Figure 11 shows an extraction from the reference configuration in figure 1a which is relevant for the invocation of the lawful interception.
[not reproduced yet]
Figure 11: Functional model for Lawful Interception invocation
The HI2 and HI3 interfaces represent the interfaces between the LEMF and two delivery functions. Both interfaces are subject to national requirements. They are included for completeness, but are beyond the scope of standardization in this document. The delivery functions are used:
to convert the information on the X2-interface to the corresponding information on the HI2-interface;
to convert the information on the X3-interface to the corresponding information on the HI3-interface;
to distribute the intercept related information to the relevant LEA(s) (based on IAs, if defined);
to distribute the intercept content of communications to the relevant LEA(s) (based on IAs, if defined).
For the delivery of the CC and IRI, the 3G MSC Server provides a correlation number and target identity to the DF2 and DF3 which is used to select the different LEAs to which the product shall be delivered.
If interception has been activated for both parties of the call both CC and IRI will be delivered for each party as separate intercept activity.
The Mc interface between the 3G MSC Server and MGW is used to establish intercept and deliver the bearer to DF3.
When the Gateway MSC is anchoring the call and the call to target cannot be intercepted by the serving MSC within the same network, the Gateway MSC shall have the capability to limit interception to the following cases:
call forwarding unconditional;
roaming in another CSP's network.
For Location Dependent Interception, the location dependency check occurs at the establishment of each call. Subsequent dependency checks for simultaneous calls are not required, but can be a national option.
If a target is marked using an IA in the 3G MSC Server, the 3G MSC Server shall perform a location dependency check at call set-up. Only if the target's location matches the IA then the call is intercepted.
If a target is marked using an IA in the DF2, the DF2 shall perform a location dependency check at reception of the first IRI for the call. Only if the target's location matches the IA for certain LEAs is IRI the relayed to these LEAs. All subsequent IRIs for the call are sent to the same LEAs.
If a target is marked using an IA in the DF3, the DF3 signalling function shall perform a location dependency check at reception of the CC. Only if the target's location matches the IA for certain LEAs is the CC relayed to these LEAs.
National regulations may require the interception based in the HLR, using the DF2 with a delivery through the HI2 interface.
When LALS is used to report location for CS services, the LI LCS Client shall deliver this using the DF2 through the HI2 interface. This is further defined in Clause 19.
Figure 12 shows the access method for the delivering of CC. The access method shall be a bridged/ T-connection. Based on the mutual agreement between the intercepting CSPs and the LEAs, the CC may be delivered to the LEAs over CS-based or an IP-based handover interface. The system shall be able to support both handover methods for an intercepted call, since there can be multiple LEAs intercept the same call and the chosen approach for the handover interface may be different for different LEAs.
[not reproduced yet]
Figure 12: Example of delivery configuration to the LEMF for
the interception of a circuit switched call
The figure 12 shows that CS-MGW provides the access point for the CC irrespective of the method used at the handover interface. With CS-based handover interface, the CC is delivered over CS circuits to the LEAs. With IP-based handover interface, the payload of the CC may be in the RTP (RFC 3550 ) format. The payload description (e.g. codec information) is sent along with the CC to the LEAs.
See Annex L for informative architectural descriptions related to the use of IP-based handover interface for delivering the CC to LEAs.
The signals of both parties of the configuration to be intercepted are delivered separately to the LEMF. The delivery function has no impact on the connection between the subscribers.
The two stublines towards the LEMF are established in parallel to the call set up. For both stublines the address is used which has been provided during activation.
Bearer, and only bearer, is sent from the MGW to the bearer function of DF3.
For data calls it is necessary to provide means for fast call establishment towards the LEMF to help ensure that the beginning of the data transmission is delivered.
The following information needs to be transferred from the 3G MSC Server to the DF3 in order to allow the DF3 to perform its functionality:
target identity (MSISDN or E. 164 Number (for optional Non-Local ID), IMSI or IMEI, for DF3 internal use only);
the target location (if available) or the IAs in case of location dependent interception;
date/time of location (if target location provided);
correlation number (IRI ↔ CC);
direction indication - (Signal from target or signal to target).
