Knogin
[Developers]

Telephony Domain

During a human trafficking investigation, a detective obtains a warrant for three phone numbers. Within hours, thousands of call detail records have been ingested, carrier attribution has confirmed the numbers are prepai

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsgeospatial

Overview#

During a human trafficking investigation, a detective obtains a warrant for three phone numbers. Within hours, thousands of call detail records have been ingested, carrier attribution has confirmed the numbers are prepaid burner handsets, and cell tower mapping has plotted a transit corridor from the border crossing to a city warehouse district. That kind of rapid, structured analysis is what the Telephony domain exists to provide.

The domain manages call detail record (CDR) ingestion and phone attribution for investigative analysis. It supports importing CDR data from multiple carriers, carrier information lookup, location reconstruction from cell tower data, and usage pattern analysis for behavioural intelligence. All records are stored in PostgreSQL with full multi-tenant organisation isolation.

Key Features#

  • CDR Ingestion: Import call detail records in batches from multiple telephony sources, normalising diverse formats into a consistent data model for unified analysis.

  • Carrier Attribution: Look up carrier information for phone numbers to identify the service provider, line type, and geographic registration for investigative context.

  • Cell Tower Location: Extract and map location data from cell tower records to establish geographic movements and patterns of phone numbers under investigation.

  • Usage Pattern Analysis: Analyse call frequency, duration, timing, and contact patterns to build behavioural profiles and identify anomalous communication activity.

  • Contact Network Mapping: Map communication relationships between phone numbers to visualise contact networks and identify key nodes within those patterns.

  • Multi-Source Integration: Ingest CDR data from multiple telephony providers and formats, consolidating records into a unified analytical view.

Mermaid Diagram#

Use Cases#

  • Law Enforcement: Analyse call and message records to understand communication patterns between suspects and their contacts, identifying previously unknown associates.

  • Counter-Terrorism: Use cell tower data to reconstruct geographic movements of a number over time, corroborating or refuting an alibi during a specific window.

  • Organised Crime Investigation: Map communication networks to identify intermediaries, cut-outs, and organisational hierarchies that would not be apparent from individual records alone.

  • Financial Crime: Detect changes in communication patterns, such as sudden silence or a shift to new numbers, that may indicate awareness of surveillance or preparations to move assets.

Integration#

The Telephony domain supports communication intelligence across the platform:

  • Investigation Management: CDR analysis results link to active investigations.
  • Profile Management: Phone numbers and carrier data enrich entity profiles.
  • Timeline: Call records populate investigative timelines.
  • Network Analysis: Communication patterns feed into relationship graphs.

Open Standards#

  • ITU-T E.164: All phone numbers are normalised to E.164 international format throughout CDR ingestion, carrier attribution, and DID routing, ensuring unambiguous global number representation.
  • SIP (RFC 3261): The generic SIP trunk adapter connects to any standards-compliant PBX or Session Border Controller over UDP, TCP, or TLS transports, using RFC 3261 digest authentication for trunk registration.
  • 3GPP CDR Data Model (TS 32.297/TS 32.298): Ingested call detail records carry 3GPP mobile network identifiers including IMSI, IMEI, and cell tower IDs, enabling location reconstruction from mobile network CDR exports delivered by carriers.
  • HMAC-SHA1 Webhook Signatures: Provider webhook callbacks from Twilio and Plivo are authenticated using HMAC-SHA1 signatures with constant-time comparison, following each provider's published signing specification derived from RFC 2104.
  • GraphQL (June 2018 Specification): The entire telephony API surface, CDR ingestion, carrier attribution queries, DID management, and route configuration, is exposed as a typed GraphQL schema with query and mutation operations.
  • JSON (RFC 8259): CDR records, carrier capability descriptors, location data points, and provider credentials are exchanged and stored as JSON objects, providing a portable, schema-agnostic interchange format across all telephony integrations.
  • OAuth 2.0 (RFC 6749): All telephony resolvers enforce platform-level bearer token authentication, and the Telnyx adapter authenticates outbound REST requests using an OAuth 2.0 Bearer scheme against the provider API.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.