1. Field of the Invention
The present invention is in the field of Internet access and, more specifically, the present invention pertains to the field of Internet access where network address translation is used in providing Internet access.
2. Description of the Related Art
The COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT (CALEA) presents many challenges for networking companies. One challenge to conformance with CALEA is that many networks utilize Internet protocol (IP) addresses with network address translation (NAT), e.g., using one or more private addresses such as those in accordance with RFC 1918 and/or one or more static IP address of respective one or more computing devices. Probes for detecting and duplicating the traffic stream are located in centralized network routers and only are aware of the wide area network (WAN) IP address, not IP address where NAT was used. CALEA states that there can be no mixed streams of information, meaning if two or more users are at a site with network address translated (NATed) IP addresses that get translated to the same WAN IP address, any probe looking at the WAN IP address will detect the traffic for all NATed users and cannot differentiate and/or isolate different user data streams to different users' computing devices. This problem can be seen in the example of a network architecture using NATed addressing in FIG. 1.
As shown in FIG. 1, an exemplary prior art network communication system (NCS) 50 includes one or more portable computing devices (PCDS) 20A-20C coupled to a network 15 (e.g., a local area network) that is coupled to a routing computer 10, and routing computer 10 is coupled to an Internet 25. Various computing devices, such as portable computing device (PCD) 20D and servers 35A and 35B, are coupled to Internet 25, as well. A mediation computing device (MCD) 30 can be coupled to Internet 25 or can be coupled to other networks (mediation server 30 coupling not shown). A probe 40A can be disposed between routing computer 10 and Internet 25. Probe 40A can replicated data passing between routing computer 10 and Internet 25 and transmit the replicated data 45A to mediation server 30. However, if one or more of PCDs 20A-20C are communicating with Internet 25 (e.g., to another computing device coupled to Internet 25) using a NAT, then it may be difficult, if not impossible, to distinguish and/or isolate any data stream from and/or to a specific PCD of PCDs 20A-20C, since all the data streams involved with NAT would appear to be from and/or to routing computer 10. Moreover, a probe 40B placed somewhere in Internet 25 can replicate data passing between routing computer 10 and one or more computing devices coupled to Internet 25 and transmit the replicated data 45B to MCD 30. However, this configuration suffers from the same problems associated with probe 40A and replicated data 45A.
Accordingly, there is a need for one or more systems and/or methods to isolate data from and/or to one or more computing devices where NAT is used.
While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the drawings and detailed description thereto are not intended to limit the invention to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the present invention as defined by the appended claims.