CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
1
'=METHODS, SYSTEMS~ANIONTAPPARATU:S-FO.R MONITORING ANDIOR.--GENERATING x
COMMUNI:CATIONS IN A-COMMUNICATIONS NETWORK
Field-of the Invention> ~_~
--
.--5 The present inventicrelates to .methods, apparatus and. systems for-
:monitoring!7
= and/or generating communications=in=a communications network..
5he~.communications;may~.;-~
=-,include;wired_-and/or wir-eless~-~comriiunications which may, be =used~f.or-
the-transfer of~v.oice~T43
'-and/or data."More_particulady;~~embodiments-of-the-invention provide
for.;~aawfuL.interception._-
:~of, corrimunications: and/o~ the eoIlection of information
regarding;:comunications_ and/or:-the
-10 - ~ generation iof conimunications.Y
Background~
.. . _ :
-= The Open~~Systems ~~Cnterconnection (OSI) reference-rriodel provides: aaet
of: protocols _
that defines=and-standard4ses~the-data=communications process~to_lestablish
a:.networkmg
.r
15 -framework-which facilitatesftfie_exchange or transfer of inforrnation:
frornsa~rst application Ao~~
= a aecond applicafion thro~gfa=a network medium;where, .the; frst7and second
:applications
rnay :reside=or operaterEn;first and secnnd ~iodes-.or:stations,-
respe.ctiv.ely.;=typically _co~putmg
devices _:A description=of.the OSI model_in.relation to
intemetworks;is~proVidec~in"Desigrnng ~
` Cisco-Networksn,'Teare,;'Diane;~Indianapolis=Cisco Press, July
1999;_copy_ofwvliich::r.nayhe
e20 `~`=found on-www.cisco:corn:,L6~_,
The _ OSI :,modeF- prouides~-for=irnplementing7 protocols: in
sevenAayersL.so,that.2the,.
transfer of:informationis;-broken down into-smaller, more manageabte:#asksith-
eachaayer
bemg:;assigned. a subsetzof ,thesertasks Eachlayerris .r.easonably-self
contame.drso,hat tbe
~-tasks' .assigned; to~each;layer:;can ;be impiemented.:. independently.:
The,:seven _layers, are ~~
=25 ~~ _--specified below:<J-
applicaÃion:(layer 7).__
prsentation-(layer:=6y-
-sessian(layer
ranspOrrt~ (I aye r: 4)
30 _n"etwork~`(layer-3)=.
data~~ik`(layer 2)
z.phy.sicaL(Iayer.1) :..
The top three layers;-known as the application set of layers
(application;presentation s
.35 and session), may be-grouped together as they provide the_application-
services=required~-fDrY
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
2
the=exchange of -information= in :that they allow=two=applications to--
interact:_with= each -other=
through the services provided by their respective operating
systems_::..The:bottom..four;-layers,-~
or data transport Iayers (transport, network, -data,link and physical) may
also- be:-grouped-
together, with these four layers providing-the-. end-to-end services==
necessary ~:#or-data
exchange between two systems. using _ protocols`.associated:__with:_ the
communications-
network used to link the two nodes together.
Generally, any given layer will communicate= with three -other.._ layers ;-_
the:.Jayers=
'irhmediately -above and below; as well . as the =peer=layer- in= other-_
networked :systems ~_ Theli-:
services provided: by adjacentlayers help a giyen OSI layer
communicate=:with.its:peer:_layer;
10_ ==which-.is:.important because the information exchange_process
occurs=between-peerlay-ers :
At'-the 'originating -system,- each--OSt -Iayer =adds control- information:--
to,the..data :or:
information to be exchanged, -whereas~ the destination_-system _analyses -~and
.removes: Ahe>~
=~control information from- the .data ~ Thus, the-:origination -
system~_works::.fr-om the=:application :~
...layer-to -the physical layer,-:adding-control.:information:-at each -
layer!,-- whereaszthe -destination ~~
---
-1systemwor.ks from- the physical.layrao the application layer;
extracting:control:information.at:::
each<layert~so as to:arriveatthe=original data.-- =
T-he-- physical=-layer defines the : electrical,=_mechanical;._ pr.ocedural
and =functionah~ t'
- - ~
specifications .- for_ -activating; _~~maintaining -. and;, deactivating : the
zphysicah- link between ;. -
=coriimuniaation_:network systems. _Itis_responsible: for any,_:encodmg
scheme.defines _--
=20 -,physical-aspects-such'as. cables and -cards, provides.. electrical and-
mechanical==interfaces for :-_
wznetwork~andspecifes how.signals.are.to betransmitted on the=network:
= Tfie data link layer.provides for-:the. reliableJransit of data--across,.a~-
physicalKnetwork
linkyby defining network= and: protocol characteristics-, including~physicak
addressing-which _
enables-multiple devices..to uniquely- identify: one another at the data;:link
layer The data=link
-25=-~~layer-controls frame-synchronisation, flow. control and- error-
_checking:
-.-The network-layer-defines the~netvirork address (as opposed;:;to-t{ie~
physical-address):::-~
and'=provides switching and routing technologies to create. logical:=paths~-
for-:transmitting_from=-
node=;=to:==node._---The --layer -also controls -error _ handling, congestion-
:control__ and packet --
--sequencing: = 30 "The transport layer=providesfor the transparent transferof
-data -between-end- sy_stems ~-~ --
or 'hosts and-is responsible for end-to-end error,recovery and flow-
control,ahereby:.ensuring ..-_
.-complete data transfer.
The session layer establishes, manages and-terminates communication.sessions
:.- -
The presentation layer works to transform data into the form that the -
application:aayer.- _
35 ...can. accept so that:the=information.:or data sent.from the application
layer:-of:~one system:isT:=
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
3
readable by the-application layer of another system. This layer formats and
enc -rypts::data to: ':
be sent across a network providing-freedom from compatibility problems: ~' ::_-
=-
The application layer supports application.and end user processes- by
interacting with -
software applications that-=implement a communicating component:=' Functions-
of -this layer. .
include identifying communication-: partners: and quality~ of :senrice, -
considering:-user-
authentication and privacy, determining resource availability:-'-
and.=.`synchronising:=<~
..,
communication.
Protocol' stacks'-are particular implementations (usually in softwalre) -of
apcotocol =
suite. Protocol stacks=ace. often divided- into-media; transport-=and-
application sections`-or
layers with interfaces; defined:by, software-provided between the.media and~'-
transport layers ::
~ - .__
and the transport and application layer`s.-`TF-emedia/transport'interFace
define~:how'=protocW_
software rnakes use of. particular media and hardware types (e.g. card
drivers) For example;-r
this interface may define-how:TCP/IP transport-software talks:to=~Ethernet
:hardware `~The~
application/transport-:interface -specifies how-application _programs make
.use of=the _transport-,-
_
-- - - -
layers: For`ezample, this=interface-may=defne=how-a-web browser program
talks::#oTCP/IP
_ ,_..
. transport software: . 4: .
Tetecommunications-~service-=providers have:=been
requested_to:.facilitateithe=lawfu~
interception= of telephone .calls and other-transfer.s: of information
overtheir-networks solas to=
enable -authorised=organisations',-such- as law~enforcement agencies; to
rnonitor. and~.intercept:
communications=byindividuals- under investigation.:
US.2004/0165709:rA describes the interception of -calls within a-Voice ovec
lnfernef
>:- Protocol or- VoIP network _- ,:The--_VoIP network - includes a-switch -
.that-bffers IP=based
telephony: services forsubscribers over a-packet--network. Packet-
interceptors=are deployedT
in :the packe-network-to.=nonintrusively= monitor the- signalling - and -
media'-=packets;=:-which=
25" --=comprise ~`a= "call ~in a- VoIP'==network:- Following receipt of-,an'-
interception ,request, :a~,-call:
inonitoring--engine notifie"s the packet interceptors lo monitor for-
any:,.activity:~-on the :VoIP'
network for a-specific .telephone. - The. packet-+interceptors then7=isolate=~-
and=filter-=packets=
based -on standard VoIP signalling protocols. --In response to commandsnfrom=
the`-call
monitoring-'engine, the packet-interceptors forward voice packets=to-.a,-voice-
packet-.receiver7
.30- and assembler, which ..buffers and re=transmits the media stream -to==a-
:Iaw enforcement--
agency:over a secure:channet.:
US -2002/0978384- Al describes an interception method--and system': fo'"r' a
packet
network, such as a GPRS (General Packet Radio Service) or-~ UMTS (Universal
Mobile
-TelecorrimunicationsSystem) network:-:; -A first= network element'is provided-
:for::intercepting=
35=.-:_ data packets in-a packet.,network:=:The first.-network element reads-
=headers-of--data-packets-
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
4
-:.and-uses this information to select whether or not to intercept a
particular packet: _ Packets ::_
-selected for interception are duplicated and sent to an
interception:gatewayelement(as-well==:
as the packet network),.which in turn forwards-the packets to an
intercepting=authonty
US 2005/0094651 A1-describes..a lawful interception gateway which_ receives-
RTP/IP: ;:=
5.-= packets_comprising the:content of_an intercepted
communication~b'etween;twoor-more-users T
of a communication network from a media-gateway. When a'. `comrnunication~
involving a=
target user is detected- by the media~ gateway, the media -gateway=
transmits=_interception.=
related-. information and the corresponding communication content.to=a
monitoring= :facility:
__US patent number 5,913;161--._ :describes -:-lawful interception ='-of==
ceilular
-
~10 ~ - - communications. Communications are.-copied:- at-:the .interface
to.=a base='station_ subsystem
Control`-information is continuously-rnonitored:.so as to identify
target.identification=fiumbers of :-__
-:. calledand calling parties. - Upon finding'a target number, the .copy-
'of1he relevant channel is
:- forwarded_to a monitoring station: ;A =
= :: -EP..1- 484 892 A2. describes-- Iawful:-interception .of packet. switched-
network`services. --
:15 Interception ~functionality is=: providedat a switch; --which rriay--be-
.any=nodein~==the -network -
- where data packets, including packets that contain the user ID of a-
subscriber to the.network;
--. v;can~be;: intercepted.. On : attempting-=to: log on,
=the:user:]D:is_comparedao: ist. of:aarget user
D&.:and;- if-there.-is a match-,=a copy of the=:communications- i"orwarded
toia monitoring
_station
__
There remains= a. need in. the art-for a. system -and/or-apparatus and/or-
method which -==
~ . . ; .. -:enables:._communications; of=-different==types -to -be--_
monitored concurrently;: -particularly:;=in or -=-
_._ . .: -.:.... -.-_ .._ .. _ -.._ ..c:l.: ..
approaching ~real-time.
