Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 33.107  Word version:  16.0.0

Top   Top   Up   Prev   Next
0…   4   5…   5A…   6…   7…   7A…   8…   9…   10…   11…   12…   12.2…   12.3…   12.4…   12.5…   13…   14…   15…   16…   17…   18…   19…   20…   21…   22…   23…   A…   B…   C…   D…   E…   F…   G…   H…   I…   J…   L…

 

J  Lawful Interception Illustrations in VPLMN with S8HR |R14|Word‑p. 368

J.1  Overview

This informative annex illustrates the process of performing lawful interception in the VPLMN for voice services involving the inbound roaming targets when S8HR approach is used as the roaming architecture.
When S8HR approach is used as the roaming architecture for VoLTE, all of the IMS nodes reside in the HPLMN. Even the PDN-GW resides in the HPLMN. In this case, the lawful interception of voice services involving the inbound roaming targets requires new capabilities in the VPLMN since the VPLMN does not have any IMS nodes. New LI-specific functions are introduced to examine the packets that flow through the VPLMN packet core network nodes to generate IRI and CC when the communication involves an inbound roaming target. The LI architecture diagram shown in figure 1j is expanded in figure J.1 that shows an overview of S8HR roaming architecture as well.
[not reproduced yet]
Figure J.1: Lawful interception of voice services in VPLMN for S8HR
Up
As shown in figure J.1, the SIP signalling messages are exchanged between the UE and P-CSCF over the Gm reference point. Within the VPLMN with S8HR, the IMS signalling messages are carried over the GTP tunnel that corresponds to the IMS Signalling Bearer and the media packets are carried over the GTP tunnel that corresponds to the Media Bearer (i.e., dedicated EPS Bearer used to carry the media packets). The present document assumes that the EPS Bearer ID of the IMS Signalling Bearer is always linked to the dedicated EPS Bearer used as a Media Bearer.
Up

