Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


20 January 2007


ftp://ftp.3gpp.org/TSG_SA/TSG_SA/TSGS_34/Docs/SP-060691.zip

[Excerpt]

10.31 (LI-7A) - Lawful Interception in the 3GPP Rel-7 Architecture

TD SP-060508 [below] CR to 33.107 with Editorial Updates by Rapporteur. This was provided by SA WG3.

Discussion and conclusion:

It was asked whether the changes are really editorial. The SA WG3 Chairman clarified that the changes do not have any technical significance according to the LI experts. It was decided to change the Category to "F" in TD SP-060659 which was approved. [SP-060659 not available.]

___________________

TD SP-060509 CR to 33.108 on WLAN Interworking Interception Details (v7.0). This was provided by SA WG3.

Discussion and conclusion:

It was noted that this CR had a hanging paragraph, which was corrected in TD SP-060660 [below] and approved.


ftp://ftp.3gpp.org/TSG_SA/TSG_SA/TSGS_33/Docs/SP-060508.zip

Technical Specification Group Services and System Aspects TSGS#33(06)0508

Meeting #33, 25 - 28 September 2006,

Palm Springs, USA

Source SA WG3

Title: CR to 33.107 with Editorial Updates by rapporteur

Document for: Approval

Agenda Item: 10.31

To SA Doc. No. Spec. No. CR No. Rev Rel Cat Title Vers Vers New SA3 Doc. No.

SP-33 SP-060508 33.107 058 - Rel-7 D CR to 33.107 with editorial updates 7.3.0 7.4.0 S3-060560

_________________

3GPP TSG SA WG3 (Security) meeting #44                                        S3-060560

Tallinn, Estonia, 11 - 14 July 2006                                                  Agenda Item:

 

3GPP TSG-SA3 LI Meeting #22                                         Tdoc SA3LI0667r1

Montreal, Canada, 28-30 June 2006

CR-Form-v7.1

CHANGE REQUEST

 

z[H1] 

33.107

CR

058

z[H2]  rev

-

z[H3]  Current version:

7.3.0

z[H4] 

 

For HELP on using this form, see bottom of this page or look at the pop-up text over the z[H5]  symbols.

 

 

Proposed change affects:                                    z[H6] 

UICC appsz[H7] 

 

ME

 

Radio Access Network

 

Core Network

X

 

 

Title:                 z[H8] 

Editorial Update by rapporteur

 

 

Source:            z[H9] 

SA3-LI

 

 

Work item code: z[H10] 

LI-7A

 

Date: z[H11] 

11/07/2006

 

 

 

 

 

Category:          z[H12] 

D

 

Release: z[H13] 

Rel-7

 

Use one of the following categories:
F
  (correction)
A  (corresponds to a correction in an earlier release)
B  (addition of feature),
C  (functional modification of feature)
D  (editorial modification)

Detailed explanations of the above categories can
be found in 3GPP TR 21.900.

Use one of the following releases:
Ph2        (GSM Phase 2)
R96        (Release 1996)
R97        (Release 1997)
R98        (Release 1998)
R99        (Release 1999)
Rel-4      (Release 4)
Rel-5      (Release 5)
Rel-6      (Release 6)

     Rel-7      (Release 7)

 

 

 

Reason for change: z[H14] 

Review of Rel. 7 specification by the group and the rapporteur

 

 

Summary of change: z[H15] 

Improving of wording

 

 

Consequences if     z[H16] 
not approved:

Misinterpretation might be possible

 

 

Clauses affected:     z[H17] 

1,  4,  5.1.1,  5.2.2,  5.2.3,  6,  6.1,  7.1,  7.2,  7.2.1,  7.3.2,  7.4  until 7.4.10,  8.5.2

 

 

 

Y

N

 

 

Other specs             z[H18] 

 

X

 Other core specifications      z[H19] 

 

affected:

 

X

 Test specifications

 

 

 

X

 O&M Specifications

 

 

 

Other comments:     z[H20] 

 


 

*****************BEGIN OF CHANGE *****************

 

1          Scope

The present document describes the architecture and functional requirements within a Third Generation Mobile Communication System (3GPP MS).

The specification shows the service requirements from a Law Enforcement point of view only. The aim of this document is to define a 3GPP MS interception system that supports a number of regional interception regulations, but these regulations are not repeated here as they vary. Regional interception requirements shall be met in using specific (regional) mediation functions allowing only required information to be transported.

The handover interfaces for Lawful Interception (LI) of Packet-Data Services, Circuit Switched Services, and Multimedia Services within the UMTS network for Sstage 3 are described in 3GPP TS 33.108 [11].

 

*****************NEXT CHANGE*****************

 

4          Functional architecture

The following figures contain the reference configuration for the lawful interception. The circuit-switched configuration is shown in figure 1a. The packet-switched configuration is shown in figure 1b. Intercept configurations for HLR and IMS are shown in figures 1c and 1d. The WLAN interworking configuration is shown in figure 1e. The various entities and interfaces are described in more detail in the succeeding clauses.

PS domain of the UMTS system (GSN and Multimedia Packet Data services) and 3GPP-WLAN interworking network provide UMTS/GSM customer’s mobile equipment (UE) with connectivity service to another end of the communication. Another end of the communication may be a network element (server) or another UE. Therefore, UMTS system provides IP layer [15] services. Hence, UMTS NO/AP is responsible only for IP layer interception of CC data. In addition to CC data, the LI solution for UMTS offers generation of IRI records from respective control plane (signalling) messages. The IP layer connectivity service is needed to support application layer [16] service provision to UMTS/GSM customers. For instance, the following are examples of application layer services: email service; web browsing service;, FTP service;, audio services  (e.g. VoIP, PoC);, other multimedia services (MBMS, video telephony);, etc. The Mmajority of the application layer services require addition of respective server functionality to the network. Note that it is not necessary that such application layer SP should be the same commercial entity as the UMTS AP/NO in question.

NOTE 1:   For instance in MBMS a BM-SC and especially content providing server may be operated by different commercial entity than UMTS network.

Figure 1a: Circuit switched intercept configuration

Figure 1b: Packet Switched Intercept configuration

Figure 1c: HLR Intercept configuration

Figure 1d: IMS-CSCF Intercept configuration

Figure 1e: WLAN Interworking Intercept configuration

The reference configuration is only a logical representation of the entities involved in lawful interception and does not mandate separate physical entities. This allows for higher levels of integration.

Regional Mediation Functions, which may be transparent or part of the administration and delivery functions, are used to convert information on the HI1, HI2 and HI3 interfaces in the format described in various national or regional specifications. For example, if ES 201 671 [3] or J-STD-025 [8] is used, then the adaptation to HI1, HI2 and HI3 will be as defined in those specifications.

There is one Administration Function (ADMF) in the network. Together with the delivery functions it is used to hide from the 3G ICEs that there might be multiple activations by different Law Enforcement Agencies (LEAs) on the same target. The administration function may be partitioned to ensure separation of the provisioning data from different agencies.

See the remaining clauses of this document for definitions of the X1_1, X1_2, X1_3, X2 and X3 interfaces.

Interception at the Gateways is a national option.

In figure 1a DF3 is responsible for two primary functions:

-    Call Control (Signalling) for the Content of Communication (CC); and

-    Bearer Transport for the CC.

HI3 is the interface towards the LEMF. It must be able to handle the signalling and the bearer transport for CC.

In figures 1a, 1b and 1e, the HI2 and HI3-interfaces represent the interfaces between the LEA and two delivery functions. The delivery functions are used:

-    to distribute the Intercept Related Information (IRI) to the relevant LEA(s) via HI2 (based on IAs, if defined);

-    to distribute the Content of Communication (CC) to the relevant LEA(s) via HI3 (based on IAs, if defined).

In figures 1c and 1d the HI2 interface represents the interface between the LEA and the delivery function. The delivery function is used to distribute the Intercept Related Information (IRI) to the relevant LEA(s) via HI2.

NOTE 2:   With reference to figure 1c, CC interception does not apply to HLR.