Additional information may be provided if required by national laws.
Figure 14 shows an SMS transfer from the 3G MSC Server to the LEMF. Quasi-parallel to the delivery from / to the mobile subscriber a message, which contains the contents of the SMS with the header, is generated and sent via the Delivery Function 2 to the LEMF in the same way as the Intercept Related Information.
The IRI will be delivered to the LEMF:
for a SMS-MO. Dependent on national requirements, delivery shall occur in the following cases:
when the 3G MSC receives the SMS from the target MS, or when the 3G MSC detects that an SMS is to the Non-Local ID target.
when the 3G MSC receives notification that the SMS-Centre successfully received the SMS that was originated from the target MS, or sent to the Non-Local ID target.
for a SMS-MT. Dependent on national requirements, delivery shall occur in the following cases:
when the 3G MSC receives the SMS from the SMS-Centre when the SMS was originated from a Non-Local ID target, or will have to be sent to a target MS.
when the 3G MSC receives notification that recipient MS has received the SMS successfully. The recipient MS is the target MS when the SMS is sent to the target. The recipient MS may not be the target when the SMS was originating from a Non-Local ID target.
[not reproduced yet]
Figure 14: Provision of Content of Communication - Short Message Service
Intercept Related Information (Events) are necessary at the Begin and End of the call, for all supplementary services during a call and for information which is not call associated. There are call related events and non-call related events.
On top of IRI generated by events from the 3G MSC Server, national regulations may require to complement them by IRI produced by a Delivery Function 2 associated to the HLR and/ or LI LCS Client.
Figure 15 shows the transfer of intercept related information to the DF2. If an event for / from a mobile subscriber occurs, the 3G MSC Server sends the relevant data to the DF2.
[not reproduced yet]
Figure 15: Provision of Intercept Related Information
The information sent to DF2 is triggered by different call related and non-call related events/reports. Details are described in following clause. The events and reports for interception are configurable (if they are sent to DF2) in the 3G MSC Server, HLR and LI LCS Client. They can be suppressed in the DF2. The events are listed as follows:
Call Related Events (applicable to the 3G MSC Server):
Non Call Related Events (applicable to the 3G MSC Server):
Table 1 below shows the set of information that can be associated with the events. The events and LALS reports trigger the transmission of the information from the 3G MSC Server, HLR or from the LI LCS Client to DF2. Available IEs from this set of information can be extended in the 3G MSC Server, HLR or in the LI LCS Client, if this is necessary in a specific country. DF2 can extend available information if this is necessary in a specific country e.g. a unique number for each surveillance warrant.
It shall be checked for each call over the radio interface
Observed Non-Local ID
Target Identifier with the E. 164 number of Non-Local ID target.
Description which type of event is delivered: Establishment, Answer, Supplementary service,
Handover, Release, SMS, Location update, Subscriber controlled input, HLR subscriber record change, ServingSystem, cancel location, register location, location information request. In case of LALS report the event type is absent.
Date of the event generation in the 3G MSC Server or in the HLR, or the report generation in the LI LCS Client
Time of the event generation in the 3G MSC Server or in the HLR, the report generation in the LI LCS Client
Dialled phone number before digit modification, IN-modification etc.
Number of the answering party
other party address
Directory number of the other party for MOC
Calling party for MTC
Information if the target is calling or called e.g. MOC/MTC or originating/ terminatingin or/out
Unique number for each call sent to the DF, to help the LEA, to have a correlation between eachCall and the IRI
Network Element Identifier
Unique identifier for the element reporting the ICE.
Location information is the service area identity and/or location area identity that is present at the 3G MSC Serveror at the HLR, and/ or as provided by the LI LCS Client at the time of event or report record production.
Country and network IDs can be considered as location information.
In some traffic cases the available location information can be the one received from the MME, i.e. the TrackingArea Identity (TAI) and/or the E-UTRAN Cell Global Identification (ECGI) as specified in the TS 23.272.
Time of Location
Date/Time of location. The time when location was obtained by the location source node.
