incoming connection. Further, based on the incoming connection, the communication server can provide lawful intercept reports to a lawful interception management entity in the communication network.
  • the communication server may be an integrated HLR-HSS server that may handle authorization requests from communication systems in different network domains based on the user database and may provide lawful intercept reports.
  • the separate communication servers may communicat with a common user database for handling the authorization requests and providing lawful intercept reports.
  • the communication server can maintain an attachment attribute in the user database for each mobile device that is managed by he communication server.
  • the attachment attribute can be Indicative of a last connection of the mobile device irrespective of the network domain.
  • the communication server can determine whether there is a change in the location of the mobile device based on the attachment attribute, irrespective of whether the last connection was on the same network domain or not, and can accordingly trigger a lawful intercept report.
  • the attachment attribute can be a persistent attribute, i.e, the attachment attribute may not be reset on termination of a connection of the mobile device.
  • the attachment attribute may reflect the last connection of the mobile device, [002 3
  • the communication server may determine, from the user database, whether a device monitoring parameter associated with the mobile device is enabled and m y accordingly provide a !awfu! intercept report when the device monitoring parameter is enabled. The communication server may then update the attachment attribute in the user database to refect the incoming connection as the last connection.
  • the triggering of the lawful intercept reporting and updating of the attachment attribute may be performed for th mobile devices managed by the communication server even when their respective device monitoring parameter is not enabled.
  • the lawful Intercept report may be provided for a mobile devic when the device monitoring parameter associated with the mobile device is enabled.
  • access to device monitoring parameter settings in the user database may be controlled and provided to selected database administrators, it may not be evident from an analysis of the user database, for example, by a genera! database administrator, as- to whether a particular mobile device is being monitored.
  • an additional layer of security can be created,
  • the communication server in accordance with the present subject matter, can provide the lawful intercept report efficiently and securely and can ensure compliance with lawful interception regulations.
  • Figure 1 illustrates a communication network environment 100 for implementing lawful intercept reporting according to an example of the present subject matter.
  • the computing network environment 100 includes a communication network 102 and a mobile device 104 that can connect to the communication network 10 for accessing various services.
  • a single mobile device 104 has been illustrated in figure 1. However, any number of mobile devices as can be supported may connect to ihe communication network 102.
  • the communication network 102 may be a wireless network or a combination of a wired and wireless network.
  • the communication network 102 can also be a collection of individual networks, interconnected wit each other and functioning as a single large network, such as the Internet, Examples of such individual networks include, but are not limited to, Global System for Mobile Communication (GSM) network, Universal Mobile Telecommunications System (UMTS) network. Personal Communications Service ⁇ PCS ⁇ network, Time Division Multiple Access ⁇ TDMA ⁇ network. Code Division Multiple Access (CDMA) network, Next Generation Network (NGN), Public Switched Telephone Network (PSTN), Long Term Evolution (LIE), and Integrated Services Digital Network (ISDN).
  • GSM Global System for Mobile Communication
  • UMTS Universal Mobile Telecommunications System
  • PCS Personal Communications Service
  • Time Division Multiple Access ⁇ TDMA ⁇ network Time Division Multiple Access
  • CDMA Code Division Multiple Access
  • NTN Next Generation Network
  • PSTN Public Switched Telephone Network
  • LIE Long Term Evolution
  • ISDN Integrated Services Digital Network
  • the mobile device 104 can be any wireless telecommunication device that can connect wirelessiy to the communication network 102.
  • the mobile device 104 may be a cellular phone, a smart phone, a personal digital assistant (PDA), a tablet, and the like.
  • PDA personal digital assistant
  • tm communication network 102 includes communication systems 106-1, 106-2, 108-3...108 ⁇ n « individually referred to as a communication system 106.
  • Each communication system 108 can act as an access point within a particular cellular region and can connec the mobile device 104 to ihe communication network 102 for availing various services.
  • the communication system 1.06 can b a serving GPRS support node (SGSN) or an eNo eB.
  • the communication network 102 can include multiple network domains. Accordingly, some of the communication systems 106-1, 106 ⁇ 2,...106-n can be part of network domains different from a network domain to which the others may belong,
  • the mobile device 104 can send a connection request to the communication system 108 located in its vicinity and which serves the cellular location in which th mobile device 104 is present at that time.
  • the communication system 106 sends an incoming connection authorization request to a managing server of the mobile device 104,
  • the managing server of the mobile device 104 is represented as communication server 108.
  • the communication network 102 can Include multiple communication servers, each one ac g as a managing server for a particular cellular region.
  • a single communication serve 108 which is the man ging server of the mobile device 104, is shown in figure ..
  • Th communication .server 08 includes, amongst other components, a processor 110, a registration module 112, and a database update module 114, Further the communication server 108 can be communicatively coupled to a user database 116 present in the communication network 102,
  • the user database 1 16 can be common user database for management of subscription information of the mobile devices managed by th communication server 108,
  • the subscription information in the use database 16 includes an attachment attribute associated with each mobile device.
  • an attachment attribute 118 may be associated with the mobile device 104 in the user database 116.
  • the attachment attribute 118 can be indicative of a last connection of the mobile device 104 irrespective of a network domain of the last connection.
  • a network domain can refer to a network of devices that use a common set of protocols and procedures for data communication.
  • a 2G/3G network can be considered as one network omain white
  • a 4G/LTE network can be consi e ed to foe another network domain.
  • a iast connection of the mobile device 104 refers to a previous connection thai was established before a new incoming connectio request was received.
  • the attachment attribute 118 gets updated to reflect the newly established connection as the last connection, as will be explained below.
  • the attachment attribute 1 8 can be updated based on a connection established in any network domain.
  • the attachment attribute 118 can be network domain agnostic and can reflect the last connection correctly irrespective of the network domain in which the last connection was established,
  • the registration module 1 12 can receive the au hohzatiofi request ' and authorize the incoming connection between the mobile device 104 and the communication system 108 based on the subscription informatio maintained in the user database 116. Further, the database update module 114 can-trigger lawful intercept reporting for the mobile device 104 based on the incoming connection and the attachment attribute 118 associated with the mobile device 104 Thus, even in an implementation where the last connection was in a network domain different from a network domain of the incoming connection, the lawful intercept reporting can be triggered by the communication server 108.
  • the database update module 114 can update the attachment attribute 118 associated with the mobile device 104 to reflect the incoming connection as the last connection.
  • Figure 2 illustrates the communication server 108 for implementing lawful intercept reporting according to one example of the present subject matter
  • the communication server 108 may be an integrated HLR-HSS server that may handle authorization requests from communication systems in different network domains based on the user database 118 and may provide lawful intercept reports.
  • the communication server 108 Includes the processors) 110, interface(s) 202, memory 204, modules 206 and data 208. It will be understood that the functions of the various components shown in the figure, including processors) 110, may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a dedicated processor, by a shared processor, or by a plurality of individual processors, some of which may be shared.
  • the interfaces 202 may include a variety of interfaces, for example, interfaces for data input and output devices, referred to as I/O devices, storage devices, and network devices.
  • the interfaces 202 facilitate communication between the communication server 108 ⁇ and various network devices connected in the network environment 100, including, but not limited to, the user database 116.
  • T e memory 204 may be communicatively connected to the processor 110.
  • the processor 1 10 may fetch and execute computer-readable instructions stored in the memory 204.
  • the memory 204 may include any non-transitory computer-readable medium including, for example, volatile memory such as RAM, or non-volatile memor such as EP O , flash memory, and the like.
  • the modules 208 may also be communicatively coupled to the processor 110.
  • the modules 208 may include processor executable instructions to perform particular tasks, objects, components, data structures, functionalities, etc, to implement particular abstract data types, or a combination thereof.
