ULIN – Product Description Table of contents Ultimate Interception ULIN – Product Description Version 1.2 09 / May / 2016 Version 1.1 1 Ability ULIN – Product Description Table of contents TABLE OF CONTENTS 1 DOCUMENT SCOPE 6 2 SYSTEM OVERVIEW 6 3 ARCHITECTURE 6 3.1 CORE SYSTEM 3.2 CLIENT SYSTEM 3.3 DEPLOYMENT 3.3.1 CORE AS A SERVICE 3.3.2 STANDALONE 3.3.3 HYBRID 6 6 7 7 7 8 4 FEATURES 9 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 MISSION MANAGEMENT USER MANAGEMENT WIRETAPPING GEO FENCING OUT OF THE BLUE (OOB) GEOLOCATION IMSI TO MSISDN GET TRUECALLERNAME TRACKING TARGET Version 1.1 9 10 12 13 13 14 14 14 2 Ability TABLE OF FIGURES Figure 1: CaaS deployment......................................................................................................... 7 Figure 2: Standalone deployment .............................................................................................. 8 Figure 3: Hybrid deployment ..................................................................................................... 8 Figure 4: Create mission - Affect agents .................................................................................... 9 Figure 5: Create mission - Add targets ..................................................................................... 10 Figure 6: Mission info - Target Numbers .................................................................................. 10 Figure 7: Create/edit user ........................................................................................................ 12 Figure 8: User list ...................................................................................................................... 12 Figure 9: Tracking target .......................................................................................................... 15 TABLE OF TABLES ULIN – Product Description Document history DOCUMENT HISTORY Version Date Description Author 1.1 1.2 07/05/2016 09/05/2016 Approved version Add-on Ability Ability Version 1.1 5 Ability ULIN – Product Description 1 document scope DOCUMENT SCOPE This document intends to provide short technical over view of the ULIN solution, and amid for Engineers and marketing audience. 2 SYSTEM OVERVIEW ULIN is a strategic independent solution that provides remote recording and geolocation of mobile handsets using 2G/3G/4G networks via SS7. The solution intends for specific targets and not design for massive (thousands) of parallel users per network. The ULIN solution relies on several prerequisites as follow: 1. SS7 Access to the requested target network 2. Obtain target IMSI (from network or manually) ULIN solution can provide cellular mobiles location, voice recording and in phase II also SMS’s and Data payloads. 3 ARCHITECTURE 3.1 CORE SYSTEM This core is a dynamic SS7 gateway, based on standard cellular signaling system (SS7), which connects seamlessly to the mobile network multi-capability functional nodes: HLR, MSC\VLR, SMSC\FDA, SGSN, GGSN,:    Target location around the world on a country/network/LAC/cell ID level. Call recordings of a target (originated or received). SMS text messages of a target (sent or received). The network server was designed according to GSM standards. Internal functions in the node and all interfaces with the GSM/UMTS/IMS network are designed using these standards: The core is deployed in the client or in Ability premises and is then called the ‘System core’. 3.2 CLIENT SYSTEM The Client Management System (CMS) is the “face” of the system presented to the client. It holds the UI web-interface, and the business logic to interact with the core (client core or system core). Version 1.1 6 Ability ULIN – Product Description Architecture The client system has its own DB that holds amongst other pieces of information the media files location, target locations, request results… Through the CMS, the users:     3.3 Can configure and manage the client system: manage agents, manage missions, access recordings, access geolocations… Can activate or deactivate target wiretappings and geolocations. Send requests the core system: TrueCallerName, IMSI to MSISDN… Receive information from the core system: recorded calls… DEPLOYMENT The core system is deployed in Ability premises (called System core), but can also be deployed in the client site (Client core). This means that ULIN can be deployed in three different ways. So there are three different ways to deploy the solution:  Hybrid: In this mode there is a client core, but the system core is also used. The core system is used when client core has no access to the target SS7 network. The client system will always interact with the client core, but if the client core cannot handle the request, it will forward it to system core. 3.3.1 CORE AS A SERVICE In the “Core as a service” mode (CaaS), there is no client core, only the system core is used. This deployment is used for the clients who have no access to the GSM network. Figure 1: CaaS deployment 3.3.2 STANDALONE In the “Standalone” mode, there client core is deployed in the client site and the system core is not used. This deployment is only possible for the clients who have a full access to the GSM network. Version 1.1 7 Ability ULIN – Product Description Architecture Figure 2: Standalone deployment 3.3.3 HYBRID The hybrid mode is used for clients who have a limited access to the GSM network. In this mode the core is deployed in the client premises, but the system core is also used. The core system is used when client core has no access to the target’s GSM network. Figure 3: Hybrid deployment From the client point, there is no difference between the CaaS deployment and the hybrid deployment. Indeed the client system is only interacting with its client core, and then it’s up to the client core to decide whether or not to forward the request to the system core. Version 1.1 8 Ability ULIN – Product Description 4 Features FEATURES 4.1 MISSION MANAGEMENT The ULIN system is a mission driven system. This means that before starting to track targets (geolocation, interception of call and SMSs…) missions need to be created. The mission management consists in:     Creating missions. Affect agents (ULIN users are called agents) to the missions. Create targets for the missions. Affect phone numbers to the targets. Figure 4: Create mission - Affect agents Version 1.1 9 Ability ULIN – Product Description Features Figure 5: Create mission - Add targets Figure 6: Mission info - Target Numbers 4.2 USER MANAGEMENT The ULIN system is designed to ensure customer security and privacy and to make sure that sensitive information is available only to authorized personnel. The system administrator can easily manage system access permissions and internal management functions as well as control individual user queries. Version 1.1 10 Ability ULIN – Product Description Features The system provides a set of control functions to manage access permissions, passwords, various internal management functions and control of individual user queries (budgeting, limitations, etc.). The