Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 33.126  Word version:  16.2.0

Top   Top   Up   Prev   Next
0…   5…   6…   A…

 

6  Fundamental requirements

6.1  Overview

In the present document some requirements are cumulative in nature, and rely on implicit compliance with other requirements.
The network shall be able to provide a Lawful Interception capability which meets the relevant regulatory and operational obligations. In general, this gives rise to the following high-level summary requirements:
  • Target Identification: The CSP shall use the target identity provided in the warrant to provision interception of the target. The CSP shall ensure that the target identity is converted when necessary, by the network, to corresponding identities used in the network.
  • Detect: The network shall be able to detect all content and metadata (required to produce IRI) associated with targeted communications as provided in the network, in order for the LEA to fully understand the Context of Communication.
  • Capture: The network shall be able to capture all content and metadata (required to produce IRI) associated with targeted communications as provided in the network, in order for the LEA to fully understand the Context of Communication.
  • Delivery: The network shall be able to deliver Interception Product in agreed format to the LEA, such that the LEA can fully understand the Interception Product as provided by the CSP.
  • Lawful: The CSP's Lawful Interception capability shall comply with the relevant obligations, restrictions and reporting regimes in the warrant, including (but not limited to) period, duration, locality, services.
  • Security: Lawful Interception by the CSP shall be undetectable by any party not explicitly authorised to have knowledge of it, and cannot be modified, altered or degraded by such a party.
Up

6.2  IdentificationWord‑p. 10
R6.2 – 10  User Identification
The CSP shall maintain and be able to report (as required) an association among subscription identifiers or MEs or UEs registered on the network, using private or public, long term or short term available identifiers (e.g. SUPI, GUTI, SUCI, MSISDN, IMEI, SIP-URI, IMSI, TEL-URI), such that LI can be performed at any time the target interacts with, or acts within, the CSP network, or the CSP network acts on behalf of the user. This requirement shall not be interpreted to conflict with regulations pertaining to unauthenticated emergency calls.
R6.2 – 20  LI using Group Identities
The CSP shall be able to perform LI based on user group identifiers (e.g. Closed Subscriber Group (CSG), H(e)NB, ProSe relay, Conference Call).
R6.2 – 30  Group Communication Identification
The CSP shall be able to perform LI on group communication using the identity of the group communication instance (e.g. 3 way call, conference call, MCPTT group call).
R6.2 – 40  Target Role in Communication
The CSP shall be able to intercept based on the target identifier, regardless of the target's role in the communication.
R6.2 – 50  Target Communication Identification
The CSP shall be able to distinguish specific usages of the network by the target (e.g. access or service) from all other usages in the network, based on the target identifier.
R6.2 – 60  Long Term Identifiers
The CSP shall be able to intercept based on long term identifiers.
R6.2 – 70  Short Term Identifiers
The CSP shall be able to intercept based on valid short-term identifiers.
R6.2 – 80  Private Identifiers
The CSP shall be able to intercept based on private identifiers.
R6.2 – 90  Public Identifiers
The CSP shall be able to intercept based on valid public identifiers.
R6.2 – 100  Short to Long Term Identifier Mapping
The CSP shall be able to translate a valid short-term identifier to the corresponding long-term identifiers in near real time and provide this information to the LEA.
R6.2 – 110  Long to Short Term Identifier Mapping
When a long-term identifier is provided in the warrant, the network shall be able to perform interception based on corresponding short-term identifiers.
R6.2 – 120  Non-Local Target Identification
The CSP shall be able to isolate communications passing through its network based on a visible target identity, when the target identifier is not assigned, or managed, by the CSP.
R6.2 – 130  Target Service Subscription Change
he CSP shall be able to notify the LEA of target's service subscription changes.
R6.2 – 135  Target De-provisioned
The CSP shall be able to report that the long term target identity has been de-provisioned from the subscriber management database.
R6.2 – 140  Target Service Metadata Change
The CSP shall be able to notify the LEA of target's service association change events such as change of identifiers (e.g. association in a group call).
R6.2 – 150  Targeted Group Communication
The CSP shall be able to ensure that any changes in the membership in a targeted group communication are updated in the short or long term identifiers used to perform interception.
R6.2 – 160  Target Mapping
The CSP shall be able report to the LEA parameters used for interception, including any subsequent modifications (e.g. target identifier derivation).
R6.2 – 170  Isolation
The CSP shall be able to isolate and intercept Target Communications, as specified in the warrant.
R6.2 – 180  Completeness
The CSP shall be able to intercept all Target Communications as specified in the warrant.
R6.2 – 190  CSP managed 3rd party functions
To the extent that a CSP manages or controls a Third Party network function (e.g. relay or forwarding functions), the CSP shall be able to perform LI on the function.
Up