;:,Summary of the Invention
---25 It is an objectof the invention-to'provide-an- improved=system- and/or-
apparatus=and/or,=
method for intercepting communications in a communications network.
Alternatively, it is..an object of-the- invention to provide a system= and/or
;apparatus--
and/or method for collecting. - information - regarding-- one or moreLL
communications=in a_
..communications network.
30 .-,,: .: :=:. : Alternatively, it. is: an object of the invention to
provide a system==and/or-=apparatus- -
and/or method for generating communications in 'a communicatiorFs!:-netwotk: --
Alternatively;-it'is>an object of the invention -to -provide at least ausefuY
choiceQo'=the
public:.. : :, _... ..
a-- :.- According to a firsfi:aspect-of the. invention, there is*provided
a~:module--for-7use<in%a.-~V
-
.35- .-_communications--network-.:in_:which a plurality.-of-:signals
aretransmitted -between==respective-~*.
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
first and second nodes, the_module comprising an engine for receiving Ihe -
plurality,.of_signals-:-::
over the network, for extracting protocol data therefrom and :for:=
providingõ~the extracted.:.
protocol data to an analyser; and a processor for controlling operation-
:of:the-.engine~:and,-the -
analyser.
5.., .-__Preferably, the-.module is: adapted -to.. divide signalsbetween_ a
respective first=node ;~-
and:second node into a plurality of planes and -to- separately process each-
plane:
Preferably, the module.is adapted to divide-the.signals into three planes:-.-_
.-Preferably; a first plane comprises the access side TRANSPORT-
planewhich=carries =~:
the.__user's- payload -(sms, voice, video;=. internet _data etc) to
theearrier's CO:-exchange:. for_
1.0 -:switching% and routing ov.er: the:.telco's network: :eg: Radio iink,
phone Iirne:; DSL .aine; - PABX
=.:trunks-:Ethernet etc. The module preferably simultaneously processes the
transport layer onr
-the=-.access side of -.the . network- =for- call.~ processing- and the-
network side~~fora. internal:;=
-management functions such as redundancy and_system reliability
Preferably; a_ second:-.plane-=:comprisescall control information and/or
network call:
:15 .-signailing and may be;..r.eferred.~to:-as ~the -CONTROL,plane..
~'he:in6dule=processes-the-
control-plane on both the.access andcore networks, depending on:
the_.:carrier=and thezuser
__ . -=~ device: _ .
.~..
:.. = Preferably; a.third.-plane comprises .user_;:plane _traffic and may be-
:4efetred to-:asthe:y
USER~ plane. This planeis primarily concerned with user generatedcontent e :-
voice;=data
20 ; etc;: but:-may_,contain;call;_control: signalling. and/or
netwark::infarmation-generated by._ user.-- =
:. . applications;--depending=--on;.service.- protocols .=The. module-
prefer.ablyprocesses the:us~er-~
plane on both the access and core networks. -
Preferably, the module is configured to process the user and/or.>~network
control=
signalling and the control information:to controf-processing of the user-plane-
traffic:= ,
25 e. Preferabl ; each lane is rocessed substantially siniultaneousl
Y P P Y
According to particular embodiments of the invention,. the three planes=:are
used:-to::
_. functionally group a particular signal's. protocol layers.- The planes'.-
a're then~. preferably::=
divided into two sections:-:access :and core:...The access section
connects'=the =user-to -the; ~for:
example, telco network (wireline, local loop, cellular, RAN etc) and-the-
~cor_e=-section=consistst'
30-of-.:.the carriers' infrastructure. switches. -Particular call,-_:session-:
and/or-user (including=
.=:.-subscriber and/or.device):-identities may be generated and/or
be=simultaneously=present:-in=
one: or. more. of the three planes.The units of information processed:In'.
a.plane may; be--
referred to as a PDU or Plane Data Unit. Calls received which~do =not- have -
the-particu*
identity may be immediately discarded.
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
6
The.PDU information content of each-layer described-above is only=iridicative-
,of-.what=:,, ~
would typically be expected-:and there is a -high degree-of
overlap=::particularly~between_the:-:
CONTROL and USER planes, especially in wireless networks.
Preferably, the module engine applies a weight to the PDU to
facilitate,%:high.-speed
: processing efficiency,:provide.'a_.mechanism-.:f.or real-time adaptation of-
.the_:executing-.:engine,r-=-
.code-and ensure reliable: content delivery.
Preferably, on a per;call--basis; each plane processes and_ assigns
.a_weightmg ~o:ahe Y;
PDU.- (call -component- signalling):Jt_~receives -- and/or generates.in
combinationo with--the
.previous-plane.weighting(if.:present)-and:Iocal:system
pararneters_which=contribute_to-:system-
-processing.-- -The_ PDU_.-:weighting reflects,-.ahe section -:(access,-
Kcore);-= wireless/fxed ~~
technology,- handling-complexity- ;density; payload QoS;:system
processingaintensity4etc.~ForL~
traffic:;identified and;not:discarded and/orgenerated the modulerengine::code-
.cycle~:operation
applies a:native and very natural logical centrifugal force to:the-
weigh#edPDU's -ThisLforce:;;.
:_aligns=.the.PDU _with upper=plane-particular,control-:processing such-as
except~on handlirag or~~
-._15 _: :-delivery routing:changes:foc:QoS to:;external, systems_: ..: : _ _
. .: : ,_ __ - s _, . _ =- _
._Thus,..-embodiments-of-the.:inven#ion-enable real-time pcocessmg
flf:comrnutiicat[ons
by-. performing initial -processing- .on.: only- a: portion of the data
~wthat-=makes up"-any=given-~
:communication; namely_ user: andfor. network :call.signalling and/o-.
fcansport:=inf.orrraatiora w~
:-:1Vlore:time_and/or:processor_intensive operations;may.then only
beperformed::fora subset=of :
communications.: However,-ahrough: the-~use..of>#he protocol -
.infor.mation;_r.outing and-the=:
:control of the.state-of:comrr-munications-during.-pr.ocessing- is ensured.
Preferably, the module comprises means for- duplicating the
plurality;of:.signalsz;ta :for:m=u
two or-.more sets-of.substantially-identical=signals:
Preferably, the- means _for-:duplicating comprises:--one-=or-: more- of:a.tap
a--mrror=-or a:
splitter: -= Note that--the means~for -duplicating- may not:be included=::with
in :tFie-moduleybut as:~
an external. component-,communicatively. coupledthereto: : . _ .
Preferably, the_engine is-confgured:.#o.receive the.first-set ofsaid~signals:--
_
Preferably, the--module.-.is::Tconfigured to ~transparently transport--
the:aecond_=set ofk:
signals such-that- each signal- is=conveyed to -itsrespective-destinationnode-
,... ::
::: Preferably, the-engine.:is..adapted.to-extract protocol;..data from
each,.of~therplur~lity<of .
--=--_:- signals: (more particularly;:_each::PDU)-and::form=anengine CDC
(t.`entrifuge:-Data-Contrbl.},set-
or hash.set for each said :signalf:each engine data set.comprising=information
regardingAcaser.
andlor transport and/or-.network=signalling~-controF-information 'and_-
any._user-.=plane ~traffie.-
The engine -may then apply a Vveight to the PDU,.as described hereinabove:-:
~>,
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
7
Preferably, the. engine is located.:remote: from the. analyser. and/or:-the:
processor_ but :--
_ . _ ..- ... - .. ~ . ~. . . ,
= communicatively coupled .thereto::-:
Preferably,. the analyser is located remote from the processor..but
.communicatively., -:.
. coupled thereto. _. ; . _..
Alternatively; :any-:: two :_or. -:more- :of- the=, engine,=- analyser and-
::processor.,may be tl=
integrated.
-Preferably; the. processor is:..adapted~.to receive one or more mode signals
:which-.::-
-- --determine the functional ~characteristics of the module:
Preferably,: the~yprocessor ~is:: adapted;;to: receive a mode signal-
.=froma:.useF--entry-::
Preferably, the. pr.ocessor=:is: adapted ..to::relay a-first- set of.
control:.;parameters: to #he ,
- ~;anaiyser- in-response to-a mode-signal. =
.Preferably, the. analyser is=adapted: to" relay a second set of
controF=par:ameter.s =to the .=-
:engine_in: response to.the: first:set of: control. parameters.
_15 ,._ :_:Preferably,. the:=processor:~ is.-adapted.to: relay.,
a:second=.set..of-=control= parameters to=-:
#he_engine.in-response-to a mode-signal .: -: ..
:_:=.Preferably;_ the: processor:is-adapted=to--relay.the second set of
control-par.arneters to--=
the!engine;:via the analyser.
:. :.
Preferably;. the _,analyser :.is adapted _to:-rriodify the second- set of=-
control parameters=
20 -;,priorto- relaying- said parameters to-the engine .-~-
,Preferably;.the:anal.yser.is adapted to=extract-operational
parameters.frorri:adatabase-;
.-in response to the first-set of control :parameters: :-
Preferably, the engine is-adapted to extract operational parameters`from-;a
database-::
in.:response to the second-.set-of control parameters.
=
25 According to-one.embodiment; a_mode,signal-may indicate-a
Iawfu[interception_mode~=
of:operation with the module being adapted to receive =an identifier--;-
identifying'~one or:more=
signals.to-beintercepted:: . . .. : . _ . .. _ . _ s. ,_ _ ... = _.. A _.._ _
Preferably,.the analyser:is configured: to locate the one -or more;=signals--
fromr the
plurality of signals=using--the-identifer- and the-extracted.protocol-data:
ore=particularly; -the-
-30analyser may--sear.ch:.the.extr.acted..protocol:data-.for instances-of-
the;identifier.
= :;:Preferably,- the..identifier-- comprises- auser. identifier- and/or a
user::=devace=~identifierf
associated with-one or more of said signals. . For:example, the identifier
may..comprise:one:.or.
