Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 33.107  Word version:  16.0.0

Top   Top   Up   Prev   Next
0…   4   5…   5A…   6…   7…   7A…   8…   9…   10…   11…   12…   12.2…   12.3…   12.4…   12.5…   13…   14…   15…   16…   17…   18…   19…   20…   21…   22…   23…   A…   B…   C…   D…   E…   F…   G…   H…   I…   J…   L…

 

21  Invocation of Lawful Interception for Push to talk over Cellular services. |R14|

21.0  General

In the present clause, "PTC" will be used to reference events or services that occur in either of the two different architectures unless specified otherwise, e.g., MCPTT or PoC.
The HI2 and HI3 interfaces in clause 4 of the present document, Figures 1k and 1l, represent the interfaces between the LEA and two delivery functions. Both interfaces are subject to national requirements. They are included for completeness, but are beyond the scope of this specification.
In figure 1l the DF2 delivery function is used:
  • to convert the information on the X2-interface to the corresponding information on the HI2 interface;
  • to distribute the intercept related information to the relevant LEAs.
In figure 1k the DF3 is responsible:
  • for Content of Communication (CC) delivery to the LEA.
The following is a list of servers which support either type of PTC architecture; any combination of these servers could be deployed together to support both services if the SP chooses to do so. These servers will require an ICE to generate IRI for the events depicted in the following clauses.
MCPTT servers (Common services core):
  • Group management, Configuration, Identity, Key.
PoC servers (Shared XDMS):
  • Shared List, Group, Policy, Presence, NW PoC Box, Aggregation Proxy, External Media Content server.
SIP/IP Core servers:
  • Presence.
If interception has been activated for one or more parties as per the applicable warrant of the PTC communication both CC and IRI shall be delivered for each party as separate intercept activity.
Up

21.1  Provision of IRI - PTC ServiceWord‑p. 239

21.1.0  Introduction |R15|

PoC and MCPTT use similar architectures for service delivery, and LI shall primarily occur at the PoC or MCPTT server for that service.
Intercept Related Information events are necessary at the PTC Mobile Station Attach, PTC Mobile Station Detach, PTC session Activation, Start of intercept with PTC context active, PTC Context Deactivation, PTC Serving System, and PTC events.
For PTC services that provide KMS based encryption, clause 21.1.1 specifies LI architecture and functions needed to provide session encryption keys generated by the KMS to protect a UE that is a target for interception. This clause is applicable to the cases in which the KMS is under responsibility of the Operator providing the PTC network infrastructure. Other scenarios such as the one in which the KMS is run by an independent legal entity are outside the scope of the present document.
Other HSS events, Non-Local ID targeting for PTC events (e.g. based on traffic analysis), related and Serving System events reporting are national options.
Figure 21.1.1 shows the transfer of intercept related information to the DF2. If an event for / from a PTC MS occurs, the Shared XDMS/MCPTT common core servers or the Home Subscriber Service (HSS) sends the relevant data to the DF2 for delivery to the LEA.
For a PTC MS, dependent on national requirements, delivery shall occur in the following cases:
  • when the PoC/MCPTT server detects a PTC session event (e.g. when receiving a PTC signalling message or sends a PTC signalling message to the PTC target;
  • when the Shared XDMS/MCPTT Common Core servers detects the PTC event (e.g. when receiving a PTC signalling message from the target MS, or when sending a PTC signalling message to the PTC target.
[not reproduced yet]
Figure 21.1.1: Provision of Intercept Related Information - PTC
Up

21.1.1  Decryption for PTC services |R15|Word‑p. 240
This clause describes how the CSP can provide the session encryption keys generated by the KMS to the LEMF when the CSP has PTC services with Security options. If an ICE allows interception of IRI or Content of Communication in clear then this clause does not apply.
If a Key Management Service (KMS) is used for PTC type services to provide encryption for security, the CSP may use the mechanism as defined in Figure 21.1.1.1 to deliver the session's keys and the specific parameters needed to decrypt the intercepted communications.
Once this security information is retrieved, DF2 may deliver this security information to the LEMF as IRI in order for the LEMF to decrypt the intercepted traffic.
The LI architecture and functions needed for delivery of the encryption parameters are shown below to provide session encryption keys and specific parameters generated by the KMS. This section is applicable to the cases in which the KMS is under responsibility of the Operator providing the PTC infrastructure. Other scenarios such as the one in which the KMS is run by an independent legal entity are outside the scope of the present document.
Figure 21.1.1.1 shows the LI architecture for the case in which decryption is performed by the LEMF and a KMS is used to support PTC security with a Xk interface defined between the DF2/MF and the KMS, in addition to the interfaces and functional entities needed to support LI in the SIP core in the P-CSCF/S-CSCF as shown in clause 7A.7.1 and Figure 7A.7.1 within the present document.
[not reproduced yet]
Figure 21.1.1.1: KMS Intercept configuration
Up
As discussed in clause 7A.7.1 when LI has been activated in the P/S-CSCF for a target, the node will report SIP messages events on the X2 interface, as specified in section 7.A and subsections. The DF2/MF shall extract from the intercepted SIP signalling the information related to the encryption and send a request over the Xk interface to the KMS to derive the encryption keys; the request will carry also the reference to the ticket transferred by the SIP signalling between the parties involved in the communication. The KMS shall then, based on the information received from the DF2, resolve the ticket and provide the session keys to the DF2/MF over the Xk interface.
Up