  • the modules 206 may be implemented as signal processor ⁇ ), state machlnefs ⁇ , logic circuitries, or any other device or component that manipulates signals based on operational instructions. Further, the modules 206 can be implemented by hardware, by computer-readable instructions stored on a computer-readable medium and executable by s processing unit, or by a combination thereof,
  • the modules 206 include the registration moduie(s) 112, database update moduie(s) 1 : reporting modute(s) 210, and other modules 212.
  • the other modules 212 may include programs or coded instructions that supplement applications or functions performed by the communication server 108,
  • the data 208 may include attachment status notification 2:14 and other data 218,
  • the other data 218 may include data generated and saved by the modules 208 for implementing various functionalities of the communication server 108.
  • the registration module 112 may receive an authorisation request for an incoming connection to be established between the mobile device 104 and a communication system 108, and may authorize the incoming connection based on the subscription information of the mobile device 104 maintained in the user database 1 6. Further, the registration module 112 may generate an attachment status notification 214 based on the authorization. In one implementation, the attachment status notification 214 indicates the communication system 108 from which the authorization request originated and its location.
  • the database update module 114 may receive the attachment status notification 21 and may compare the attachment status notification 214 with the attachment attribute 118 associated with the mobile device 104, As mentioned above, the attachment attribute 118 is indicative of a fast connection of the mobile device 104. Thus, based on a comparison between the attachment status notification 214 and the attachment attribute 118, the database update module 114 can determine whether the mobile device 104 has moved from a roaming location to a home location or vice-versa and can trigger the lawful intercept reporting. Since the attachment attribute 1 8 reflects the last connection of the mobile device 104 irrespective of the network domain to which the mobile device 104 was connected, the lawful intercept reporting can be triggered even in cases where the incoming connection is in a network domain different from the last connection. Further, after the lawful intercept reporting Is triggered and a lawful intercept report is generated, the database update moduie 114 may update the attachment attribute 18 to reflect the incoming connection as the last connection,
  • the attachment attribute 118 would indicate that the mobile device 104 was connected to a home network. Then, if the mobile device 104 moved to a 2G/3G network in a roaming location, th database update module 1 14 would trigger the lawful intercept reporting and update the attachment attribute 11S to indicate the roaming location. Thereafter, If the mobile device 104 moved back to the 4G connection in the home location, the attachment status notification 214 would indicate the incoming iooaflon to be the home location, whereas the attachment attribute 118 would indicate the last connection to be in the roaming location. Thus, based on a comparison between the two, the database module 114 ca determine that the mobile device 104 has moved from a roaming location to the home location and can trigger the lawful Intercept reporting even though the mobile device 104 moved between different network domains.
  • the database updat module 114 may determine whether the attachment status notification 214 indicates that the mobile device 104 is In a roaming location. In case the mobile device 104 is determined to be in a roaming location, then the database update module 114 may directly trigger the lawful intercept reporting and update the attachment attribute 118 without performing the comparing. Thus, in thi implementation, the lawful intercept reporting can be triggered whenever the mobile device 104 registers with a communication system 108 in a roaming location even if the mobiie device does not move from one roaming location to another.
  • the trigger may he received by the reporting module 210.
  • the reporting module 210 may determine whether a device monitoring parameter associated with the mobile device 104 in the user database 118 is enabled. In case the device monitoring parameter is enabled, then the reporting module 210 may generate a lawful intercept repor indicating the change in location of the mobile device 104 and may provide the lawful intercept report to, for example, a lawful interception management entity in the communication network 102.
  • the lawful interception management entity may be, for example, a law enforcement monitoring facility (LEMF) or a communication assistance for law enforcement act (GALEA) device, and Is not shown in the figures for brevity.
  • the reporting module 210 may notify the database update module 114 that the trigger has been acted upon. Accordingly, the database update module 118 may then update the attachment attribute 1 8 to reflect the incoming connection as the last connection.
  • the lawful intercept report may be provided when the device monttonng parameter Is enabled, in case the device monitoring parameter is disabled, the reporting module 210 may directly notify the database update module 114 that the trigger has been acted upon without generating the lawful intercept report. Then, the attachment attribute 118 may be updated by the database update module 114 even without generation of the lawful intercept report. Thus, it may not be evident from an analysis of the user database 116 as to which mobiie device is being monitored without access to the device monitoring parameter. This can provide an additional layer of security for the lawful authority monitoring the mobile device 104.
  • the registration module 112 may terminate the authorized incoming connection white maintaining the attachment attribute 118, le, ⁇ without resetting the attachment attribute 118,
  • the attachment attribute 118 may be a persistent attribute and may e available for lawful intercept reporting even after the connection is terminated.
  • FIGS. 3a, 3b, and 3c illustrate example call flow diagrams 300.A, 3008, and 3Q0C, respectively, for Implementing lawful intercept reporting according t different examples of the present subject matter.
  • the various arro indicators used in the call flow diagrams depict the transfer of signal/information between t e systems, server, user database, and the Li management entity shown in the respective figure, in many cases, multiple network entities, besides those shown, may lie between the entities, such a transmitting stations, and switching stations, although those have been omitted for clarity. Similarly, some network messages between the entities depicted may also have been omitted for clarity.
  • fMi2J Figure 3a illustrates a call flow diagram 3O0A for lawful intercept reporting in an example scenario where a mobile device, for which device monitoring is enabled, first registers with a 2G 3G system A 302 in a roaming location and then terminates the registration and registers with a 4G system 8 304 in a home location.
  • the managing communication server of the mobile device Is depicted as an integrated HIR/HSS server 308, which communicates with the user database 118 for managing subscription information, registration, and lawful intercept reporting.
  • the lawful intercept report when generated, may be provided to a LI management entity 308 as shown in the call flow diagram.
  • the system A 302 initiates a four step process for receiving authorization for an incoming connection from the mobile device by providing a GPRS location update to the server 306.
  • the system A 302 receives the authorization as a UGL acknowledgement message.
  • the server 308 identifies that th incoming connection originated from a roaming location and so sends a lawful intercept report as a Li notification to the LI management entity 308 and also updates the attachment attribute In the user database 118, For example, the Li notification may foe a j-staridard notification.
  • the mobile device may terminate the connection with the system A 302 and accordingly, the server 306 may communicate with the system A 302 for cancellation of the connection.
  • the attachment attribute does not get updated or reset
  • the system B 304 may request for authorization of the incoming request using a ULR message and may receive a ULA profile of the mobile device from the server 308 on authorisation, Further, based on the ULR message, the serve 308 can identify tftat the incoming connection is from the home location. Since the attachment attribute in the user database 118 reflects that the last connection was with system A 302 In a roaming location, the server 306 can determine that the mobile device has returned to the home location from the roaming location. Upon making this determination, the server 306 sends a lawful intercept report as a LI notification to the LI management entity 308 and also triggers an update of the attachment attribute in the user database 118.
  • the server 308 can identif a change in location across network domains and accordingly trigger lawful intercept reporting.
  • FIG. 3b illustrates a call How diagram 3008 for lawful intercept reporting in another example scenario where a mobile device, fo which device monitoring is enabled, first registers with a 2G/3G system A 302 in a roaming location and then seamlessly registers with a 2G/3G system C 310 in either the home location or another roaming location.
  • the managing server of the mobile device is depicted as an integrated HLR/HSS server 308. which communicates with the user database 118 for managing subscription information, registration, and lawful intercept reporting. Further, the lawful intercept report Is provided to a Li management entity 308 as shown m the call flow diagram.
  • the system A 302 when the registration of the mobile device with the system A 302 is authorized., the system A 302 receives a UGL acknowledgement from the server 30 ⁇ , In the registration process, the system A 302 provides a GPRS location ispdate to the server 306. As a result, the server 306 can identify that the mobile device is in a roaming location and can provide the lawful intercept report to the LI management entity 308 and can have the attachment attribute updated in the user database 1 16,