..: more ofa telephone number; a unique-device.orport identifier, a
username;:a~logim-;nam-e;:ant
email:address,a URL, a service identifier or a category/type of
service.:identifier :Thertype.of
35 identifier is not important-and will depend on the
particular_applicatiori=of #he:invention.-=-Any_':
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
8
identifier may be used which : serves to- selectively identify:. the =-
desired-: . subset of : =
communications.
Preferably, the module is' adapted to receive the -identifier from a database.
-The-:=_
database may form part of the module.
.5 Identifiers-may be received via a user entry device, such asa keyboard.
Preferably, the module comprises a memory for storing at least: a' .portion of
the---
intercepted signal- and/or information-obtainedtherefrom:
Preferably, the module comprises a transmitter for transmitting at, least:a
portion of,
:theintercepted signal.and/or=information-obtained-therefrom to
a:rerrmote:nodeJn=which=case, =
the~ module preferabty:=.-comprises means for encrypting = the .>at least`= a
portion :- oV the- =
intercepted signal and/or-information=obtained=therefrom
prior~to:#ransn.mission
= Preferably, the _remote node is- located= at=or is=inthe -control of-a~law-
enforcement
:a enc =
9 Y
z:.Preferably; the analyser is, adapted to :generate=an analysis. hasti~set
for-:each -signal :
to .be =intercepted; the= analysis hash" set-=compr-ising--at:-least-=a=
portion of-=the: engine :hash .or-
P g P 9
data set for -the res ective' si nal--and control and/or_ trans
ort=information-=for enablin
=transfer of the-analysis-hash=set and7or the-ass.ociated^user-
:araffic'io~tlie:remote=node ._
= Accordin to'one-embodirnent; a, mode si nal may an infor.mation::,9atherm
9 9 indicate 9~
mode: of-operation::. .: _
= 20 < In response to = the mode signal, -'the--analyser is-=preferabty.
configured- to gather
information #rom :at least - a-P ortion -of --the`si 9nals -such as for.T
the,_ ur ose of,:billm
: .:users/customers
.
::It should=.benoted'-=.that.-the_ lawful interce tion-mode and the
inforrnation:mode rna
P Y-=
:.., :operate concurrently and, according to= particular embodiments: ~of the
` invention;- the
information=gathering may-be performed'for--intercepted: coriimunications.
Preferably, the analyser is-configured to extract details of the =originating
and/or -
destination nodes; and/or- a- duration of= the-communication -=and/or-==an'
amount =oU=data-11
--.-exchanged between the two- nodes;- and/or-a-type or category of service
inforanation =
--Preferably; -the -analyser~-is adapted-to format the information for-
transmission_to a
30.:--billing-author=ity: ==r
= The billing authority may-be`atelecoms-operator and/or an
internetservice:provider.
::.... :... .. : The analyser is preferably adapted, to-generate an analysis
hash set:foreach~signal of;.":-
= -the.at least-aportionof the-signais;`the analysis hash set
comprising=atleast a' portion of the=
engine, hash or data-set for the- respective -signal, and control
and/or=transport information=~for=:
-=35 -enabling transfer of the analysis-hash set-to the billing-authority. ==
_=
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
9
AlternativelY, the module -maY be configured to gather g information:for
testin andLor : >:
=
diagnostic purposes. In this case, the analyser is preferably configured .to:,
derive -one 7or-.. -
more.statistics relating.to at least a portion of the signals.
Preferably, the analyser is adapted to format the information
for#ransmission:=to:a-
rerrmote station. Preferably, the analyser is adapted to generate an analysis
hash set:.for-.each: signal
of::the:at:least a portion=of.the.signals, the -analysis hash set.comprising
at.aeast:arportion of
the engine hash or, data set for the respective..signal and control:and/or
transport~:information -
.: _for-enabling=transfer of_:the-analysis-hash set-:tothe. remote station..
90 Preferably, ;the:: remote station. :is located at ,:=or under the -
control.. :of ~Z-:
telecommunications company and/or an internet-service-provider=.and/or a:-
network-.operator
-Again;- it should- be noted that the-module.:may concurrently operate.=in-
moce -than-one
mode: Namely, the lawful:interceptionmode may operate as
the:m'odule.isperforming:;other
- -data: gathering: processes:
- . ; . --According--: to a-- second aspect; ther:e:: is - provided - an~:
apparatus for;- generating :
communications to:be sent_to:one or more_destination- nodes
inva=comrriunications`rTetworlc ;
:.the==apparatus.-comprising:=an==engine~-communicatively.-coupled to-
:an~~analyser,._awprocessor :-
communicatively coupled to-the-- engine =-and -the analyser; and.a::-Aatabase,-
Nwhereinrthe _.
-processor is configured,_totransmit- control signals to the engine--:and/-
or:the. anal.yaer;_.and in =
20- response:-thereto; ~ the. engine --and the ~ analyser.: are .
configured~=:to. :generate-~;-and---route ;
communications to the`_destination nodes using parameters-from the-zdatabase
Preferably, the-engine and the analyser are confgured to generate-_protocol
datawfor_
the communications -based on - ahe =: parameters,#hereby .; enablmg>:::
couting .of : .the; _
communications to their-respective destination nodes:.
- Preferably; the-par.ameters comprise-one or. more of:a username;
an=e=rnaiL:address T
a telephone number; a unique deviceidentifer; details of the-transfermedia=to-
#he_respective -y
.. .=.. destination'nodes ora:typeof=device identifier .=_:..
Preferably,. the=appar.atus--comprises a memory-for:, storing.
user..traffic;:=whereinrthe-~Y
.---:-apparatus-is configured~to-extract--and- associate at-least a
portionof:.tbe-.=user.ztraffic~to.::each~~-
-generated communication. -:=
_ , .., _ . .. ~ . :, . _ __...
Preferably, the userIraffic-:comprises.-voice and/or datatraffic.--_
- P._cefecably; the apparatus-comprises means:for generating -the
user.::tr.affic.:
Preferably the analyser=is configured to generate an- analysis-=hash;aet
.for._each ~
communication in response- to;~ the ~ control signals using:: parameters"
extracted-= from:: the:-:-:
- -.35 --database.
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
Preferably, the engine is configured:to generate engine hash or data:sets:in
response-:-
to the control signals and using the analysis hash-sets.
--The- analysis -and: engine hash sets-contain protocol and control:data:which-
:enable
the generated communications to be appropriately routed.
5 The apparatus,of.the second aspect may contain the~.module of the-
first=aspect,_such-=-=:
thatthe module gathers information regarding -the generated comrnunications:
Moreover the
elements of the apparatus: of the=second aspect may be the sameasthoseof-
th&.,madule of
the first aspect such that- the --same,,~ elements=,perform, both -the- data-
gathering and cali
_ generation- roles: :- Essentially; the : apparatus--of - the - second-
aspect- provides-#he :reverse : :
--10:: functionality of: many of the componentsof thefrst. aspect
-The :=apparatus.~-: of - the aecond-__: aspect =:~provides a means,- for -
:generating
communications:so as to;=for.-example,~,test..at-least_portionsof
a:communicationsnetwork by
providing data on'thatnetwork: 'The invention'enables>this testing to,be based
o-ndata.=that is
akin to real data transferred over a network;. but without the risk
associated:tfierewith
Acc.ording to one embodiment, .m_=the-call=generation_ mode, means
for_'routingr the
communications from:_the- apparatus:of the_ second. aspect= are provided so as-
to en- able the
L=.communications- to be. -presented.=to a-=particutar-: network.-:=
Such=rneans may= inctude=one or
. more:of:-a tap, mirror: or_splitter:
~: ~According .to a:-,third~.aspect;:'.there_is provided:_a:-
communications_syster-r~:comprising =~
,L0 : _:=the=module of the frst:~aspect-and/orthe;apparatus_of:the
second'aspect
:Accordingto-a~=fourth ,aspect, there, is provided ~a. method-for=use~in: a-
commuriications u:
network . in which, a- plurality- of signals- are _transmitted between-
respective--lirst-and second
:=nodes; rthe method comprising receiving. the-:plurality. of signals
=over..= the network =at an
--engine; extracting protocol data from the- received =-signals and_-
.providing ~=the:- extracted .-:
protocol data to- an ~ analyser; : and controlling-~:operation of the engine
and-: anaiyser: using a=
.. :_processor:
Preferably, the methodcomprisesdividing the.signals-between a=respectiye frst
node -_
and second node:~into: a,.:plurality: of - planes and = separately- processing
:each-plane -_~ More' -
=preferably; the-signals-are=divided-into-:three planes: - Namely;
the.Planes=defined in-relation
to tFie first aspect.
-Preferably, the =:methodr comprises - processing the user and%or;Tnetwork
n;~,,control -=
signalling.andthe cot~trol information to control processing of the
user:planearaffic:
-.f
Preferably; each-plane- is processed substantially simultaneously =
!.Thus each-signal:of: the second set-of-signals=.may be- relayed 'to:-
its~:corresponding?-=
destination through the:module or apparatus of the invention in, or.-
.=substantialty-in;-.=-re-al-tim'e:--.
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
11
:-such that a user at- the destination _ node_,_is:unaware of any~ defay fThis-
-isparticufarly,:-"
important . for lawful interception applications since it is vital --that~--
partiev, -to "the:: -
.- communications being monitored are unaware=of the interceptions --
More::generafly;lhough;=
-:-.it avoids inconveniencing users and loss of connections. ==-
Preferably, the-method.comprises, duplicating the plurality of
signafs'to.form_=awo or__'
more. sets, of substantially.=. identical signals, wherein:.a first,set,=of
=signals is_-`processed~",
-;:according: to the method of the .fourth-.aspect .and a second: set of
aignals is-transparently
#ransp.orted.suchthat eachsignal is-.conveyed:to its respective
destinationnode:
Preferably, themethod=cornprises<extracting protocol data from each=of--the
plur-afityof=
_:.10 -:~ signafs and..forming an, engine., hash set or an:. engine _CDG-
(Centrifuge Data-Controlrset foc~
; each _said _:signal.= each :-engine-_ hash set, :comprising
informatiom:regarding user=and/or,.
transport and/or=networ-signalling~::.control- information- and= any-_user=-
piarie'traffic '='
_:. The method may furthercornprise.:.adding a weight as descritied
=hereinabove m
.,_ _. .
relation to-the-f rst,aspect:
P :one-or. more mode signais =
5 Preferably; the; method:com risesreceivin 9
Preferabfa ,frst set._ofeontrolparameters is: relayed._from thetprocessor aQ
the
analyser_in._r_esponse_to a-mode::signal.=
A second set ofFcontrol parameters, mayzbe:.refayed from the analyser to'the
engine in -
resPonse to the _f . set of; con. trol_,parameters_ or: directly:-passe.d:
frorrrahe .processor-to .the'-
_
: = 20 engine Alternativefy,-the_:second set~of:zcontrol;parameters-
.may;berelayed fromthe:
õ,processor,=ao the en me, -the-analYser,- in whicht-case; the~analYser:may fY
-:modi fihe`
=
parameters pnor.to.relaying..themao-:the.:engine.