21.1.2  Signalling over the Xk interfaces and LI events |R15|Word‑p. 241
The following messages are defined over the Xk interface:
  • get_keys;
  • get_keys_response.
The message get_keys shall be sent by the DF2/MF to the KMS in order to ask the KMS to provide session keys for an ongoing communication.
The message get_keys_response shall be sent by the KMS to the DF2/MF in order to provide the session keys.
The message get_key_response defines a LI event provided by the KMS to the DF2/MF which shall then be sent by the DF2/MF to the LEMF in a proper IRI record over the HI2 interface.
Table 21.1.2.1 provides the list of parameters, which shall be carried by the message get_keys, in order to transfer to the KMS the information, as specified in TS 33.328, needed to provide the session encryption keys:

Public KMS Identity of the target user
TRANSFER_INIT
TRANSFER_RESP

Upon reception of get_keys message, the KMS shall verify that the key management information is related to the targeted user.
A timer may be defined in the DF2/MF in order to specify the amount of time that the DF2/MF shall wait for the response from the KMS. If this timer expires, a failure indication shall be sent to the LEMF.
Table 21.1.2.2 provides the list of parameters, which shall be carried by the message get_keys_response, in order to provide the DF2/MF with the session keys:

Crypto Session ID
Session key
Salt
Failure indication (optional)

With reference to table 21.1.2.2, in case of failure in providing any of the decryption information, the KMS may provide a decryption failure indication.
Upon reception of get_keys_response message or in case of timer expiry, the following information shall be provided to the LEMF by the DF2/MF:
  • Lawful interception identifier;
  • Observed target identity(ies);
  • Correlation number (in order to correlate the keys to IMS session under interception at the CSCF(s));
  • Event type (session encryption keys available);
  • Crypto Session ID (if provided by the KMS);
  • Session key (if provided by the KMS);
  • Salt (if provided by the KMS);
  • MediaSec key retrieval failure indication (in case of e.g. timer expiry, or failure indication received from the KMS).
Up

21.2  Provision of Content - PTC ServiceWord‑p. 242
The access method for the delivering of PTC Intercept Product is based on duplication of packets without modification at PoC/MCPTT server. The duplicated packets with additional information in a header, as shown in figure 21.2.1, are sent to DF3 for further delivery to the LEA.
[not reproduced yet]
Figure 21.2.1: Configuration for interception of Content- PTC
Up

21.3  Provision of Interception

21.3.1  X3-Interface

In addition to the intercepted content of communications, the following information needs to be transferred from the PTC ICE to the DF3 in order to allow the DF3 to perform its functionality:
  • target identity;
  • correlation number;
  • time stamp - optional;
  • direction (indicates whether T-PDU is from the target or to the target) - optional;
  • identity of source of media (communications content) for group calls;
  • the target location (if available) or the IAs in case of location dependent interception;
  • date/time of Location (if target location provided).
Up

21.3.2  X2-interfaceWord‑p. 243
The following information needs to be transferred from the SIP Core, or the HSS to the DF2 in order to allow a DF2 to perform its functionality:
  • target identity;
  • events and associated parameters as defined in table 21.3.4.1 and 21.4 shall be provided;
  • the target location (if available) or the IAs in case of location dependent interception;
  • date/time of Location (if target location provided);
  • correlation number;
  • parameters (keys and associated parameters for decrypting CC), if available and necessary;
  • Encryption parameters (keys and associated parameters for decrypting CC), if available and necessary.
Up