6.3  Detect and CaptureWord‑p. 11
R6.3 – 10  Access Level Interception
The CSP shall be able to perform network access level interception in both the core and on the edge of the network (e.g. IP-CAN level interception).
R6.3 – 20  Service Level Interception
The CSP shall be able to perform service level interception in both the core and on the edge of the network (e.g. IMS based VoIP).
R6.3 – 30  Multi Party Service Interception
CSP shall be able to report the multi-party service Interception Product of targeted group communications and its users.
R6.3 – 40  Third Party Assisted Services
If a CSP uses Third Parties as part of its service provision, the CSP shall be responsible for ensuring that the overall service complies with applicable LI regulations and requirements.
R6.3 – 50  Third Party ME or UE Interception
To the extent that a CSP manages a Third Party ME or UE, the CSP shall be able to report communications of such Third Party ME or UE (e.g. status of devices with a relay or forward function).
R6.3 – 60  Third Party ME or UE Users Interception
To the extent that a CSP manages Third Party ME or UE, the CSP shall be able to report communications of the end users connected to the CSP network via a Third Party ME or UE that is managed by the CSP (e.g. status of users communicating via ME or UE with a relay or forward function).
R6.3 – 70  Modification of services
Any change to any target service settings, as known to the CSP, shall be able to be reported.
R6.3 – 80  Multiple Services Per target
The CSP shall be able to simultaneously perform LI for multiple services for a given target.
R6.3 – 90  Multiple Targets
The CSP shall be able to simultaneously perform intercepts on multiple independent targets.
R6.3 – 100  Multiple LEAs
The CSP shall be able to simultaneously perform independent intercepts for any given target under different warrants.
R6.3 – 110  Roaming Targets
The visited CSP shall be able to perform interception of inbound roaming targets.
R6.3 – 120  Roaming - Outbound
The CSP shall be able to notify the LEA whenever the CSP becomes aware that the target has left, or entered, a visited network.
R6.3 – 130  Roaming - Inbound
The CSP shall be able to notify the LEA whenever the CSP becomes aware that the inbound roaming target has entered, or has left, the network.
R6.3 – 140  Serving CSP change
When the target changes serving CSP, the CSP that is served the warrant shall be able to provide the LEA with the identity of the new CSP if known.
R6.3 – 150  Roaming Identifiers Visited CSP
The visited CSP shall be able to obtain and validate the long term 3GPP identifiers of all inbound roamers from the home CSP regardless of the use of privacy mechanisms (based on roaming agreements).
R6.3 – 160  Roaming Identifiers Home CSP
The home CSP shall provide the long term 3GPP identifiers to the visited CSP for outbound roamers (based on roaming agreements).
R6.3 – 170  Outbound Roaming Home Network
CSPs shall be able to intercept its outbound roamers, if the communication pass through the home CSP's network.
R6.3 – 180  Access Network Identity
The CSP shall provide the LEA the identity of the 3GPP or non 3GPP Access Network as known by the CSP.
R6.3 – 190  Location
The CSP shall be able to obtain and report the location of the target.
R6.3 – 200  Location Triggers
The CSP shall be able to obtain and report the target location at certain network events associated with the target.
R6.3 – 210  Communication Location Reporting
The CSP shall be able to obtain and report the target location at start and end of communication, as well as during the communication including periodically and per event.
R6.3 – 220  Location Reporting
The CSP shall be able to obtain and report the target location for both active and idle MEs or UEs triggered either by UE-Action (e.g. UE cell site change) or on a periodic basis or on demand by the LEA.
R6.3 – 230  Location Reporting Independency
Location information may be reported as part of interception of a service (e.g. VoLTE, RCS), or independently.
R6.3 – 240  Location Accuracy
The CSP shall report the most accurate target location available to the CSP.
R6.3 – 245  Radiolocation Assistance
The CSP shall be able to provide information to assist the LEA to perform radiolocation of target UEs.
R6.3 – 250  Multiple Location Sources
The CSP shall be able to report the source of each location information report provided to the LEMF (e.g. cell site identifier, GPS).
R6.3 – 260  Location Positioning Methods
The CSP shall be able to report the positioning method used to obtain location information (e.g. network-based, UE-based, access-based).
R6.3 – 270  Additional Location Information
If the CSP has additional location information of the target beyond cell site identifier (e.g. altitude, civic address, geo-coordinates), the CSP shall be able to provide this.
