A service aware node is a telecommunication node that provides or is used for specific services, like the WAP gateway, E-mail gateway, that is able to discriminate the service associated with Content of Communication. A service unaware node means a telecommunication node that is independent on the transported applications/services. To filter Content of Communication related to specific services, a Service Aware Support Node SASN could be used. In order to provide service awareness by traffic inspection, the SASN captures IP traffic packets to analyze them. The SASN is located in any point of an IP network in the path of the traffic which has to be monitored. IP Gateway deployment is used, having the advantage of being multi-access and several access networks can be supported from the same platform, for example, CSD, GPRS and WiFi. It is also useful in multi-vendor environments, where integrated functionality in Gateway GPRS Support Nodes GGSNs may not be an option. The SASN has an active role, and can apply control policies selectively blocking certain services. The SASN can also disconnect the underlying Packet Data Protocol context through Remote Authentication Dial-In User Service RADIUS. The user traffic is captured by defining the SASN as default gateway between two intermediate elements on the path of the user data traffic. The SASN sniffs RADIUS traffic. RADIUS traffic is captured transparently using the same IP Gateway mechanism applied to the user traffic. A key feature of the SASN is deep packet inspection capability, because this function provides the service awareness on which so many other features are based (for example, service-differentiated charging or service access control). The Deep Packet Inspection module in the SASN parses incoming user traffic, delimits the flows according to the protocol being used, and extracts several parameters that are used by a traffic classification engine, according to some configurable classification rules.
Monitoring of Interception Related Information IRI and Content of Communication CC for a target is part of prior art. Content of Communication is defined as information such as speech and data and Intercept Related Information is defined as signaling information related to target subscribers. The different parts in an Intercept Mediation and Deliver Unit IMDU used for interception are disclosed in current Lawful Interception standards (see 3GPP TS 33.108 and 3GPP TS 33.107—Release 6 and Release 7). A Law Enforcement Monitoring Facility LEMF is connected to three Mediation Functions MF, MF2, MF3 respectively for ADMF, DF2, DF3 i.e. an Administration Function ADMF and two Delivery Functions DF2 and DF3. There is one Administration Function in the network. Together with the delivery functions it is used to hide from 3G ICEs (Intercepting Control Elements) that there might be multiple activations by different Law Enforcement Agencies on the same target. The Administration Function and the Delivery Functions are each one connected to the LEMF via standardized handover interfaces HI1-HI3, and connected to a telecommunication system via the interfaces X1-X3. The ADMF is connected via the interfaces HI1/X1 while DF2 is connected via HI2/X2 and DF3 is connected via HI3/X3. The messages sent from LEMF to ADMF, via HI1 and from the ADMF to the network via the X1 interface, comprise identities of a target that is to be monitored, The Delivery Function DF2 receives Intercept Related Information IRI from the network via the X2 interface, and DF2 is used to distribute the IRI to relevant Law Enforcement Agencies via the HI2 interface. The Delivery Function DF3 receives Content of Communication CC, i.e. speech and data. In Circuit Switching, DF3 is responsible for call control signaling and bearer transport for an intercepted product. Intercept Related Information IRI, received by DF2 is triggered by Events that in Circuit Switching domain are either call related or non-call related. In Packet Switching domain the events are session related or session unrelated.
In the current Lawful Interception LI standard solution, when intercepting in some nodes, like the GGSN nodes, the Broadband Remote Access Server BRAS nodes, etc. . . . the intercepted Content of Communication carries different types of services/applications (WAP, HTTP, RTP, . . . ). Some lawful authorities could be interested to activate the interception of Content of Communication only for some specific services. One of the reasons to filter some specific service related packets could be related to limit on the link capacity towards the LI agencies that could not be able to convey high band with service specific packets or related to limits on the processing capacity of the LI agencies to elaborate such Contents of Communication. Another reason could be simply because the lawful authority doesn't require intercepting some kind of services. Since a service unaware node, like GGSN and BRAS, is a telecommunication node that is independent on the transported applications/services, the node is not able to discriminate between the services.
In the international patent application WO 00/42742 is disclosed an intercepting function comprising a sniffing and filtering function that facilitates reading data packets, analyzing the header of the packets as to whether the data packets should be intercepted or not.
Also information of discarded services may be important to agencies for awareness of which services that have been discarded. For example Lawful authorities not receiving Content of Communication, e.g. related to HTTP, may need to retrieve the actual contents that were missed. This information could be useful for the agencies for lawful investigation purposes e.g. to keep track of all actual discarded services.