J.2  Process FlowWord‑p. 369
The basic concept is LMISF instructs the S-GW/BBIFF over the Xib reference point to deliver packets from the GTP tunnels associated with IMS signalling bearer of all inbound roamers with S8HR as the roaming architecture. S-GW/BBIFF extracts the packets from those GTP tunnels and delivers the same to the LMISF. The LMISF extracts the SIP messages from those packets and provides an IMS call state function similar to the way P-CSCF provides the IMS call state function. In addition, the LMISF provisioned with the target identity by ADMF examines the SIP messages to determine whether the IMS session needs to be intercepted. When the IMS session needs to be intercepted, the LMISF generates IRI from the SIP messages and deliver the same to the Delivery Function 2 over X2 reference point. In addition to the generation and delivery of IRI, when CC interception is required, the LMISF also informs the S-GW/BBIFF that the IMS session is being intercepted and instructs the S-GW/BBIFF over Xib reference point to start delivering the packets from the Media Bearer l associated with the intercepted IMS Signalling Bearer. The S-GW/BBIFF extracts the packets from that GTP tunnel used for Media Bearer associated with the intercepted IMS Signalling Bearer and delivers the same to the LMISF. The LMISF constructs the CC from those packets and delivers the same to the Delivery Function 3 over X3 reference point.
Figure J.2 shows the steps to illustrate the process flow:
[not reproduced yet]
Figure J.2: Process Flow of S8HR LI
Up
Step 1.
LMISF is provisioned with target information (for Voice Services, it can be SIP URI, TEL URI or IMEI) from the ADMF.
Step 2.
LMISF instructs the S-GW/BBIFF to notify (to LMISF), based on the GTP-C event, whenever an IMS Signalling Bearer or the Media Bearer for S8HR APN is created, modified, or deleted, and to deliver the packets (to LMISF) of all IMS Signalling Bearers established for S8HR APNs (Access Point Names). Here, the LMISF may supply the S8HR APNs to the S-GW/BBIFF.
Step 3.
S-GW/BBIFF to notifies the LMISF, based on the GTP-C event, whenever the IMS Signalling Bearer for S8HR APN is created, modified, or deleted. S-GW/BBIFF also notifies the LMISF, based on the GTP-C event, whenever the IMS Media Bearer is created, modified, or deleted.
Step 4.
S-GW/BBIFF delivers the packets of those IMS Signalling Bearers to the LMISF. As such, S-GW/BBIFF has no idea whether the packets of an IMS Signalling Bearer are related to a target or not. It simply delivers all packets.
Step 5.
The LMISF looks for the SIP message within those packets delivered by the S-GW/BBIFF and examines the SIP headers that carry the calling party identity or called party identity (depending on the call direction) to verify whether any of those match with the target identity stored locally. If the SIP message corresponds to a target, then the LMISF delivers the SIP message to the DF2 over the X2 reference point. If required, the LMISF includes the UE location previously received from the S-GW/BBIFF while delivering the SIP messages to the DF2.
Step 6.
The DF2 will generate and deliver the IRI to the LEMF as per TS 33.108.
The following steps are performed only if CC interception is required.
Step 7.
The LMISF then informs the S--GW/BBIFF about the IMS Signalling Bearer that corresponds to intercepted IMS session and instructs the S-GW/BBIFF to start delivering (to LMISF) the packets of the Media Bearers associated with that IMS Signalling Bearer.
Step 8.
S-GW/BBIFF delivers the media packets to the LMISF. The S-GW/BBIFF knows that the media packets are related to an IMS Signalling Bearer, but does not know which media packet is related to which IMS session in the event target is involved in multiple sessions. The S-GW/BBIFF need not know that association.
Step 9.
LMISF looks at the media packets that it receives and examines the IP address and the port number associated with the RTP stream. Then LMISF will determine the associated IMS session comparing the IP address/port number of the RTP stream with the similar information from the IMS session. LMISF delivers the media packets to DF3 along with the Correlation Number it has used while delivering the SIP messages to DF2.
Step 10.
DF3 generates and delivers the CC as per TS 33.108 to the LEMF.
Figure J.3 below illustrates the above steps in a flow diagram format.
[not reproduced yet]
Figure J.3: Flow diagram illustrating the process steps for S8HR LI
Up
The LMISF will be able to correlate the CC with the IRI since it receives both media packets and the IMS signalling packets.
Figure J.4 shows the steps when an intercept is deactivated during a VoLTE session.
[not reproduced yet]
Figure J.4: Flow diagram illustrating the process steps during intercept stop procedures for S8HR LI
Up
Step 1.
LMISF is provisioned to deactivate the lawful interception on the target (for Voice Services, it can be SIP URI, TEL URI or IMEI from the ADMF.
The LMISF will stop generation of IRI and CC immediately after it detects that the interception is deactivated.
The following steps may be required if CC interception is applicable.
Step 2.
The LMISF informs the S-GW/BBIFF about the identity of the IMS Signalling Bearer on which the interception is stopped and instructs the S-GW/BBIFF to stop delivering the packets of the Media Bearers associated to that IMS Signalling Bearer to LMISF.
The S-GW/BBIFF will stop delivering the media packets associated with the intercepted IMS Signalling Bearer to the LMISF.
Up

J.3  Call FlowsWord‑p. 372

J.3.1  General

Four call flows are presented in this clause:
  • Inbound roaming target originates a voice call. The CC interception is required.
  • A voice call is terminated to an inbound roaming target. The CC interception is required.
  • An interception is activated while an inbound roaming user is active on a call.
  • An inbound roaming user originates a voice call. The CC interception is not required.
In all the call flows, the target identity is the SIP URL or TEL URL. All the call flows assume that the SIP messages and the media are not encrypted at S-GW/BBIFF (one of the requirements for performing the lawful interception in the VPLMN for S8HR).
Independently of the active intercept on a target, the S-GW/BBIFF notifies the LMISF whenever an IMS Signalling Bearer or Media Bearer for S8HR APNs is created, modified or deleted. Such notifications include the up-to-date UE location information that S-GW receives from the MME. The LMISF includes the latest UE location information in the SIP messages that it reports to the DF2 for active intercepts.
Up

