wo 2005/025133 PCT/SE2003/001392 ,
MONITORING IN A TELECOMMDNICATION NETWORK
TECHNICAL FIELD OF THE INVENTION
The present invention relates to methods and arrangements
for monitoring media flow in a telecommunication network
that comprises a control domain that handles session
5 control, and a bearer domain that handles the media flow.
DESCRIPTION OF RELATED ART
Three major trends currently occurs in telecommunication,
i^e. 1) increasing amount of data traffic, 2) real-time
10 communication goes from circuit switching to packet
switching, and 3) new focus of real-time in packet switching,
for example video and multimedia. The ever increasing amount
of data traffic as well as real-time communication in packet
switched networks leads to a demand for monitoring of this
15 data traffic with the same level of security and
confidentiality as known from circuit switched networks
monitoring. In circuit switched networks,, e.g. telephony
networks, it is customary to monitor communication
connections from a remote operation centre so that a network
20 operator wishing to operate real time traffic can constantly
receive information on the quality of the communication
lines. Another application of monitoring is lawful
interception, i.e. the act of intercepting a communication
on behalf of a law enforcement agency.
25 From the above, it is only natural that network operators
will want to continue such monitoring approaches in other
types of networks for example in packet switched networks.
One approach is described in the international application
WO 02/102111. It is proposed to provide an interception unit
30 to store an identification of a communication connection to
be monitored. A copying unit hereby copy selected cells to a
monitoring connection. The solution according to the
1
wo 2005/025133 PCT/SE2003/001392
international application implies isolation of cells to be
intercepted. According to the international application, a
predefined session is monitored by listen to the session via
an extra port. There is a possibility with the solution in
5 the international application, for the end-user, to find out
with which IP address he is communicating, i.e. to find out
that interception is going on. This possibility is
considered as a drawback.
Requirements for lawful interception in 3GPP ( S'^ Generation
10 Partnership Project) networks are being standardised within
3GPP and ETSI. So far requirements on IMS (IP Multimedia
Subsystem) for multimedia communication are only concerned
with IRI (Intercept Related Inf orrmation) and not with CC
(Content of Communication), i.e. the media flow. The
15 solutions specified so far within the standardisation work
foresee interception only of IRI from IMS. This is a natural
consequence of the fact that CC is, for normal two-party
sessions, not processed within IMS. This means that CC will
have to be intercepted by involving the backbone or access
20 network. However, some of sessions in 3GPP require special
media nodes in the IP-based network in order to handle the
media flow. The following are examples of such cases:
- Multi-party sessions within the IP-based network which
requires a multi-party node.
25 - Interworking with the legacy telephone network which
requires a media gateway for the media flow.
- Interworking with other types of IP-based networks (e.g.
between a SIP-based (Session Initiation Protocol) and
H.323-based network) which also requires a gateway for the
30 media flow.
2
wo 2005/025133
PCT/SE2003/001392
The invention that now will be presented refers to this type
of sessions and it proposes a principle for intercepting the
content of a session for these cases*
5 SXJMMARY OF THE IMVEKTION
The present invention relates to problems how to conceal^ to
involved parties, monitoring of media flow when the flow is
monitored via an extra port in a media-handling node.
Assigning an extra port to a media-handling node is a
10 visible measures to an involved party.
The problem is solved by the invention by, for each media
flow session that is transported through the media-handling
node, assigning an extra port to the node and by connect
assigned ports only for those sessions that are of interest
15 to monitor. While assigning an extra port to a media-
handling node is a visible measure to involved parties, the
connecting of the port is not. Monitoring of a session is
difficult to detect for an involved party when extra ports
always are assigned for each session.
20 More in detail, the problem is solved by a method for
monitoring media session flow in a telecommunication network
that comprises a media-handling node through which session
flows. The session is hereby transported via inports and
outports in the node. An extra port is assigned to the
25 media-handling node for each new session that is transported
through the node. The method comprises the following further
steps :
- Storing in a database LI-DB, identification of a first
subscriber A for which monitoring is desired.
30 - Setting up a connection between the first subscriber A and
a second subscriber B.
3
wo 2005/025133
PCT/SE2003/001392
- Assigning an extra port (XPl) that is adherent to the
session between the first and second subscriber (A, B) .
