In many countries the operators and Internet service providers are today obliged by legal requirements to provide stored traffic data generated from public telecommunication and Internet services for the purpose of detection, investigation and prosecution of crime and criminal offences including terrorism. There are also a number of initiatives within the European Union (EU) to regulate the legal basis for data retention. The EU Parliament has adopted a set of amendments and by that approved the Council's proposed directive on data retention [Directive 2006/24/EC of the European Parliament and of the Council of 15 Mar. 2006]. This proposal describes not only initial requirements, but also how an extension of the directive will be handled. Consequently, an essential part of operator's effort to comply with current legislation will be to secure that processes and tools are adaptable to handle an expansion of the scope for data retention.
ETSI TS 102 656 V1.2.1 gives guidance for the delivery and associated issues of retained data of telecommunications and subscribers. It provides a set of requirements relating to handover interfaces for the retained traffic data and subscriber data by law enforcement and other authorized requesting authorities. The requirements are to support the implementation of Directive 2006/24/EC of the European Parliament and of the Council of 15 Mar. 2006 on the retention of data. ETSI TS 102 657 V1.5.1 (2010-06) contains handover requirements and a handover specification for the data that is identified in EU Directive 2006/24/EC on retained data.
Ericsson Automatic Data Retention System ADRS provides a solution for collecting, storing and delivering communication data generated by telecommunication and Internet services in public fixed and mobile networks. FIG. 1 belongs to the prior art and shows (see ETSI TS 102 656 and ETSI TS 102 657) the Handover Interfaces CIA 7 and HIB 8 between a Data Retention System DRS 2 at a Communication Service Provider CSP 1, and an Authorized Organization AO 3. The figure shows an Administration Function AdmF 4 used to handle and forward requests from/to the AO. A Mediation and Delivery function MF/DF 5 is used to mediate and deliver requested information. Storage 6 is used to collect and retain data from various Network elements. The interfaces through which the CSP receives requests from the Authorized Organization, and transmits responses and information are denoted as Handover Interfaces. The generic Handover Interfaces adopt a two port structure such that administrative request/response information and Retained Data Information are logically separated. The Handover Interface HIA transports various kinds of administrative, request and response information from/to the Authorized Organization and the organization at the CSP which is responsible for Retained Data matters. The Handover Interface HIB transports the retained data information from the CSP, to the Authorized Organization AO. The HIA and HIB interfaces may be crossing borders between countries. This possibility is subject to corresponding national law and/or international agreements. When comparing FIG. 1 in this patent application with e.g. FIG. 2 in ETSI TS 102 657 V1.5.1 (2010-06); “AdmF 4” in FIG. 1 is to be compared with Administration function in FIG. 2 in ETSI TS 102 657, “MF/DF 5” in FIG. 1 is to be compared with Data collection function in FIG. 2 in ETSI TS 102 657 and “6 Storage” is to be compared with Data store management function in FIG. 2 in ETSI TS 102 657.
Mobile devices are used to access many types of services hosted mostly outside the Operator-controlled domain. Therefore, there is an ever-increasing risk that users may download malicious content so called malware that is harmful to the mobile device. Mobile malware can be defined as malicious software that is explicitly targeted at mobile phones to inflict damage, access personal information or defraud the user. As with the PC environment, malware can be classified into various types. These types describe how the software propagates, what kind of payload it has and how it delivers its payload. Common types of malware include viruses, worms, Trojans and spyware. Mobile devices can be infected by viruses or Trojan horses in numerous ways, for example, via MMS messages and downloads. These infections can make the device start sending spam messages that the user does not want to pay for, or it can make the device partially or completely unusable, and thus cause revenue loss for the Operator.
The EU directive and the ETSI TS 102 657 don't require the retention of Malware Information data (e.g. the malware infection information found during a communication). Nevertheless malware information could be used for offline forensic analysis by an Authorized Organization; for instance, once an attack has been detected, it could be possible to go back to see which other devices an infected device has communicated with and that might, thus, also be affected.