  • the mobile device may seamlessly connect to system C 310 In a new location without terminating the last connection.
  • the server 308 can determine, upon authorizing the incoming connection with system C 313, that the mobile device has changed its location and can accordingly provide the lawful intercept report to the LI management entity 308 and can update the attachment attribute in the user database 1 16.
  • FIG. 3c illustrates a call flow diagram 30GC for lawful intercept reporting in yet another example scenario where a mobil device, for which device monitoring is enabled, first registers with a 4G system 0 312 in a roaming location and then seamlessly registers with a 4G system 8 394 in the home location.
  • the managing server of the mobile device is depicted as an Integrated HLR/HSS server 308, whic communicates with the user database 118 fo managing subscription information, registration, and lawful intercept reporting. Further, the lawful intercept report is provided to a Lf management entity 308 as shown In the call flow diagram,
  • the system D 312 upon the registration of the mobile device with the system D 312, the system D 312 receives the ULA profile for the mobile device from the server 308. in the registration process, the system D 312 provides a location update to the server 306. As a result, the server 306 can identify that the mobile device is in a roaming location and can provide the lawful intercept report to the LI management entit 308 and can have the attachment attribute updated in the user database 116.
  • the server 308 can determine, upon authorizing the connection with system B 304, that the mobile device has changed its location and can accordingly provide the lawful intercept report to the U management entity 30$ and can update the attachment attribute in the user database 118.
  • Figures 4 and 5 illustrate methods 400 and 500 for lawful intercept reporting, according to different examples of the present subject, matter.
  • the order in whic the methods 400 and 500 are described is not intended to be construed as a limitation, and some of the described method blocks can be combined in a different order to implement the methods 400 and 500. or an alternative method. Additionally, individual blocks may be deleted from the methods 400 and 600 without departing from the spirit and scope of the subject matter described herein.
  • the methods 400 and 500 may be implemented in any suitable hardware, computer-readable instructions, or combination thereof .
  • the steps of the methods 400 and 500 may e performed b either a computing device under the Instruction of machine executable instructions stored on a non-transitory computer readable medium or b dedicated hardware circuits, microcontrollers, or logic circuits.
  • the methods 400 and 500 may be performed by the communication serve 108 in the communication network environment 100.
  • some examples are also intended to cover non-transitory computer readable medium, for example, digital data storage media, which are com uter readable and encode computer- executable instructions, where said- instructions perform some or all of the steps of the described method 400 and 508.
  • an attachment status notification is generated on authorization of an incoming connection between a mobile device and a communication system, the network domain of the incoming connection being different from a network domain of a last connection of the mobile device.
  • the registration module 112 may generate the attachment status notification 214 when an incoming connection request for a mobile device 104 is authorized.
  • the attachment status notification may be compared with an attachment attribute associated with the mobile device, the attachment attribute being indicative of the last connection of the mobile device.
  • the database update module 114 may compare the attac ment status notification 214 with the attachment attribute 118 of the mobile device 104.
  • lawful intercept reporting may be triggered based on the comparison.
  • the database update module 114 may trigger the lawful intercept reporting
  • the attachment attribute may be updated to reflect the incoming connection as the last connection.
  • the database update module 114 may update the attachment attribute 118.
  • an attachment status notification is generated on authorization of an incoming connection between a mobile device and a communication system, for example, by the registration module 112.
  • the method 500 may proceed to block 506 from the block ⁇ 04, At block 506, fiie attachment status notification is compared with art attachment attribute that is indicative of a last connection of the mobile device irrespective of network domain, The comparison may be performed, for example, by the database update module 114.
  • the comparison indicates a change in location of the mobile device between home and roaming.
  • the comparison may be performed, for example, by the database update module 114. If it is determined thai the location of the mobile device has not changed, then the method 500 proceeds to block 516 where the attachment attribute may be updated, for example by the database update module 114.
  • the method 500 proceeds to block 510 where the lawful intercept reporting is triggered.
  • the method 500 proceeds to block 512 where it Is determined whether a device monitoring parameter is enabled for the mobile device. If the device monitoring parameter is not found to be enabled, the method S00 proceeds to block 5 0 where the attachment attribute ss updated, in one example, the reporting module 210 may notify the database update module 114 that the lawful intercept reporting trigger has been acted upo and the database update module 114 may update the attachment attribute 118, though no lawful intercept report was generated.
  • the method 500 proceeds to block 51 where a lawful Intercept report is provided to a Li management entity and then at block 516 the attachment attribute is updated, in one example, after providing the lawful intercept report, the reporting module 210 may notify the database update module 114 that the lawful intercept reporting trigger has been acted upon and the database update module 114 may update the attachment attribute 118,
  • Figure 6 illustrates a example network environment 800 implementing a non-transitory computer readable medium for lawful intercept reporting, according to an example of the present subject matter.
  • the network environment 600 may be a public networking environment or a private ne working environment
  • the network environment 800 includes a processing resource 802 communicatively coupled to a non-transitory computer readable medium 604 through ' a communication link 608,
  • the processing resource 802 can be a processor of a computing device, such as a communication server 108.
  • the non-transitory computer readable medium 804 can be, for example, an internal memory device or an externa! memory device.
  • the communication link 608 ma be a direct communieatioii link, such as one formed through a memory read/write interface.
  • the communication link 608 may be an indirect communication link, such as one formed through a network interface.
  • the processing resource 602 can access the non- transitory computer readable medium 804 through a network 808,
  • the network 608, like the communication network 102, may be a single network or a combination of multiple networks and may use a variety of different communication protocols,
  • the processing resource 802 and the non-transitory computereadable medium 604 may also be communicatively coupled to data sources $10 over the network 608,
  • the data sources 310 can include, for example, databases and computing devices, including, for example, the user database 116.
  • the data sources 310 may be used by the database administrators, lawful authorities, and other users to communicate with the processing resource 602.
  • the non-transitory computer readable medium 804 includes a set of computer reada le instructions, such as instructions for implementing the registration module 112, the database update module 114, and the reporting module 210.
  • the set of computer readable Instructions, referred to as instructions hereinafter, can be accessed by the processing resource 602 through the communication link 606 and subsequently executed to perform acts for lawful intercept reporting.
  • the instructions can cause the processing resource 802 to generate an attachment status notification 214 on authorization of an incoming connection between a mobile device 104 and a computing system 108, and compare the attachment status notification 214 with an attachment attribute 118 associated with the mobile device 104 to determine whether there Is a change in a location of the mobile device 104, As mentioned earlier, the attachment attribute IIS is indicative of a last connection of the ' mobile device 104 irrespective of a network domain in which the mobile device 104 was connected. Further, the instructions can cause the processing resource 802 to trigger lawful intercept reporting for the mobile device 104 based on the comparison and then update the attachment attribute 11$.
  • the processing resource 802 can determine, on the triggering of the lawful intercept reporting, whether a device monitoring parameter associated with the mobile device 104 is enabled and can generate a lawful intercept report based on the determination. Further, the instructions can caus the processing resource 802 to terminate the authorized incoming connection while maintaining the attachment attribute 1 8.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Aspects of systems and methods for lawful intercept reporting are described. In one implementation, an incoming connection between a mobile device and a communication system is authorized. Lawful intercept reporting may be triggered for the mobile device based on the incoming connection and an attachment attribute associated with the mobile device. The attachment attribute is indicative of a last connection of the mobile device irrespective of a network domain in which the mobile device was connected. Further, the attachment attribute associated with the mobile device may be updated based on the incoming connection.