21.3.3  LI Defined Events

21.3.3.1  IRI Defined Events

The LI event information is sent to the DF2/DF3 is triggered by different PTC session related and non-call related events/reports. Details for each event are described in the following clauses.
The following events are applicable to both the PoC and MCPTT service ICE:
  • PTC Session Initiation;
  • PTC Session Abandon;
  • PTC Session Start;
  • PTC Session End;
  • PTC Start of Interception;
  • PTC Pre-Established Session;
  • PTC Instant Personal Alert;
  • PTC Party Join;
  • PTC Party Drop;
  • PTC Party Hold;
  • PTC Party Retrieve;
  • PTC Media Type Notification;
  • PTC Group Advertisement;
  • PTC Floor Control;
  • PTC Target Presence;
  • PTC Associate Presence;
  • PTC List Management;
  • PTC Access Policy;
  • PTC Group Request;
  • PTC Encryption.
The following events are applicable to the HSS:
  • PTC Serving System;
  • HSS subscriber record change;
  • Cancel location;
  • Register location;
  • Location information request.
The following events are applicable to the SIP Core:
  • Service Registration.
A set of elements as shown below can be associated with the events above. The events trigger the transmission of the information from the PTC server ICE, or HSS to DF2. Available IEs from this set of elements as shown below can be extended in the HSS, if this is a requirement as a national option. DF2 can extend available information if this is necessary as a national option e.g. a unique number for each surveillance warrant.
Up

21.3.3.2  Communication Content (CC) EventWord‑p. 244
The following event information is sent to the DF3 when CC is authorized for delivery. The following are applicable to both the PoC and MCPTT service ICE:
  • PTC Communication Content (CC) Delivery.

21.3.4  Events Elements

21.3.4.1  IRI Event Elements

The LI IRI event information is sent to the DF2/DF3 is triggered by different PTC session related and non-call related events/reports. Details for each event are described in the following clauses.
Within Table 21.3.4.1: IRI Information Elements for PTC Event Records, a provisioned target identity can be a SIP URI, TEL URI , MCPTT ID or an IMEI.
A PTC Client may support multiple PTC Addresses and be involved in one or more PTC Sessions at the same time using the same or different PTC Addresses.
A set of elements as shown below can be associated with the events. The events trigger the transmission of the information from PTC ICE to DF2. Available IEs from this set of elements as shown below can be extended in the PTC ICE, if this is necessary as a national option. DF2 can extend available information if this is necessary as a national option e.g. a unique number for each surveillance warrant.
Information Element
Description