J.3.2  Originating callWord‑p. 373
Figure J.5 below illustrates a call flow where an inbound roaming target originates a voice call. In the flow, Party_A (target) calls Party_B. The flow shows that Party_B is also an IMS user (SIP messages are shown), however, Party_B can also be a non-IMS user served by CS domain.
[not reproduced yet]
Figure J.5: Call Origination from an inbound roaming target with S8HR
Up
The S-GW/BBIFF delivers the IMS signalling packets to the LMISF. The LMISF examines the SIP message to verify whether the SIP headers pointing to the calling party (e.g. P-preferred-Identity, From) is a target. In this illustration, that is the case, and therefore, the LMISF forwards the IRI message containing the SIP INVITE to the DF2 with correlation number D1. The DF2 forwards the IRI to the LEMF.
Since CC interception is required, the LMISF notifies S-GW/BBIFF with the IMS Signalling Bearer information associated with the intercepted IMS session. Once the dedicated EPS Bearer to be used as the Media Bearer linked to the EPS Bearer ID of the IMS Signalling Bearer is created, S-GW/BBIFF delivers the media packets flowing through the GTP tunnel used for that Media Bearer to the LMISF. The LMISF delivers the media packets as the CC along with the correlation number D1 to the DF3. The DF3 delivers the CC to the LEMF.
The LMISF delivers the subsequent SIP messages (in the call flow: 180 Ringing, 200 OK and ACK) received from the S-GW/BBIFF as IRI to the DF2 which in turn the deliver the same to the LEMF.
Up

J.3.3  Terminating call

Figure J.6 below illustrates a call flow where an inbound roaming target receives a voice call. In the flow, Party_A calls Party_B (target). The flow shows that Party_A is also an IMS user (SIP messages are shown), however, Party_A can also be a non-IMS user served by CS domain.
[not reproduced yet]
Figure J.6: Call Termination to an inbound roaming target with S8HR
Up
The S-GW/BBIFF delivers the IMS signalling packets to the LMISF. The LMISF examines the SIP message to verify whether the SIP headers pointing to the called party (e.g. Request URI, P-Called-Party-Id, To) is a target. In this illustration, that is the case, and therefore, the LMISF forwards the IRI message containing the SIP INVITE to the DF2 with correlation number D1. The DF2 forwards the IRI to the LEMF.
Since CC interception is required, the LMISF notifies S-GW/BBIFF with the IMS Signalling Bearer information associated with the intercepted IMS session.
Once the EPS Bearer to be used as the Media Bearer linked to the EPS Bearer ID of the IMS Signalling Bearer is created, S-GW/BBIFF delivers the media packets flowing through the GTP tunnel used for that Media Bearer to the LMISF. The LMISF delivers the media packets as the CC along with the correlation number D1 to the DF3. The DF3 delivers the CC to the LEMF.
The LMISF delivers the subsequent SIP messages (in the call flow: 180 Ringing, 200 OK and ACK) received from the S-GW/BBIFF as IRI to the DF2 which in turn the deliver the same to the LEMF.
Up

J.3.4  Mid-Call InterceptionWord‑p. 374
Figure J.7 below illustrates a call flow where a lawful interception is activated while an inbound roaming user is active on a voice call. In the flow, Party_A (target) calls Party_B. The flow shows that Party_B is also an IMS user (SIP messages are shown), however, Party_B can also be a non-IMS user served by CS domain.
[not reproduced yet]
Figure J.7: Mid Call Interception
Up
The S-GW/BBIFF delivers the IMS signalling packets to the LMISF. The LMISF examines the SIP message to verify whether the SIP headers pointing to the calling party (e.g. P-preferred-Identity, From) is a target. In this illustration, that is not the case, and therefore, the LMISF does not generate any IRI messages. However, the LMISF stores this SIP message and the subsequent SIP messages. The LMISF also maintains the IMS call state for the inbound roaming user.
In this illustration, a lawful interception is activated on the inbound roaming user right after the called party (Party_B) answers the call, but before the Party_A (target) has a chance to send the ACK message. Since the SDP offer and SDP answer are already completed, the LMISF generates the Start Interception for established IMS session with the Correlation Number D1 to the DF2 over X2 reference point. The DF2 forwards the same to the LEMF over the HI2 reference point.
Since the just activated lawful interception requires CC interception, the LMISF notifies S-GW/BBIFF with the IMS Signalling Bearer information associated with the IMS session on which the lawful interception is activated.
The S-GW/BBIFF delivers the media packets from the GTP tunnel used for the Media Bearer linked to the EPS Bearer ID of the IMS Signalling Bearer to the LMISF. The LMISF delivers the media packets as the CC along with the correlation number D1 to the DF3. The DF3 delivers the CC to the LEMF over HI3 reference point.
The LMISF delivers the subsequent SIP messages (in the call flow: ACK) received from the S-GW/BBIFF as IRI to the DF2 which in turn the deliver the same to the LEMF.
Up

