Methods and apparatus for automatically securing communications between a mediation device (MD) and a law enforcement device, such as an agent’s terminal, to which intercepted communications, e.g., traffic, is sent are described. Based on a desired intercept request to be implemented, a Lawful Interception (LI) administration (admin) device (LID) identifies at least a first mediation device (MD) which will be involved in implementing the intercept request. The LID then proceeds to enable the use of a private certificate authority to automatically generate and provision the MD and a law enforcement device with certificates and private keys via an automated process. Each of the MD and law enforcement device automatically obtain a security certificate and corresponding private key. The security certificates and corresponding private keys are then used, in an automated manner, to establish a mutual TLS connection between the MD and the law enforcement device.

Methods and apparatus for automatically securing communications between a point of interception (POI) device and a mediation device (MD), e.g., a lawful interception MD, are described. Based on a desired intercept request to be implemented, a Lawful Interception (LI) administration (admin) device (LID) identifies at least a first mediation device (MD) and point of intercept (POI) device which will be involved in implementing the intercept request. The LI administrator then automatically proceeds to enable the use of a private certificate authority to automatically generate and provision the MD and POI with certificates and private keys, e.g. the MD and POI are each provisioned with a private/public key pair that is then used to support mutual TLS for intercept related communications between the POI and MD. A mutual TLS connection between the MD and POI is automatically established and the used for intercept related communications between the devices.

An application using a VPN is programmed to transmit proxy traffic to a remote proxy server. Traffic to the proxy server is intercepted, shifted to user space, and processed according to one or more options. Traffic may be terminated by a local proxy that resolves domain names in traffic and requests referenced content. Intercepted traffic may include plain text data in headers that is encrypted before forwarding to a different proxy server. Traffic may be evaluated, such as a User Agent string in order to determine routing choices, such as blocking, throttling, local termination, transmitting through a VPN, or other options. Multiple VPNs may operate on the same user computer and proxy traffic may be intercepted and processed by transmitting it through a VPN, bypassing all VPNs, or routing through a different VPN.

Systems, devices, and techniques described herein relate to interception of data traffic that is traversing a network at a relatively high throughput rate. In some examples, a request to initiate interception is received from a server. In response to receiving the request to initiate interception, an instruction to forward user plane data to the server can be transmitted to a User Plane Function (UPF). The UPF may be transferring the user plane data in a data flow. The instruction may cause the UPF to forward the user plane data to the server in multiple streams. In addition, control plane data associated with the data flow can be transmitted to the server.

A method includes analyzing operational code to determine identifiers used within the operational code. The method further includes grouping like identifiers based a relational aspect of the identifiers. The method further includes, for one or more identifier groups, determining potential feature(s) of the identifier group(s). The method further includes testing the potential feature(s) based on a corresponding feature test suite to produce feedback regarding meaningfulness of the potential feature(s). The method further comprises, when the meaningfulness is above a threshold, adding the potential feature(s) to a feature set. The method further includes, when the meaningfulness is at or below the threshold, adjusting analysis parameter(s), grouping parameter(s), feature parameter(s), and/or testing parameter(s).

A user's session of a web application or a website in a web browser is recorded and replayed while protecting private and sensitive data from unauthorized access. All the captured data needed to re-create (replay) the user's session in the browser itself is recorded and exported on demand. The need to transmit potentially sensitive and private data continuously to external server(s) is eliminated while still guaranteeing availability of a record of user activity leading up to any point of interest during the user's session. By encrypting recording information and redacting all non-layout content (e.g. text nodes, images, inputs) from the browser DOM before capturing the DOM, the visual layout of the page is maintained and the probability of leaking the user's sensitive or private information is reduced. The replaying user is still able to derive meaningful information about the user's interaction with the web application or website without jeopardizing privacy.

In one embodiment, a device in a network receives traffic sent from a first endpoint. The device sends a padding request to the second endpoint indicative of a number of padding bytes. The device receives a padding response from the second endpoint, after sending the padding request to the second endpoint. The device adjusts the received traffic based on the received padding response by adding one or more frames to the received traffic. The device sends the adjusted traffic to the second endpoint.

Described herein are methods and apparatuses for the provision and management of value added services without a requirement for specific client software on a wireless receive/transmit unit (WRTU). The methods and apparatuses described may be applied to wireless networks supporting HTTP transfers without disrupting the wireless network configuration. In the embodiments described herein, a web request may be received by a Service Management Entity (SME) that may be located in an access point (AP) from a WRTU. The SME may transmit a proxy auto-configuration (PAC) file to the WRTU. This PAC file may include a uniform resource locator (URL) associated with a Service Delivery Entity (SDE), and the URL chosen may be based on rules associated with a location of the WRTU. The SDE may then receive a second web request from the WRTU and respond by transmitting a message to the WRTU such as a transaction trigger.

A method for transferring electronic evidence is provided. The law enforcement agencies can make efficient use of social media and other forms of public communications to make a public appeal for information on crimes and other investigations wherein the public appeals allow members of the public to easily submit information and/or media files from smartphones and other computers in a way that allows the submission to be linked to the public appeal (e.g. the specific case file or the attributes of the case file) so that the submission data can be found and accessed by law enforcement investigators.

Systems and methods include providing functionality for the user device while operating in background on the user device including providing secure connectivity with a cloud-based system over a network; continuously collecting packets intercepted by the enterprise application over a time interval, wherein the collected packets are collected over the time interval; and responsive to an issue with functionality of the enterprise application, transmitting the collected packets to a back end server for troubleshooting of the issue. The time interval is a set amount of time, and each collected packet is deleted at the expiration of the time interval.