AbandonCause
Identifies the reason for the abandoned PTC Session.
Access_PolicyFailure
Reports the error code or reason for failure when Access Policy Request is unsuccessful.
Access_Policy_Type
Identifies the type of access policy list being managed or queried by the PTC Intercept target.
Access_Policy_event
Identifies the choice the target or an associate makes within access policy selection which can be by user or group to allow or block the incoming PTC session, Auto Answer, or allow or block a conference type.
Ad-hoc PoC Group Session
A PoC Group Session established by a PoC User to PoC Users listed on the invitation. The list includes PoC Users or PoC Groups or both.
Alert indicator
Indicates an emergency alert sent, received or cancelled.
AssociatePresenceStatus
Provides the Associate Presence Status, which is a list of:
  • PresenceID: Identity of PTC Client(s) or PTC group, when known
  • PresenceType: Identifies type of ID [PTC Client(s) or PTC group].
  • PresenceStatus: Presence state of each ID.
Broadcast indicator
Indicates that the group call request is for a broadcast group call.
Charging Correlation ID
PTC supports both subscription based charging and traffic based charging. Provide any charging events, e.g., service activation, correlation ID between the PoC service charging data and the packet data services.
Cipher
The name of the cipher.
Contact_Identity
Identity of the contact in the list, one contact per Contact List or Group List.
CryptoContext
If further information is needed to associate the encryption information with a specific session or stream, this parameter shall be included to identify the context to which this encryption message applies.
PTC Party
Join/Drop/Hold/Retrieve, MCPPT emergency/imminent group/peril etc.
Emergency indicator
Indicates the request is an MCPTT emergency call.
Event Date
Date of the event generation in the PTC Server or Client.
Event Time
Time of the event generation in the PTC Server or Client
Event Type
Description of which type of event is delivered: PTC Session Initiation, Abandon, Start, End, End Cause, Start of Interception, Pre-Established Session, Instant Personal Alert, Floor Control, Target Presence, Associate Presence, a PTC Party Join, Party Drop, Party Hold, Party Retrieve, PTC Media Modification, PTC Group Advertisement. Group Request, Group Response, Group Interrogate, PTC Media Type Notification, Bearer Capability, MCPTT Emergency Group Call, Cancel, Alert, State, MCPTT Imminent Peril Group Call. PTC Serving System, PTC List Management and Access Policy.
Failure_Code
The reason or code for the failure or closing of the session.
Floor_Request
Indicates that the originating client requests the floor.
FloorSpeakerIdentity
Identification of the PTC Client that has the Talk Burst.
Group_Ad_Receiver
The group administrator who was the receiver of the group call.
Group_Ad_Sender
The group administrator who was the originator of the group call.
Group_Identity
Identifies the PTC Group Identity, Nick Name, and characteristics.
GroupAuthorizationRules
Identifies the action requested by the target to the PTC Group authorization rules.
Hold_retrieve_Indication
The PTC Session is put on hold (deactivate Media Bursts) or a new Primary PTC Session is activated or another PTC Session is locked for talking/listening.
Hold_Retrieve_user
Identifies the PTC user who removed their PTC Session from hold.
Imminent peril indicator
Indicates that the PTC call is an imminent peril call.
Implicit floor request
When originating client requests the floor.
InitationCause
The network receives an invitation from the PTC Intercept Target to initiate a PTC session.
Invited_PTC_Client
A PTC Client that is invited to a PTC Session
Inviting_PTC_user
The PTC User who has been invited to a PTC Session.
Key
The key needed to decipher.
KeyEncoding
Shall be included to provide the encoding of the key if the encoding is other than binary
IPAPartyIdentity
Instant Personal Alert - Identifies the party that receives the Instant Personal Alert from the PTC Intercept target or the associate that sends the Instant Personal Alert to the PTC Intercept target.
Join_PTC_user
Identity of the PTC User who has joined the session, i.e., associate identity or targets.
ListManagmentAction
Identifies the action requested by the PTC Intercept target to the Contact Lists or Group Lists. Identifies the PTC-specific documents stored in the network that the target attempts to modify or that changes were made to the targets PTC-specific documents stored in the network and identifies what action was taken by the target or the associate i.e., create, modify, retrieve, delete, notify.
List_ManagementFailure
Reports the error code or reason for failure when List Management modifications should fail, when known i.e., not authorized, time out, etc.
ListManagementType
Different PTC Group lists: ContactListManagementAttempt, GroupListManagementAttempt, and GroupListManagementResult. Identifies the PTC-specific documents stored in the network that the target attempts to modify or that changes were made to the targets PTC-specific documents stored in the network and identifies which list was modified i.e., list or group.
Location
Report when a PTC Session is initiated by the intercept target.This parameter is not reported when the PTC Intercept Target receives an invitation to join a PTC Session; rather this information is reported by the PTC Session Start event (see PTC Session Start event for usage). Include when reporting of the PTC Intercept Target's location information is authorized and known.
Time of Location
Date/Time of location. The time when location was obtained by the location source node.
Max_TB_Time
Include the maximum duration value for the talkburst before the permission is revoked, provide when known.
MCPTT CorrelationID
Uniquely identifies the MCPTT Session, correlates CII messages, and correlates CII and CC messages.
MCPTT group ID
The Mission Critical Push To Talk group Identity.
MCPTT ID
Mission Critical Push To Talk identity.
MCPTT indicator
Indicates direction of the received request as either from the client or from the group to the client.
MCPTT Location
Indicates the location of the target.
MCPTT Organization name
Name of the organization that the Mission Critical device belongs to.
MediaStream_Availability
Indicates if the PTC intercept target's PTC Client is not able/willing to receive media streams immediately. Provide when Pre-established session is established.
Network Element Identifier
Unique identifier for the network element reporting the event.
Observed IMEI
The provisioned International Mobile Equipment Identity target identity.
Observed SIP URI
The provisioned target identity can be a SIP URI
Observed TEL URI
The provisioned target identity can be a TEL URI
Party_Drop
Member of a PTC Group Session and leaves the PTC Session, provide when known.
PreEstablishedSessionID
Identifies the PTC Pre-established Session.
PreEstablishedStatus
Indicates if the Pre-Established Session is established (setup completed), modified, or released.
PTCCorrelationId
Uniquely identifies the PTC Session, correlates CII messages, and correlates CII and CC messages.
PTC group ID
The PTC group ID of the group on which the call is initiated.
PTCHost
Indentifies the PTC participant who has authority to initiate and administrate an active PTC Group Session. Provide when known.
PTC_ID_List
The list of PTC IDs of the PTC group members.
PTC Location
Indicates the location of the target (if authorized for delivery).
PTCOriginatingId
Identifies the originating party. Provided when known.
PTCOther
Other information that is required to decrypt the data.
PTCParticipants
Identifies the invited PTC participants, when known, if other than the PTC Intercept Target.
PTCSessionInfo
Provides PTC Session information such as PTC Session URI, PTC Session type, and Nickname.
PTCUserAccessPolicy
Identifies the action requested by the PTC Intercept Target related to the PTC user access policy.
Queued_FloorControl
Indicates if queuing is supported by the PTC Server and the intercept target's PTC Client.
Queued_Position_Status
If queued floor control is supported, indicates the queue position.
RegistrationRequest
Identifies the type of registration request (e.g., register, re-register, de-register).
RegistrationOutcome
Identifies success or failure of registration and the failure reason.
RTP_Setting
The IP address and the port number at the PTC Server for the RTP Session.
Salt
Include to provide the initial salt value if the cipher requires a salt value.
SDP
Answer, offer and SDP parameter negotiations. Report when known.
SIP_message_header
Answer, offer and SIP parameter negotiations. Report when known.
TalkburstControl_Setting
The offered Talk Burst Control Protocol, e.g., Talk Burst parameter(s) and the port numbers. Provide when Pre-established session is established.
TargetIdentity
The PTC identifier for the PTC Intercept Target.
TargetPresenceStatus
PTC-related presence information of the PTC intercept target.
Talk_burst_priority
If more than one level of priority is supported, indicates the talk burst priority level of the PTC Client.
Talk_burst_reason_code
Identifies the reason code for the denial or revoke of a talk burst.
TBCP_Deny
Indicates that the PTC Server has notified a PTC Client that it has been denied permission to send a Talk Burst.
TBCP_Granted
Indicates that the PTC Server has notified the PTC Client that it has been granted permission to send a Talk Burst.
TBCP_Idle
Used by the PTC Server to notify all PTC Clients that no one has the permission to send a Talk Burst at the moment and that it may accept the TBCP Talk Burst Request message.
TBCP_Queued
Indicates the request to talk is queued, if queued floor control is supported. Include identification of the PTC Client that has the queued Talk Burst, if known.
TBCP_Release
Indicates the request to talk has completed.
TBCP_Request
Indicates that the PTC Client has requested permission from the PTC Server to send a Talk Burst.
TBCP_Revoke
Indicates that the PTC Server has revoked the media resource from a PTC Client and can be used for preemption functionality, but is also used by the system to prevent overly long use of the media resource.
TBCP_Taken
Indicates that the PTC Server has notified all PTC Clients, except the PTC Client that has been given permission to send a Talk Burst, that another PTC Client has been given permission to send a Talk Burst.