Information about Tele service or bearer service.
Supplementary services used by the target e.g. CF, CW, ECT
Forwarded to number
Forwarded to number at CF
call release reason
Call release reason of the target call
SMS indicator whether the SMS is MO, MT, or undefined
The SMS content with header which is sent with the SMS-service
The number which invokes the call forwarding towards the target. This is provided if available.
Non call related Subscriber Controlled Input (SCI) which the 3G MSC Server receives from the ME
Carrier specific information related to its implementation or subscription process on its HLR.
For call establishment a call establishment-event is generated. This event is generated at the beginning of a call when the 3G MSC Server attempts to reach the subscriber. This information will be delivered to the DF2 if available:
For supplementary services events are generated with the information which supplementary service is used e.g. Call Forwarding (CF), Call Waiting (CW), Explicit Call Transfer (ECT), Multi Party (MPTY), Call Hold and information correlated to the service like the forwarded to number. This information will be delivered to the DF2 if available:
For each handover that is realised at the 3G MSC Server due to a change in target location information, a handover-event with the new location information is generated. This information will be delivered to the DF2 if available:
For MO-SMS the event is generated in the 3G MSC Server. Dependent on national requirements, event generation shall occur either when the 3G MSC Server receives the SMS from the target MS (or from the party of the Non-Local ID target) or when the 3G MSC Server receives notification that the SMSC successfully receives the SMS; for MT-SMS the event is generated in the 3G MSC Server. Dependent on national requirements, event generation shall occur either when the 3G MSC Server receives the SMS from the SMSC or when the 3G MSC Server receives notification that the target MS (or from the party of the Non-Local ID target) successfully received the message. This information will be delivered to the DF2 if available:
SCI includes subscriber initiated changes in service activation and deactivation. SCI does not include any information available in the CC. For subscriber controlled inputs - a SCI-event is generated with information about the SCI. This information will be delivered to the DF2 if available:
The Serving System report event is generated at the HLR, when the HLR has detected that the target has roamed, mainly with messages such as MAP_UPDATE_LOCATION (clause 8.1.2 of TS 29.002) or MAP_SEND_AUTHENTICATION_INFO (clause 8.5 of TS 29.002). The elements will be delivered to the DF2 if available:
This event will be used to report any change of association between IMSI or MSISDN or IMEI of the target, mainly with messages such as MAP_INSERT_SUBSCRIBER_DATA or MAP_DELETE_SUBSCRIBER_DATA (clause 8.8 of TS 29.002).
The following elements, such as old and new IMSI or MSISDN or IMEI will be delivered to DF2, if available:
This event "Cancel Location" will be used to report to DF2 when HLR send to the 3G MSC Server one cancel location or purge to serving system. Any typical MAP message such as "MAP_CANCEL_LOCATION" (clause 8.1 of TS 29.002) or such as "MAP_PURGE_MS" (clause 8.1.6 of TS 29.002) could trigger the generation of information to the DF2, as soon as it has the following elements below, and least the previous serving system identifiers of the target.
The following elements will be delivered to DF2:
Network Element Identifier (HLR Id...)
Previous serving system identifiers (VPLMN id, VLR Number, MSC Number…)
This event will be used to report one update location message to the HLR for a target. A typical MAP message such as "MAP_SEND_AUTHENTICATION" (clause 8.5 of TS 29.002) could trigger the generation of information to the DF2. The elements of previous and current serving system ID will be delivered to DF2, if available:
Network Element Identifier (HLR id...)
Previous serving system identifier (Previous VPLMN id)
Current serving system identifier (Current VPLMN id)
Figure 16 shows the delivery of CC from intercepted multiparty call where party A is the target of interception.
One pair of call content channels are delivered to the delivery function. Party A is delivered to the DF3 on one channel and the sum of the balance of the parties, B,C and D is delivered on the second channel.
It should be noted that if parties B,C or D is a target of interception, that intercept is treated as a simple call intercept.
The events contain information about B, C and D if subscriber A is monitored. If one of B, C or D is monitored, events contain the information about A but not the other parties of the conference.