= referably;_. operational:_ parameters: are:extracted from.a database= in -
response. to=the=
=:first;;set of. control;parameters and/or the:secondset of control
parameters. -
25 _.. . According _to-one embodiment a-rnodesignal may: mdicate:a-iawful-
=interception=mode:
ofoperation and an, identifier;(or a- plurality of identifiers) may
be=received.identifymg-one -or
more_signals to..be intercep.ted..:
f?referably;:the. o_ne or;moresignals;from_the plurality- of signals are
locatedusing=the
._.identifer=_andaheextracted:=protocol.:data . =-~
30 Preferably,-the identifier is received from a database:
The identifier may.: be; recei.v.ed;;directfy.::frorrm=-a user entry
device=:directly,~7-or _Via:::the
database _ . . . _ . ._ ..... : .
Preferabfy, -at;:-;Ieast- a-portion. of-the intercepted. signal and/or
inforrriation =o-btained
m.
,--~=-therefrom-.is stored=and/or.= transmitted:-~~=Preferabfy; -the- at least-
a~ portion-of tfiei=intercepted
35 -,::: signal and/or informationobtainedtherefrom;:_is:encrypted prior
to=tr.ansmission := "
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
12
= Preferably, the method comprises generating an analysishash set:for each-
signal:to--- :
be'intercepted, the analysis hash set comprisingat least a portion:of,the:-
engine.hash or;data :=-
set:forthe respective=signal and control-and/or-- transport information-
Jorenabting_transferof
-the analysis hash set and/or the associated user traffic to the rernote=node -
5- =. _ According to another embodiment; -amode signal- may- indicate:
an~=inforrnation=:
-gathering: mode, in which=case,= the method~.preferaply comprises;gather~ng
;information,from :
-.atleasta portion=of the signals:inresponse to>the mode signal.:-.
The gatheringof:informatiorr_may be for billing purposes, inwhich case,
detail~of the- .=:
originating and/or.; destination "nodes; and/or aduration of the tom
munication:=: and/or an=
1.0 amount--of data exchanged--~between=~the two: nodes; =and/or a type::or-
category-:?of-service .:r
inforrnationmay -be--extracted:' The- -inforrnation may -.be forrnatted. -
for=transmissiontand.v_x
= transmitted to a billmg:.-authority _Preferably, an . analysis hash set--is
genera#ed for; each :
.-signah-of the'at:leasta<:portion-of- the signals, the'analysis-hash_~set
compnsing~atAeast:~a
-portion of -the -engine. hash-or-.data-set-for the respective signal,and~
controli~.and/,or~transport:
-15 information=for enabling -transfeF-of the analysis--hash=set toatie.
billing=authority. . _-.
AltemativeGy, _the =gathering::.:ofinformation --may 6e--for aestmg and/or
:diagnosfic =
-purposes; in which - case;one - or- more: statistics -may- be
derived=which=retate. #o at ~ast=a==
portionof-the=signals. The:;information may-,be'forrnatted for
transmission'andAransmitted to.
= ::-a~remo#e:station.> Preferably;=an>~analysis~hash setrtis generated:~for-
each=signal:ofahe;at least:r
20 - - - ' a portion of the:signals,=-the -analysis. hash set:comprising =at--
leas#: a_portion of=:fhe~ngme
hash, or:`=data_ set=for-ahe .~respec#ive = signal-r-; and -control, =
and/orm=,transport=-.-~inforrriation :for Y;
-enabling transfer of the,.analysis hash set to the remote station. Y_=:. :.
:__: _ ~
According-to: a=.fifth aspect,ahere isprovided:a method of generating
comrrrunTCations
--:to ,be.-sent==to one-: or-.more=:=destination: nodes in a communications =
network,method
=,~25 -.-~~~comprising -.transmitting-controF signafs 7from =a- processor to
an engine~nd/or: an-analyser theTM
= engine being. communicatively=coupled-to the=analyser; and :in response-
ahereto, -genera#ing r=
.and-routing communicationsao the destinationnodes using parameters=ftomthe
database.:by. .
- . - . . . . . . - :1. Y' ..
the_engine:and=theanalyser.
_: .
Preferably; the:-~- generating--==--cornprises generating -=protocol.- -
.data,: for c:. the
30 =-= cornmur{ications -based on the parameters, thereby enablirig-- routing-
of/the=cornmunications
__~_ ..ff~...M_. _.., . ,._._ ..
:=to::#heir respective destinatiow:nodes:
:.: Preferably, - stored :usertraffic is used for the communications;: wherein
:a#.:least ::a::-
portion = of= the user-traffic -is- eztracted-=and =associated- to each -
generated"=communication.
Thus; , it is -possible to test-a, network or portions- of-the network to see=
how:they,handle= real
-35- : -traffic:::previously communicated=on^ that -or-another network;=and
#o_do-so=in=reaLtime ==-1t is-
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
13
therefore a straightforward matter to. test:.the:,.operation of a network
during its-infancy or
when modifications are made:
= Alternatively, the-user traffic may-be generated as required; either-
locallyor.~remotelys- .-
Preferably, an- analysis hash set is generated for each communication in =
response><to :
-5 --.- the control -signals using-:parameters extracted:from the: database.
Preferably,- engine~::hash .-sets are:, generated in response to_the "control
signals; and._
using the.analysis hash:sets. =
Information regarding communications~generated using-the
method<~~of~#he:ffth:aspect
= may-be gathered using the;Method.-of the fourth aspect _.
:10 :Further aspects ofthe invention;:=which.:should-be considered
im;all:its=novel,:aspects, =
will,become.apparent~to.those:-skilled,:in:the;_art=upon reading-the:following-
description?..which. .=-
providesat_least-one:example~of:a=practical-application-ofthe~invention. - r .
= ...
Brief Description of the Drawings .: . - _.._
15 One:- or=;more-embodiments-=of the. invention :will :be: describetl
:betowby -way of.
: example only.>and without::intendingto-beaimiting:with.:reference to-
the.following:drawings,
which:-.
--.:.'_=._ -", - _.. : -...-..~. .- +, .: .. . ,,_. , .....'. . .. . ' . f`,'
-Figure1' : ; isa _.telecornmunications acchitecture.having three _-planes
accordingr;#o ar-
20 embodiment: of the- invention;
F.iqur.e:2a;.. is aschematic representation of'a:system=of an errib`odiment of
the invention
.Figure=~2b is aschematic-representation of a system of_an emb_odinient ofthe
invention;:
similar to that of:Figure:2a but,proxiding additional.detail;
Figure 3 is. a-_schematic_::representation =of::a-.first :module of_the
invention :and -1tsr5-
=25 .. :_F .. _. : interface with_a:.second=module, . : :
Fiqure 4 is a schematic- representation o f , > a :.second =:module=of _ahe -
invention ~-and its ---_
....:interfaces with :the-first.module=anda third module,-:-..- = =:
Fiqure 5 is a schematic representation of the third module_'_:of:-the
invention-~-and Rs =
= interfaces with-a second.=module and=end users; and .:
30 : - -:Figure-6 ..: _is ::an .end-to=end:7:.scherrmatic--representation -of
a=::system according =_to an _
embodiment of the invention.
.< : ._: _: Detailed.Description of.:Pr.eferred= Embodiments
-=All service providers including wired- and/orwir.eless telecommunications-
companies =
--35 :, :_(Telcos).,and::Internet-service-providers==(ISPs);-offer their
subscribers1:nany=individually.piped==
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
14
= services and applications: -~.As well. as. providing for the transfer.` of.
voice and/or data`. and/or :
information, authentication, billing and access to third-party
application`servers must also;'for.->
exampie; be performed: These-services or applications may be-integral.to-
network switching:-
and routing elements but the specific architecture and connecting -
technologies` wilf:'depend
5-- on the=Telco"and the-vendor equipment chosen
". `
-: -= Each application: or service :deployed by<:a service provider: is:::made
upof many-.:
protocol stacks. Each stack may be :.described in terms of the:-OSF:=-
reference= modet :
described.-hereinbefore: Between originatiow` and-.destination J=nodes,each
"layer-may -be
tr.ansformed or adapted depending on the service provider's .architecture and.-
=.fhe=carnec =
==:technology.-deployed: :-There~=~is :a wide- range=~of connecting
=technotogies interfaces -and
architectures:to deliver:a serviceprovider's:application; some'based-
on'standatds=nd others :
::proprietary to=the vendoraupplying the:equipment or:=application-mvolved.
=Thus additional -
= layers may be included and/or some layersofthe OSI model
may.be=altered=or"omitted.
---
-" Embodiments-of-the presentinvention:provide apparatus;-systems andmethods
that`
are ab1e to:=operate in .various: environments and=thereby =enable setvice-
,providers to move
_ _ - -:towar.ds:a'rr.more.:converged:view whilst.maintaining_and=supporting:-
anxisting customerbase - <
and legacy -services This- is 'enabled-. using data: obtained from th&
various OSI ,layers or =
- protocol stacks= which rnay be - performed for any type= of
comrraunication;=:as- will =:become ~
, _.. apparentfrom::-the description:below::_7The-physicalaocation-of
#he':applicationof.the=preaent- =
rin.vention::.within 'a communications -system .or-=network= de=pends =on= its
particular-- use and: -
:- deployment model: .Aceording to-prefen-ed--embodiments, the
engme=is`located'at-an=access
'aggregation point on:the-_accessside. of--.-the=cor.e networksuch that-
=there==is access #or the `
apparatus: of :the. invention.to . all: or. a- desired: portion of
comrnunications in =ahe network
-:-_ Embodiments:: of the.: invention do.=not -require `changes to- any. of--
the hardware- modules
_;_-_present-in existing networks because=:whilst-the-module==of the==present
invention may be -:=
:included---in an-:access_aggregation point-such-asa switch-"it is-
preferably=provided=upstrearrr=,
-~: or_:downstream _thereof so that it may receive :aA: or a subsetof the-
communications to= and
:.. -.. -.-..from_:the:-switch: but. does.-notrequire modifications to be
made=-to,`the =switch Thus, - =
: embodiments of -the present invention- provide- an application that- is-
=independnt=-,ofi vendor =~
- equipment; : functionally .holistic-- in: access-=:and.:-core network:
=switching-technologies=-nd=T:
= capable of transparent, real-time operation.