Description

LAWFUL INTERCEPT REPORTING
BACKGROUND
[00013 Lawful interception (LI) generally refers to obtaining network data from communication networks fo providing the network data to a lawful authority, such as a law enforcement agency, an intelligence services agency, or a regulatory agency. The reporting of Li data to the lawful authority is referred to as lawful intercept reporting, For this, the network data may be intercepted as it traverses a communication network and may be reported to the lawful authority. Typically, Li capability is prcvided in communication networks based on various standards, such as the standards developed by the 3rd Generation Partnership Project (3GPP). Fo example, a LI management entity may be provided in the communication network to direct one or more network devices, on the initiation of LI by a lawful authority, to intercept and report the desired network data,
BRiSf DESCRIPTION OF D AWI GS
108021 The detailed descripti n Is described with reference to the accompanying figures, in the figures, the left-most digit(s) of a reference number identifies the figure in which th reference number first appears. The same numbers are used throughout the figures to reference like features and components:
[00033 Figure 1 illustrates an example communication network environment implementing lawful intercept reporting, according to an example of the present subject matter,
[88041 Figure 2 illustrates an example communication server for implementing lawful intercept reporting, according to an example of th present subject matter ,
[QOOSI Figures 3a, 3b, and 3c illustrate example call flow diagrams for implementing lawful intercept reporting, according to different examples of the present subject matter. [00063 Figure 4 illustrates an example method for lawful Intercept reporting, according to an example of the present subject matter.
[000?! Figure 5 illustrates example method for lawful intercept reporting, according to another example of the present subject matter.
f¾8083 Figure 6 illustrates an example network environment Implementing a non-transitory computer readable medium for lawful intercept reporting, according to an example of the present subject matter.
DETAILED DESCRIPTION
£00091 Aspects of the present subject matter relate to systems and methods for lawful intercept reporting. Typically, various telecommunication service providers provide wireless telecommunication services over a communication network to users using mobile devices. The communication network can include multiple communication networks of different service providers and can include various network devices, such as switches, routers, gateways, servers, eNodes, and the like. The mobile devices and the network devices in the communication network may communicate with each other using various communication protocols, such as GSM, CDMA, TDMA, and the like. |801OJ As telecommunication technology has developed ove the years, various network domains have evolved.. A network domain, for example, can refer to a network of devices that use a common set of protocols and procedures for data communication. For example, 2 Generation (2G) and 3?<d Generation (3G) technologies can be considered to be one network domain, while 4th Generation (4G) and Long Term Evolution (LIE) can be considered to be another network domain. A user can subscribe for receiving telecommunication services from a service provider in one or more network domains in a coverage location. The coverage location can include various geographical areas in which the user can receive the services and can include a home location and roaming locations.
poll! The home location is, fo example, a cellular region from where the services were first initiated for a mobile device of the user. The roaming locations include the other coverage locations that are outside the home location. The roaming locations m thus include a plurality of cellular regions outside the home location and ma be serviced by a service provider with whom the user is subscribed or by a different service provider. Further, the roaming locations may be spread over disperse geographical areas.
00123 In one example, to track the movement of a user between different locations, a taw enforcement agency may initiate lawful Intercep reporting for tracking the location of a mobile devios of the user. Accordingly, whenever the mobile device registers to a communication network from a roaming location or moves between a home location and a roaming location, a lawful intercept report may be provided to the law enforcement agency,
00131 Generally, fo registering to a communication network, a request for registration is sent from the mobile device to a communication system in the vicinity of the mobile device. The communication system then determines, from a managing server of the mobile device, the services that the mobile device is allowed to use. in this process, the communication system aiso sends an update of the location of the mobile device to the managing server. Based on a response received from the managing server, the communication system may register the mobile device and provide the allowed services to the mobile device or may deny registration.
[00141 for example, a managing server of a mobile device may be a server in the home location of the mobile device that manages the subscription Information of the mobile device and authorizes or denies services to the mobile device based on the subscription information. For example, In a 26/3G network domain, the managing server may use a home location register (HLR) to manage the subscription information, in another example, in a 4G LTE network domain, the managing serve may be a home subscriber server (HSS) that manages the subscription information and authorizes registration of the mobile device with communication systems. In case a user subscribes for both 2G 3G and 4G LTE connectivity, the HLR and the HSS may both independently manage respective subscription Information related to the user.
[001 SJ Thus, each time the mobile device requests registration with a communication system in a particular network domain, the managing server of tha network domain: receives a location update from the communication system and can accordingly trigger the lawful intercept reporting.
[00161 However, it Is possible that the mobile device may register on different network domains in different locations. For example, a mobile device that was previously registered on a 4G network in the home location may register with a 3G network in a roaming location, Further, the mobile device may return from the roaming location and register with the 4<3 network in the home location. In this case, since the subscription on the 4G network and the 30 network are managed independently by the HSS and the HLR respectively, the HSS may not detect that the mobile device is returning to the home location from the roaming location. As per the HSS, the mobile device was previously registered in the home location and has remained in the home location. This is because the HSS does not know that t e mobile device later connected to a 30 network in a roaming location. Thus, no lawful interce t reporting will be triggered b the HSS in this case.
[0G17J Similarly, if the mobile device, which was registered with a 3Θ network in the home location, registers with a 4G network in a roaming location and then returns to the 3G network in the home location, the HLR in the home location would not trigger lawful intercept reporting.
[00181 Further, allowing the HSS to receive previous registration information for the mobile device from the HLR and vice-versa may not resolve this as it may entail complex time-stamp analysis before it can be determined whether the mobile device changed locations . Moreover, in case the connection of the mobile devic is terminated, for example, if the mobile device Is switched off or disconnected from the communication network, the previous registratio Information may get reset and hence may not be available tor triggering the lawful intercept reporting.
[ 0193 Aspects of the present subject matter relate to systems and methods for lawful intercept reporting for a mobile device irrespective of the network domain with which the mobile device registers.
[00203 I one implementation, a communication server, such as a managing server of the mobile device, can receive a request for authorizing an incoming connection between the .mobile devi.ce. and a communication system. Further, the communication server may be communicatively connected to a user database that includes subscription information for the various mobile devices that are managed by the communication server. The user database may manage subscription information related to multiple network domains, i.e., the user database can include the subscription information irrespective of the network domains to which the various mobile devices are subscribed. The communication server can determine, from th user database,, the services to which the mobile device is subscribed and may accordingly provide or deny the authorization for the incoming connection. Further, based on the incoming connection, the communication server can provide lawful intercept reports to a lawful interception management entity in the communication network.
δ821| In one example, the communication server may be an integrated HLR-HSS server that may handle authorization requests from communication systems in different network domains based on the user database and may provide lawful intercept reports. In another example, there may be a separat communication server for each network domain. In this case, the separate communication servers may communicat with a common user database for handling the authorization requests and providing lawful intercept reports.
[00221 For the lawful intercept reporting, the communication server can maintain an attachment attribute in the user database for each mobile device that is managed by he communication server. The attachment attribute can be Indicative of a last connection of the mobile device irrespective of the network domain. Thus, for the Incoming connection, the communication server can determine whether there is a change in the location of the mobile device based on the attachment attribute, irrespective of whether the last connection was on the same network domain or not, and can accordingly trigger a lawful intercept report. Further, the attachment attribute can be a persistent attribute, i.e,, the attachment attribute may not be reset on termination of a connection of the mobile device. Thus, even after the connection is terminated, the attachment attribute may reflect the last connection of the mobile device, [002 3 Further, on the triggering of the lawful intercept reporting, the communication server may determine, from the user database, whether a device monitoring parameter associated with the mobile device is enabled and m y accordingly provide a !awfu! intercept report when the device monitoring parameter is enabled. The communication server may then update the attachment attribute in the user database to refect the incoming connection as the last connection.