NOTE 3:   For IMS, figure 1d relates to the provision of IRI for SIP messages handled by the CSCF. Interception of CC for this case can be done at the GSN under a separate activation and invocation, according to the architecture in Figure 1b (see also clause 7.A.1).

 

*****************NEXT CHANGE*****************

 

5.1.1       X1_1-interface

The messages sent from the ADMF to the 3G ICEs (X1_1-interface) contain the:

-    target identities (MSISDN, IMSI, IMEI, SIP URI or TEL URL, NAI) (see notes 4, 5, 6);

-    information whether the Content of Communication (CC) shall be provided (see note 1);

-    address of Delivery Function 2 (DF2) for the intercept related information (see note 2);

-    address of Delivery Function 3 (DF3) for the intercepted content of communications (see note 3);

-     IA in the case of location dependent interception.

NOTE 1:   As an option, the filtering whether intercept productcontent of communications  and/or intercept related information has to be provided can be part of the delivery functions. (Note that intercept product content of communications options do not apply at the CSCF, HLR and AAA server). If the option is used, the corresponding information can be omitted on the X1_1-interface, while "information not present" means "intercept content of communicationsproduct and related information has to be provided" for the ICE. Furthermore the delivery function which is not requested has to be "pseudo-activated", in order to prevent error cases at invocation.

NOTE 2:   As an option, only a single DF2 is used by and known to every 3G ICE. In this case the address of DF2 can be omitted.

NOTE 3:   As an option, only a single DF3 is used by and known to every 3G ICE (except at the CSCFs, HLR and AAA server). In this case the address of DF3 can be omitted.

NOTE 4:   Since the IMEI is not available, interception based on IMEI is not applicable at the 3G Gateway. Moreover, in case the IMEI is not available, interception based on IMEI is not applicable at 3G ICEs.

NOTE 5:   Interception at the CSCFs is based upon either SIP URI or TEL URL. SIP URI and TEL URL as target identities are not supported by the other ICEs.

NOTE 6:   Interception based on NAI is only applicable at AAA server and PDG. As the NAI could be encrypted or based on temporary identity at the PDG, interception based on the NAI is not applicable in those cases in that node.

NOTE 7:   Void

If after activation subsequently Content of Communications (CC) or Intercept Related Information (IRI) has to be activated (or deactivated) an "activation change request" with the same identity of the target is to be sent.

Figure 3: Information flow on X1_1-interface for Lawful Interception activation

Interception of a target can be activated on request from different LEAs and each LEA may request interception via a different identity. In this case, each target identity on which to intercept will need to be sent via separate activation messages from ADMF to the 3G ICEs on the X1_1-interface. Each activation can be for IRI only, or both CC and IRI.

When several LEAs request activation on the same identity andthen the ADMF determines that there areis an existing activations on the identity. In this case, the ADMF may (as an implementation option) send an additional activation message(s) to the 3G ICEs. When the activation needs to change from IRI only to CC and IRI an activation change message will be sent to the 3G ICEs.

In the case of a secondary interception activation only the relevant LEAs will get the relevant IRIs.

 

*****************NEXT CHANGE*****************

.

 

5.2.2       X1_2-interface (IRI)

The message(s) sent from the ADMF to Delivery Function 2 for the deactivation of the Intercept Related Information contains:

-    a DF2 activation ID, which uniquely identifies the activation to be deactivated for DF2.

If a target is intercepted by several LEAs and/or several identities simultaneously, a single deactivation is necessary for each combination of LEA and identity.

Figure 7: Information flow on X1_2-interface for Lawful Interception deactivation

5.2.3       X1_3-interface (CC)

For the deactivating the delivery of the CC the message(s) sent from the ADMF to DF3 contains:

-    a DF3 activation ID, which uniquely identifies the activation to be deactivated for DF3.

Figure 8: Information flow on X1_3-interface for Lawful Interception deactivation

 

 

 

 

 

 

 

 

*****************NEXT CHANGE*****************

6          Invocation of Lawful Interception for Circuit Switched Services

Figure 11 shows an extraction from the reference configuration in figure 1a which is relevant for the invocation of the lawful interception.

Figure 11: Functional model for Lawful Interception invocation

The HI2 and HI3 interfaces represent the interfaces between the LEMF and two delivery functions. Both interfaces are subject to national requirements. They are included for completeness, but are beyond the scope of standardization in this document. The delivery functions are used:

-    to convert the information on the X2-interface to the corresponding information on the HI2-interface;

-    to convert the information on the X3-interface to the corresponding information on the HI3-interface;

-    to distribute the intercept related information to the relevant LEA(s) (based on IAs, if defined);

-    to distribute the intercept content of communicationsproduct to the relevant LEA(s) (based on IAs, if defined).

For the delivery of the CC and IRI, the 3G MSC Server provides a correlation number and target identity to the DF2 and DF3 which is used there in order to select the different LEAs to which the product shall be delivered.

NOTE:      If interception has been activated for both parties of the call both CC and IRI will be delivered for each party as separate intercept activity.

The Mc interface between the 3G MSC Server and MGW is used to establish intercept and deliver the bearer to DF3.

For Location Dependent Interception, the location dependency check occurs at the establishment of each call. Subsequent dependency checks for simultaneous calls are not required, but can be a national option.

If a target is marked using an IA in the 3G MSC Server, the 3G MSC Server shall perform a location dependency check at call set-up. Only if the target's location matches the IA then the call is intercepted.

If a target is marked using an IA in the DF2, the DF2 shall perform a location dependency check at reception of the first IRI for the call. Only if the target’s location matches the IA for certain LEAs is IRI the relayed to these LEAs. All subsequent IRIs for the call are sent to the same LEAs.

If a target is marked using an IA in the DF3, the DF3 signalling function shall perform a location dependency check at reception of the CC. Only if the target’s location matches the IA for certain LEAs is the CC relayed to these LEAs.

 

*****************NEXT CHANGE*****************

 

6.1       Provision of Intercept CC - Circuit Switched

Figure 12 shows the access method for the delivering of CC. The access method shall be a bridged/ T-connection.

Figure 12: Delivery configuration to the LEMF for the interception of a circuit switched call

The signals of both parties of the configuration to be intercepted are delivered separately to the LEMF. The delivery function has no impact on the connection between the subscribers.

The two stublines towards the LEMF are established in parallel to the call set up. For both stublines the address is used which has been provided during activation.

Bearer, and only bearer, is sent from the MGW to the bearer function of DF3.

NOTE:      For data calls it is necessary to provide means for fast call establishment towards the LEMF to help ensure that the beginning of the data transmission is delivered.

The following information needs to be transferred from the 3G MSC Server (to be confirmed by SA WG3 LI group) to the DF3 in order to allow the DF3 to perform its functionality:

-    target identity (MSISDN, IMSI or IMEI); note 1

-    the target location (if available) or the IAs in case of location dependent interception. note 1

-    correlation number (IRI <-> CC);

-    direction indication - (Signal from target or signal to target).

NOTE 1:   For DF3 internal use only.

Additional information may be provided if required by national laws.

 

 

 

*****************NEXT CHANGE*****************

 

7.1       Provision of Intercept Product - Short Message Service

Figure 19 shows an SMS transfer from the 3G SGSN node to the LEA. Quasi-parallel to the delivery from / to the mobile subscriber a SMS event, which contains the content and header of the SMS, is generated and sent via the Delivery Function 2P to the LEA in the same way as the Intercept Related Information. National regulations and warrant type determine if a SMS event shall contain only SMS header, or SMS header and SMS content.

The IRI will be delivered to the LEA:

-    for a SMS-MO. Dependent on national requirements, delivery shall occur either when the 3G SGSN receives the SMS from the target MS or when the 3G SGSN receives notification that the SMS-Centre successfully received the SMS;

-    for a SMS-MT. Dependent on national requirements, delivery shall occur either when the 3G SGSN receives the SMS from the SMS-Centre or when the 3G SGSN receives notification that the target MS successfully received the SMS.

Figure 19: Provision of Intercept Product - Short Message Service

7.2       Provision of Intercepted Content of Communications – Packet data GSN services

The access method for the delivering of Packet Data GSN Intercept Product is based on duplication of packets without modification at 3G GSN. The duplicated packets with additional information in thea header, as described in the7.2.1 following clauses, are sent to DF3P for further delivery via a tunnelto the LEA.

