Automatic preparation of data related to session initiation protocol (SIP) based traffic flows in a lawful interception (LI) scenario is disclosed. The dataset that is obtained may, e.g., be used for machine learning-based (ML) and artificial intelligence (AI) tools that can identify lawfully intercepted SIP-based traffic cases. Such preparation of data reduces the 5 risk of misunderstandings between a communications service provider (CSP) and a law enforcement agency (LEA), which reduces the time dedicated by both parties in understanding the correctness of LI data provided by the CSP to the LEA.

A system includes a database, a sensor, and a hardware processor communicatively coupled to the sensor. The database stores an identifier assigned to a mobile device. The presence of the identifier in the database indicates that a user of the mobile device is associated with a security breach. The mobile device is configured to transmit the identifier over a wireless network. The sensor has a range and is configured to obtain the identifier transmitted by the mobile device when the mobile device is located within the range. The hardware processor receives the identifier from the sensor. The processor also determines that the identifier is stored in the database. In response to determining that the identifier is stored in the database, the processor initiates a security protocol.

A system includes a database, a sensor, and a hardware processor communicatively coupled to the sensor. The database stores an identifier assigned to a mobile device. The presence of the identifier in the database indicates that a user of the mobile device is associated with a security breach. The mobile device is configured to transmit the identifier over a wireless network. The sensor has a range and is configured to obtain the identifier transmitted by the mobile device when the mobile device is located within the range. The hardware processor receives the identifier from the sensor. The processor also determines that the identifier is stored in the database. In response to determining that the identifier is stored in the database, the processor initiates a security protocol.

A method and system for managing dynamic runtime information provision for a container implementing a Session Management Function (SMF) executed by an electronic device in a 3.sup.rd generation partnership project (3GPP) 5.sup.th Generation (5G) mobile network core. The method includes starting a container image load, the container image including at least a secret sub unit and an application sub unit, the application sub unit providing the SMF, determining an input source to provide a secret value for the container, the input source identified by information in the secret sub unit in the container image, and providing the secret value to a destination sub unit of the container.

Methods and devices provide lawful interception (LI) using slice-based mediation and delivery functions (sMDFs) and providing network slices configured for performing LI functionality as required. A network slice of a radio communication system is selected if configured to execute an sMDF. If a party to a service delivered using a network function (NF) implemented on the selected slice is indicated as being an LI target, then LI data intercepted from the NF is forwarded to the sMDF within the selected slice. The sMDF then reformats and transmits the LI data outside the network slice.

Methods and devices provide lawful interception (LI) using slice-based mediation and delivery functions (sMDFs) and providing network slices configured for performing LI functionality as required. A network slice of a radio communication system is selected if configured to execute an sMDF. If a party to a service delivered using a network function (NF) implemented on the selected slice is indicated as being an LI target, then LI data intercepted from the NF is forwarded to the sMDF within the selected slice. The sMDF then reformats and transmits the LI data outside the network slice.

Various embodiments of the present invention provide systems and method for supporting target intercept directing.

Various embodiments of the present invention provide systems and method for supporting target intercept directing.

A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.

When a user equipment (UE) provides a new request to a serving gateway (S GW), the S GW augments domain name system (DNS) requests and provides them to a public DNS, with the augmentation providing indications of the requested function. The public DNS responds by providing the IP address of a simplified packet data network (PDN) gateway (P GW) close to the UE location. The P GW forwards communications to the nearest instance of an endpoint providing the requested service or function. In embodiments, some of the functions of the P GW are shifted to other devices in the mobile core, devices that are already local. The simplification of the P GW allows the P GW to be virtualized and moved to a general-purpose server location. Existing information present in the data path is used to provide encryption of portions of the General Packet Radio Services (GPRS) Tunneling Protocol (GTP) connection, allowing the location of the P GW to be optimized in a virtual server data center, as the data path is now secure.