J.3.5  Lawful Interception without CCWord‑p. 376
Figure J.8 below illustrates a call flow where an inbound roaming target originates a voice call. The lawful interception does not require CC interception. In the flow, Party_A (target) calls Party_B. The flow shows that Party_B is also an IMS user (SIP messages are shown), however, Party_B can also be a non-IMS user served by CS domain.
[not reproduced yet]
Figure J.8: Call Origination from an inbound roaming target with S8HR; CC is not required
Up
The S-GW/BBIFF delivers the IMS signalling packets to the LMISF. The LMISF examines the SIP message to verify whether the SIP headers pointing to the calling party (e.g. P-preferred-Identity, From) is a target. In this illustration, that is the case, and therefore, the LMISF forwards the IRI message containing the SIP INVITE to the DF2 with correlation number D1. The DF2 forwards the IRI to the LEMF.
Since CC interception is not required, the LMISF does not notify the S-GW/BBIFF with the IMS Signalling Bearer information associated with the intercepted IMS session.
S-GW/BBIFF does not deliver the media packets flowing through the GTP tunnel of Media Bearer to the LMISF. As a matter of fact, the S-GW/BBIFF does not know that the call involves a target.
The LMISF delivers the subsequent SIP messages (in the call flow: 180 Ringing, 200 OK and ACK) received from the S-GW/BBIFF as IRI to the DF2 which in turn the deliver the same to the LEMF.
Up

J.3.6  S-GW Relocation

Figure J.9 below illustrates a call flow where a a S-GW relocation occurs while an inbound roaming user is active on a voice call. In the flow, Party_A (target) calls Party_B. The flow shows that Party_B is also an IMS user (SIP messages are shown), however, Party_B can also be a non-IMS user served by CS domain.
[not reproduced yet]
Figure J.9: S8HR LI with S-GW Relocation
Up
The old S-GW/BBIFF delivers the IMS signalling packets to the LMISF. The LMISF examines the SIP message to verify whether the SIP headers pointing to the calling party (e.g. P-preferred-Identity, From) is a target. In this illustration, that is the case, and therefore, the LMISF forwards the IRI message containing the SIP INVITE to the DF2 with correlation number D1. The DF2 forwards the IRI to the LEMF.
Since CC interception is required, the LMISF notifies old S-GW/BBIFF with the IMS Signalling Bearer information associated with the intercepted IMS session.
Once the dedicated EPS Bearer to be used as the Media Bearer linked to the EPS Bearer ID of the IMS Signalling Bearer is created, old S-GW/BBIFF delivers the media packets flowing through the GTP tunnel used for that Media Bearer to the LMISF. The LMISF delivers the media packets as the CC along with the correlation number D1 to the DF3. The DF3 delivers the CC to the LEMF.
The LMISF delivers the subsequent SIP messages (in the call flow: 180 Ringing, 200 OK) received from the old S-GW/BBIFF as IRI to the DF2 which in turn the deliver the same to the LEMF.
In this illustration, a S-GW relocation happens right after the called party (Party_B) answers the call, but before the Party_A (target) has a chance to send the ACK message. When the IMS Signalling Bearer is created, the new S-GW/BBIFF notifies the LMISF along with the IMSI value with an indication that a S-GW relocation has occurred. The LMISF examines to see whether the IMS Signalling Bearer is associated with an intercepted IMS session. In this illustration since the CCinterception is required, the LMISF notifies the S-GW/BBIFF with the IMS Signalling Bearer information associated with the intercepted IMS session.
Once the dedicated EPS Bearer to be used as the Media Bearer linked to the EPS Bearer ID of the IMS Signalling Bearer is created, new S-GW/BBIFF delivers the media packets flowing through the GTP tunnel used for that Media Bearer to the LMISF. The LMISF delivers the media packets as the CC along with the correlation number D1 to the DF3. The DF3 delivers the CC to the LEMF.
The LMISF delivers the subsequent SIP messages (in the call flow: ACK) received from the new S-GW/BBIFF as IRI to the DF2 which in turn the deliver the same to the LEMF.
Up