Figure 20: Configuration for interception of Packet Data GSN product data

7.2.1       X3-interface

In addition to the intercepted content of communications, the following information needs to be transferred from the 3G GSN to the DF3P in order to allow the DF3P to perform its functionality:

-    target identity;

-    correlation number;

-    time stamp - optional;

-    direction (indicates whether T-PDU is MO or MT) - optional;

-    the target location (if available) or the IAs in case of location dependent interception.

As a national option, in the case where the 3G GGSN is performing interception of the content of communications, the intercept subject is handed off to another SGSN and the same 3G GGSN continues to handle the content of communications subject to roaming agreements, the 3G GGSN shall continue to perform the interception of the content of communication.

 

*****************NEXT CHANGE*****************

7.3.2       Structure of the events

There are several different events in which the information is sent to the DF2 if this is required. Details are described in the following clause. The events for interception are configurable (if they are sent to DF2) in the 3G GSN or the HLR and can be suppressed in the DF2.

The following events are applicable to 3G SGSN:

-    Mobile Station Attach;

-    Mobile Station Detach;

-    PDP context activation;

-    Start of interception with mobile station attached (national option);

-    Start of intercept with PDP context active;

-    PDP context modification;

-    PDP context deactivation;

-    RA update;

-    SMS.

NOTE:      3G GGSN interception is a national option. Location information may not be available in this case.

The following events are applicable to the 3G GGSN:

-    PDP context activation;

-    PDP context modification;

-    PDP context deactivation;

-    Start of interception with PDP context active.

The following events are applicable to the HLR:

-    Serving System.

A set of fields elements as shown below can be associated with the events. The events trigger the transmission of the information from 3G GSN or HLR to DF2. Available IEs from this set of fields elements as shown below can be extended in the 3G GSN or HLR, if this is necessary as a national option. DF2 can extend available information if this is necessary as a national option e.g. a unique number for each surveillance warrant.

Table 2: Information Events for Packet Data Event Records

Observed MSISDN

MSISDN of the target subscriber (monitored subscriber).

Observed IMSI

IMSI of the target subscriber (monitored subscriber).

Observed IMEI

IMEI of the target subscriber (monitored subscriber),it shall be checked for each activation over the radio interface.

Event type

Description which type of event is delivered: MS attach, MS detach, PDP context activation, Start of intercept with PDP context active, PDP context deactivation, SMS, Serving System, Cell and/or RA update.

Event date

Date of the event generation in the 3G GSN or the HLR.

Event time

Time of the event generation in the 3G GSN or the HLR. Timestamp shall be generated relative to GSN or HLR internal clock.

PDP address

The PDP address of the target subscriber. Note that this address might be dynamic.

Access Point Name

The APN of the access point. (Typically the GGSN of the other party).

Location Information

Location Information is the Service Area Identity (SAI), RAI and/or location area identity that is present at the GSN at the time of event record production.

Old Location Information

Location Information of the subscriber before Routing Area Update

PDP Type

The used PDP type.

Correlation Number

The correlation number is used to correlate CC and IRI.

SMS

The SMS content with header which is sent with the SMS-service. The header also includes the SMS-Centre address.

Network Element Identifier

Unique identifier for the element reporting the ICE.

Failed attach reason

Reason for failed attach of the target subscriber.

Failed context activation reason

Reason for failed context activation of the target subscriber.

IAs

The observed Interception Areas.

Initiator

The initiator of the PDP context activation, deactivation or modification request either the network or the 3G MS.

SMS Initiator

SMS indicator whether the SMS is MO or MT.

Deactivation / termination cause

The termination cause of the PDP context.

QoS

This field indicates the Quality of Service associated with the PDP Context procedure.

Serving System Address

Information about the serving system (e.g. serving SGSN number or serving SGSN address).

 

7.4       Packet Data related events

7.4.1       Mobile Station Attach

For attach an attach-event is generated. When an attach activation is generated from the mobile to servicing 3G G SN this event is generated. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

Network Element Identifier

Location Information

Failed attach reason

IAs (if applicable)

 

7.4.2       Mobile Station Detach

For detach a detach-event is generated, this is for the common (end) detach. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

Network Element Identifier

Location Information

IAs (if applicable)

 

7.4.3       Packet Data PDP context activation

For PDP context activation a PDP context activation-event is generated. When a PDP context activation is generated from the mobile to 3G GSN a PDP context activation-eventthis event is generated. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

PDP address of observed party

Event Type

Event Time

Event Date

Correlation number

Access Point Name

PDP Type

Network Element Identifier

Location Information

Failed context activation reason

IAs (if applicable)

Initiator (optional)

QoS (optional)

 

7.4.4       Start of interception with PDP context active

This event will be generated if interception for a target is started and if the target has at least one PDP context active. If more then one PDP context are open, for each of them an event record is generated. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

PDP address of observed party

Event Type

Event Time

Event Date

Correlation number

Access Point Name

PDP Type

Network Element Identifier

Location Information

Old Location Information (optional)

IAs (if applicable)

QoS (optional)

Initiator (optional)

 

Presence of the optional Old Location Information field indicates that PDP context was already active, and being intercepted. However, the absence of this information does not imply that interception has not started in the old location SGSN for an active PDP context.

Start of interception with PDP context active shall be sent regardless of whether a Start of interception with mobile station attached has already been sent.

7.4.5       Packet Data PDP context deactivation

At PDP context deactivation a PDP context deactivation-event is generated. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

PDP address of observed party

Event Type

Event Time

Event Date

Correlation number

Access point name

Network Element Identifier

Location Information

IAs (if applicable)

Deactivation cause

Initiator (optional)

 

7.4.6       RA update

For each RA update an update-event with the fields elements about the new location is generated. New SGSN shall send the event, and the old SGSN may optionally send the event as well. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

Network Element Identifier

Location Information (only for the new SGSN)

Old Location Information (only for the old SGSN)

IAs (if applicable)

 

NOTE:     Once target moves out of the interception area, old SGSN may report the RAU event. Normally, however, the old SGSN does not receive the new SGSN’s RAI, while the new SGSN does receive the old SGSN’s RAI from UE with the RAU Request message.

7.4.7       SMS

For MO-SMS the event is generated in the 3G SGSN. Dependent on national requirements, event generation shall occur either when the 3G SGSN receives the SMS from the target MS or when the 3G SGSN receives notification that the SMS-Centre successfully receives the SMS; for MT-SMS the event is generated in the 3G SGSN. Dependent on national requirements, event generation shall occur either when the 3G SGSN receives the SMS from the SMS-Centre or when the 3G SGSN receives notification that the target MS successfully received the message. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

Network Element Identifier

Location Information

SMS

SMS Initiator

IAs (if applicable)

 

7.4.8       Packet Data PDP context modification

This event will be generated if interception for a target is started and if the target has at least one PDP context active. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

PDP address of observed party

Event Type

Event Time

Event Date

Correlation number

Access Point Name

PDP Type

Network Element Identifier

Location Information

IAs (if applicable)

Initiator

QoS

 

7.4.9       Serving System

The Serving System report event is generated at the HLR, when the HLR has detected that the intercept subject has roamed. The fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

Network Element Identifier

Serving System Address

 

7.4.10     Start of interception with mobile station attached

This event will be generated if interception has started for the already attached target. These fields elements will be delivered to the DF2 if available:

 

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

Network Element Identifier

Location Information

IAs (if applicable)

 

 

*****************NEXT CHANGE*****************

 

8.5.2       Data consistency

The administration function in the 3GPP MS shall be capable to of performing a periodic consistency check to ensure that the target list of target identities in all involved 3G MSC Servers, CSCFs, 3G GSNs in the 3GPP MS and the DFs contain the appropriate target Ids consistent with the intercept orders in the ADMF. The reference data base is the ADMF data base.

 

 

*****************END OF CHANGE *****************

 


 [H1] Enter the specification number in this box. For example, 04.08 or 31.102. Do not prefix the number with anything . i.e. do not use "TS", "GSM" or "3GPP" etc.