Up

21.3.4.2  CC Event ElementsWord‑p. 246
The following event information is sent to the DF3 when CC is authorized for delivery. The following events are applicable to both the PoC and MCPTT service ICE.
Observed IMEI
The provisioned International Mobile Equipment Identity target identity.

Observed SIP URI
The provisioned target identity can be a SIP URI
Observed TEL URI
The provisioned target identity can be a TEL URI
MCPTT ID
Mission Critical Push To Talk identity.
Event Date
Date of the event generation in the PTC Server or Client.
Event Time
Time of the event generation in the PTC Server or Client
Event Type
Description of which type of event is delivered: PTC Communication Content (CC).
Network Element Identifier
Unique identifier for the network element reporting the event.
PTC group ID
The PTC group ID of the group on which the call is initiated.
MCPTT group ID
The Mission Critical Push To Talk group Identity.
PTCSessionInfo
Provides PTC Session information such as PTC Session URI, PTC Session type, and Nickname.
PTCCorrelationId
Uniquely identifies the PTC Session, correlates CII messages, and correlates CII and CC messages.
PTC Location
Indicates the location of the target (if authorized)
Time of Location
Date/Time of location. The time when location was obtained by the location source node.
PTC CC Payload
The intercepted communications content encapsulated packet of a PTC session.

Up

21.4  PTC Surveillance EventsWord‑p. 247

21.4.0  PTC General

PTC Service events defined below are using the PTC Surveillance Events from Table 21.3.4.1. These events are deliverable for either type of service provided by the SP, i.e. PoC or MCPTT.

21.4.1  PTC Service RegistrationWord‑p. 248
The PTC Service Registration event occurs when the target registers, re-registers, or deregisters for a PTC service, regardless of whether it is successful or unsuccessful.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event Type
Event Time
Event Date
Network Element Identifier
Any other IMPU or IMPI of the target (if available)
RegistrationRequest
RegistrationOutcome

21.4.2  PTC Serving System

A PTC Serving System event is generated when there is a change to the SP serving the PTC target access network (i.e. for mobility).
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
Serving System Address (AVP name such as Visited-PLMN-Id)
Any other IMPU or IMPI of the target (if available)

21.4.3  PTC Session Initiation

A PTC Session Initiation event occurs when the PTC target initiates a session or the target receives an invitation to join a session regardless of the success or the final disposition of the invitation.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
PTCHost
PTCOriginatingID
PTCParticipants
AssociatePresenceStatus
Location
Time of Location
InitationCause
BearerCapability

21.4.4  PTC Session AbandonWord‑p. 249
The PTC Session Abandon event is triggered when the PTC Session is not established and the request is abandoned before the PTC Session established end to end connectivity.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCorrelationID
PTCSessionInfo
TargetIdentity
PTCOriginatingId
PTCParticipants
AssociatePresenceStatus:
Location
Time of Location
AbandonCause

