In a service provider network of a given communication system configured to support lawful interception functionality, one or more service-based interfaces are provisioned to enable interaction between one or more lawful interception-specific elements and one or more intercepting control elements. In one or more further implementations, methods provide for provisioning an interworking function specific for lawful interception functionality. The interworking function can be configured to support both service-based interfaces and point-to-point interfaces across a control plane and/or a user plane of the service provider network, as needed.

Systems, devices, and techniques described herein relate to interception of data traffic that is traversing a network at a relatively high throughput rate. In some examples, a request to initiate interception is received from a server. In response to receiving the request to initiate interception, an instruction to forward user plane data to the server can be transmitted to a User Plane Function (UPF). The UPF may be transferring the user plane data in a data flow. The instruction may cause the UPF to forward the user plane data to the server in multiple streams. In addition, control plane data associated with the data flow can be transmitted to the server.

Systems, devices, and techniques described herein relate to interception of data traffic that is traversing a network at a relatively high throughput rate. In some examples, a request to initiate interception is received from a server. In response to receiving the request to initiate interception, an instruction to forward user plane data to the server can be transmitted to a User Plane Function (UPF). The UPF may be transferring the user plane data in a data flow. The instruction may cause the UPF to forward the user plane data to the server in multiple streams. In addition, control plane data associated with the data flow can be transmitted to the server.

A message archival and retrieval system is disclosed comprising a telecommunications service provider server that receives a request for messages associated with a party from a government agency server and transmits a grey list to one or more private gateways. The system also comprises a private gateway configured to couple a plurality of user equipment (UE) to a radio access network that receives the grey list from the telecommunications service provider server, identifies data messages associated with the party from one or more of the plurality of UE based on identifying information included in the grey list, continues transmission of the identified data messages to one or more intended endpoints, and stores the identified data messages and corresponding metadata in one or more block chains in a message data store. The one or more block chains are transmitted to the government agency server in response to the request for messages.

A message archival and retrieval system is disclosed comprising a telecommunications service provider server that receives a request for messages associated with a party from a government agency server and transmits a grey list to one or more private gateways. The system also comprises a private gateway configured to couple a plurality of user equipment (UE) to a radio access network that receives the grey list from the telecommunications service provider server, identifies data messages associated with the party from one or more of the plurality of UE based on identifying information included in the grey list, continues transmission of the identified data messages to one or more intended endpoints, and stores the identified data messages and corresponding metadata in one or more block chains in a message data store. The one or more block chains are transmitted to the government agency server in response to the request for messages.

The disclosed computer-implemented method for protecting users may include (i) identifying a first light-and-radio frequency signature that was captured by a security device based on signals emanating from a mobile computing device at a first time and location, (ii) identifying a second light-and-radio frequency signature that was captured by a same or different security device based on signals emanating from the same mobile computing device at a second time and location, (iii) determining that the first light-and-radio frequency signature and the second light-and-radio frequency signature match such that an inference is made that an individual possessing the mobile computing device was present at both the first time and location and the second time and location, and (iv) performing, based on the inference, a security action to protect a user. Various other methods, systems, and computer-readable media are also disclosed.

A system for localizing cellphones served by commercial network of base-stations and operative in conjunction with at least one catcher including a catcher-controller, and at least one transmitter and at least one receiver, thereby to define an area of coverage for the catcher, the system comprising at least one DF/geolocation module including a DF/geolocation controller and at least one set of receivers operative to receive uplink signal/s transmitted by cellphone/s.

A first lawful interception (LI) function transmits, to a second LI function in a virtualized network function, VNF, a request for random number generator, RNG, data, characterizing a random number generator in the second LI function. The RNG data is tested, resulting in a randomness test result that is indicative of randomness of numbers generated by the RNG in the second LI function. If the randomness is below a first threshold, mitigation takes place of any undesired effect associated with the randomness being less than the threshold value. A corresponding method is performed by the second LI function, receiving the request for RNG data, obtaining and transmitting the RNG data to the first LI function. Verification can thereby be made whether a LI function in a VNF has a proper level of entropy source for use by its cryptographic operations and, if not, perform mitigation.

A first lawful interception (LI) function transmits, to a second LI function in a virtualized network function, VNF, a request for random number generator, RNG, data, characterizing a random number generator in the second LI function. The RNG data is tested, resulting in a randomness test result that is indicative of randomness of numbers generated by the RNG in the second LI function. If the randomness is below a first threshold, mitigation takes place of any undesired effect associated with the randomness being less than the threshold value. A corresponding method is performed by the second LI function, receiving the request for RNG data, obtaining and transmitting the RNG data to the first LI function. Verification can thereby be made whether a LI function in a VNF has a proper level of entropy source for use by its cryptographic operations and, if not, perform mitigation.

Apparatus and associated methods relate to a system including a portable hardware device having a radio antenna, the device being operably coupled to a network, where the device includes electronics for scanning ambient radio messages using the antenna, evaluating a message for sentiment (e.g., intent-to-harm) using at least one artificial intelligence technique, and upon determining the presence of intent-to-harm, transmitting an alert signal over the network to a target entity as determined by a set of alert transmission rules based at least in part on the content/context/metadata of the message. In an illustrative example, a portable pack may be preconfigured with automatic language translation and speech detection capabilities. The pack may scan ambient radio signals for specific words/phrases of interest (W/POI). Upon detecting dangerous/aggressive sentiment, an alert may be relayed to a higher command, advantageously providing decision-makers with invaluable, real-time intelligence to adapt to fast-changing developments on the battlefield.