 [H2] Enter the CR number here. This number is allocated by the 3GPP support team.  It consists of at least three digits, padded with leading zeros if necessary.

 [H3] Enter the revision number of the CR here. If it is the first version, use a "-".

 [H4] Enter the version of the specification here. This number is the version of the specification to which the CR will be applied if it is approved. Make sure that the latest version of the specification (of the relevant release) is used when creating the CR. If unsure what the latest version is, go to  http://www.3gpp.org/specs/specs.htm.

 [H5] For help on how to fill out a field, place the mouse pointer over the special symbol closest to the field in question.

 [H6] Mark one or more of the boxes with an X.

 [H7] SIM / USIM / ISIM applications.

 [H8] Enter a concise description of the subject matter of the CR. It should be no longer than one line.  Do not use redundant information such as "Change Request number xxx to 3GPP TS xx.xxx".

 [H9] Enter the source of the CR. This is either (a) one or several companies or, (b) if a (sub)working group has already reviewed and agreed the CR, then list the group as the source.

 [H10] Enter the acronym for the work item which is applicable to the change. This field is mandatory for category F, B & C CRs for release 4 and later. A list of work item acronyms can be found in the 3GPP work plan. See http://www.3gpp.org/ftp/information/work_plan/ .
The list is also included in a MS Excel file included in the zip file containing the CR cover sheet template.

 [H11] Enter the date on which the CR was last revised.  Format to be interpretable by English version of MS Windows ® applications, e.g. 19/02/2002.

 [H12] Enter a single letter corresponding to the most appropriate category listed below. For more detailed help on interpreting these categories, see the Technical Report 21.900 "TSG working methods".

 [H13] Enter a single release code from the list below.

 [H14] Enter text which explains why the change is necessary.

 [H15] Enter text which describes the most important components of the change. i.e. How the change is made.

 [H16] Enter here the consequences if this CR was to be rejected. It is necessary to complete this section only if the CR is of category "F" (i.e. correction).

 [H17] Enter the number of each clause which contains changes.

 [H18] Tick "yes" box if any other specifications are affected by this change.  Else tick "no".  You MUST fill in one or the other.

 [H19] List here the specifications which are affected or the CRs which are linked.

 [H20] Enter any other information which may be needed by the group being requested to approve the CR. This could include special conditions for it's approval which are not listed anywhere else above.


ftp://ftp.3gpp.org/TSG_SA/TSG_SA/TSGS_33/Docs/SP-060660.zip

[DOC converted to HTML.]

Technical Specification Group Services and System Aspects   TSGS#33(06)0660

Meeting #33, 25 – 28 September 2006,

Palm Springs, USA

 

Source                        SA

Title:                            CR to 33.108 on WLAN Interworking Interception Details (Rel 7)

Document for:             Approval

Agenda Item:               10.31

 

Revision of SP-060509 to remove hanging paragraphs.

 

To

SA Doc. No.

Spec. No.

CR No.

Rev

Rel

Cat

Title

Vers

Vers New

SA3 Doc. No.

SP-33

SP-060660

33.108

088

1

Rel-7

B

CR to 33.108 on WLAN Interworking Interception Details (v7.0)

7.4.0

7.5.0

-


 

3GPP TSG SA WG3 (Security) meeting #44                                     (S3-060559)

Tallinn, Estonia, 11 - 14 July 2006                                                  Agenda Item:

 

CR-Form-v7.1

CHANGE REQUEST

 

z

33.108

CR

0088

z rev

1

z Current version:

7.5.0

z

 

For HELP on using this form, see bottom of this page or look at the pop-up text over the z symbols.

 

 

Proposed change affects:                                    z

UICC appsz

 

ME

 

Radio Access Network

 

Core Network

X

 

 

Title:                 z

TS 33.108 - WLAN Interworking Interception Details (v7.0)

 

 

Source:            z

SA

 

 

Work item code: z

LI-7A

 

Date: z

27/09/2006

 

 

 

 

 

Category:          z

B

 

Release: z

Rel-7

 

Use one of the following categories:
F
  (correction)
A  (corresponds to a correction in an earlier release)
B  (addition of feature),
C  (functional modification of feature)
D  (editorial modification)

Detailed explanations of the above categories can
be found in 3GPP TR 21.900.

Use one of the following releases:
Ph2        (GSM Phase 2)
R96        (Release 1996)
R97        (Release 1997)
R98        (Release 1998)
R99        (Release 1999)
Rel-4      (Release 4)
Rel-5      (Release 5)
Rel-6      (Release 6)

     Rel-7      (Release 7)

 

 

 

Reason for change: z

TS 33.107 defined an approach for handling the LI of WLAN Interworking.  This document provides changes to TS 33.108 to realize this approach over the Handover Interfaces (HI2 and HI3) to the LEMF. 

 

 

Summary of change: z

For Interception of WLAN Interworking, add information regarding Handover Interfaces (HI2 & HI3).

 

 

Consequences if     z
not approved:

Lack of available Handover Interface specification for handling WLAN Interworking causing possible regulatory issues. 

 

 

Clauses affected:     z

Clause 2, New Clause 8, Annex B.2, and New Annex B.7

 

 

 

Y

N

 

 

Other specs             z

 

X

 Other core specifications      z

 

affected:

 

X

 Test specifications

 

 

 

X

 O&M Specifications

 

 

 

Other comments:     z

 

 


*** FIRST CHANGE – Clause 2********

2          References

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

·      References are either specific (identified by date of publication, edition number, version number, etc.) or nonspecific.

·      For a specific reference, subsequent revisions do not apply.

·      For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]                         ETSI TR 101 331: "Telecommunications security; Lawful Interception (LI); requirements of Law Enforcement Agencies".

[2]                         ETSI ES 201 158: "Telecommunications security; Lawful Interception (LI); Requirements for network functions".

[3]                         ETSI ETR 330: "Security Techniques Advisory Group (STAG); A guide to legislative and regulatory environment".

[4]                         3GPP TS 29.002: "3rd Generation Partnership Project; Technical Specification Group Core Network; Mobile Application Part (MAP) specification".

[5A]                      ITUT Recommendation X.680: "Abstract Syntax Notation One (ASN.1): Specification of Basic Notation".

[5B]                      ITUT Recommendation X.681: "Abstract Syntax Notation One (ASN.1): Information Object Specification".

[5C]                      ITUT Recommendation X.681: "Abstract Syntax Notation One (ASN.1): Constraint Specification".

[5D]                      ITUT Recommendation X.681: "Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 Specifications".

[6]                         ITUT Recommendation X.690: "ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)".

NOTE 1:   It is recommended that for [5A], [5B], [5C], [5D] and [6] the 2002 specific versions should be used.

[7]                         ITUT Recommendation X.880: "Information technology - Remote Operations: Concepts, model and notation".

[8]                         ITUT Recommendation X.882: "Information technology - Remote Operations: OSI realizations - Remote Operations Service Element (ROSE) protocol specification".

NOTE 2:   It is recommended that for [8] the 1994 specific versions should be used.

[9]                         3GPP TS 24.008: "3GPP Technical Specification Group Core Network; Mobile radio interface Layer 3 specification, Core network protocol; Stage 3".

[10]                       Void.

[11]                       Void.

[12]                       Void.

[13]                       IETF STD 9 (RFC 0959): "File Transfer Protocol (FTP)".

[14]                       3GPP TS 32.215: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Telecommunication Management; Charging Management; Charging data description for the Packet Switched (PS) domain)".

[15]                       IETF STD0005 (RFC 0791: "Internet Protocol".

[16]                       IETF STD0007 (RFC 0793): "Transmission Control Protocol".

[17]                       3GPP TS 29.060: "3rd Generation Partnership Project; Technical Specification Group Core Network; General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface".

[18]                       3GPP TS 33.106: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Lawful Interception Requirements".

[19]                       3GPP TS 33.107: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Lawful interception architecture and functions".

[20]                       3GPP TS 23.107: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Quality of Service QoS concepts and architecture".

[21]                       Void.

[22]                       Void.

[23]                       ANSI/J-STD-025-A: "Lawfully Authorized Electronic Surveillance".