0243 n one implementation, the triggering of the lawful intercept reporting and updating of the attachment attribute may be performed for th mobile devices managed by the communication server even when their respective device monitoring parameter is not enabled. However, the lawful Intercept report may be provided for a mobile devic when the device monitoring parameter associated with the mobile device is enabled. Further, as t e access to device monitoring parameter settings in the user database may be controlled and provided to selected database administrators, it may not be evident from an analysis of the user database, for example, by a genera! database administrator, as- to whether a particular mobile device is being monitored. Thus, an additional layer of security can be created,
[00 S1 Thus, the communication server; in accordance with the present subject matter, can provide the lawful intercept report efficiently and securely and can ensure compliance with lawful interception regulations.
|082$3 The above systems and the methods are further described in conjunction with the following figures. It should b noted that the description and figures merely illustrate the principles of the present subject matter. Further, various arrangements may be devised thai, although not explicitly described or shown herein, embody the principles of the present subject matter and are included within its spirit and scope.
O273 Examples of how systems and methods for lawful intercept reporting may be implemented are explained in detail with respect to the figures, While aspects of described systems and methods for lawful intercept reporting can be implemented in any number of different computing systems, environments, and/or implementations, the examples and implementations are described in the context of the following system{s).
[00283 Figure 1 illustrates a communication network environment 100 for implementing lawful intercept reporting according to an example of the present subject matter. The computing network environment 100 includes a communication network 102 and a mobile device 104 that can connect to the communication network 10 for accessing various services. For discussion purposes, a single mobile device 104 has been illustrated in figure 1. However, any number of mobile devices as can be supported may connect to ihe communication network 102.
[00291 The communication network 102 may be a wireless network or a combination of a wired and wireless network. The communication network 102 can also be a collection of individual networks, interconnected wit each other and functioning as a single large network, such as the Internet, Examples of such individual networks include, but are not limited to, Global System for Mobile Communication (GSM) network, Universal Mobile Telecommunications System (UMTS) network. Personal Communications Service {PCS} network, Time Division Multiple Access {TDMA} network. Code Division Multiple Access (CDMA) network, Next Generation Network (NGN), Public Switched Telephone Network (PSTN), Long Term Evolution (LIE), and Integrated Services Digital Network (ISDN). Further, the communication network 102 can include various network devices, such as gateways, modems, routers; however, such details have been omitted for ease of understanding.
[003QJ The mobile device 104 can be any wireless telecommunication device that can connect wirelessiy to the communication network 102. For example, the mobile device 104 may be a cellular phone, a smart phone, a personal digital assistant (PDA), a tablet, and the like.
0313 in one implementation, tm communication network 102 includes communication systems 106-1, 106-2, 108-3...108~n« individually referred to as a communication system 106. Each communication system 108 can act as an access point within a particular cellular region and can connec the mobile device 104 to ihe communication network 102 for availing various services. For example, the communication system 1.06 can b a serving GPRS support node (SGSN) or an eNo eB. As mentioned above, the communication network 102 can include multiple network domains. Accordingly, some of the communication systems 106-1, 106~2,...106-n can be part of network domains different from a network domain to which the others may belong,
[00321 Further, to connect to the communication network 102, the mobile device 104 can send a connection request to the communication system 108 located in its vicinity and which serves the cellular location in which th mobile device 104 is present at that time. On receiving the connection request, the communication system 106 sends an incoming connection authorization request to a managing server of the mobile device 104,
[00331 in the example implementation illustrated in figure 1 , the managing server of the mobile device 104 is represented as communication server 108. it will be understood that the communication network 102 can Include multiple communication servers, each one ac g as a managing server for a particular cellular region. However, fo simplicity, a single communication serve 108, which is the man ging server of the mobile device 104, is shown in figure ..
[00341 Th communication .server 08 includes, amongst other components, a processor 110, a registration module 112, and a database update module 114, Further the communication server 108 can be communicatively coupled to a user database 116 present in the communication network 102, The user database 1 16 can be common user database for management of subscription information of the mobile devices managed by th communication server 108, In one implementation, the subscription information in the use database 16 includes an attachment attribute associated with each mobile device. Thus, an attachment attribute 118 may be associated with the mobile device 104 in the user database 116.
[003SJ In one implementation, the attachment attribute 118 can be indicative of a last connection of the mobile device 104 irrespective of a network domain of the last connection. A network domain, for example, can refer to a network of devices that use a common set of protocols and procedures for data communication. Thus, for example, a 2G/3G network can be considered as one network omain white a 4G/LTE network can be consi e ed to foe another network domain. In one example, t e attachment attribute 118 i indicative of the communication system 106 with which the mobile device 104 was last connected and the location of the communication system 108, irrespective of the network domain in which it was connected.
190361 A iast connection of the mobile device 104 refers to a previous connection thai was established before a new incoming connectio request was received. Once the new coming connection is established and the lawful intercept reporting is triggered, the attachment attribute 118 gets updated to reflect the newly established connection as the last connection, as will be explained below. Further, since the user database 1 16 is used by the communication server 108 for managing subscription information and establishment of connection in different network domains, the attachment attribute 1 8 can be updated based on a connection established in any network domain. Thus, the attachment attribute 118 can be network domain agnostic and can reflect the last connection correctly irrespective of the network domain in which the last connection was established,
[00371 In operation, when the mobile device 1 4 sends connection request to a communication system 108, the communication system 106 sends an incoming connection authorisation request to the communication server 108, in one implementation, the registration module 1 12 can receive the au hohzatiofi request' and authorize the incoming connection between the mobile device 104 and the communication system 108 based on the subscription informatio maintained in the user database 116. Further, the database update module 114 can-trigger lawful intercept reporting for the mobile device 104 based on the incoming connection and the attachment attribute 118 associated with the mobile device 104 Thus, even in an implementation where the last connection was in a network domain different from a network domain of the incoming connection, the lawful intercept reporting can be triggered by the communication server 108. Further, after the lawful intercept reporting is triggered, the database update module 114 can update the attachment attribute 118 associated with the mobile device 104 to reflect the incoming connection as the last connection. The implementation of lawful intercept reporting in accordance with the present subject matter is further explained In detail with reference to figure 2,
[8038| Figure 2 illustrates the communication server 108 for implementing lawful intercept reporting according to one example of the present subject matter, in one example, the communication server 108 may be an integrated HLR-HSS server that may handle authorization requests from communication systems in different network domains based on the user database 118 and may provide lawful intercept reports. In another example, there may be a separat communication server 108 for each network domain, in this case, the separate communication servers may communicate with a common user database, such as the user database 116, fo handling the incoming connection authorization requests and providing lawful intercept reports,
[00393 In' one implementation, the communication server 108 Includes the processors) 110, interface(s) 202, memory 204, modules 206 and data 208. It will be understood that the functions of the various components shown in the figure, including processors) 110, may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a dedicated processor, by a shared processor, or by a plurality of individual processors, some of which may be shared.
t0040J Further, the interfaces 202 may include a variety of interfaces, for example, interfaces for data input and output devices, referred to as I/O devices, storage devices, and network devices. The interfaces 202 facilitate communication between the communication server 108· and various network devices connected in the network environment 100, including, but not limited to, the user database 116.
[00413 T e memory 204 may be communicatively connected to the processor 110. Among other capabilities, the processor 1 10 may fetch and execute computer-readable instructions stored in the memory 204. The memory 204 may include any non-transitory computer-readable medium including, for example, volatile memory such as RAM, or non-volatile memor such as EP O , flash memory, and the like.
[00421 The modules 208 ma also be communicatively coupled to the processor 110. In some examples, the modules 208 may include processor executable instructions to perform particular tasks, objects, components, data structures, functionalities, etc, to implement particular abstract data types, or a combination thereof. In some examples, the modules 206 may be implemented as signal processor^), state machlnefs}, logic circuitries, or any other device or component that manipulates signals based on operational instructions. Further, the modules 206 can be implemented by hardware, by computer-readable instructions stored on a computer-readable medium and executable by s processing unit, or by a combination thereof,
{00431 tn one Implementation, the modules 206 include the registration moduie(s) 112, database update moduie(s) 1 : reporting modute(s) 210, and other modules 212. The other modules 212 may include programs or coded instructions that supplement applications or functions performed by the communication server 108, Further, the data 208 may include attachment status notification 2:14 and other data 218, The other data 218 may include data generated and saved by the modules 208 for implementing various functionalities of the communication server 108.
