Figure 2 is an extraction from the reference intercept configuration shown in figures 1a through to 1j which is relevant for activation, deactivation and interrogation of the lawful interception.
[not reproduced yet]
Figure 2: Functional model for Lawful Interception activation, deactivation and interrogation
In addition to the typical 3G ICEs functional entities, a new functional entity is introduced - the ADMF - the Lawful Interception administration function. The ADMF:
interfaces with all the LEAs that may require interception in the intercepting network;
keeps the intercept activities of individual LEAs separate;
interfaces to the intercepting network.
Every physical 3G ICE is linked by its own X1_1-interface to the ADMF. Consequently, every single 3G ICE performs interception (activation, deactivation, interrogation as well as invocation) independently from other 3G ICEs. The HI1-interface represents the interface between the requester of the lawful interception and the Lawful administration function; it is included for completeness, but is beyond the scope of standardisation in this document.
For VoIP CC Interception, the CC Interception Triggering Function and the CC Intercept Function are treated as one 3G ICE from a Lawful Interception administration perspective.
The target identities for 3GMS CS and PS interception at the SGSN, GGSN, 3G MSC Server and 3G GMSC Server can be at least one of the following: IMSI, MSISDN (or E.164 number for optional Non-Local ID) or IMEI.
The target identities for multi-media at the CSCF can be one or more of the following: SIP URI, TEL URI, or IMEI. Other identities are not defined in this release. The same identities (where available) are used as target identities for VoLTE interception in the VPLMN with S8HR. For VoLTE interception in the VPLMN with S8HR, the ADMF shall provision LMISF with the target identities.
The target identities for 3GPP WLAN Interworking interception can be MSISDN, IMSI or NAI. For the availability of the target identities in the I-WLAN nodes (AAA server, PDG, WAG), refer to TS 23.234, TS 23.008, TS 29.234 and TS 24.234.
The target identities for 3GPP HNB interception can be IMSI, MSISDN (or E.164 number for optional Non-Local ID), IMEI, or ME Id.
Use of the HNB ID or the CSG Identity as a target identity is FFS.
In the case of location dependent interception the following network/national options exist:
target location versus Interception Areas (IAs) check in the 3G ICEs and Delivery Functions (DFs);
target location versus IAs check in the DFs (physical collocation of the DFs to the 3G ICEs may be required by national law);
location dependent interception is not applicable to CSCF.
The IA is previously defined by a set of cells. From the location of the target this set of cells permits to find the relevant IA.
It is not required that the 3G GMSC or the 3G GGSN are used for interception when Location Dependent Interception is invoked and the location of the target is not available.
The ADMF shall be able to provision P-CSCFs independently from S-CSCFs. If both P-CSCFs and S-CSCFs are administered within the network for intercept, redundant multi-media IRI may be presented to the agency as a result.
When Non-Local ID interception is required by national regulation, the ADMF shall be able to provision S-CSCF, P-CSCF, IBCF and MGCF independently of each other with the Non-Local ID as the target ID along with an indication that it is for a Non-Local ID interception, and nature of the interception (i.e. incoming calls and/or outgoing calls).
The messages sent from the ADMF to the 3G ICEs (X1_1-interface) contain the:
target identities (MSISDN, IMSI, IMEI, SIP URI or TEL URI, NAI) (see notes 4, 5, 6);
information whether the Content of Communication (CC) shall be provided (see note 1);
address of Delivery Function 2 (DF2) for the intercept related information (see note 2);
address of Delivery Function 3 (DF3) for the intercepted content of communications (see note 3);
IA in the case of location dependent interception:
indication whether the LALS Enhanced Location for IRI shall be provided. This indication is used to arm the LALS Triggering Function in the case when the LALS Triggering Function is associated with the ICE;
type of location report required (immediate or periodic) in the case of Target Positioning provision;
address of SX3LIF if CUPS is supported.
As an option, the filtering whether intercept content of communications and/or intercept related information has to be provided can be part of the delivery functions. (Note that intercept content of communications options do not apply at the CSCF, HLR, LI LCS Client and AAA server). If the option is used, the corresponding information can be omitted on the X1_1-interface, while "information not present" means "intercept content of communications and related information has to be provided" for the ICE. Furthermore the delivery function which is not requested has to be "pseudo-activated", in order to prevent error cases at invocation.
As an option, only a single DF2 is used by and known to every 3G ICE. In this case the address of DF2 can be omitted.
As an option, only a single DF3 is used by and known to every 3G ICE (except at the CSCFs, HLR, LI LCS Client and AAA server). In this case the address of DF3 can be omitted.
Interception at the CSCFs is based upon either SIP URI, TEL URI or IMEI. The interception at the LMISF is also based on SIP URI, TEL URI or IMEI. SIP URI and TEL URI as target identities are not supported by the other ICEs. The related CC interception also uses the SIP URI, TEL URI or IMEI.
If after activation subsequent Content of Communications (CC) or Intercept Related Information (IRI) has to be activated (or deactivated) an "activation change request" with the same identity of the target is to be sent.
[not reproduced yet]
Figure 3: Information flow on X1_1-interface for Lawful Interception activation
Interception of a target can be activated on request from different LEAs and each LEA may request interception via a different identity. In this case, each target identity on which to intercept will need to be sent via separate activation messages from ADMF to the 3G ICEs on the X1_1-interface. Each activation can be for IRI only, or both CC and IRI.
When several LEAs request activation on the same identity and the ADMF determines that there is an existing activation on the identity, the ADMF may (as an implementation option) send additional activation message(s) to the 3G ICEs. When the activation needs to change from IRI only to CC and IRI an activation change message will be sent to the 3G ICEs.
In the case of a secondary interception activation only the relevant LEAs will get the relevant IRIs.
For the activation of IRI the message sent from the ADMF to the DF contains:
the target identity;
the address(es) for delivery of IRI (= LEMF address);
optionally multiple addresses for distributed delivery of IRI to a single LEMF;
optionally a primary and failover address(es) for delivery of IRI to either a single LEMF or two different LEMFs for the same LIID.
Which subset of information shall be delivered;
an indication whether the LALS Enhanced Location for IRI shall be delivered. This indication is used to arm the LALS Triggering Function in the case when the LALS Triggering Function is associated with the DF;
a DF2 activation identity, which uniquely identifies the activation for DF2 and is used for further interrogation or deactivation, respectively;
the IA in case of location dependent interception;
interception of international outbound roaming IMS VoIP interception (allowed/not allowed);
the warrant reference number if required by national option.
If a target is intercepted for several LEAs and/or several identities simultaneously, a single activation of delivery is necessary for each combination of LEA and identity.
[not reproduced yet]
Figure 4: Information flow on X1_2-interface for Lawful Interception activation
The messages sent from the ADMF to the 3G ICEs for deactivation contain:
the target identity;
the possible relevant IAs in case of location dependent interception.
[not reproduced yet]
Figure 6: Information flow on X1_1-interface for Lawful Interception deactivation
If interception of a target has been activated via different identities then a separate deactivation message will need to be sent from the ADMF to the 3G ICEs for each identity.
When several LEAs requested activation on the same identity and subsequently request deactivation then the ADMF determines that there are remaining activations on the identity. In this case, the ADMF will not send a deactivation message to the 3G ICEs except when the activation needs to change from CC and IRI to IRI only. In that case an activation change message will be sent to the 3G ICEs.