[24]                       ETSI TS 101 671: "Handover Interface for the lawful interception of telecommunications traffic".

[25]                       3GPP TS 23.003: "3rd Generation Partnership Project; Technical Specification Group Core Network; Numbering, addressing, and identification".

[26]                       IETF RFC 3261: "SIP: Session Initiation Protocol".

[27]                       IETF RFC 1006: "ISO Transport Service on top of the TCP".

[28]                       IETF RFC 2126: "ISO Transport Service on top of TCP (ITOT)".

[29]                       ITU-T Recommendation Q.763: "Signalling System No. 7 - ISDN User Part formats and codes".

[30]                       ETSI EN 300 356 (all parts): "Integrated Services Digital Network (ISDN); Signalling System No.7; ISDN User Part (ISUP) version 3 for the international interface".

[31]                       ETSI EN 300 403-1 (V1.3.2): "Integrated Services Digital Network (ISDN); Digital Subscriber Signalling System No. one (DSS1) protocol; Signalling network layer for circuit-mode basic call control; Part 1: Protocol specification [ITU-T Recommendation Q.931 (1993), modified]".

NOTE 3:   Reference [31] is specific, because ASN.1 parameter "release-Reason-Of-Intercepted-Call" has the following comment: "Release cause coded in [31] format". In case later version than the given one indicated for ISDN specification ETSI EN 300 4031 has modified format of the "release cause", keeping the reference version specific allows to take proper actions in later versions of this specification.

[32]                       Void.

[33]                       Void

[34]                       ITU-T Recommendation Q.931: "ISDN user-network interface layer 3 specification for basic call control".

[35]                       Void.

[36]                       IETF RFC 2806: "URLs for Telephone Calls".

[37]                       3GPP TS 23.032: "3rd Generation Partnership Project; Technical Specification Group Core Network; Universal Geographical Area Description (GAD)".

[38]                       3GPP TR 21.905: "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Vocabulary for 3GPP Specifications".

[39]                       ISO 3166-1: "Codes for the representation of names of countries and their subdivisions - Part 1: Country codes".

[40]                       3GPP TS 23.228: “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; IP Multimedia Subsystem (IMS); Stage 2”.

[41]                       3GPP TS 29.234: “3rd Generation Partnership Project; Technical Specification Group Core Network and Terminals: 3GPP System to Wireless Local Area Network (WLAN) interworking; Stage 3.

 

 

 

 

*** NEXT CHANGE – NEW CLAUSE 8********

8          3GPP WLAN Interworking

8.1       Identifiers

8.1.1    Overview

Specific identifiers are necessary to identify a target for interception uniquely and to correlate between the data, which is conveyed over the different handover interfaces (HI2 and HI3). The identifiers are defined in the subsections below.

For the delivery of CC and IRI the PDG or AAA server provide correlation numbers and target identities to the HI2 and HI3. The correlation number is unique per I-WLAN tunnel and is used to correlate CC with IRI and the different IRI's of one I-WLAN tunnel.

8.1.2       Lawful interception identifier

For each target identity related to an interception measure, the authorized operator (NO/AN/SP) shall assign a special Lawful Interception Identifier (LIID), which has been agreed between the LEA and the operator (NO/AN/SP).

Using an indirect identification to point to a target identity makes it easier to keep the knowledge about a specific interception target limited within the authorized operator (NO/AN/SP) and the handling agents at the LEA.

The LIID is a component of the CC delivery procedure and of the IRI records. It shall be used within any information exchanged at the handover interfaces HI2 and HI3 for identification and correlation purposes.

The LIID format shall consist of alphanumeric characters. It might for example, among other information, contain a lawful authorization reference number, and the date, when the lawful authorization was issued.

The authorized operator (NO/AN/SP) shall either enter a unique LIID for each target identity of the interception subject or a single LIID for multiple target identities all pertaining to the same interception subject.

If more than one LEA intercepts the same target identity, there shall be unique LIIDs assigned relating to each LEA.

8.1.3       Network identifier

The network identifier (NID) is a mandatory parameter; it should be internationally unique. It consists of the following two identifiers.

1)  Operator- (NO/AN/SP) identifier (mandatory):
Unique identification of network operator, access network provider or service provider.

2)  Network element identifier NEID (optional):
The purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc.

      A network element identifier may be an IP address or other identifier. For GSM and UMTS systems deployed in the U.S, the network element identifier is required.

8.1.4       Correlation number

The Correlation Number is unique per I-WLAN tunnel and used for the following purposes:

-    correlate CC with IRI (in the PDG),

-    correlate different IRI records within one I-WLAN tunnel (for both PDG and AAA server).

NOTE:      The Correlation Number is at a minimum unique for each concurrent communication (e.g. I-WLAN tunnel) in a specific node (e.g., AAA server or PDG) of an intercept subject within a lawful authorization.

8.2       Performance, reliability, and quality

8.2.1       Timing

As a general principle, within a telecommunication system, IRI, if buffered, should be buffered for as short a time as possible.

NOTE:      If the transmission of IRI fails, it may be buffered or lost.

Subject to national requirements, the following timing requirements shall be supported:

-    Each IRI data record shall be sent by the delivery function to the LEMF over the HI2 within seconds of the detection of the triggering event by the IAP at least 95% of the time.

-    Each IRI data record shall contain a time-stamp, based on the intercepting nodes clock that is generated following the detection of the IRI triggering event.

8.2.2       Quality

The quality of service associated with the result of interception should be (at least) equal to the quality of service of the original content of communication. This may be derived from the QoS class used for the original intercepted session [20]. However, when TCP is used as an OSI layer 4 protocol across the HI3, real time delivery of the result of the interception cannot be guaranteed. The QoS used from the operator (NO/AN/SP) to the LEMF is determined by what operators (NO/AN/SP) and law enforcement agree upon.

8.2.3       Reliability

The reliability associated with the result of interception should be (at least) equal to the reliability of the original content of communication. This may be derived from the QoS class used for the original intercepted session [20].

Reliability from the operator (NO/AN/SP) to the LEMF is determined by what operators (NO/AN/SP) and law enforcement agree upon.

8.3       Security aspects

Security is defined by national requirements.

8.4       Quantitative aspects

The number of target interceptions supported is a national requirement.

The area of Quantitative Aspects addresses the ability to perform multiple, simultaneous interceptions within a provider's network and at each of the relevant intercept access points within the network. Specifics related to this topic include:

-    The ability to access and monitor all simultaneous communications originated, received, or redirected by the interception subject;

-    The ability for multiple LEAs (up to five) to monitor, simultaneously, the same interception subject while maintaining unobtrusiveness, including between agencies;

-    The ability of the network to simultaneously support a number of separate (i.e. multiple interception subjects) legally authorized interceptions within its service area(s), including different levels of authorization for each interception, including between agencies (i.e. IRI only, or IRI and communication content).

8.5       IRI for I-WLAN

The IRI will in principle be available in the following phases of a data transmission:

1.   At I-WLAN access initiation attempt, when the target identity becomes active, at which time packet transmission may or may not occur (at the set up of a I-WLAN tunnel, the target may be the originating or terminating party);

2.   At the end of a connection, when the target identity becomes inactive (removal of a I-WLAN tunnel);

3.   At certain times when relevant information are available.

In addition, information on non-transmission related actions of a target constitute IRI and is sent via HI2, e.g. information on subscriber controlled input.

The IRI may be subdivided into the following categories:

1.   Control information for HI2 (e.g. correlation information);

2.   Basic data communication information, for standard data transmission between two parties.

The events defined in [19] are used to generate records for the delivery via HI2.

There are multiple different event types received at DF2 level. According to each event, a Record is sent to the LEMF if this is required. The following table gives the mapping between event type received at DF2 level and record type sent to the LEMF.

Table 8.1: Mapping between I-WLAN Events and HI2 records type

Event

IRI Record Type

I-WLAN Access Initiation

REPORT

I-WLAN Access Termination

REPORT

I-WLAN Tunnel Establishment (successful)

BEGIN

I-WLAN Tunnel Establishment (unsuccessful)

REPORT

I-WLAN Tunnel Disconnect

END

Start of intercept with I-WLAN Communication Active

BEGIN or REPORT

 

A set of information is used to generate the records. The records used transmit the information from mediation function to LEMF. This set of information can be extended in the ICE or DF2 MF, if this is necessary in a specific country. The following table gives the mapping between information received per event and information sent in records.