- Connecting the assigned extra port XPl that is adherent to
the session between the first and second subscriber A^ B.
5 - Monitoring the session between the first and second
subscriber via the extra port XPl.
An arrangement according to the invention comprises means
for performing the above mentioned method steps.
10
The object of the present invention is to make it possible
to perform real-time monitoring of Content of Communication
flow and to conceal the monitoring to involved subscriber -
Another advantage is that a minimum of adaptations of the
15 normal Jietwork functions is required.
Another advantage is that the invention makes it possible to
perform real-time interception of the session initiated by
the control network.
Another advantage is that the invention does not require any
20 re-routing of the media session. Since the session is routed
and treated exactly in the same manner as if the call was
not . intercepted it is impossible for the end user to find
out whether the call is intercepted or not.
Yet another advantage is the possibility to conceal
25 interception to other networks and to personnel that is
involved in the operation and maintenance of the network.
4
wo 2005/025133
PCT/SE2003/001392
The invention will now be described more in detail with the
aid of preferred embodiments in connection with the enclosed
drawings .
5 BRIEF DESCRIPTION OF THE DRAWINGS
. Figure 1 belongs to prior art and discloses a block
schematic illustration of two subscribers located in
separate access networks. Control of the media flow is
handled in a control domain and the media flow is handled in
10 a bearer domain.
Figure 2 shows a block schematic illustration of two
subscribers located in different access networks. The figure
discloses interception according to the invention.
Figure 3 shows a block schematic illustration of a Media-
15 handling Node.
Figure 4 shows a flow chart illustrating a method used to
initiate interception according to the invention.
DETAILED DESCRIPTION OF EMBODIMENTS
20 At first, interception of Intercept Related Information IRI
according to current standardisation will be briefly
discussed together with figure 1. Intercept Related
Information IRI is defined as signalling information related
to subscribers. Figure 1 belongs to prior art and discloses
25 a first mobile subscriber A and a second mobile subscriber
B. The subscriber A is located in a first access network
ACNW-A, which network is subscriber A's home location.
Subscriber B is located in a second access network ACNW-B.
Media flow MF, for example speech, is communicated between
30 the subscribers A and B via a backbone network BBNW. The
5
wo 2005/025133
PCT/SE2003/001392
media flow is transported in a path in the bearer domain BD.
The control of the media flow takes place in the control
domain CD. Control information can for example be,
signalling during set-up of a call. The control information
5 related to the A subscriber is handled in the IP multimedia
subsystem domain IMS-A and the control information related
to the B subscriber is handled in the IP multimedia
subsystem domain IMS-B. The control information passes
several Call/Session Control Functions CSCF in both IMS-A
10 and IMS-B. Requirements for interception of control
information, also called Intercept related information IRI,
are being standardised within the 3GPP and ETSI. Figure 1
discloses interception of IRI according to prior art. The
control information is hereby copied into a lawful
15 interception database LI-DB located in relation to a serving
CSCF in IMS-A, i.e. S-CSCF-A. The information is then
forwarded from the LI-DB to a lawful interception monitoring
facility LEMF, where the IRI is monitored. Information that
is of interest to monitor can for example be if a certain
20 subscriber has made a call, to whom the call was made and
for how long time. After a call has been set-up between the
subscriber A and B, the media flow MF between the
subscribers is routed via an edge-node EDGE-A in the access
network ACNW-A, the backbone network BBNW and via an edge-
25 node EDGE-B in the access network ACNW-B.
According to the present invention, which now will be
discussed, it is the content of communication that is of
particular interest to monitor and furthermore to conceal
the monitoring to involved parties.
30 Figure 2 discloses interception according to the invention.
The figure shows the same network as was disclosed in figure
1. The IP multimedia subsystem domain IMS-A in figure 2
comprises a media-handling node MHN. MHN is a collective
term for different types of gateways. The media-handling
35 node MHN is disclosed more in detail and will be further
wo 2005/025133
PCT/SE2003/001392
10
explained in figure 3. A database, for example the lawful
interception database LI-DB contains identification of what
subscribers that are to be intercepted. In this first
embodiment, the first subscriber A is to be intercepted and
consequently an identification of A is stored in LI-DB. When
a call is set-up between the subscriber A and the subscriber
B, monitoring according to the invention takes place. Before
this monitoring is explained, the media-handling node MHN
will be explained together with figure 3.