::Figure 1- shows a telecommunications architecture 1 having_three~-planes"-
12;: 13;4-14.-
:In,each-plane 12,.13;14;:Aheztandard OSI-reference model may.app1y in-=whole
or m=art
._ : (i:e ;~all or:a subsetof-the=OS-I-layersmay-be-used for each plane
12;:13,=14 ) Planes=12; 13- =
:"---35 -;_1_4 _are~configured such-that-:the userlnetwork==signalling,
control data-=and:'-user=traffic xraay be .=
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
carr.ied.over. physicaliyseparate bearer_and/or-transport technologies:. First
plane-l2=(sh'own -:=
in Iight-.blue in Figures 1 to 5) is responsible for,user traffic such=a's
:yoice; .data, lapplications=
and services. . Second; plane=13.(shown in.-light green in. Figures 1 to 5)=i5-
_responsible -for
r to 5) :is. responsible.':for
-control- data: Third plarne ,:14 (shown in: light.orange in Figures 1
-.,5.- :: transport or user/network signalling. All planes 12; :.13,
.14:,work`4ogether,simultaneously: to'~=
enable communications:vto and #rom-a:-user or:subscriber device .15.==-
Typically;eaeh=:plane
interacts with the-others-and this interaction has:many interfaces, each with
its own particular
protocol stacks. ::.The; application iogie of the present invention maintains
state for processing :
between-planes;_:interfaces_and- protocols.
,-10 In preferred :embodiments, the invention-processes.-user/network call-
signallmg and =
control 'data;. thereby: permitting-the:tracking4of;;analysis:on and potential
subsequent: acfion _-
..
:on --user plane: traffc: .:_.Thus; .it= is ==-possible .: to -focus
processing -=on icey =portions--af -
communications and to only::expend' signifcant processing= -power
and=cornmunications;-
bandwidth on, user -plane>traffic when required-~:The =invention
findsLLparticular::application;to
15 lawful=interception=:of=:comrnunications-involving-an -identife~`-such
as=that #flr=a.prticular.user,
service:- or: any other_;identifer-,that;_may:~ be=selected. - The :identifer--
may: be:coriipared-with :> =
=:information=-:in--the= control:=-data:=plane=:13-=andLor.;: user/network
signalling :plane 14,` with
operations, (e:g:: routing=:of_.the :user:;plane, =trafficto -a law
enforcementagency)' only bemgx~
,perf.ormedif.-required:,:Embodiments:,of>the,invention-;mayalso.be_.used #or
data-`extraction
.,: purposes by,:~identifying -service,- users;=:(sucht as~ -.calling~- and/or-
--called "partjes in
:,stelecommunications:-network);::-:details. of2the= _communications (e:g-
length~.of~:.time =forYa =
communication and/or',arnount,of data-exchanged) and/or details of
#he=typet'of.<service. =`The
.. --information-=obtained=:may:be==used.:.for:billing:customers as well-as-in-
capacity-planningiand--=
diagnostics. . Capacity planning-;and--diagnostics- functionality- may=tieT
provided- using- real -
=25 >--= comrnunications--over.:~ the--network:=- -However; ~embodiments: of-=-
the:~1nvention :pr-ovide ,for .
simulated=_calf:gener-ationfor=-this parpose ~so.-as--to:.enable
more~rapi&1esting~>ofnetwork
functionality. .,The_ call: generation :and=.data: extraction
functionalities~~are~preferably-p~ovided
in:ahe:same module: using the'same:key=-=cor.nponents..--
However`,tfie'invention=is=~not~limited 3
-=-. _.:thereto= and separate: components-may- be ~used--=in the- same module
ar= separatodules =
: ::_may:be-used:for: each=:pucpose:=
- The apparatus-of the present invention -is made up of three basic modules;
:an =engme!
an--analyser_ and -a:,..precessor;:.each of -.which : may--be implemented m:.-
hardware''and/or ~'..
software:The:functionsmofeach-module-are-such that.they support-centralised or
distributed '=`
pcocessing; wherein ahe- functions =may-:be : performed= by:=a-_singie
eiernent or spht 'over a=='
.-plurality. of...elements. The^=particular_-configuration selecte- is
not=:rxaaterial.ao:-the-inventior~
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
16
=,and the skilled man would be..readily-.able-to=selecfi.a particular
configuration:depending on -
performance requirements:, It -istherefore intended that all such~-
configurations:-be.:included
_.: within the scope of the invention ;: .
Referring again:to Figure 1,-to receive a.service; subscriber 15
typidaliy=makesuse of
:.:.: 5.- .:the service provider's:-access;,core and-service.-applications,
networks 17,r.1:8: _ This:involves ,:
:_..:the= use: .of.., severai ~ elernents;---:(shown:..as:,;;_circles in
the.Ahree.: lay.ers)- with ~;-inte :rfaces
therebetween _: The real time logic, of. the :present invention
:understands=theprotocols .
between the~ various~-elements~->and;,-extracts-;=_information-...ther_efrom
This is<-applied.. to~-
_:processing for the user: or _service: as required Connections between=plane
elements are .-:
.interfaces:that=consist of:var.ious physical::interFaces=and-protocol stacks
Thas; the invention_:-
-10
provides .for::a multi=protocol: real-time: _switching: and:,processing
.application::for_~riceless-and ;.
_...::fixed:=access:and-.core:;technologies~ .This- provides service-
provi.ders-=withdirectreal=ttmey =
;.. processing-:of-:all user::activity=:and ;applications:,present =on.
their.~network - This~ processing
=maybe.on a.particularsubscriber, or:on;a=sennce:used by:many subscribers:-
igure 2a shows a;schematic_::representation :_:of "a system 20_=accor.dir~g
<ta- an .
embodiment of. the:invention As=discussed~abov.e_theapplication-
ofahe7.invention,:.compnses ~
thrEe;modules.-: These-:are~engine:=module-2:1;.-analysismodule 22_and~process
modula-:_2~
The ;,modules_.work together-o <.provide:~carriers_ cornplete a visibility. .
of: the user/rjetworlC.
signalling:_;and-payload.traffic-~:.flowing _over_thelr-_networks. _:.Modules
21;_: 22 _antls.23--~re.:
20 .. communicatively coupfed todatabase 2which:holds 'unique.:.subscriber o~-
application :;>
: : , _.. . .service: identifiers ; . The:::r.eal=time;:pr:ocessing of.-..the
invention of.-;ccess.~.,and~zor.e:.ietwork .::
interfaces-;and: protocols:::allows-for-=an- arr.ay of=:user:.or-
servicespeoific-ldentifecs such. as r
:._ elephone_numberslogin---names;~internet:service.:provider:(I.SP):homepages
etc:-_There are-:-
__ ..~.__no,restrictions:,on,the-:form =of=,the~identifiers or.-_the=.-typeof--
.communication:.to: which:~..the.;_
25 -:.invention;:may- be-applied: The,identifiers-.may-depend on tfie-
technology-or~-rxiay=be:eorr~~on
to:the:service. lso,_=:embodiments~:ofthe-invention: are. able ao operate
regardless= of the<õ-
,:. endor.:equipment.deplo.yed:.by-a..fixed.and/.or-awireless:.carrier.:_.:.
.,n~. :..Engine:cr.module:21u:applies~:fixed- and:wireline protocol-
analysis.:and=cr.eates.:hash--~setsT:
*of..urrent-subscriber=.~~calls.-application_ services_ and-aheir-
particular~:,states:along-.with~,other-z
:.30 information:such as-statistics-to.-
analysis.'module.,22:...Record=sets:provisioned==in-database-24
are used to determine::which-calls-and application: services-are to_-be
processed
Similar .to ..engine : module .~21:.analysis.:rr.nodule. 22_: implements~`-
fxed.::and:.wireless::,
protocol stacks. and.is fully_-~aware.<of processes. occurring in :all
:sevenlayers~ nalysis:_:
.,.. module. 22= controls ahe-processing logic=:within.engine: module
21:based ; on_ applications :_
1..::.35 :.. loaded in:,~process-;module .23 ._=Unlike engine-.module-
2l;:which:m=uses :the7=actual-=sigraaNmg:::'_
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
17
Provided: bY..the network the protocoJ analY sis .performed bY.analY sis
:module 22works on
= the:hash sets provided-byenginemodule 21.which dramatically speeds..up-
the:switching:and ~;
.. processing of user payloads: . Analysis module.22 and engine- module-21_-
work together:-
pr.oviding a high-speed.switching.lane foruser plane traffic.
Process module 23:-provides instructions.to .analysis-:module 22.
setting::the:f.unctionai
= characteristics thereof depending on;the particular-
application.oUthe;invention: _For:.example, -
fora-caPacitY plannin9 role.:(as-.will be. discussed in more detail=-below),;'
analYsis:module 22 ,
- and~engine module 21:1:_only-.require statistics:to be-recorded:whereas
iR:alawful:~in#erception ~_:
role; : multimedia -voice -:and-_ data is :switched in-= real-time through
_to_-the ;(law:..enforcement).: _-
1.0_. ;ageneies _authorised to- rnake the interceptions. -Process: module 23.
also provides_interfaces -
owthe ~end. user;:::carrier,NOC :(Network-~Operations-Centre or. other
con#rol ~entre; and/or .
-_-: .:reporting :servers, :as: applicable; whether_data;_:_media or reportmg_
is _delivered:: ;Pcocess
module 23" has= an -administration .. interface._ whereby: an operator. can.::
provision; IDs
identifiers; .URi's:(Uniform=Resource:-identifier.):.applicationservices:-
:(fxed.,oc::cellular).etc-they
15=.wouldaikeao=troubleshoot-analyseor..receiv.e-in:real=time:
:, -_ - ~ -
= õFigure 2b_:is :a:,:.schematic~;~cepresentation;:.sliowing-~functionality-
accordingto..a_:preferred _~
. _... _ _-embodiment of #he_invention _The-module is preferably:adapted:to-
divideaignals,=betvyeen a.-_:
~;respective:first node andsecondnode into a: plurality. of=ptanes~.andto=
separately-proces&-.._=
each-plane :T;More--preferably;--signals are:':.divide.d-:into.three-
planes:;transport;-;control:_and .