For the event “Start of intercept with I-WLAN Communication Active” reported from a AAA server, this event is reported using a:

·        REPORT record to provide an indication that I-WLAN Access Initiation event has already occurred, but there are no tunnels established yet.

·        BEGIN record to provide an indication that one or more I-WLAN Tunnels are already established.

Table 8.2: Mapping between Events information and IRI information

parameter

description

HI2 ASN.1 parameter

observed MSISDN

Target Identifier with the MSISDN of the target subscriber (monitored subscriber).

partyInformation (partyIdentiity)

observed IMSI

Target Identifier with the IMSI of the target subscriber (monitored subscriber).

partyInformation (partyIdentity)

observed NAI

Target Identifier with the NAI of the target subscriber (monitored subscriber).

partyInformation (partyIdentity)

event type

Description which type of event is delivered: I-WLAN Access Initiation, I-WLAN Access Termination, I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, etc.

i-WLANevent

event date

Date of the event generation in the PDG or AAA server.

timeStamp

event time

Time of the event generation in the PDG or AAA server.

 

WLAN access point name

The W-APN of the access point.

partyInformation

(services-Data-Information)

initiator

This field indicates whether the event being reported is the result of an MS directed action or network initiated action when either one can initiate the action.  

initiator

correlation number

Unique number for each I-WLAN tunnel delivered to the LEMF, to help the LEA, to have a correlation between each I-WLAN tunnel and the IRI.

correlationNumber

lawful interception identifier

Unique number for each lawful authorization.

lawfulInterceptionIdentifier

WLAN UE Local IP address

The Local IP address used by the target in a WLAN AN.

partyInformation

(services-data-information)

WLAN UE MAC address

MAC Address of WLAN UE on the WLAN

i-WLANInformation

 (wLANMACAddress)

WLAN Remote IP address

It is the IP address of the WLAN UE in the network being accessed by the WLAN UE and is used in the data packet encapsulated by the WLAN UE-initiated tunnel.  In addition, it is the source address used by applications in the WLAN UE.

partyInformation

(services-data-information)

network identifier

Operator ID plus PDG or AAA server address.

networkIdentifier

WLAN Operator name

This field identifies the WLAN Operator serving the intercept subject.

i-WLANInformation

 (wLANOperatorName)

WLAN Location Name

This field identifies the name of the location of the WLAN serving the subject.

i-WLANInformation

(wLANLocationName)

WLAN Location Information

This field provides detailed location information about the WLAN serving the intercept subject.

i-WLANInformation

(wLANLocationInformation)

NAS IP/IPv6 address

An IP address of the serving Network Access Server.

i-WLANInformation

 (nasIPIPv6Address)

visited PLMN ID

This field identifies the visited PLMN that will either terminate or tunnel the intercept subject’s communications to the Home PLMN.

visitedPLMNID

session alive timer

Thi field identifies the expected maximum duraton of the I-WLAN access being initiated.

i-WLANInformation

(sessionAliveTimer)

failed access reason

This field gives information about the reason for a failed access initiation attempt of the target subscriber.

i-WLANOperationErrorCode

session termination reason

This field identifies the reason for the termination of the I-WLAN access.

i-WLANOperationErrorCode

failed tunnel establishment reason

This field gives information (“Authentication failed” or Authorization failed”) about the reason for a failed tunnel establishment of the target subscriber.

i-WLANOperationErrorCode

tunnel disconnect reason

This field gives information about the reason for tunnel disconnect of the target subscriber. (For Further Study).

i-WLANOperationErrorCode

 

NOTE:       LIID parameter must be present in each record sent to the LEMF.

 

8.5.1       Events and information

8.5.1.1         Overview

This clause describes the information sent from the Delivery Function (DF) to the Law Enforcement Monitoring Facility (LEMF) to support Lawful Interception (LI). The information is described as records and information carried by a record. This focus is on describing the information being transferred to the LEMF.

The IRI events and data are encoded into records as defined in the Table 8.1 Mapping between I-WLAN Events and HI2 records type and Annex B.7 Intercept related information (HI2). IRI is described in terms of a 'causing event' and information associated with that event. Within each IRI record there is a set of events and associated information elements to support the particular service.

The communication events described in Table 8.1: Mapping between I-WLAN Events and HI2 record type and Table 8.2: Mapping between Events information and IRI information convey the basic information for reporting the disposition of a communication. This clause describes those events and supporting information.

Each record described in this clause consists of a set of parameters. Each parameter is either:

mandatory (M)    - required for the record,

conditional (C)    - required in situations where a condition is met (the condition is given in the Description), or

optional (O)         - provided at the discretion of the implementation.

The information to be carried by each parameter is identified. Both optional and conditional parameters are considered to be OPTIONAL syntactically in ASN.1 Stage 3 descriptions. The Stage 2 inclusion takes precedence over Stage 3 syntax.

8.5.1.2         REPORT record information

The REPORT record is used to report non-communication related subscriber actions (events) and for reporting unsuccessful packet-mode communication attempts.

The REPORT record shall be triggered when:

-    the intercept subject's WLAN UE performs a (successful or unsuccessful) I-WLAN access initiation procedure (triggered by AAA server);

-    the intercept subject's WLAN UE performs a I-WLAN access termination detach procedure (triggered by AAA server);

-    the intercept subject's WLAN UE is unsuccessful at performing a I-WLAN tunnel establishment procedure (triggered by AAA server or PDG);

-    the interception of a subject’s communications is started and the WLAN UE has already successfully performed a I-WLAN access initiation procedure (triggered by AAA server), but there are no tunnels established.

Table 8.3: I-WLAN Access Initiation REPORT Record

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Initiation event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

network identifier

M

Shall be provided.

lawful intercept identifier

M

Shall be provided.

WLAN Operator Name

C

Provide, when available, to identify the WLAN operator serving the intercept subject.

WLAN Location Name

C

Provide, when available, to identify the name of the WLAN location serving the intercept subject.

WLAN Location Information

C

Provide, when available, to identify the location information of the WLAN serving the intercept subject.

NAS IP/IPv6 address

C

Provide, when available, to identify the address of the NAS serving the intercept subject.

WLAN UE MAC address

C

Provide, when available, to identify the MAC address of the intercept subject in the WLAN serving the intercept subject.

visited PLMN ID

C

Provide, when available, to identiy the visited PLMN that will either terminate or tunnel the subject’s communications to the Home PLMN.

session alive time

C

Provide, when available, to identify the expected maximum duration of the I-WLAN Access being initiated.

failed access reason

C

Provide information about the reason for failed access initiation attempts of the target subscriber.

 

Table 8.4: I-WLAN Access Termination REPORT Record

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Access Termination event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

network identifier

M

Shall be provided.

lawful intercept identifier

M

Shall be provided.

WLAN Operator Name

C

Provide, when available, to identify the WLAN operator serving the intercept subject.

WLAN Location Name

C

Provide, when available, to identify the name of the WLAN location serving the intercept subject.

WLAN Location Information

C

Provide, when authorized, to identify the location information of the WLAN serving the intercept subject.

NAS IP/IPv6 address

C

Provide, when available, to identify the address of the NAS serving the intercept subject.

WLAN UE MAC address

C

Provide, when available, to identify the MAC address of the intercept subject in the WLAN serving the intercept subject.

session termination reason

C

Provide information about the reason for termination of I-WLAN access of the target subscriber.

 

Table 8.5: I-WLAN Tunnel Establishment (unsuccessful) REPORT Record - PDG

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Tunnel Establishment event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject requested to be connected when the intercept subject's WLAN UE is unsuccessful at performing a I-WLAN tunnel establishment procedure (MS to Network).

network identifier

M

Shall be provided.

lawful intercept identifier

M

Shall be provided.

WLAN UE Local IP address

C

Provide, when available, to identify the IP address associated with the intercept subject in the WLAN. 