{00441 As discussed above, in operation, the registration module 112 ma receive an authorisation request for an incoming connection to be established between the mobile device 104 and a communication system 108, and may authorize the incoming connection based on the subscription information of the mobile device 104 maintained in the user database 1 6. Further, the registration module 112 may generate an attachment status notification 214 based on the authorization.. In one implementation, the attachment status notification 214 indicates the communication system 108 from which the authorization request originated and its location.
045j The database update module 114 may receive the attachment status notification 21 and may compare the attachment status notification 214 with the attachment attribute 118 associated with the mobile device 104, As mentioned above, the attachment attribute 118 is indicative of a fast connection of the mobile device 104. Thus, based on a comparison between the attachment status notification 214 and the attachment attribute 118, the database update module 114 can determine whether the mobile device 104 has moved from a roaming location to a home location or vice-versa and can trigger the lawful intercept reporting. Since the attachment attribute 1 8 reflects the last connection of the mobile device 104 irrespective of the network domain to which the mobile device 104 was connected, the lawful intercept reporting can be triggered even in cases where the incoming connection is in a network domain different from the last connection. Further, after the lawful intercept reporting Is triggered and a lawful intercept report is generated, the database update moduie 114 may update the attachment attribute 18 to reflect the incoming connection as the last connection,
[ Ο4β For example, if the mobile device 104 was connected to 4G/LTE domain in a home location initially, the attachment attribute 118 would indicate that the mobile device 104 was connected to a home network. Then, if the mobile device 104 moved to a 2G/3G network in a roaming location, th database update module 1 14 would trigger the lawful intercept reporting and update the attachment attribute 11S to indicate the roaming location. Thereafter, If the mobile device 104 moved back to the 4G connection in the home location, the attachment status notification 214 would indicate the incoming iooaflon to be the home location, whereas the attachment attribute 118 would indicate the last connection to be in the roaming location. Thus, based on a comparison between the two, the database module 114 ca determine that the mobile device 104 has moved from a roaming location to the home location and can trigger the lawful Intercept reporting even though the mobile device 104 moved between different network domains.
[00473 Further, in one implementation, prior to comparing th attachment status notification 214 with the attachment attribute 118, the database updat module 114 ma determine whether the attachment status notification 214 indicates that the mobile device 104 is In a roaming location. In case the mobile device 104 is determined to be in a roaming location, then the database update module 114 may directly trigger the lawful intercept reporting and update the attachment attribute 118 without performing the comparing. Thus, in thi implementation, the lawful intercept reporting can be triggered whenever the mobile device 104 registers with a communication system 108 in a roaming location even if the mobiie device does not move from one roaming location to another.
[00481 Once the lawful intercept reporting is triggered by the database update module 114, the trigger may he received by the reporting module 210. In one implementation, the reporting module 210 may determine whether a device monitoring parameter associated with the mobile device 104 in the user database 118 is enabled. In case the device monitoring parameter is enabled, then the reporting module 210 may generate a lawful intercept repor indicating the change in location of the mobile device 104 and may provide the lawful intercept report to, for example, a lawful interception management entity in the communication network 102. The lawful interception management entity may be, for example, a law enforcement monitoring facility (LEMF) or a communication assistance for law enforcement act (GALEA) device, and Is not shown in the figures for brevity. Subsequently, the reporting module 210 may notify the database update module 114 that the trigger has been acted upon. Accordingly, the database update module 118 may then update the attachment attribute 1 8 to reflect the incoming connection as the last connection.
[084S3 Thus, while lawful intercept reporting may be triggered for any mobile device managed by the communication server 108 when the mobiie device is found to move between locations, the lawful intercept report ma be provided when the device monttonng parameter Is enabled, in case the device monitoring parameter is disabled, the reporting module 210 may directly notify the database update module 114 that the trigger has been acted upon without generating the lawful intercept report. Then, the attachment attribute 118 may be updated by the database update module 114 even without generation of the lawful intercept report. Thus, it may not be evident from an analysis of the user database 116 as to which mobiie device is being monitored without access to the device monitoring parameter. This can provide an additional layer of security for the lawful authority monitoring the mobile device 104.,
Further, in case a connection between the mobile device 104 and a communication system 108 is terminated, for example, when the mobile device 104 is switched off, the registration module 112 may terminate the authorized incoming connection white maintaining the attachment attribute 118, le,< without resetting the attachment attribute 118, Thus, the attachment attribute 118 may be a persistent attribute and may e available for lawful intercept reporting even after the connection is terminated.
[0OS13 Figures 3a, 3b, and 3c illustrate example call flow diagrams 300.A, 3008, and 3Q0C, respectively, for Implementing lawful intercept reporting according t different examples of the present subject matter. The various arro indicators used in the call flow diagrams depict the transfer of signal/information between t e systems, server, user database, and the Li management entity shown in the respective figure, in many cases, multiple network entities, besides those shown, may lie between the entities, such a transmitting stations, and switching stations, although those have been omitted for clarity. Similarly, some network messages between the entities depicted may also have been omitted for clarity. Althoug the call flow diagrams have been illustrated with respect to 2G 3G and 4G/LTE network domains, it will be understood that lawful intercept reporting may be implemented In other network domains also, albeit with a fe variations, as will be understood based on the present subject matter.
fMi2J Figure 3a illustrates a call flow diagram 3O0A for lawful intercept reporting in an example scenario where a mobile device, for which device monitoring is enabled, first registers with a 2G 3G system A 302 in a roaming location and then terminates the registration and registers with a 4G system 8 304 in a home location. The managing communication server of the mobile device Is depicted as an integrated HIR/HSS server 308, which communicates with the user database 118 for managing subscription information, registration, and lawful intercept reporting. Further, the lawful intercept report, when generated, may be provided to a LI management entity 308 as shown in the call flow diagram. J0O53J As shown in the call flow 3G0A, the system A 302 initiates a four step process for receiving authorization for an incoming connection from the mobile device by providing a GPRS location update to the server 306. The system A 302 receives the authorization as a UGL acknowledgement message. The server 308 identifies that th incoming connection originated from a roaming location and so sends a lawful intercept report as a Li notification to the LI management entity 308 and also updates the attachment attribute In the user database 118, For example, the Li notification may foe a j-staridard notification.
[00541 Further, the mobile device may terminate the connection with the system A 302 and accordingly, the server 306 may communicate with the system A 302 for cancellation of the connection. However, on cancellation, the attachment attribute does not get updated or reset,
£0055| he mobile device ma then send an incoming connection request to the system 8 304 in the borne location, Accordingly, the system B 304 may request for authorization of the incoming request using a ULR message and may receive a ULA profile of the mobile device from the server 308 on authorisation, Further, based on the ULR message, the serve 308 can identify tftat the incoming connection is from the home location. Since the attachment attribute in the user database 118 reflects that the last connection was with system A 302 In a roaming location, the server 306 can determine that the mobile device has returned to the home location from the roaming location. Upon making this determination, the server 306 sends a lawful intercept report as a LI notification to the LI management entity 308 and also triggers an update of the attachment attribute in the user database 118.
[OOSiJ Thus, the server 308 can identif a change in location across network domains and accordingly trigger lawful intercept reporting.
|00573 Figure 3b illustrates a call How diagram 3008 for lawful intercept reporting in another example scenario where a mobile device, fo which device monitoring is enabled, first registers with a 2G/3G system A 302 in a roaming location and then seamlessly registers with a 2G/3G system C 310 in either the home location or another roaming location. The managing server of the mobile device is depicted as an integrated HLR/HSS server 308. which communicates with the user database 118 for managing subscription information, registration, and lawful intercept reporting. Further, the lawful intercept report Is provided to a Li management entity 308 as shown m the call flow diagram.
[00S8J As shown in the call flow diagram, when the registration of the mobile device with the system A 302 is authorized., the system A 302 receives a UGL acknowledgement from the server 30Θ, In the registration process, the system A 302 provides a GPRS location ispdate to the server 306. As a result, the server 306 can identify that the mobile device is in a roaming location and can provide the lawful intercept report to the LI management entity 308 and can have the attachment attribute updated in the user database 1 16,
[00$9| Further, as the mobile device moves and changes its location, it may seamlessly connect to system C 310 In a new location without terminating the last connection. Further, the server 308 can determine, upon authorizing the incoming connection with system C 313, that the mobile device has changed its location and can accordingly provide the lawful intercept report to the LI management entity 308 and can update the attachment attribute in the user database 1 16.