R6.3 – 280  Location Senescence
The CSP shall provide information that indicates when the location was determined (e.g. age of location, timestamp).
R6.3 – 290  Trusted/Untrusted Location
The location information reported to the LEMF shall be location information trusted by the 3GPP network (i.e. the location information is either 3GPP network derived or verified), if available. The CSP shall also be able to report target location information from untrusted sources (e.g. user provided) in addition to or in absence of the trusted location information.
R6.3 – 300  Location Trust Indication
The CSP shall be able to indicate to the LEA whether the location information is trusted or untrusted.
R6.3 – 310  Projected Location
The CSP shall be able to indicate to the LEA whether the location information of the target is measured or possible.
R6.3 – 320  Non 3GPP access
For non 3GPP access the CSP shall be able to provide the identity and location of the non 3GPP access function serving the UE as known by the CSP.
R6.3 – 330  Roaming Location
In the case of inbound roaming, the visited CSP that was served a warrant shall be able to provide location information without assistance from the home CSP.
R6.3 – 340  Location Changes in the Visited Network
In the case of roaming, the home CSP that was served a warrant shall be able to provide location information as visible in the home network.
R6.3 – 350  Location Requests
The home CSP shall be able to provide notification of target-related location information requests received from outside the home network when these requests are visible to the home network as part of normal network operations.
R6.3 – 360  LCS Use
The CSP shall be able to use LCS, if available, in support of LALS for an LCS-targetable UE (with or without target LCS subscription).
R6.3 – 370  LALS Reporting
The CSP shall be able to provide on-demand and periodic LALS reports of the target's location independent of the target's communication state.
R6.3 – 380  Up-to-date LALS location
LALS shall report either the current (updated) location, or if the current location is unavailable the last known location of a target's UE.
R6.3 – 390  LALS failure notification
If the location is unavailable, LALS shall be able to report a failure reason, as to why the location is unavailable.
R6.3 – 400  Target specificity
The CSP shall ensure no communications are intercepted other than those of, or associated with, the target's equipment, facilities or services.
R6.3 – 410  Service specificity
The CSP shall ensure that only the communication services specified by the warrant are intercepted.
R6.3 – 420  Service Scope
All CSP based services shall be in scope of LI including mission critical services and non-mission critical services.
R6.3 – 430  Service Activation
The CSP shall report service activation.
R6.3 – 440  Service Invocation
The CSP shall report service invocation.
R6.3 – 450  Service Modification
The CSP shall report service modifications (e.g., changes to content, content descriptors, timing descriptors, group participation, copy of service content).
R6.3 – 460  Service Deactivation
The CSP shall report service deactivation.
R6.3 – 470  Service Up/Download
The CSP shall report service related uploading or downloading.
R6.3 – 480  Service Access Method
The CSP shall report the access method used by the target to interact with the service (e.g., via ME, UE or web).
R6.3 – 490  Early media
The CSP shall be able to intercept early media (e.g., CAT, CRS).
R6.3 – 500  Context Comprehensibility
The CSP shall include in Interception Product information that allows the LEA to establish the Context of Communications.
R6.3 – 510  Service Indication
The CSP shall include in Interception Product an indication of the communication service as known by the CSP network.
R6.3 – 520  Interdependency of IRI and CC
The CSP shall ensure IRI containing CC metadata is delivered in a timely and accurate manner such that it shall be possible to decode CC in real time.
R6.3 – 530  Reporting Post Session Established Digits
The CSP shall support extracting and reporting dialled digits after the session is established (e.g. user dialled, signalled) via the CSP services, on a per-warrant basis.
R6.3 – 540  Post Session Established Digit Reporting for IRI and CC Intercepts
The CSP shall be able to support extracting and reporting digits after the session is established for IRI-only intercepts, as well as for intercepts that report both IRI and CC.
R6.3 – 550  Toggle for Post Session Established Digit Extraction
The CSP shall support the Post Session Established Digit Extraction capability with a toggle feature that can activate/deactivate this capability, per warrant.
R6.3 – 560  Charging
The 3GPP system shall be able to generate LI charging event records.
Up

