Accuris - Data Network Interception

R. A. Hettinga rah at
Thu Jul 24 10:18:07 EDT 2003


Accuris - Data Network Interception

The LMD-IP is Accuris' IP mediation product, it mediates between the ISP's network and the Law Enforcement Monitoring Facility, delivering intercepted target traffic according to the relevant national standard. LMD-IP has been built on a component-based architecture, enabling the distribution of components where necessary to handle the intercept volumes and to tailor with the ISP's network. 

· Automatic activation/de-activation on all appropriate interception points. 
· Delivery of content and intercept related information in compliance with TIIT standards. 
· Support for warrant management. 
· Discrete billing capability. 
· Support for all Ethernet-based IP services (10MB/sec, 100MB/sec or 1GB/sec.) 
· Support for ATM and POS 

· Fully compliant with TIIT. 
· Passive interception ensures no impact on your network services. 
· Facility to manage multiple logical domains. 
· Architecture supports future value-added applications. 
· No software interception limits. 
· A product roadmap that is in step with the TIIT & ETSI standards as they evolve. 
· Deployed on non-proprietary hardware and software thus reducing operating and deployment costs. 

Common management system controls all interception services ensuring increased security and reduced operating costs. 

The Product 
The LMD-IP consists of five key components: 
· Intercept Management 
· Target Access Point (TAP) 
· Network Filter 
· Service Filter 
· Delivery 

Intercept Management 
This component is responsible for the activation/de-activation of the interception on the ISP's network at the start/end time indicated on the warrant. It passes the target's IP address to the Network and Service Filters and the appropriate LEMF delivery address to the Delivery module. 

TAP splitters or layer 2 splitting can be used to replicate the IP data stream. This passive mechanism has the dual benefit of ensuring that the ISP's network is unaffected and that the target is unaware of the interception of the service. Prior to deployment, Accuris engineers assist ISP staff in determining the most efficient location to place TAPs on the network. 

Network Filter 
The Network Filter intelligently selects the IP packets of interest i.e. where the source/destination IP address is that of a registered IP target or a dial-in user is attempting to logon. Once identified this packet is then sent to the appropriate service filter. 

Service Filter The Service Filter is responsible for re-constituting the IP datagrams into their native service e.g. SMTP, POP3, etc. 

Delivery The delivery module is responsible for delivering the intercepted data and/or intercept related events to the LEMF according to the applicable national standard. 


R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list