21.4.5  PTC Session Start

This event occurs when a PTC Session (e.g. One-to-One, One-to-Many, or One-to-Many-to-One) is answered, and voice communication begins. The PTC client may use the pre-established session for PTC session Start.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
PTCOriginatingId
PTCParticipants
AssociatePresenceStatus:
Location
Time of Location
BearerCapability

21.4.6  PTC Session End

The PTC Session End event occurs when the PTC Session is released for any reason (i.e. normal or abnormal release) and voice communications ends. The PTC client may use the pre-established session for terminating a PTC session.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
PTCParticipants
Location
Time of Location
Cause

21.4.7  PTC Start of InterceptionWord‑p. 250
This event occurs when interception is started and there is an on-going PTC session.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
PTCOriginatingID
PTCHost
PTCParticipants
BearerCapability
Correlation information

21.4.8  PTC Pre-Established Session

This event occurs when a pre-established session is setup between the PTC service client present within the target's UE and the PTC server associated with the PTC client. The PTC client may use the pre-established session for originating or terminating calls after pre-established session establishment, regardless of whether the PTC target is actively transmitting or receiving talk bursts.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
TargetIdentity
PTC_Server_URI
RTP_Setting
PTC_Media_Capability
PreEstablishSessionId
PreEstablishedStatus
TalkburstControl_Setting
MediaStream_Availability
Location
Time of Location
BearerCapability
Correlation information

Up

21.4.9  PTC Instant Personal Alert

This event occurs when an Instant Personal Alert (i.e. a request for one PTC subscriber to initiate a PTC Session at a later time) is initiated or sent to the PTC target.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
TargetIdentity
IPAPartyIdentity

21.4.10  PTC Party Join eventWord‑p. 251
This event occurs when a request to join (or re-joins) a PTC Group Session (i.e. Chat Group) that is already in progress is received from the PTC target.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationId
PTCSessionInfo
TargetIdentity
Inviting_PTC_user
Join_PTC_user
AssociatePresenceStatus
BearerCapability

21.4.11  PTC Party Drop

This occurs when the target is a participating member of a PTC Group Session and leaves the PTC Session in which the PTC target is also participating.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
Party_Drop
AssociatePresenceStatus:

21.4.12  PTC Party Hold

A PTC Party Hold event occurs when the target places an on-going PTC Session on hold in on-going PTC Session.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
Hold_ Indication
Hold_User

21.4.13  PTC Party RetrieveWord‑p. 252
A PTC Party Retrieve event occurs when the target retrieves an on-going PTC Session.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
Retrieve_Indication
Retrieve_User

21.4.14  PTC Media Modification

During the PTC Session, a PTC Client may modify the voice frame packetization or voice codec mode by Out-of-band signalling using SDP payload within SIP messages. The Media Modification event is generated when a re-negotiation of the media parameters occurs during a PTC Session involving the target MS.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTCCorrelationID
PTCSessionInfo
TargetIdentity
BearerCapability

21.4.15  PTC Group Advertisement

This event is generated when a PTC Intercept Target sends Group Advertisement information to a single PTC user, a list of PTC users or to all members of the Group using the Group Identity.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
TargetIdentity
Group_Identity
Group_Ad_Sender
Group_Ad_Receiver
PTCHost
Group_Characteristics

21.4.16  PTC Floor ControlWord‑p. 253
Floor Control arbitrates requests from the PTC Clients for the right to send media (i.e. the right to speak). Note, the term "Floor Control" is used to mean the same as term "Talk Burst Control". When the PTC target is participating in a PTC Session, a Floor Control event is generated when the target requests to speak (e.g., presses the PTT mechanism) or the target is given permission to speak in response to a request (e.g. the network responds positively to the PTC Subscriber's request) or is refused the request to speak and when the target is finished speaking (e.g. the PTC Intercept target releases the PTT mechanism).
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
TargetIdentity
PTCCorrelationID
PTCSessionInfo
FloorActivity
Choice of:
TBCP_Request
TBCP_Granted
TBCP_Deny
TBCP_Queued
TBCP_Release
TBCP_Revoke
FloorSpeakerIdentity
Queued_FloorControl
Queued_Position_Status
Max_TB_Time
Talk_burst_priority
Talk_burst_reason_code

Up

21.4.17  PTC Target Presence

If the Presence functionality is supported by the PTC Server and the PTC Server assumes the role of a Presence Source, this event is generated when the PTC Server publishes network presence information to the Presence server on behalf of PTC target.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
TargetIdentity
TargetPresenceStatus