WLAN UE Remote IP address

C

Provide, when available, to identify the IP address associated with the intercept subject in the network being accessed by the intercept subject. 

failed I-WLAN tunnel establishment reason

C

Provide information about the reason for failed I-WLAN tunnel establishment attempts of the target subscriber.

 

Table 8.6: I-WLAN Tunnel Establishment (unsuccessful) REPORT Record – AAA Server

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Tunnel Establishment event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject requested to be connected when the intercept subject's WLAN UE is unsuccessful at performing a I-WLAN tunnel establishment procedure (MS to Network).

network identifier

M

Shall be provided.

lawful intercept identifier

M

Shall be provided.

failed I-WLAN tunnel establishment reason

C

Provide information about the reason for failed I-WLAN tunnel establishment attempts of the target subscriber.

visited PLMN ID

C

Provide, when available, to identiy the visited PLMN that will either terminate or tunnel the subject’s communications to the Home PLMN.

 

Table 8.7: Start of Intercept With I-WLAN Communication Active REPORT Record – AAA Server

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide Start of Intercept With I-WLAN Communication Active event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

network identifier

M

Shall be provided.

lawful intercept identifier

M

Shall be provided.

WLAN Operator Name

C

Provide, when available, to identify the WLAN operator serving the intercept subject.

WLAN Location Name

C

Provide, when available, to identify the name of the WLAN location serving the intercept subject.

WLAN Location Information

C

Provide, when available, to identify the location information of the WLAN serving the intercept subject.

NAS IP/IPv6 address

C

Provide, when available, to identify the address of the NAS serving the intercept subject.

WLAN UE MAC address

C

Provide, when available, to identify the MAC address of the intercept subject in the WLAN serving the intercept subject.

visited PLMN ID

C

Provide, when available, to identiy the visited PLMN that will either terminate or tunnel the subject’s communications to the Home PLMN.

session alive time

C

Provide, when available, to identify the expected maximum duration of the I-WLAN Access being initiated.

 

 

8.5.1.3         BEGIN record information

The BEGIN record is used to convey the first event of I-WLAN interworking communication interception.

The BEGIN record shall be triggered when:

-    there is a successful establishment of an I-WLAN tunnel (triggered by AAA server or PDG);

-    the interception of a subject's communications is started and at least one I-WLAN tunnel is established. If more than one I-WLAN tunnel is established, a BEGIN record shall be generated for each I-WLAN tunnel that is established (triggered by AAA server or PDG).

Table 8.8: I-WLAN Tunnel Establishment (successful) BEGIN Record - PDG

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Tunnel Establishment event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject requested to be connected when the intercept subject's WLAN UE is successful at performing a I-WLAN tunnel establishment procedure.

network identifier

M

Shall be provided.

WLAN local IP address

M

Provide to identify the IP address associated with the intercept subject in the WLAN. 

WLAN remote IP address

M

Provide to identify the IP address associated with the intercept subject in the network being accessed by the intercept subject for the I-WLAN tunnel.

correlation number

C

Provide to allow correlation of CC and IRI and the correlation of IRI records. 

lawful intercept identifier

M

Shall be provided.

 

 

Table 8.9: I-WLAN Tunnel Establishment (successful) BEGIN Record – AAA Server

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Tunnel Establishment event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject requested to be connected when the intercept subject's WLAN UE is successful at performing a I-WLAN tunnel establishment procedure.

network identifier

M

Shall be provided.

correlation number

C

Provide to allow correlation of IRI records. 

lawful intercept identifier

M

Shall be provided.

visited PLMN ID

C

Provide to identify the visited PLMN, if available.

 

 

Table 8.10: Start Of Interception (with I-WLAN Tunnel Established) BEGIN Record - PDG

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed IMEI

 

 

event type

C

Provide Start Of Interception With I-WLAN Communication Active event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject requested to be connected when the intercept subject's WLAN UE is successful at performing a I-WLAN tunnel establishment procedure.

network identifier

M

Shall be provided.

WLAN local IP address

M

Provide to identify the IP address associated with the intercept subject in the WLAN. 

WLAN remote IP address

M

Provide to identify the IP address associated with the intercept subject in the network being accessed by the intercept subject for the I-WLAN tunnel.  

correlation number

C

Provide to allow correlation of CC and IRI and the correlation of IRI records. 

lawful intercept identifier

M

Shall be provided.

 

 

Table 8.11: Start Of Interception (with I-WLAN Tunnel Established) BEGIN Record – AAA Server

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed IMEI

 

 

event type

C

Provide Start Of Interception With I-WLAN Communication Active event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject requested to be connected when the intercept subject's WLAN UE is successful at performing a I-WLAN tunnel establishment procedure.

network identifier

M

Shall be provided.

correlation number

C

Provide to allow correlation of IRI records. 

lawful intercept identifier

M

Shall be provided.

visited PLMN ID

C

Provide to identify the visited PLMN, if available.

WLAN Operator Name

C

Provide, when available (at the time of event generation), to identify the WLAN operator serving the intercept subject. 

WLAN Location Name

C

Provide, when available (at the time of event generation), to identify the name of the WLAN location serving the intercept subject.

WLAN Location Information

C

Provide, when available (at the time of event generation), to identify the location information of the WLAN serving the intercept subject.

NAS IP/IPv6 address

C

Provide, when available (at the time of event generation), to identify the address of the NAS serving the intercept subject.

WLAN UE MAC address

C

Provide, when available (at the time of event generation), to identify the MAC address of the intercept subject in the WLAN serving the intercept subject.

session alive time

C

Provide, when available (at the time of event generation), to identify the expected maximum duration of the I-WLAN Access being initiated.

 

 

 

8.5.1.4         END record information

The END record is used to convey the last event of packet-data communication.

The END record shall be triggered when:

-    I-WLAN tunnel disconnect occurs (triggered by the AAA server or the PDG).

Table 8.12: I-WLAN Tunnel Disconnect END Record - PDG

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Tunnel Disconnect event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject is connected.

initiator

C

Provide to indicate whether the I-WLAN tunnel disconnection is network-initiated, intercept-subject-initiated, or not available.

network identifier

M

Shall be provided.

WLAN local IP address

M

Provide to identify the IP address associated with the intercept subject in the WLAN. 

WLAN remote IP address

M

Provide to identify the IP address associated with the intercept subject in the network being accessed by the intercept subject for the I-WLAN tunnel.  

correlation number

C

Provide to allow correlation of CC and IRI and the correlation of IRI records. 

lawful intercept identifier

M

Shall be provided.

 

Table 8.13: I-WLAN Tunnel Disconnect END Record – AAA Server

Parameter

MOC

Description/Conditions

observed MSISDN

 

 

observed IMSI

C

Provide at least one and others when available.

observed NAI

 

 

event type

C

Provide I-WLAN Tunnel Disconnect event type.

event date

M

Provide the date and time the event is detected.

event time

 

 

WLAN access point name

C

Provide to identify the packet data network to which the intercept subject is connected.

initiator

C

Provide to indicate whether the I-WLAN tunnel disconnection is network-initiated, intercept-subject-initiated, or not available.

network identifier

M

Shall be provided.

correlation number

C

Provide to allow correlation of IRI records. 

lawful intercept identifier

M

Shall be provided.

 

 

8.6       CC for I-WLAN

The interface protocols and data structures defined in Annex B.4, Annex C, and Annex G of this specification are applicable to the delivery of the intercepted CC for I-WLAN over the HI3 PS interface.  The mandatory or optionality of the parameters is not changed for I-WLAN.  However the availability of relevant intercepted information will affect the population of the parameters. 

 

 

*** NEXT CHANGE – CLAUSE B.2 (Red Color in Diagram)********

 

B.2      3GPP object tree

 

 

*** NEXT CHANGE – NEW CLAUSE B.7********

B.7      Intercept related information (and I-WLAN)

Declaration of ROSE operation iwlan-umts-sending-of-IRI is ROSE delivery mechanism specific. When using FTP delivery mechanism, data IWLANUmtsIRIsContent must be considered.