Figure 3 discloses the media-handling node MHN shown in
figure 2. The media-handling node can for example be a PSTN
gateway used in public switching networks, a video gateway
for video applications or a conference bridge used in
15 multiple party conferences. The MHN in figure 3 comprises
so-called first ports PI1-PI5 and second ports P01-P05.
A media session flow between two subscribers is transported
bi-directional in the media-handling node MHN between a
first and second port. In the example in figure 3, five
20 media session flows are transported in the MHN. According to
the invention every session that is set up in the node MHN
is assigned an extra port XP1-XP5 in the MHN. A media
session between PIl and POl for example is the cause of an
extra port XPl. Media multiparty sessions between more than
25 two ports in the MHN are treated in a similar way. If a
session is set up between one first port PIl and a number of
second ports, POl-POn, an extra port PXl is always assigned
to this session.
30 The invention will now be further explained together with
figure 2 and 3. The first subscriber A is, as mentioned, the
subscriber for which monitoring is requested. An
identification of the first subscriber A is stored in the
database LI-DB. Monitoring starts when a connection is set-
35 up between the first subscriber A and a second subscriber,
in this example the subscriber B. Media flow session is
7
wo 2005/025133 PCT/SE2003/001392
hereby transported through the media-handling node MHN via
the ports PI3 and P03. Extra ports are set up in the node
MHN for each session that is set up in the node independent
of if monitoring is requested or not. An extra port XP3 is
5 in this case set up adherent to the session between the
first and second subscriber A and B. An indicator FLAG is
sent from the database LI-DB to the edge node EDGE-A
indicating that this session is to be monitored. Since the
session is to be monitored the edge node initiates
10 connecting of the extra port XP3, for example via a router
RO, see figure 2. The media flow session between the ports
PI3 and P03 is hereby forwarded from the media-handling node
MHN to the lawful interception monitoring facility LEMF, via
the extra port XP3 and the router RO^ see figure 2 and 3. As
15 an alternative, the indicator can be forwarded to the media
handling node MHN whereby the extra port is connected. The
indicator is added to the normal signalling associated with
the session.
20 In figure 4 some essential steps of the invention is
disclosed in a flowchart. The flowchart is to be read
together with the earlier shown figure 2 and 3. The method
for monitoring media session according to the invention
comprises the following steps:
25 - An extra port XP1-XP5 is assigned to the media-handling
node MHN for each new session that is transported through
the node. This step is shown in figure 4 by a block 101.
- An identification of the first subscriber A for which
monitoring is desired is stored in the database LI-DB.
30 This step is shown in figure 4 by a block 102.
- A connection between the first subscriber A and a second
subscriber B is set up. This step is shown in figure 4 by
a block 103.
8
wo 2005/025133
PCT/SE2003/001392
- An extra port XPl that is adherent to the session between
the first and second subscriber B is connected. This
step is shown in figure 4 by a block 104.
- The session between the first and second subscriber is
5 monitored via the extra port XPl. This step is shown in
figure 4 by a block 105.
Different variations are of course possible within the
scope of the invention. The two subscribers A and B can be
10 situated in the same access network or in different access
networks in different countries. The subscriber unit for
which interception is desired may have roamed to an access
network in another country than the country of the
subscribers home access network. In the embodiments, the
15 subscriber A is the monitored subscriber and if using
standard telecommunication terminology it can be assumed
that the subscriber A also is the calling subscriber while
sxabscriber B is the called subscriber. It is to be noted
that the claimed invention also covers cases when the
20 monitored subscriber is the called subscriber. Also
conference calls involving more than two parties is covered
by the claimed invention and of course also when more than
one subscriber in the conference is monitored. It is
important to observe that interception only is one type of
25 monitoring for which the invention is applicable. Other
types of monitoring might for example be monitoring of the
type of media flow or quality measurements monitoring. The
flag indicator is in the example sent during the call set-
up session but can of course also be sent after the call
30 set-up has finished in which case the media flow is re-
routed via the lawful interception server.
The invention is not limited to the above described and in
the drawings shown embodiments but can be modified within
35 the scope of the enclosed claims.
9