21.4.18  PTC Associate PresenceWord‑p. 254
This event is generated when the PTC Server receives presence status notifications from the Presence Servers after having subscribed to the PTC presence status of other PTC Clients (i.e. Associates of the PTC Intercept target).
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
TargetIdentity
AssociatePresenceStatus:

21.4.19  PTC List Management Events

This event is generated when the target PTC Client attempts to change their own contact list or their own PTC Group list(s). This event is also generated when the network notifies the Intercept target's PTC Client of changes made to their PTC-specific documents stored in the network (i.e. contact lists or PTC Group lists).
Information Element

Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
SIP message header offer
SIP message header answer
SDP offer
SDP answer
TargetIdentity
ListManagementType
  • Choice of:
    • ContactListManagementAttempt
    • GroupListManagementAttempt
    • ContactListManagementResult
    • GroupListManagementResult
    • Request unsuccessful
ListManagmentAction
  • Choice of:
    • Create
    • Modify
    • Retrieve
    • Delete
    • Notify
Contact_Identity
Group_Identity
PTCHost
List_ManagementFailure

Up

21.4.20  PTC Access Policy event

This event is generated when the PTC Intercept target attempts to change the access control lists (e.g. PTC user access policy and PTC Group authorization rules). In addition this event is generated when the network responds to a modification or query by the PTC Intercept target to the access control lists (e.g. PTC user access policy and PTC Group authorization rules).
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
TargetIdentity
Access_Policy_Type
  • Choice of:
    • PTCUserAccessPolicyAttempt
    • GroupAuthorizationRulesAttempt
    • PTCUserAccessPolicyQuery
    • GroupAuthorizationRulesQuery
    • PTCUserAccessPolicyResult
    • GroupAuthorizationRulesResult
    • Request unsuccessful
PTCUserAccessPolicy
  • Choice of:
    • Allow_Incoming_PTC_Session_request
    • Block_Incoming_PTC_Session_request
    • Allow_Auto_Answer_Mode
    • Allow_Override_Manual_Answer_Mode
GroupAuthorizationRules
  • Choice of:
    • Allow_Initiating_Conference
    • Block_Initiating_Conference
    • Allow_Joining_Conference
    • Block_Joining_Conference
    • Allow_Add_Participants
    • Block_Add_Participants
    • Allow_Subscription_Conference_State
    • Block_Subscription_Conference_State
    • Allow_Anonymity
    • Forbid_Anonymity
Contact_Identity
Group_Identity
PTCHost
Access_PolicyFailure

Up

21.4.21  PTC Media Type NotificationWord‑p. 255
This event is generated for media detected at the ICE for media types other than PTC speech (e.g. video, images, text, and files) directed to/from the targets PTC client. Media Types are either real-time or non-real time, i.e., Audio (e.g. music), Video Discrete Media (e.g. still image, formatted and non-formatted text, file), or Real Time Streaming Media (RTSP). Media parameters are SIP/SDP based information exchanged between the PTC server and the targets PTC client, between the PTC server and the PoC Box and between PTC servers that specify the characteristics of the Media for a PTC session being established or that already exists.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
SIP message header offer
SIP message header answer
SDP offer
SDP answer
PTCCorrelationID
PTCSessionInfo
TargetIdentity
BearerCapability

Up

21.4.22  PTC Encryption Message |R15|Word‑p. 256
The CSP shall provide the encryption method, specific parameters and the encryption keys to LE when a CSP service uses encryption that is provided or managed by the CSP.
The Encryption message is sent by the DF2 to the LEMF when there is a need to pass the decryption information associated with intercepted content. If rekeying is deployed, one or more new Encryption messages are sent coincident with the change in keys.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event Type
Event Time
Event Date
CryptoContext
Cipher
Key
Salt
KeyEncoding
PTCOther

Up

21.5  PTC Group CallsWord‑p. 257

21.5.1  General

A PTC Group Session supports a One-to-One, One-to-Many, or One-to-Many-to-One with the following events; Session initiation request/response, Session modification, joining/leaving, termination, voice communication begins, ends, or forced disconnected. When detected at the ICE, these events can originate from the targets PTC Client to the PTC Server or from the PTC Server to the targets PTC Client or PTC server to PTC Server on the behalf of the target.