system provides different user profile to restrict the access of some user to certain features of the system. Users can have one of the following profiles:      Analyst: The analyst is the lowest profile of the system. The role of the analyst is to interpret the data collected with the system. He can consult targets locations, call recordings, SMS texts. But the analyst can only access data of the missions he’s been affected to. Mission manager: The mission manager profile includes the analyst profile. So in addition to what is allowed by the analyst profile, the mission manager can manage the mission he’s has been affected to (and only those ones). For a mission manager, the management of a mission consists in : o Creating targets in the system and affecting them phone numbers. o Activating / deactivating wiretapping on targets. o Using the system to geolocated targets. Super mission manager: A ‘super mission manager’ is a mission manager that is not limited to the mission he’s been affected to. It means that he can work on any mission present in the system. Agent manager: The agent managers are in charge of the people that will use the system. Their role is to: o Manage the agents that can access the system: creating agents and affecting them their profile. o Manage the missions of the system: The agent manager is in charge of creating the missions in the system and affecting the agents to those missions. System manager: This is the highest profile of the system. The system manager is both a ‘super mission manager’ and an agent manager. Meaning that he has access to all the system features. Version 1.1 11 Ability ULIN – Product Description Features Figure 7: Create/edit user Figure 8: User list 4.3 WIRETAPPING Agents can ask the system to intercept phone calls and SMS of a target number (MMS in next phase). When a number is tapped, each time a target is intercepted (call and/or SMS) the system will store the intercepted information in the database of the client system. In addition to the recorded call or SMS text, the information will also contain the location of the target. Version 1.1 12 Ability ULIN – Product Description Features Live listening – ULIN support real time listening to an on-going recorded call using browser Web-RTC technology. By default, only the location of the tapped target will be provided when a call or a SMS is intercepted. But when creating a wiretapping, the agent can ask the system to get the location of the other party involved in the call or SMS. Thanks to the location, all the intercepted calls and SMSs can be located on a map displayed to the agents who can access that information. 4.4 GEO FENCING The geo fencing feature is used to track the location of targets over a period of time. When creating a geo fencing monitoring, the user provides a start and end date and time, and a geo location request interval. During the monitoring time frame, the system will send periodic geolocation request with the time interval given by the user. The geo fencing feature works targets, and not directly numbers like wiretapping. This means that all the number(s) of a target are tracked. Every interval of time, the client system will send one geo location request per number of the target and the locations are stored in the database (LOCATION table). After the creation of a geo fencing monitoring, the user can see the locations of the target on a map presented by the client system. On the map, the locations will be represented by a specific pin. All the pins related to a target will be linked with a line, ordered in time, showing the movements of the target per number. There are types of geo fencing:    4.5 Simple tracking: Tracking location of a target. Target to zone: This geo fencing type is used to detect if a target is getting close to a specific location or to detect if a target is exiting a specific location. In such a case a notification (mail and/or SMS) will be sent to the agent(s) of all the mission(s) monitoring that target. Target to target: This geo fencing type is used to detect when if a target is getting close to another target (targets gathering for a meeting, target getting closed to a VIP…). In such a case a notification (mail and/or SMS) will be sent to the agent(s) of all the mission(s) monitoring that target. OUT OF THE BLUE (OOB) GEOLOCATION Geo fencing only applies on targets present in at least one mission created in the system. But it’s also possible to ask the system for the location of number that does not exist in the system. Version 1.1 13 Ability ULIN – Product Description Features Out of the blue (OOB) geolocation is a one shot geolocation requested by an agent on a number (vs. geo fencing that applies to target). When the user wants to execute an OOB geo request he just needs to provide the MSISDN or the IMSI of the person he wants to geolocate. 4.6 IMSI TO MSISDN The IMSI is identifying the SIM card of a person and is used in SS7 network, while the MSISDN is the phone number of that person and is used by phone users. The IMSI to MSISDN feature allows the user to retrieve the MSISDN from the IMSI. 4.7 GET TRUECALLERNAME Retrieve the true caller name of a target from its MSISDN. 4.8 TRACKING TARGET The ULIN system collects target locations via the wiretapping feature (when call or SMS is intercepted) or via the geo fencing feature. Once locations have been collected for a target, an agent can ask the system to place all those locations on a map showing the movements of the target. Each location will be represented on a map by a pin reflecting the location type (geo fencing, call or SMS). All the pins related to the target will be linked with a line, ordered in time. When displaying the movement of a target the agents can specify the time period of the location he wants to see on the map. There are two different ways to track a target:   Combined mode: The combined tracking mode combines all the locations of all the numbers in a single tracking route. It means that we will have one single line going through all the locations of the target. Per number mode: In the “per number” tracking mode we have one tracking route per number. It means that if the target has two phone numbers, two lines will be drawn on the map. This mode is useful for example if the target leaves one of its phones at home and takes the other one with him. You will have one phone moving and one standing still. In this case the combined mode will not make any sense. No matter the tracking mode chosen, the agent has the ability to display tracking routes at different level:   Mission level: The routes of all the targets of the mission are displayed on the map (combined or per number). Target level: All the locations of the target are displayed on the map (combined or per number). Version 1.1 14 Ability ULIN – Product Description  Features Number level: It's the same as target level with only one number selected. And in this case combined is the same as per number as there is only one number. Figure 9: Tracking target Version 1.1 15 Ability