..-
:20 user..planes :. ...... . .. .. ....: . .:..._.
~ . :.. : The:-access:.side~.TRANSPORT::plane-carries the user's-..payload
(sms,:_voice;:.:vldeo, .
: inte.rnet:-data _etc): to ahe=~carrier's ::CO. exchang.e::for switching
and,.routing~~tover_ the;aelco's
: . network.~. eg:=_:Radio link;,-. phone -, line;. DSL.::Ime; .PABX: #runks.;
Ethernet-: etc The : rnodule ;
preferably aimultaneously:.processes:the-transport,.layer: on:the:aecess -
side~of #he-networ-k for . _;
= 25 . call processing and the network side=forinternal managerrientfunctions
such as redundancy =:.
andsystemreliability.
: : ._.__. LL.. ._ ..w. _ TheCONTROL.: Iane,.includes.call
control,information_and/or_network=calG si nalhn
p 9 9 =..
The: module=.processes_the- control:.plane::on-both.:the.
access::andcore:.netwocks;;,dep.endmg,:.
w onrthe carrier and:,the_user device:--- =
_=30 -- =- :... :.-The--USER, plane.:includes-user= plane:-traffic -: This
`plane::is primaril.y-concerned::with--_
user.._.generated :content.=e:g: .voice;: data etc; but may-contain, caH-
contr.ol-, signallings:and/or_-
network::information .generated by: user- applications; depending ont:service:
protocols he::
.module~preferably.pr.ocesses:the-user,:plane on~.both-the access-
and~eore.;networks: _L___:.--__~-_.~E .
= -= = _ : - The-three::planes :.are :used tofunctionally::group-a particular;-
signal's_;protocol-Iayers.~=
35._.. . .The planes are--ahen-_preferably 2~divided,:into .two
sections*~access~rand core ~-._TheP,-accessz-
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
18
section.connects the user.to the;: for example, telco network (wireline;
=local ~ loop;=:cellular, -
RAN etc) and the coreaection-consists of the carriers' infrastructure switches
: Particular call
session and/or user (including-subscriber and/or device) identities may be
generated and/ar
be-aimultaneously present in : one or more of the three planes : The~ units
of.:_:inforr.nation
-- 5=.::-processed in :a planemay be referred to-as aPDU-or Plane: Data=,Unit.
Calls received -which ::
do-,not have the particular-_identity--may be:immediately discarded = ==
The PDU information content of each layerdescribed above:is oniyindicative
of:what >
would-typically be-expected~~and= there is- a-high: degree
ofoverlap:particularly between=.the
CONTROL and USER=:planes;-.:especially::in-wireless:.networks
_Preferably; themodule^=engine:applies-a. weight::to #he PDU to facilita#e
high speed `. =
... ::.;processing _efficiency,:::provide a= mechanism, for-.real=time
adaptatTon :oi the=ezecuting~ engine.m::
._ . , ~.:eode=and.ensure reliable_content=delivery: -`= - - " ~ -
-: r Preferabl on:a: er. call basis;' each ` lane== rocesses-and assi ns-
a~weightan ::toahe
y,:. P P P g g
PDU (call :omponent: signalling) it- receives and/or- generates; (dependingr
on #hemode of :-,
-:operation) -in= combination-F:with: the:previous: ,plane- weighting : (if
~:presd-nt)-: and ;locat. system --
-=15
-~:parameters_which-;contribute~to~=^systemprocessing-:The.PDUweightmg
refleots,#he-section
(access; core);:.wireless/fxed--technology; -handling -complexity;edensity,-
payload:oS,system - ,
:proeessing intensity. etc. : For:.traff c==identif ed _and:.not discarded,
and/or.generated~#he=r:nodule~:
: engine:.code_ cycle .operation: applies a =n- ative'andt ve -ry natural-
logieat--ceratrifugat #0rcento the -~
-.
20 .,.::,weighted PDU's. : This:.force aligns the. PDU..with upper
plane.particu4ar-:control- p'cocessang
:such:~s exception-handling=or. deliver-y=routing=changes forQoS #o-
external=systems. 'Details P>
of=apreferred weighting=-scheme.-are =provided -in-Figure 2b. - The_skilled--
person=will be:-aware -
:.- .. of.other-:weighting:.schemes.-and:-the: invention .is.~not:limited._to
theapecifrc~ f-_#h~=;scheme H
shown._...,
....
25 ._ -: The engine may=extr_ct--protocol-data:.frorn-each signal .(more
particularly; each=PD4J) -
and- form~an engine CDC (Centrifuge Data Control) set~or hash set-:forieach
'said7signal~-1each -
=engine.dataset~ comprismg -informationregarding- user--
.and/or:transport=.and/or=.nettiivork.:-
signalling;_.control:.inf.ormation:-,:and:.,.any.::user--: plane straffic.- -
Ther--eragine7L may<aherr apply
weight to the PDU,- as=described hereinabove.
-- -:30 : Figure= 3-=is _a =schematic= representation-=of= engine: riiodale=-
21 and-~ts =iiaterface=wit#~ .
analysis~: module.=22 ,: n.Engine~Tmodule-2-1.: ~receives -signals over-7_any--
number=.of. nterfa~es
_carrying.user::and/or.:network^control,:and-signalling-.and.user.:traffic.~
Theseinterfaces may be
:~. physical=or.-.aogical.::-For-example,:=they=may beVPN (virtual
private=netwark) basedwthuPLS:=
(virtaal :private LAN:service)--or MPLS =(multiprotocol label -awitchir~g).
encapsulation::.z<The::
35_ ;-physical-transport-toahe: apparatus-of the invention -may use=copper-
wirE and/or:;:optical,afbres ~
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
19
and may-be :adapted--to_-receive: and :transmit- -or receive only -:-All-forms
of- L1-_and L2 .
encapsulation are supported- --There;is-no limit=to the call processing
capabilities other than:
the-switching. and-processing_iimits inherent.of the platform on whichsthe-:
application--of-the
:invention resides:~ The engine ~is:designed to-.process each layer,
of':the=particular protocol
stack as efficiently_:as-possible-.thr.ough.the. use:of hash sets:which are-
parsed=versions::;of=the
=-:protocolstacks associated with-given communications. _ -= = ===
_Each physical-:connection icontainsinterfaces having a specific
interplane_connection -
(see: -Figure _1.): or_._several: interconnections. =lnterfaces -may- carry
fixed_~,and/or-iFeless
protocol.=stacks; where~the connection:is:specific: to a particularfixed or-
:wireless_interfaca
_10. =,For.example;;:the_Gn:~interface:-(a:GPRS;:inte-rface:, located
betweerr_GPRST_support nodes)-is,a
-specific-UMTS-:access;..technology=:interfaceas per. 3GP.P; C7-
:ISUP:(ISDN:=usEr::part -. a-icey
.
P both. fxed~and wireless: access,:and_
=: . rotocol -in the=C7/SS:7 si9nallin9 sYstem)is common to
= core technologies- : -Engine module.:. 21=provides. the.:logic`-to
correlate -the ,.common ::and
specifc--interfaces and-.protocols and has -Iogic :to- maintain: the
state::fietween .#he=interfaces .:.=
--15.:,,. and;their layers.such:#hat:cornmunications=continue to:be relayedJm
a-tran'sparent-m,anner:. ...:-
:.,:; The inventionprocesses .and:.parses:-thereceived fxed and wireless
pr.otocol: stacks -
._ ~<(starting at layer.,)in=accor.dance=:with-xed and wireless-
protocol`signalling sucft
as for circuitITU/ANSt.,C7 ;IStJ;P WB_.and -nternational Q.769: and=
cellpacket aechnologies :- :
AFM}-DSL-FrameRetay'-iP_-;.cell.ular-~etc.
Engine:.module21.-_constructs_hash-sets=(preferably-dne to two-bytes:an-
.fength:but-may
;be=up to:::f.our_b_ytes) -for::rnaintaining:,pcotocol:and_-callstate-infoi-
mation- T:he:=hash.sets-:are :-
read, and-.written,#o;via=~bitwise.aogic=operationsr-and. are produced on,'
per:=subscr.iber=_basas__::
.._..:.__but.may:be consolidate.d::based,on;application
service,=access:technology, carrier:technalogy_-...
etc:.:The.relevant,call.::signalling:.is-extracted--and maintained -by:way:of
theu-hashaetsxfo-_#he
_25_ purpose-of._:keeping:-state ~for,subsequent:-logic._-The- length:of-the
hash:
-aets=-depends
_ -particularlayer;-interface-and_plane;over--which-:the;signalling is
occurring
Engine hash aetsrvaren.pr.oduced:_=as a:result -of;protocol: analysis
_which~;reqGires -7~~
particulars-of:: the.W;subscriber:aor;:aervice.::of.a_interest:- These:
:particulars ar.e.:?provided ,m
=_.. .----database 24 and .can be changed. at-anytime. during operation of-
theAinvention The~=records =
0 _::stoced::in database_:2-4._ace:of_a nature=#hat provides-
anique=call/service=identi#ieTS wl~ich=-are =
gr.oomed and applied to_the:protocol stacks: relevant to the traffic orr:tfie-
Anbound infe rfaces.
Engine:: module :__21:.::provides, :common.:rprotocol stack.,
switching:;;.whereby x::certain
__-protocol.:~ Iayers::=:are:-common__to many.=stacks:. -For example, -the-
=HTTP=protocol-=may be:=
::;accessedvia wireless(PDA):_or fixed_(broadband) networks and there-rs:no-
need to duplicate =
._ _
r:35 :_ - this;aayer:-Every,aayer is: carefully; maintained-for state
infocmation and=sysfe`maintenane.:
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
purposes and to overcorne access and.transport connectivity issues.:such
as_packet loss and~:
congestion which cause problems in_terms of-dormant sessions and memoryloss:.-
The.:unique hash.;sets provide details on the current call state
by:consolidating details: -::
~ foc.each-relevant interface:participating-in a.particular -call or-calls;~-
taking-account, of=:network ;-.-
5 -.:congestion -and.: retransmission: algorithms.:and..: strategies;which :is-
critical:~ particuiarly. for.