6.4  DeliveryWord‑p. 13
R6.4 – 10  LI Service Scope
The CSP shall only deliver Interception Product relating to specific CSP services which are specified implicitly or explicitly in the warrant.
R6.4 – 15  Delivery of Multiple Services
The CSP shall be able to deliver Interception Product of multiple services (e.g., CSP provided voice, messaging services, internet access) for a single target.
R6.4 – 20  Context Correlation
The CSP shall be able to deliver information such that the LEA can correlate all CC and IRI to the Context of Communications.
R6.4 – 30  IRI to IRI Correlation
The CSP shall be able to deliver information such that all the IRI can be correlated with related IRI of the same Target Communication.
R6.4 – 40  CC to CC Correlation
The CSP shall be able to deliver information such that all the CC can be correlated with related CC of the same Target Communication.
R6.4 – 50  IRI and CC Correlation
The CSP shall be able to deliver information such that the related IRI and CC of the same Target Communication can be correlated.
R6.4 – 60  POI Identification
The CSP shall be able to report to the LEA the POI source(s) of the Interception Product.
R6.4 – 70  Delivery Reliability
The CSP shall be able to employ mechanisms (e.g. buffering) to limit the effect of delivery network failures or limitations to prevent loss of Interception Product.
R6.4 – 80  Delivery Latency
The CSP shall ensure that the Interception Product is delivered to the LEA without undue delay as defined by mutual agreement between the CSP and the LEA.
R6.4 – 90  Timestamping at Capture
The CSP shall timestamp the Interception Product (both IRI and CC) at capture (at the POI) with a timestamp of precision, resolution, and accuracy commensurate with the performance of the intercepted service.
R6.4 – 100  Timestamping at Delivery
The CSP shall provide, where required for correlation purposes, the timestamp of the Interception Product (both IRI and CC) at the Mediation and Delivery Function (MDF) as sent to the LEMF, with a timestamp of precision, resolution, and accuracy commensurate with the performance of the intercepted service.
R6.4 – 110  UTC
The CSP shall provide all timestamps in UTC (including local offset).
R6.4 – 120  Trusted Time
The CSP shall utilise a trusted time source for all LI related functions.
R6.4 – 130  Separate delivery of services
The CSP shall be able to support delivering Interception Product for a particular service separately from other services' Interception Product (e.g. delivering SMS Interception Product independent of CS Voice Interception Product).
R6.4 – 140  Ordering
The CSP shall provide a means to enable the LEA to order the events of an intercepted service.
R6.4 – 150  Duplication
The CSP shall endeavour to limit duplicate delivery of Interception Product.
R6.4 – 160  Encryption
The CSP shall remove any encryption it provides or manages before delivery of the Interception Product to the LEA, or shall provide the LEA the information necessary to decrypt the intercepted communications (e.g. keys, algorithms, parameters) included with the Interception Product.
R6.4 – 170  CSP provided Encryption Keys
If the CSP provides encryption keys to the target, but is not involved in the encryption service, the CSP shall provide the keys to the LEA.
R6.4 – 175   CSP provided cryptographic parameters in roaming
When a home CSP's subscriber is roaming, independently of whether or not the subscriber is an LI Target in the VPLMN, the home CSP shall provide to the visited CSP the means to decrypt user services which are encrypted between the ME and an entity outside the visited CSP and using cryptographic parameters established in the home CSP.
R6.4 – 180  Retroactive Decryption
The CSP shall ensure that the crypto keys, algorithm and parameters delivered to the LEA enable the LEA to decrypt encrypted Target Communications retroactively.
R6.4 – 190  Mid Communication Interception
The CSP shall retain sufficient key material for the duration of any communications such that it is possible to decrypt already on going communications, when using CSP provided or managed encryption.
R6.4 – 200  Encryption Key Material Lifecycle
Destruction Once key material specifically retained for LI purposes is no longer required, the CSP shall securely delete this key material.
R6.4 – 210  Encoding
The CSP shall be able to remove any specific CSP-controlled encoding before delivery to the LEA, or provide the LEA the information necessary to decode the intercepted communications concurrently with delivery of LI product.
R6.4 – 220  Compression
The CSP shall be able to remove any specific CSP-controlled compression before delivery to the LEA, or provide the LEA the information necessary to decompress the intercepted communications concurrently with delivery of LI product.
R6.4 -230  Target Identifier Provenance
The CSP shall be able to indicate, for each target identifier provided to the LEA in the Interception Product, the provenance of the identifier, specifically, whether the identifier was provided to the CSP by the LEA (in the initial warrant), whether it was observed in the intercepted communications, whether it was matched on by the function performing the isolation of communications, and whether it was associated with the target.
Up

