The present invention relates to broadband data networking equipment. Specifically, the present invention relates to a network processing system that is able to intercept communication streams and communication identifying information in Internet Protocol (IP) networks.
The power of internet protocol (IP) networks, such as the Internet, is their connectionless method of transporting data from source to destination and their ability to carry all services over a single network. Increasingly, there is a push to xe2x80x9ccollapsexe2x80x9d the exiting and separate voice and data network into a single IP network by implementing voice over IP (VoIP) on the same network that carries data traffic. Once of the many problems in using VoIP to carry telephone calls is compliance with wiretapping laws such as the Communications Assistance for Law Enforcement Act of 1994, commonly referred to as CALEA.
In applying CALEA to VoIP, there are a number of technological hurdles. VoIP is becoming reliable and robust, but it is not easily monitored. In a circuit-switched network there are physical locations to tap into, but VoIP, like any IP communications, is connectionless, meaning it has to be tapped at a network aggregation point, and has to be anchored to the monitoring device through means such as packet anchoring using network address translation. Additionally, there must be a mechanism to separate the identifying information associated with the call from the substance of the communication itself, for example for a VoIP call there must be a mechanism for retrieving only the caller""s phone number or IP address without providing access to the actual voice content of the call. Other requirements involve the interception of conference calls, both subject initiated and party hold, join, and drop.
Accordingly, what is needed is a network processing system that is able to intercept IP communications, provide identifying information separately from content, and provide detailed records of the communication.
A network processing system is described that is able to monitor IP traffic flowing over a network. The network processing system includes a learning state machine made up of a traffic flow processor and a quality of service processor. The traffic flow processor associates each data packet with a corresponding flow or session so that the system is able to treat data packets based on the characteristics of the entire flow and not just the characteristics of individual data packets. The flows, made up of their associated data packets are compared to a database of known signatures, the database including a predetermined set of search criteria. When a match is found between a flow and a search criterion, the network processing system is operable to monitor the flow. The monitoring can take many forms, including, but not limited to, replicating the flow, or extracting information from the flow such as identifying information. The replicated flow, or extracted information can then either be stored for later retrieval or sent real time to an IP address designated by law enforcement.
The traffic flow processor includes a header preprocessor that examines the header information of each data packet in the flow, and a content processor that is able to examine the contents of any individual data packet or flow by comparing it to the database of known signatures.
The foregoing has outlined, rather broadly, preferred and alternative features of the present invention so that those skilled in the art may better understand the detailed description of the invention that follows. Additional features of the invention will be described hereinafter that form the subject of the claims of the invention. Those skilled in the art will appreciate that they can readily use the disclosed conception and specific embodiment as a basis for designing or modifying other structures for carrying out the same purposes of the present invention. Those skilled in the art will also realize that such equivalent constructions do not depart from the spirit and scope of the invention in its broadest form.