_=-traffic inbound over-lossy wireless access networks.
- ::What information engine-.module:21.extracts depends on. the
technology:::emptoyed at :-
the:: particular:layer. For.:example; fxed voice=may be carried;over
.different :protocols -(from =
_Iayer:1 .=.through to.layer~:6); but layer_:7 is_:stilk~voice (layer.1 coutd:
be an E1 aor Ethernet) it.-__
10 depends_on:the-carrier-infrastr-ucture_=-1t:becomes_more
coniplex=whenwireiess (GSM/IJMTS
:: 3GPP2))- functionatitymis- added. ..:.Enge ~module .2.1- nderstands ~:
m
3GPP vrs---CDMA/EVDO. (
this=variation om a--per::Iaye .r_-basis-:and :tracks:=_the--.changes- in-
protocots==(hayer-1-through .to
-~layer= 7). -: As -a::result. of this--variation:-the: input:.to.:the hash
sets=~rriay vary=from:. protocol to -
= _,;pcotocol: =:and -:could be; atmlvpn~ identifiers ;:through :ao=
session/sequence. -numbers- and =
5 __cryptographic;~ hashes;~ basicinfor:mation=:specific =to. tbe=-
owner/gener.ator/terminator-..of.~--the _-
cocnmunications;_stream,: orsimply:_data_that .helps;in:the reassembl-
ytoUa=;fragmented.araffic:-.
--stream. The length of-the hash~sets may 'vary=depending::on=what.is-bemg--
hashed and-they-
.>contain:bits.to.identifyahe;protocol owner:and:stream.information to'aid
in_themi~ltiptexing.of :
-real=time:QoS=(Quality; of-Service)= aware traffic
... 20
,_- =.Figure..4:..is-a_schematic-representation~of-anatysis-odule:r22 and-
..its=interfaces=:wt th..:,-
engine:_,module 21, and,::pr.ocess-=dute_-23::==Analysis-modute.22 ontrots
the=`processing--
p.erformed:by:.engine:;modute.:=21 m:::accordance.with the;service
instroctions:received~#rom
processn.modute:23. The instructions _it~r.eceivesdepends..on the
:particutar:apptication: of-the: ~
invention:.being:.performed: on.~the :selected= call.or=service: Call Land-
~service: specific~details=
=.25_.: =are_read frorn=database: 24. :-Analysis modute 23-provides'inform-
ation-toprocess modute23, -
:_such:-as:call service trace-data and-call:statistics; as well=as:providing
health;of systerr.m:-and/or~
::_diagnostic. data:f.or: system aogs;;alacming and: maintenance: purposes;
: and^ feed . ::
. . ._ ,.__.-. . . ..: Analysis :modute:.22=, implements:,feed-forward aowacds-
process module 24
back-towards -enginet-modute~21 with the -particular information being~.passed
depending*=on-=.
.30. particular- application-of:the inventron. ;Critical details'required
tosupport=ahe~:paiticutar=
:application.are provided in:-a_memo .ry_:such_as:database24.
Call states>aremaintained:throughanalysis hash sets,.which are.based on-
the:engme
:hash sets-(i:e:;.:the.:hash-:sets;=gener.ated by:engine module 21). and:.the-
instructions=received=..
;from proeess~odule 23 -Thus; the analysis:hash sets may contain
data=:from.the.'engine:`-
-:._35 .:.;hash= sets -as well--as;.:-for:-example,e. routing :and-..control,
information to=:Enable~=ahe-=desiredV
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
21
function to be erforrned e:g . the correct routin :of data to a Iaw
enforcerrment;:a enc when
(
p g 9 y
_ . operatingin.ahe lawfut: interception-. mode. or. the. forwarding_ of: data-
:to a, local~:or__;remote= :,-
memo .ry when operating in_a,diagnostic-mode)
Thus;_ analysis=_module>-22-simplyv_controls_.what: engine.! module 21 ,is
;looking=:for .in
5:::terms:: ofrelevant :identifers..:(whether these--identifiers be :for:
Iawf.ui. interception; bilting or _
= other: information gathering.: or.-:cali. generation) --This =aids:-in -the.
real=time -rnultiplexing of
::media:raudio/video or any-QaS.aware-_traffic::and_.the generatiorr:,of:
theaappropriate~data.v.:
- : ::;:which_again;_depends on;-carrier::infrastr,ucture and,technologies:: .
:._
:Figure-5 is_.a schematic_-representation :of pro.cess module.23 and-
its=interfaces:vwth=
2 10._ analysis =module: 22 and_example: end usecs. Pr.ocess_ roodule
23;provides: topr le'vet control .
~.- -__ ,forahe invention-;inthat-it. adapts,'and-controls-.the-
behaviour_of.engine.=and_;anatysis.orlules -
21: and;22 :depending.on:=the=particular. application; such::as traffic.
analysrs;=real~time_billmg,.__:_
lawfuF-interceptionetc. Each:~specifc:'application: requires
data.confguratron;.:and:=details .: `
which- are::provided; by.:.database.:24 .which= is~: preferably-readable byall
three _rrrodules 2_ :z;
._,:G . . .,- . ~.. - .. .. _.- . ~ ..: .: :. :.. ,.
Pr.ocess _ module=23..sends_instructions:to::analysis;,module. 22_rfor.luning-
and:;tailr
the.protoeol-analysis stack- =function. =As a~:result; analysis=module
2=_niaysimilariytune-and <
= .. :.aailor_-ahe;;,function.:of;..engine.,module 21.,....The;instructions
are~orr..a.=per..:call=or.=ser:wce basis
.:. and:do>:not:apply-in a;gtobal=sense; thereby-allowing:#he .invention.ao-
perfDrm_multiple roles ,
simultaneously_without interfer.ence. For.-
example;.:communications~:rnay_~be,generated
genecation :mode::and;ysubstantially_-
:simultaneously;:recorded.:for.:;:statistical.:- =puGposes
capacity;planning: role
Through.-:use,the;protocol-hash;:sets::generated,:by-engine_andanalysis=;modue
21.:_
.._. . _ .: ._ and:::22! .the . invention::,supports -real::time.
processing=of _various coiximunicativns-.includang .
_=standar.d._PSIN~ :voice::traffi.c,_-soft-switch based: voice=overlP:
techni~logy:-ad; peer. #o-peer_.
;:-;technologies-;such:as-~.Skype:-and the like = An=:embodiment of
thesystem=showmg sueh _
...:.capabilities . -is ~:, provided~ in , Figure 6: ..Note :. that
the...skiiied:: man -iivould be ---awarb__..of
.:
-. .:_alternatiue/additionaltechnologies-and/or:.tr,ansport.media. which -
may:be .included:~(other.~#harr :
those-specifically-:shown=-inFigure--6) and::it-is.=intended--that-all
suchPalter=natives/additioRs be
30 _includedwithinthe- scope= of the._invention::_
_. ~.Figure::.6..shows:_example: system 60::including:_some-of
the_:inventiveLLaspects of: ther=
_.,.invention;,-in :particuiar,~:..those::r.elating-.to.:-lawful
:interception_:of~-:communications n. =Aocess
~.:network: 61;-wireless-network:62.:and. fixed: networ.k:-63:enable -elements
.within:s.ystemz60:to.
..
= communicate with one-;:another, as-would :be apparent.: to one
f:akill,=in~,-:the,art. -0ther7..
r-35 ,,:transmission- media, :including:;via=:satellites, ::are;~,also:~-
within the--scope:of the ~inventton._
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
22
Module: 64 of the invention receives =all communications; or at least a-copy
thereof; being
transferred acrossthe network(note that- reference "BXP" in Figure
6:ris<usedao=highlight the,-.::
key=components of the invention).. ::Relevant communications
are:intercepted:,and sent over,
;_- for :example; virtual -private -network=(VPN) 65 to-a remote server ,66 -
,:~User;interface,67 is
5:-.: _.=provided to enable the: results -to be=rnonitored~ and also to
enable=_the :provision>of:identifiers -
= _= into the system so that.=particular--communications may- be targeted:for
interception:- Note<#hat ._:
server 66 and monitor~7=rrray:,be;directlyicoupled~to or-integral:to
module~64: _.-. r_,
. An embodiment of -the method.,.of the invention will-now be described:with-
reference to :-.
Figure=- 2a _: At step 0;=ahe-_identifiersWare`_ioaded from database 24-an~at
step=; ,protocol
0 -analysis -is performed .`by- engine _21--on, incoming traffic to
=determne'! call= technology :and __-
= state. Hash=sets- arecreated=for-each--communication-
=andaent:ao:.=analysismodule22a. tz
erforms:P ~ articular.functions,on'the en9n'e=hashsets-ztePendin9-
steP2;=-analYsis module22:P
<on:instructions=received=#rom-process.:module 23"and:identifers:received_from
d"atabase:24.
Based= on-call. state= data reeeived- from .analysis module 22:end the
:particular. role or a=:
15 -._application:-the'.system or:.method -of the invention is-selected to -
perForm,further=instfuctions :~'
are::sent:=to :analysis-module-22:-for_execution at step 3: ; An.
alysis=hash=sets are=created:asa.:
result=of-this-processmg: ~-The analysis=:hash-sets may: begenerated~for-all-
or a=subsetaf-the-=-
cornmunications: depending. on ahe mode of.::operation-of the invention.
For.example; ain' the ..
T lawful-interception rrrode;analysis:module 22.may:'identify=relevant-
comrnunications and:only.
20 i-=-generate::analysis=hash:setsforthe`identified~communications: At-
step4ranalysis>module=22. =
ar.r.iesout::any-:instructions=.receivedfcorn=process module 23
:=For.:example, the instructions
-may.<be .to :connect a::high-speed' switching :socket for media relay-;or:
to_saue-signalling^:and
~... .. :calrstatistics:.to a- memory- and/or.a_ display (not shown):
'Fhese:.instrucitions _wil:=cteped orr
the::-particular..role=-selected--to-;=be-=performed. '-=The hash. sets=_are
~modified-ito=T-eflect=.these ,~ =- =mstruetionsv- _..._.