21.5.2  Group Call Request

This event is generated when received at the PTC server serving the target or sent to the targets PTC client for a PTC Group Call request to join, rejoin, or release of the group call. This can be a Group Call Request event received at the PTC Server serving the target from a separate PTC server (outside the SP architecture) to the target. This event would be generated for each instance as described.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTC group ID
PTC ID list
SDP offer
SDP Answer
Floor Request
Broadcast indicator

Up

21.5.3  Group Call Response

A Group Call Response event is generated upon sending a group call response to the target or received at the PTC Server from the target or on behalf of the target to a separate PTC server (outside the SP architecture).
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTC group ID
SDP answer

21.5.4  PTC Group Interrogate

This event is generated when a group interrogate request or a response is received at the PTC Server serving the target.
Information Element

Observed SIP URI
Observed TEL URI
Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTC group ID
PTC ID list

21.6  MCPTT Priority Calls and Alerts MessagesWord‑p. 258

21.6.0  Background

MCPTT emergency group calls are defined by TS 23.379 and TS 22.179. Group calls are enabled in both on-network and off-network but interception of these events are at the on-network MCPTT Server serving the target. Off-network MCPTT interception is for future study (FFS). If there are multiple events for or to the target for each of these separate events detected an event report is generated.
Up

21.6.1  General

A MCPTT Emergency Group Session can support a One-to-One, One-to-Many, or One-to-Many-to-One with the following events; Group Call initiation request/response, Group Call Session modification, joining/leaving, termination, voice communication begins, ends, or forced disconnected, an Imminent Peril Group Call or alerts. When detected at the ICE, these events can originate from the targets MCPTT Client to the MCPTT Server or from the MCPTT Server to the targets MCPTT Client or the targets serving MCPTT server to another domain MCPTT Server on the behalf of the target.
Up

21.6.2  MCPTT Emergency Group Call

When the MCPTT Emergency Group Call Request or Response is detected at the MCPTT Server, it can originate from the targets MCPTT client or be sent to the targets MCPTT client from a MCPTT Group.
Observed TEL URI

Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
MCPTT group ID
Emergency indicator
Alert indicator
MCPTT group ID
MCPTT indicator
MCPTT CorrelationID
MCPTT Location
Time of Location

21.6.3  MCPTT Emergency Group Call Cancel

When a MCPTT Emergency Group Call Cancel is detected at the MCPTT Server, it can originate from the targets MCPTT client or towards the targets MCPTT client from a MCPTT Group.
Observed TEL URI

Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
Emergency indicator
Alert indicator
MCPTT group ID
MCPTT indicator
MCPTT CorrelationID
MCPTT Location
Time of Location

21.6.4  MCPTT Emergency Group AlertWord‑p. 259
When a MCPTT Emergency Alert Notification, Response, Request or Cancel is detected at the MCPTT Server, it can originate from the targets MCPTT client or towards the targets MCPTT client from a MCPTT Group.
Observed TEL URI

Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
MCPTT group ID
Alert indicator
MCPTT Organization name
MCPTT CorrelationID
MCPTT Location
Time of Location

21.6.5  MCPTT Emergency Group State

When the MCPTT Emergency State Response, Request or Cancel is detected at the MCPTT Server, it can originate from the targets MCPTT client or to the targets MCPTT client from a MCPTT Group.
Observed IMEI

MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
MCPTT group ID
Client emergency state inform (See NOTE)
Client emergency state response (See NOTE)
Client emergency state cancel inform (See NOTE))
Client emergency state cancel response (See NOTE)
Group emergency condition inform (See NOTE)
Group emergency condition response (See NOTE)
Group emergency condition cancel request (See NOTE)
Group emergency condition cancel response (See NOTE)

Up

21.6.6  MCPTT Imminent Peril Group Call

When the MCPTT Imminent Peril Group Call Request, Response or Cancel is detected at the MCPTT Server, it can originate from the targets MCPTT client or to the targets MCPTT client from a MCPTT Group.
Observed TEL URI

Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
MCPTT group ID
MCPTT Imminent peril indicator
MCPTT indicator
MCPTT CorrelationID
MCPTT Location
Time of Location

21.7  PTC Communication Content (CC)Word‑p. 260

21.7.0  General

When communication content (CC) delivery is authorized the CSP shall access and deliver communication content for the target for the duration of any of the different types of PTC sessions (i.e., One-to-One, One-to-Many, or One-to-Many-to-One, MCPTT or Private Calls). Any CC that are originated by, redirected by and terminated to the surveillance target's equipment, facilities, or service when the surveillance target is part of the PTC session or the target is connected to the PTC Session under surveillance shall be delivered to the DF3 as identified parameters in table 2.1.3.4.2.
Up

21.7.1  Communication Content (CC)

The Communication Content event is used to encapsulate communications content packets for transfer over the interface to the DF3, in accordance with this standard.
Observed TEL URI

Observed IMEI
MCPTT ID
Event type
Event Time
Event Date
Network Element Identifier
PTC Group ID
MCPTT group ID
PTCSessionInfo
PTCCorrelationID
PTC Location
PTC CC Payload
Time of Location


Up   Top   ToC