[ 0601 Figure 3c illustrates a call flow diagram 30GC for lawful intercept reporting in yet another example scenario where a mobil device, for which device monitoring is enabled, first registers with a 4G system 0 312 in a roaming location and then seamlessly registers with a 4G system 8 394 in the home location. The managing server of the mobile device is depicted as an Integrated HLR/HSS server 308, whic communicates with the user database 118 fo managing subscription information, registration, and lawful intercept reporting. Further, the lawful intercept report is provided to a Lf management entity 308 as shown In the call flow diagram,
!0061J As shown in the call flow diagram, upon the registration of the mobile device with the system D 312, the system D 312 receives the ULA profile for the mobile device from the server 308. in the registration process, the system D 312 provides a location update to the server 306. As a result, the server 306 can identify that the mobile device is in a roaming location and can provide the lawful intercept report to the LI management entit 308 and can have the attachment attribute updated in the user database 116.
[00621 Further, as the mobile -device moves and changes its location, It m y seamlessly connect to system B 304 in the home location without terminating the last connection. Further, the server 308 can determine, upon authorizing the connection with system B 304, that the mobile device has changed its location and can accordingly provide the lawful intercept report to the U management entity 30$ and can update the attachment attribute in the user database 118.
[00631 W ile some example implementations of lawful intercept reporting according to the present subject matter have been illustrated and described with reference to the call flow diagrams 30GA, 3008, and 3000» it wii! be understood that these call flow diagrams are merely illustrative of the concepts related to lawful intercept reporting in accordance with the present subject matter and are not to be construed as limiting.
[00641 Figures 4 and 5 illustrate methods 400 and 500 for lawful intercept reporting, according to different examples of the present subject, matter. The order in whic the methods 400 and 500 are described is not intended to be construed as a limitation, and some of the described method blocks can be combined in a different order to implement the methods 400 and 500. or an alternative method. Additionally, individual blocks may be deleted from the methods 400 and 600 without departing from the spirit and scope of the subject matter described herein. Furthermore, the methods 400 and 500 may be implemented in any suitable hardware, computer-readable instructions, or combination thereof .
[OOeSl The steps of the methods 400 and 500 may e performed b either a computing device under the Instruction of machine executable instructions stored on a non-transitory computer readable medium or b dedicated hardware circuits, microcontrollers, or logic circuits. For example, the methods 400 and 500 may be performed by the communication serve 108 in the communication network environment 100. Herein, some examples are also intended to cover non-transitory computer readable medium, for example, digital data storage media, which are com uter readable and encode computer- executable instructions, where said- instructions perform some or all of the steps of the described method 400 and 508.
[OOSOJ With reference to method 400 as depicted in figure 4, at block 402, an attachment status notification is generated on authorization of an incoming connection between a mobile device and a communication system, the network domain of the incoming connection being different from a network domain of a last connection of the mobile device. For example, the registration module 112 may generate the attachment status notification 214 when an incoming connection request for a mobile device 104 is authorized.
[00071 At block 404, the attachment status notification may be compared with an attachment attribute associated with the mobile device, the attachment attribute being indicative of the last connection of the mobile device. For example, the database update module 114 may compare the attac ment status notification 214 with the attachment attribute 118 of the mobile device 104.
[0G68J At block 406, lawful intercept reporting may be triggered based on the comparison. For example, the database update module 114 may trigger the lawful intercept reporting,
[00 93 A block 408, the attachment attribute may be updated to reflect the incoming connection as the last connection. For example, the database update module 114 may update the attachment attribute 118.
(007 | With reference to method 500 as depicted in figure 5, at block §02, an attachment status notification is generated on authorization of an incoming connection between a mobile device and a communication system, for example, by the registration module 112.
[00713 At block 504, it is determined whether the attachment status' notification indicates that the mobile device is in a roaming location, for example by the database update module 114. if the mobile device is determined to be in a roaming location, then the method SCO may proceed to block 510 where lawful intercept reporting may be triggered.
[00723 However, if the mobile device is not determined to be in a roaming location, the method 500 may proceed to block 506 from the block §04, At block 506, fiie attachment status notification is compared with art attachment attribute that is indicative of a last connection of the mobile device irrespective of network domain, The comparison may be performed, for example, by the database update module 114.
00733 At block 508, it Is determined whether the comparison indicates a change in location of the mobile device between home and roaming. The comparison may be performed, for example, by the database update module 114. If it is determined thai the location of the mobile device has not changed, then the method 500 proceeds to block 516 where the attachment attribute may be updated, for example by the database update module 114.
0O?41 O the other hand, if it is determined that the location of the mobile device has changed, the method 500 proceeds to block 510 where the lawful intercept reporting is triggered.
[087S| From block 510, the method 500 proceeds to block 512 where it Is determined whether a device monitoring parameter is enabled for the mobile device. If the device monitoring parameter is not found to be enabled, the method S00 proceeds to block 5 0 where the attachment attribute ss updated, in one example, the reporting module 210 may notify the database update module 114 that the lawful intercept reporting trigger has been acted upo and the database update module 114 may update the attachment attribute 118, though no lawful intercept report was generated.
£08781. However, If the device monitoring parameter is found to be enabled, the method 500 proceeds to block 51 where a lawful Intercept report is provided to a Li management entity and then at block 516 the attachment attribute is updated, in one example, after providing the lawful intercept report, the reporting module 210 may notify the database update module 114 that the lawful intercept reporting trigger has been acted upon and the database update module 114 may update the attachment attribute 118,
88771 Figure 6 illustrates a example network environment 800 implementing a non-transitory computer readable medium for lawful intercept reporting, according to an example of the present subject matter. The network environment 600 may be a public networking environment or a private ne working environment In. one implementation, the network environment 800 includes a processing resource 802 communicatively coupled to a non-transitory computer readable medium 604 through 'a communication link 608,
[0078J For example, the processing resource 802 can be a processor of a computing device, such as a communication server 108. The non-transitory computer readable medium 804 can be, for example, an internal memory device or an externa! memory device. In one implementation, the communication link 608 ma be a direct communieatioii link, such as one formed through a memory read/write interface. In another implementation, the communication link 608 may be an indirect communication link, such as one formed through a network interface. In such a case, the processing resource 602 can access the non- transitory computer readable medium 804 through a network 808, The network 608, like the communication network 102, may be a single network or a combination of multiple networks and may use a variety of different communication protocols,
|0079| The processing resource 802 and the non-transitory computereadable medium 604 may also be communicatively coupled to data sources $10 over the network 608, The data sources 310 can include, for example, databases and computing devices, including, for example, the user database 116. The data sources 310 may be used by the database administrators, lawful authorities, and other users to communicate with the processing resource 602. |δδ80| In one implementation, the non-transitory computer readable medium 804 includes a set of computer reada le instructions, such as instructions for implementing the registration module 112, the database update module 114, and the reporting module 210. The set of computer readable Instructions, referred to as instructions hereinafter, can be accessed by the processing resource 602 through the communication link 606 and subsequently executed to perform acts for lawful intercept reporting.
|0O811 ^ t discussion purposes, the execution of the instructions by the processing resource 602 have been described with reference to various components introduced earlie with reference to description of figures 1 and 2. [00823 to .an example, the instructions can cause the processing resource 802 to generate an attachment status notification 214 on authorization of an incoming connection between a mobile device 104 and a computing system 108, and compare the attachment status notification 214 with an attachment attribute 118 associated with the mobile device 104 to determine whether there Is a change in a location of the mobile device 104, As mentioned earlier, the attachment attribute IIS is indicative of a last connection of the 'mobile device 104 irrespective of a network domain in which the mobile device 104 was connected. Further, the instructions can cause the processing resource 802 to trigger lawful intercept reporting for the mobile device 104 based on the comparison and then update the attachment attribute 11$.
[δ083| n one implementation, the processing resource 802 can determine, on the triggering of the lawful intercept reporting, whether a device monitoring parameter associated with the mobile device 104 is enabled and can generate a lawful intercept report based on the determination. Further, the instructions can caus the processing resource 802 to terminate the authorized incoming connection while maintaining the attachment attribute 1 8.
[00841 Thus, the methods and systems of the present subject matter hel implement lawful intercept reporting efficiently, securely, and in compliance with lawful interception regulations. Although implementations for lawful intercept reporting have been described in language specific to structural features and methods, it can be understood that the appended claims are not limited to the specific structural features or methods described. Rather, the specific structural features and methods are disclosed as examples of systems and methods for lawful Intercept reporting.