Analysismodale= may-receive -instructions to~prioritise-
certain~yallsand/orservices:
:u_.over.othersat step.5 ..AdditionallyTfeedback-is==provided:to-
engine,21.so=:that7itNwo~ks-.wrth-
--. .::maximumefficiency; suchas-byw'deploying=lCMP:(Internet-
ControlMessageProtocol) or:ARP.;=ta
(Address=-Resolution=Protocol)Lfilters,: =At-step-6 engine- 21
applfes_protocol =analysis=4or all .
30 :.---OS1:layers-for- every- frame or cell: =-=Certain protocols may be
filtered-for=ezplicitty for either:=
rocessin orto:--be dro ed. =Tunin instructions for= en ine 21 ~ar.e= rovided=b
. anal sis~-=
P 9 PP g - 9 P y= . Y
rnodule22"::The:instructions:received-.by,engine 21-=atstep-.7.=may,be~to'
connect~a'high speed
:..:-media lane-to pr.ocess=module-23, in which-case;=the connections-
~are=madeand=user-plane
traffic is:rela ed throu t~ to its destination:-==The=~hi9h.sP eed
medasvvitching-1ane- eq-
uires the-;'
_.. Y 9=~
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
23
vs.e _:of both =the engine:-and-:analysis ~hash sets- to :ensure.:-that-
:state: is: maintained--for:the
communications and:that they are correctly routed.
On-receiving :data- reports,: media--etc at step 8 from engine 21-and--
analysis module ---z-
.:22,-process module 23 cuts;. for: example; ASN.1: (Abstract Syntax=Notation
One) records with
5-,::details.-regarding the,call-or application service for.formal reporting-
:into.the- business. ,=ASNc1
=, is =a -formal notation rused~~for=.describing data=#ransmitted by
telecommunications protocols;
: ;regardless of-language:implementation-.and physical representation of-
thedata;':wha#ever>the - -
;--application; whether~complex::or:simple. -It_is-a language-
for:abstr.actlyidescribing-messages ~~
ao :beexchanged_ among= an.extensive.:.range of: applications :involving. the
lnternet;:intelligent
10. .: ;networkw=cellular::, phones ground=to=air ::cornmunications;~
elec#ronic.=.commerce, seeure ..:==
. _ .: .
interactive elevision, -::intelligent transportation:aystems; -Voice Over tP
___.;anct-others: -:Analysis:module:22-=ensures-that-content
reporting;:anultimedia;rtp; statistirs=etc~ = -
=are;=delivered to:':the LLpcovisioned.:end-point-destinations
'Receipt'of.all'transactrons<=:and-
n. :oommunications:is:preferably=confrmed~using--protocols-known-to-those.af
skill=in the art -;:~ ..; >
15 .Embodiments. of:-the~-invention~do. not replace:deployed-
networkelements=or systerns =
-;=:but =instead .:compliment existing systerns- by '=performing ~_analysis
an& relay= of =traffic.-=.
ransparently. (to.,;.the _.origina#ing- and-=destinatfon nodes),= and in Lreal
-time. hus;}-na =
.... . :requirements: are imposed on :the ,<exis#ing: infrastructureallowmgR -
for =deployment of: ahe _
.., = invention.;in=existing:.systems.
-
0 Embodimentsof_#he invention-may not onl.y_-be used>for~monitonng=-
communica#.
~ons:
dditionally: or-alternatively, embodiments of:~:the- invention= may- >be,~
used- #ok>generate.=
communications These=:embodiments-are of:-particular_value_when combined with=-
the-
: : _ ::rnonitoring:_:_systems described-:her.einbefore _beeause:his:
enables;>.a= service provider._ito
~: -_quickly iand::easily:.testthe capabilities: of.-their-systems--under,
any~desired =conditions: =ThUS,
=25 .:.-ernbodiments-of:the: invention-:may=be used to-rapidly
test'=newcomponentscteplayed=ln a--<
eomrrmunications network,:thereby allowing thern=to become operatiorral and an
active part of:
:the_networkmorequickly,but avoiding loss,of any..:actual:user traffic. - = = -
== x - . ==
;.:::According;::to thewcommunicationsgeneration. aspectsof-.the inventton,
_the engme,.--
:-, -analyser>and=processor- work-together to- generate the -commurflcatrons.
= The:-~pracessorr-~
30. ::.provides:-control-.signals=to:the=engine-=and/or=-#he analyser-;-and m-
=response=#hrereto,=the
engine. and- the .analyser:.:generate_-and=route:: communications to4=th-e-
desired'':de-stination-,:.
.,...:nodes;: using::=parameter.s.-:from::::a ,database; :.such as:..database
.-24 m- Figure ~2a -:.More= ~-'
.::._particularly,~-#he-engme-:.and::the =analyser==generate protocol-
data~or.#he. communications =--
~. based:on: the - parameters:which::may-include=onE-7or more:of a username;~-
ari e=mail ad"tlress,
-:35--~ -- a:telephone number, a:unique device identiferor a type
ofdevice~identifier::-The parameters=
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
24
may= also include -particulars ofIhe transmission medium.
Thus~protocol==atacks =may be -
generated which enable`transmission of the communications:
TlTese=.stacks=.may:beformed -
bythe.analyser generating an.-analysis =hash-setJor each communication:irj:
responseto the: =
= control =signals using parameters-=extracted -Jrom the database =and ahe
_engme=::generatmg =
respective engine hash sets in response to the control signals and using
the>:'a'nalysis` hash~
sets;.and possibly::additional parameters retrieved_from the database.
A'merriory,=such as
database 24 of Figure:'=2a; -may_'atore:= sample- user- traffic which -is
appended to #he=-
cornmunications: --The-<user traffic'~-may ~include'--voice' and/or datal-
traffic, ,:applications or =
==services.-Accor.ding-=to=one embodiment; rrmeansare provided=for..
gener.ating-the;user=-tcaffic:"
-10..._ >The"means for=generating-may-beTadapted.to==generate-traffic in
accordancewith=pafameters -
:.:...'-
Previously -monitored =forthe~=network=`or-:a` similar :network usingAhe
monitonn9aPParatus of
-the_invention: = Randomgenerators=may.be-used-to mimic-variations=which-are
likely to' occur -
'=within#he`network'.Thus, it`is"possible~o generafe-trafficwhich.is:similar
to thafwhich`,may
~;:._.~~._ ...::actually.be=communicated over-the:network:=..--'-- ` - - =
= 15 Thus; '-oneor ~a=plurality- of4~communications =strearras"may be~set
`upbetween=-two or
more:real=devrces..- Protocollayers(i:e header;/-tail) are genecated on
a=per=call basis.for. y
-the,'desired=number,of'calls and=technology
(e:g:;fxed/wir:eless;V,o:IP;SMS;voiee,-etc)
and}the~ payloads~ of: the callsiare.rr.multiplexed through to the destination
system.. =Appi-opnate =
statistics and diagnostics can be performed in real=time or can0:be =-
recorded= _for ~offline
20 ~analysis=of-the---carrier.infrastructure;and~subsysterns{e.g. frnsmission;
billing, IN etc}.: .a_-._.
;._. .
,~.
pP ications>o the invention inc a e-. .
=-- real=time.ISP/telco-applications-or-services troubleshooting on=a per call
or perservee=:
reaF`time ca11 traffic Ygeneration of= t;se'r/network- signalling and user_
faffrc. or- the
25 = ,T 'purpose- of-loadi-ng = network/service -elernents - circuit~and
packet fxed =and cellular =
.~ .., .-..: :_ ...., ... , ; .
comnmunications' areLL supported,
... .
realtime-biling `record generation`on ~a per-call or per.servie basis,` ~ - 7-
-. -. =
_,:_ = .. _
realJime viewing of network statistics; an,d
-.... . .:... . ..,: ,.:. .
_: ; . .
aviifumterception "in real time
_. ... _ . ,. .- .. :. :
` Y30 `'~'The invention is' nof`lirriited to these applications'and the
skilled-man~may be aware of
,..
, ., . .,..~. .._.. .... .._ ... __ _ . ....,. . , _.. ,
others: It is intended#hatall'such applications be included withm'thescope of-
the invention =
_ ,~.,_ . - ..: _ ,.._ .. .. . . .... _,. _: -:
inrhether,they-include-theextraction"of dataregarding communications and'/or
the=generation`
.._.- of corrirriunications`in-a'corrmunications'network: ~ T ~
_ ,. .._.
Unlike many"`previous'--arrangements;'"`such" as that' described:.in US
2004/0165709_~f,=
,.:., _. ._ , - _. . ,.. -.
rt,.._
35 embodinienfs of the present`invention are` notiirr`ited to :one
articular.type=of communic'ation=
CA 02649104 2008-12-10
WO 2008/097107 PCT/NZ2008/000013
over:-:one: particular. portion -of _a.=network. Foe-~example; US
2004/0165709 is -limited to a=
Telco's core IP network;~-withthe interceptor-limited-to VoIP
communications:': Embodiments
:.:.of: the ::invention may_: process all types of::communications on both the
access and= core
networks;--thereby guaranteeing: interception .of.-any target. The novel
approach described '`..
5 = herein enables this .to,-be -realised:, despite- Ahe-- potentially - huge
volumes of `-data-`,:being
:tcansported :around :anetwork=:and':.without: causing: _delays in the:
#ransmission~of traffic or= .: = .'
.-:storing=data=which is not being:legitimately targeted. . - :
Furthermore contrary to-:prior-- -approaches,-:embodiments of -the~invention'
provide'.for
;<:operation=-: at, layer 7;.-~thereby-= enabling=- various: components -:of-
Tthe system =to ~eliably . . = = =
cornmunicate::withone:another~ :An~-additional;advantage is that,-
..for=example, geographicafv:
redundancy may beprovided,-=such as .for_-;=a :#elephone 'number;=since
ernbodiments _of the
invention=enable-geographicaF=restraints to:be=removed:
=.. . :Varioas- changes;-and modifcations_#o`he.-presently- preferred -
_eFnbodiinnts -deseribed -
herein wiN be. apparent:#o those skilled :in-the art:_: Such :changes~and
modifcations niay=be =
15 _made-without -departmg=:rom:=the =spiritand:=scope of-=the=~-presentr
mvention~and==aivithout
;.: diminishing::,its-attendant-advantages. =lt=-is--therefore;:.intended
tlaat:_~uch: changes=and
modifications :be~included=within:thepresent: invention