J.4  Correlation of CC and IRIWord‑p. 378
A target is identified using SIP URI, TEL URI or IMEI. Not all SIP messages carry these identities. The LMISF by maintaining the IMS call state is able to determine the subsequent SIP messages that correspond to the same target. When a target is involved in multiple IMS sessions, the LMISF will have the logic to associate and correlate the SIP messages that are related to an IMS session. For example, the SIP messages that have the same Call Identity value can be treated as the SIP messages of a particular IMS session and hence, when reported to the LEMF (via DF2) can have the same Correlation Number.
LMISF will also examine the SIP messages that carry the SDP offer and SDP answer to determine the media information related to an IMS session.
When an IMS session is established, the media information is exchanged between the two end points of the media stream (e.g. target's UE and IMS-AGW in HPLMN) through the SDP offer and answer process. The combination of IP address of the end point (e.g. UE and IMS AGW) and UDP port numbers used to transport the RTP and RTCP are part of this SDP offer and answer along with other things like Codec information. The media packets (i.e. RTP streams) exchanged between the two end points of the media use those IP addresses and the port numbers (assigned for RTP).
One method that can be used to establish the correlation is to use the IP addresses and the UDP port numbers exchanged within the SDP offer and answer process and compare them with the IP addresses and UDP port numbers of the media packets to establish an association between the IMS session and the media.
In other words, the IP address and UDP port numbers associated with a media packet when compared with the IP address and UDP port numbers exchanged in the SDP offer and answer, one can determine to which IMS session a media packet corresponds to. Once that determination is made, these parameters may be used to establish a correlation.
When S-GW/BBIFF is asked to deliver the packets from the IMS Signalling Bearers to LMISF, it delivers everything above the GTP-U layer. S-GW/BBIFF does not look into the IMS packets above the GTP-U layer. Similarly, when the S-GW/BBIFF is asked to deliver the packets from the Media Bearer to the LMISF, it delivers everything above the GTP-U layer. It does not look into the Media packets above the GTP-U layer. However, the BBIFF knows that the Media Bearer and the IMS Signalling Bearer are related through the GTP protocol concepts defined in TS 29.274.
The LMISF will generate a Correlation Number and include that Correlation Number while delivering the SIP messages to the DF2. When the media packets are received, LMISF will examine the Media packets to determine which IMS session, the Media packets are related to. Once determined, the LMISF will deliver the Media packets to the DF3 along with the Correlation Number previously stored against the IMS session.
Up

J.5  UE Location Reporting |R15|

Within the EPC, the MME sends the UE location to the S-GW within the Create Session Request and Create Bearer Response messages that it sends to the S-GW. The Create Session Request is sent from the MME to the S-GW when the default bearer is created. The Create Bearer Response is sent from the MME to the S-GW when a dedicated bearer used as Media Bearer is created.
In addition, the MME sends the UE location to the S-GW when a Bearer is modified (Modify Bearer Request and Update Bearer Response) or deleted (Delete Session Request and Delete Bearer Response).
The details of the above messages (i.e. Create Session Request etc.) are specified in TS 29.274.
For the S8HR LI, the S-GW/BBIFF notifies the LMISF whenever the IMS signalling bearer (i.e. default bearer) or Media Bearer (i.e. dedicated bearer linked to the IMS Signalling Bearer) is created, modified, or deleted. The S-GW/BBIFF includes the UE Location that it receives from the MME when it notifies the IMS signalling bearer creation and Media Bearer creation events to the LMISF.
The LMISF should store the UE location as it stores the IMSI value (currently specified in TS 33.107), and include the same in the appropriate IRI events sent to the DF2 over the X2 reference point.
The DF2 delivers the UE Location to the LEMF (when required) as it is done for the non-roaming scenario or in a roaming with LBO scenario.
Up

Up   Top   ToC