6.5  Lawful complianceWord‑p. 15
R6.5 – 10  Interception Time Period
The CSP shall ensure that Lawful Interception is performed only for the time period as specified in the warrant.
R6.5 – 20  Interception Temporary Reduction
The CSP shall be able to both suspend (e.g. when roaming outbound internationally) and resume all or a portion of the obligated Interception Product during the Interception Period.
R6.5 – 30  LI Activation
The CSP shall be able to notify the LEA of interception activation.
R6.5 – 40  LI Changes
The CSP shall be able to notify the LEA of changes related to interception (e.g., suspend or resume).
R6.5 – 50  LI Deactivation
The CSP shall be able to notify the LEA of interception deactivation.
R6.5 – 60  Warrant correlation
The CSP shall ensure all the Target Communications can be correlated with the warrant.
R6.5 – 70  Recordkeeping
The CSP shall create and implement a record retention policy such that it is able to document the handling of the intercepts.
Up

6.6  Security

R6.6 – 10  Undetectability by the Target
The CSP shall perform interception in such a manner that the target is unable to detect interception is taking place, before, during, and after the interception.
R6.6 – 20  Undetectability by Other Users
The CSP shall perform interception in such a manner that no other users of CSP's services can detect that interception is taking place, before, during, and after the interception.
R6.6 – 30  Undetectability by Non-Authorized Parties
The CSP shall ensure that non unauthorized personnel or processes (including automated or Artificial Intelligence based systems) that are part of the service cannot detect that interception is taking place, before, during, and after interception.
R6.6 – 40  Undetectability across LEAs
The CSP shall perform interception in such a manner that no other LEA can detect that interception is taking place, before, during, and after interception.
R6.6 – 50  Undetectability across CSPs
The CSP shall be able to perform interception such that no CSP not obligated by the warrant can detect that interception is taking place.
R6.6 – 60  Undetectability Across Third Parties
The CSP shall be able to perform interception such that any Third Parties, not obligated by the warrant, cannot detect that interception is taking place.
R6.6 – 70  Undetectability Across Countries
The CSP shall ensure the performance of interception in one country cannot be detected in other countries.
R6.6 – 80  Interception Capability Undetectability
The CSP shall ensure that only authorized parties can have knowledge of operational use of interception capabilities, interception-related hardware and software.
R6.6 – 90  LI Failure Impact on Target Services
A failure of LI shall not impact the target's, or other users' services.
R6.6 – 100  Recordkeeping Access
The CSP's record retention policy shall ensure that LI records of the CSP's management of interception (e.g. log files) are only visible to, and accessible by, authorized personnel.
R6.6 – 110  Alteration Prevention and Detection
The CSP shall employ a mechanism (e.g. cryptographic hashing) to provide assurance that LI records of the CSP's management of interception (e.g. log files) cannot be unnoticeably altered.
R6.6 – 120  Authenticity
The delivery shall employ a mechanism to provide assurance of the authenticity of the delivered Interception Product from the CSP to the LEA.
R6.6 – 130  Confidentiality
The delivery shall employ a mechanism to provide assurance of the confidentiality of the Interception Product from the CSP to the LEA.
R6.6 – 140  Integrity
The delivery shall employ a mechanism to provide assurance that the Interception Product cannot be altered from the CSP to the LEA.
R6.6 – 150  Mutual authentication
The CSP and the LEA shall provide assurance that any communications between the CSP and LEA can mutually authenticate.
R6.6 – 160  Virtualization Security
When CSP networks are virtualized, the CSP LI implementation shall at a minimum comply with the NFV security requirements specified in ETSI GS NFV-SEC 012 System specification for execution of sensitive NFV components [2].
R6.6 – 170  Limited Security POI
Where interception cannot be implemented at a fully secure location, such that physical and logical security of the POI cannot be guaranteed, the CSP shall employ methods to reduce LI security risks.
R6.6 – 180  Automated Network Management
The LI/LALS design and processes shall be compatible and transparent with automated network management (including Artificial Intelligence based systems).
Up

Up   Top   ToC