This clause describes how the TSP can meet the national requirements in
Clause 5.1.2 of TS 33.106 to deliver intercepted communications decrypted when the TSP uses
TS 33.328 IMS Media Plane Security options. If an ICE, in TSP IMS network using Security options
TS 33.328, allows interception of Content of Communication in clear then this clause does not apply.
If Session Description Protocol (SDP) Security Descriptions for Media Streams (SDES) is used, the DF2 shall identify the SDES keys from the SDP offer and SDP answer messages and provide the DF3 with the necessary SDES related parameters. In this case, the DF3 shall perform the decryption prior to delivery to the LEMF. For the CC delivered to the LEMF in a decrypted form, the DF2 shall remove the SDES keys when present from the SDP offer and SDP answer messages sent to the LEMF over HI2. The interface between the DF2 and DF3 to support the transfer of session keys is outside the scope of this specification.
When SDES is used in end-to-access edge mode, the P-CSCF shall intercept SDES keys from SDP messages and shall deliver them to the DF2.
If a Key Management Service (KMS) and Multimedia Internet KEYing ticket (MIKEY-TICKET) is used, the TSP may use the mechanism as defined in
Clause 7A.7.1, which results in the DF2 receiving the sessions keys needed to decrypt the intercepted communications.
Clause 7A.7.1 defines that the DF2 delivers the keys to the LEMF as IRI in order for the LEMF to decrypt the intercepted traffic.
If the network is to decrypt the content of communications prior to delivery to the LEMF via HI3, the DF2 shall provide the DF3 with the sessions keys as defined in
Clause 7A.7.1 instead of to the LEMF. In this case, the DF3 shall perform the decryption prior to delivery to the LEMF. The interface between the DF2 and DF3 to support the transfer of session keys is outside the scope of this specification.