Claims

??
What is claimed is;
1 , A communicator! server for lawful intercept reporting, t e communication server comprising:
a rocessor;
a registration module executable by the processor to authorize an incoming connection between a mobile device and a communication system; and
a database update module executable by the processor to
trigger lawful intercept reporting for the mobile device based on the incoming connection and an attachment attribute associated with the mobile device, wherein the attachment attribute is indicative of a last connection of the mobile device Irrespective of network domain in which the mobile device was connected; and
update th attachment attribute associated with the mobile device based on the incoming connection,
2, The communication server of claim 1, wherein the registration module is executable by the processo to terminate the authorized incoming connection while maintaining the attachment attribute.
3. The communication server of claim 1, wherein the registration module is executable by the processor to generate an attachment status notification Indicative of the incoming connection.
4. The communication server of claim 3, wherein the database update module is executable by the processor to trigger the lawful intercept reporting based on at least one of:
a comparison between the attachment status notification and the attachment attribute, wherein the comparison indicates whethe the mobile device has moved between a home location and a roaming location; and a determination of whether the attachment status attribute indicates that the mobile device is roaming.
The communication server of claim 1 , wherein the incoming connection i in a network domain different from the network domain of the last connection.
The communication server of claim 5, wherein one of the incoming connection and the last connection is in a 2G/3G network domain and other is in a 4G LTE network domain.
The communication server of claim 1 , wherei the communication server is an integrated Home Location Register (HL ) and Home Subscriber Server (HSS),
The communication server of claim 1, further comprising a reporting module executable by the processor to
determine, on the triggering of the lawful intercep reporting, whether a device monitoring parameter associated with the mobile device is enabled; and
provide a lawful intercept report based on the determination.
A method for lawful intercept reporting, the method comprising;
generating an attachment status notificatio on authorization of an incoming connection between a mobile device and a communication system, wherein a network domain of the incoming connection is different from a network domain of a last connection of the mobile device;
comparing the attachment status notification with an attachment attribute associated with the mobile device, wherein the attachment attribute is indicativ of the iast connection;
triggering the iawful intercept reporting based on the comparison; and updating the attachment attribute to reflect the incoming connection.
10, The method of claim 9 further comprising terminating the authorised incoming connection while maintaining the attachment attribute.
11„ The method of claim further comprising
S determining, on the triggering of the lawful interce t reporting, whether a device monitoring parameter associated with the mobile device is enabled: and
generating a lawful intercept report based on the determination. 0 12. The method of claim 9 further comprising
determining, on the generating of the attachment status notification, whether the mobile device is in a roaming location; and
triggering the lawful intercept reporting based on the determination.
13. A non-transitory computer readable medium having a set of computer readable instructions that, when executed, cause processor to:
generate an attachment status notification on authorization of an incoming connection;
compare the attachment status notification with an attachment attribute to determine whether mere is a change In a tocation of th mobile device, wherein the attachment attribute is indicative of a last connection of the mobile device irrespective of a network domain sn which the mobiie device was connected;
trigger lawful intercept reporting for the mobile device based on the comparison; and
update the attachment attribute associated with the mobile device to reflect the incoming connection as trie fast connection. 0
14, The aon-iransitory computer readable medium of claim 13 further having a set of computer readable instructions that, when executed, cause the processor to:
determine, on the triggering of th lawful intercept reporting, whether a device monitoring parameter associated with the mobile device is enabled, and
generate a lawful intercept report based on the determination,
15. The non-transitory computer readable medium of claim 13 further having a set of computer readable instructions that, when executed, cause the processor to terminate the authorized incoming connection while maintaining the attachment attribute.
PCT/US2014/015016 2014-02-06 2014-02-06 Lawful intercept reporting Ceased WO2015119604A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2014/015016 WO2015119604A1 (en) 2014-02-06 2014-02-06 Lawful intercept reporting

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2014/015016 WO2015119604A1 (en) 2014-02-06 2014-02-06 Lawful intercept reporting

Publications (1)

Publication Number Publication Date
WO2015119604A1 true WO2015119604A1 (en) 2015-08-13

Family

ID=53778291

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/015016 Ceased WO2015119604A1 (en) 2014-02-06 2014-02-06 Lawful intercept reporting

Country Status (1)

Country Link
WO (1) WO2015119604A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6654589B1 (en) * 1997-09-26 2003-11-25 Nokia Networks Oy Legal interception in a telecommunications network
US20060034198A1 (en) * 2002-07-19 2006-02-16 Teemu Makinen Informing a lawful interception system of the serving system an intercepted target
US7283521B1 (en) * 2000-10-26 2007-10-16 Nortel Networks Limited System and method for reporting communication related information in a packet mode communication
US8478227B2 (en) * 2005-12-22 2013-07-02 Telefonaktiebolaget Lm Ericsson (Publ) System and method for lawful interception of user information

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6654589B1 (en) * 1997-09-26 2003-11-25 Nokia Networks Oy Legal interception in a telecommunications network
US7283521B1 (en) * 2000-10-26 2007-10-16 Nortel Networks Limited System and method for reporting communication related information in a packet mode communication
US20060034198A1 (en) * 2002-07-19 2006-02-16 Teemu Makinen Informing a lawful interception system of the serving system an intercepted target
US8478227B2 (en) * 2005-12-22 2013-07-02 Telefonaktiebolaget Lm Ericsson (Publ) System and method for lawful interception of user information

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Critical Issues for Roaming in 3G", WIRELESS COMMUNICATIONS, vol. 02, 2003, pages 29 - 35, XP011403233 *

Similar Documents

Publication Publication Date Title
CN110650034B (en) An information processing method and device
CN109451451B (en) Terminal roaming method, device and storage medium
US10574833B2 (en) Charging and control of edge services
US10638538B2 (en) System and method for group device access to wireless networks
US20120157050A1 (en) Method of controlling machine type communication device and wireless communication system providing machine type communication service
KR101619079B1 (en) Method, apparatuses and computer readable medium for dynamically switching between network service providers
US20120297076A1 (en) Method, apparatus and system for selecting policy and charging rules function entity
US12143452B2 (en) Method and apparatus for signaling session terminations in a communication network
WO2021091435A1 (en) Methods and apparatuses for managing compromised communication devices in a communication network
US9521510B2 (en) Subscriber location database
US9491594B2 (en) Method and system for managing terminal group
JP7499939B2 (en) Method and apparatus for location services - Patents.com
KR20240133700A (en) Consumer-Controlled ML Model Provisioning in Wireless Communication Networks
Du et al. Mobile tracking in 5g and beyond networks: Problems, challenges, and new directions
WO2007115480A1 (en) A method, a system and an equipment of a roaming intelligent subscriber triggering an intelligent service in its home location
CN110621019A (en) Method and device for preventing flow fraud
US8792424B2 (en) Interworking function between an intelligent network and a home location register/home subscriber server
US8868107B2 (en) Wireless terminal surveillance system
CN108282814B (en) User equipment information monitoring method, device and system
CN109257733B (en) Method and device for controlling user terminal
WO2015119604A1 (en) Lawful intercept reporting
CN109429170B (en) Call processing method, monitoring platform entity and computer readable storage medium
US11647379B2 (en) Methods and apparatuses for exposure of monitoring event
CN108307336B (en) Dynamic policy recovery method, PCRF and system
CN109391596B (en) Method, device, electronic device and storage medium for identifying false callers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14881917

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14881917

Country of ref document: EP

Kind code of ref document: A1