 

ASN1 description of IRI (HI2 interface)

IWLANUmtsHI2Operations {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulintercept(2) threeGPP(4) hi2wlan(6) r7(7) version-1 (1)}

 

DEFINITIONS IMPLICIT TAGS ::=

 

BEGIN

 

IMPORTS

 

        OPERATION,

        ERROR

            FROM Remote-Operations-Information-Objects

            {joint-iso-itu-t(2) remote-operations(4) informationObjects(5) version1(0)}

 

        LawfulInterceptionIdentifier,

        TimeStamp,

        Network-Identifier,

        National-Parameters,

        National-HI2-ASN1parameters,

        DataNodeAddress,

        IPAddress

 

            FROM HI2Operations

            {itu-t(0) identified-organization(4) etsi(0) securityDomain(2)

                  lawfulIntercept(2) hi2(1) version10 (10)}; -- Imported from TS 101 671

           

 

-- Object Identifier Definitions

 

-- Security DomainId

lawfulInterceptDomainId OBJECT IDENTIFIER ::= {itu-t(0) identified-organization(4) etsi(0)

securityDomain(2) lawfulIntercept(2)}

 

-- Security Subdomains

threeGPPSUBDomainId OBJECT IDENTIFIER ::= {lawfulInterceptDomainId threeGPP(4)}

hi2wlanDomainId OBJECT IDENTIFIER   ::= {threeGPPSUBDomainId hi2wlan(6) r7(7) version-1(1)}

 

iwlan-umts-sending-of-IRI  OPERATION ::=

{

    ARGUMENT    IWLANUmtsIRIsContent

    ERRORS      { OperationErrors }

    CODE        global:{threeGPPSUBDomainId hi2wlan(6) opcode(1)}

}

-- Class 2 operation . The timer shall be set to a value between 3 s and 240 s.

-- The timer.default value is 60s.

-- NOTE:    The same note as for HI management operation applies.

 

IWLANUmtsIRIsContent        ::= CHOICE

{

    iWLANumtsiRIContent         IWLANUmtsIRIContent,

    iWLANumtsIRISequence        IWLANUmtsIRISequence

}

 

IWLANUmtsIRISequence        ::= SEQUENCE OF IWLANUmtsIRIContent

 

-- Aggregation of IWLANUmtsIRIContent is an optional feature.

-- It may be applied in cases when at a given point in time

-- several IRI records are available for delivery to the same LEA destination.

-- As a general rule, records created at any event shall be sent

-- immediately and not withheld in the DF or MF in order to

-- apply aggragation.

-- When aggregation is not to be applied, 

-- IWLANUmtsIRIContent needs to be chosen.

 

 

IWLANUmtsIRIContent     ::= CHOICE

{

    iRI-Begin-record        [1] IRI-Parameters,

    iRI-End-record          [2] IRI-Parameters,

    iRI-Report-record       [3] IRI-Parameters,

  

}

 

unknown-version         ERROR ::= { CODE local:0}

missing-parameter       ERROR ::= { CODE local:1}

unknown-parameter-value ERROR ::= { CODE local:2}

unknown-parameter       ERROR ::= { CODE local:3}

 

OperationErrors ERROR ::=

{

    unknown-version |

    missing-parameter |

    unknown-parameter-value |

    unknown-parameter

}

-- These values may be sent by the LEMF, when an operation or a parameter is misunderstood.

 

IRI-Parameters      ::= SEQUENCE

{

    hi2iwlanDomainId                [0] OBJECT IDENTIFIER,  -- 3GPP HI2 WLAN domain

    lawfulInterceptionIdentifier    [2] LawfulInterceptionIdentifier,

        -- This identifier is associated to the target.

    timeStamp               [3] TimeStamp,

        -- date and time of the event triggering the report.

    initiator               [4] ENUMERATED

    {

        not-Available       (0),

        originating-Target  (1),

            -- in case of I-WLAN, this indicates that the I-WLAN tunnel disconnect is WLAN UE

            -- requested.

        terminating-Target  (2),

            -- in case of I-WLAN, this indicates that the I-WLAN tunnel disconnect is network

            -- initiated.

    ...

    } OPTIONAL,

 

    partyInformation        [5] SET SIZE (1..10) OF PartyInformation OPTIONAL,

        -- This parameter provides the concerned party, the identiy(ies) of the party

        -- and all the information provided by the party.

 

    national-Parameters     [6] National-Parameters OPTIONAL,

    networkIdentifier       [7] Network-Identifier OPTIONAL,

    i-WLANevent             [8] I-WLANEvent OPTIONAL,

    correlationNumber       [9] CorrelationNumber OPTIONAL,

    i-WLANOperationErrorCode[10] I-WLANOperationErrorCode   OPTIONAL,

   

    i-wLANinformation       [11] I-WLANinformation OPTIONAL,

    visitedPLMNID           [12] VisitedPLMNID OPTIONAL,

 

    national-HI2-ASN1parameters [255]   National-HI2-ASN1parameters OPTIONAL,

...

}

 

 

-- PARAMETERS FORMATS

 

PartyInformation            ::= SEQUENCE

{

    party-Qualifier     [0]  ENUMERATED

    {

        iWLAN-Target(1),

    ...

    },

    partyIdentity       [1] SEQUENCE

    {

        imsi                    [2] OCTET STRING (SIZE (3..8)) OPTIONAL,

            -- See MAP format [4] International Mobile

            -- Station Identity E.212 number beginning with Mobile Country Code

 

        msISDN                  [3] OCTET STRING (SIZE (1..9)) OPTIONAL,

            -- MSISDN of the target, encoded in the same format as the AddressString

            -- parameters defined in MAP format document [4], § 14.7.8

 

        nai                     [7]  OCTET STRING  OPTIONAL,

            -- NAI of the target, encoded in the same format as

            -- defined in 3GPP TS 29.234 [41].

    ...

 

    },

 

    services-Data-Information   [2] Services-Data-Information OPTIONAL,

        -- This parameter is used to transmit all the information concerning the

        -- complementary information associated to the basic data call

    ...

}

 

 

CorrelationNumber ::= OCTET STRING (SIZE(8..20))

 

 

I-WLANEvent ::= ENUMERATED

{

    i-WLANAccessInitiation                  (1),

    i-WLANAccessTermination                 (2),

    i-WLANTunnelEstablishment               (3),

    i-WLANTunnelDisconnect                  (4),

    startOfInterceptionCommunicationActive  (5),

    ...

}

-- see [19]

 

 

Services-Data-Information ::= SEQUENCE

{

    i-WLAN-parameters [1] I-WLAN-parameters OPTIONAL,

    ...

 

}

 

 

I-WLAN-parameters ::= SEQUENCE

{

    wlan-local-IP-address-of-the-target     [1] DataNodeAddress OPTIONAL,

    w-APN                                   [2] OCTET STRING    OPTIONAL,

    wlan-remote-IP-address-of-the-target    [3] DataNodeAddress     OPTIONAL,

    ...

}

 

I-WLANOperationErrorCode ::= OCTET STRING

-- The parameter shall carry the I-WLAN failed tunnel establishment reason, the I-WLAN Failed Access -- Initiation reason or the I-WLAN session termination reason.

 

 

I-WLANinformation ::= SEQUENCE

{

    wLANOperatorName                    [1] OCTET STRING        OPTIONAL,

    wLANLocationName                    [2] OCTET STRING        OPTIONAL,

    wLANLocationInformation             [3] OCTET STRING        OPTIONAL,

    nASIPIPv6Address                    [4] IPAddress           OPTIONAL,

    wLANMACAddress                      [5] OCTET STRING        OPTIONAL,

    sessionAliveTimer                   [6] SessionAliveTime    OPTIONAL,

    ...

--These parameters are defined in 3GPP TS 29.234.

 

}

 

 

VisitedPLMNID ::= OCTET STRING

-- The parameter shall carry the VisitedPLMNID as defined in 3GPP TS 29.234.

 

 

 

SessionAliveTime ::= OCTET STRING

--The parameter shall carry the SessionAliveTime as defined in 3GPP TS 29.234.

 

 

END -- OF IWLANUmtsHI2Operations