10 Evolved Packet System (EPS)
33.1083G Security3GPPHandover interface for Lawful Interception (LI)Release 17TS
10.0 Introduction
Clause 10 specifies requirements for the handover interface in the Evolved Packet System (TS 23.060 [42], TS 23.401 [44], TS 23.402 [45]).
In case the SGSN is used in the EPS and interworks with a S-GW by using S4/S12 interfaces, the SGSN and the HSS are subjected to the requirements applicable to these nodes for PS interception, as specified throughout this document.
In case of untrusted non-3GPP IP access, the e-PDG not using a GTP based protocol over the s2b interface and AAA server are subjected to all the requirements specified in this document for PDG and AAA server for the case of WLAN interworking.
NOTE: WLAN Interworking specification (TS 29.234 [41]) is not maintained in Release 12 and onwards.
When a PDN-GW provides a Gn/Gp interface for interworking with a SGSN, from LI perspective the PDN-GW acts as a GGSN towards the involved SGSN. In this case, in addition to the requirements specified in this chapter, all the requirements specified in this document for PS interception applicable the GGSN are applicable also to the PDN-GW. PDP contexts/EPS bearer modification signalling detected by the PDN-GW during a handover between different accesses involving a Gn/Gp interface (i.e. from E-UTRAN to 2G/3G and vice versa) is reported inside the IRI BEGIN- END transaction. The same correlation number shall be used before and after the handover during the same IRI transaction. After the handover, the events sent by the PDN-GW shall be mapped into IRIs according to the requirements for the new access.
In case the target is related to a ProSe Remote UE or to a ProSe UE-to-NW Relay, additional requirements specified in clause 13 are applicable.
10.1 Identifiers
10.1.0 Introduction
Specific identifiers are necessary to identify a target for interception uniquely and to correlate between the data, which is conveyed over the different handover interfaces (HI2 and HI3). The identifiers are defined in the subsequent subclauses of 10.1.
For the delivery of CC and IRI the S-GW or PDN-GW provide correlation numbers and target identities to the HI2 and HI3. The correlation number is unique per EPS bearer/tunnel and is used to correlate CC with IRI and the different IRI’s of one EPS bearer/tunnel.
NOTE: When different protocols (i.e. GTP and PMIP) are used in the networks, different values for the correlation number can be generated by different nodes for the same communication.
10.1.1 Lawful interception identifier
For each target identity related to an interception measure, the authorized operator (NO/AN/SP) shall assign a special Lawful Interception Identifier (LIID), which has been agreed between the LEA and the operator (NO/AN/SP).
Using an indirect identification, pointing to a target identity makes it easier to keep the knowledge about a specific target limited within the authorized operator (NO/AN/SP) and the handling agents at the LEA.
The LIID is a component of the CC delivery procedure and of the IRI records. It shall be used within any information exchanged at the handover interfaces HI2 and HI3 for identification and correlation purposes.
The LIID format shall consist of alphanumeric characters. It might for example, among other information, contain a lawful authorization reference number, and the date, when the lawful authorization was issued.
The authorized operator (NO/AN/SP) shall either enter a unique LIID for each target identity of the target or a single LIID for multiple target identities all pertaining to the same target.
If more than one LEA intercepts the same target identity, there shall be unique LIIDs assigned relating to each LEA.
10.1.2 Network identifier
The network identifier (NID) is a mandatory parameter; it should be internationally unique. It consists of the following two identifiers.
1) Operator- (NO/AN/SP) identifier (mandatory):
Unique identification of network operator, access network provider or service provider.
2) Network element identifier NEID (optional):
The purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc.
A network element identifier may be an IP address or other identifier. National regulations may mandate the sending of the NEID.
10.1.3 Correlation number
The Correlation Number is unique per EPS bearer/tunnel and is used for the following purposes:
– correlate CC with IRI;
– correlate different IRI records within one EPS bearer/tunnel;
– correlate LALS reports with the IRI records of the triggering events.
NOTE: The Correlation Number is at a minimum unique for each concurrent communication (e.g. EPS bearer/tunnel) of a target within a lawful authorization. However when different protocols (i.e. GTP and PMIP) are used in the networks, different values for the correlation number can be generated by different nodes for the same communication.
In case of handover between different accesses involving a Gn/Gp interface (i.e. from E-UTRAN to 2G/3G and vice versa), the same correlation number for the PDP context/bearer shall be used before and after the handover during the same IRI transaction.
10.2 Timing and quality
10.2.1 Timing
As a general principle, within a telecommunication system, IRI, if buffered, should be buffered for as short a time as possible.
NOTE: If the transmission of IRI fails, it may be buffered or lost.
Subject to national requirements, the following timing requirements shall be supported:
– Each IRI data record shall be sent by the delivery function to the LEMF over the HI2 within seconds of the detection of the triggering event by the IAP at least 95% of the time;
– Each IRI data record shall contain a time-stamp, based on the intercepting nodes clock that is generated following the detection of the IRI triggering event. The timestamp precision should be at least 1 second (ETSI TS 101 671 [24]). Defining the required precision of an IRI timestamp however is subject to national requirements.
10.2.2 Quality
The quality of service associated with the result of interception should be (at least) equal to the quality of service of the original content of communication. This may be derived from the QoS class used for the original intercepted session. However, when TCP is used as an OSI layer 4 protocol across the HI3, real time delivery of the result of the interception cannot be guaranteed. The QoS used from the operator (NO/AN/SP) to the LEMF is determined by what operators (NO/AN/SP) and law enforcement agree upon.
10.2.3 Void
Void.
10.3 Security aspects
Security is defined by national requirements.
10.4 Quantitative aspects
The number of target interceptions supported is a national requirement.
The area of Quantitative Aspects addresses the ability to perform multiple, simultaneous interceptions within a provider’s network and at each of the relevant intercept access points within the network. Specifics related to this topic include:
– The ability to access and monitor all simultaneous communications originated, received, or redirected by the target;
– The ability for multiple LEAs (up to five) to monitor, simultaneously, the same target while maintaining unobtrusiveness, including between agencies;
– The ability of the network to simultaneously support a number of separate (i.e. multiple targets) legally authorized interceptions within its service area(s), including different levels of authorization for each interception, including between agencies (i.e. IRI only, or IRI and communication content).
10.5 IRI for evolved packet domain
10.5.0 Introduction
The IRI will in principle be available in the following phases of a data transmission:
1. At connection attempt when the target identity becomes active, at which time packet transmission may or may not occur (set up of a bearer/tunnel, target may be the originating or terminating party);
2. At the end of a connection, when the target identity becomes inactive (removal of a bearer/tunnel);
3. At certain times when relevant information are available.
In addition, information on non-transmission related actions of a target constitute IRI and is sent via HI2. Also, the EPS LALS reports convey via HI2 as IRI.
The IRI may be subdivided into the following categories:
1. Control information for HI2 (e.g. correlation information);
2. Basic data context information, for standard data transmission between two parties.
The events defined in TS 33.107 [19] are used to generate records for the delivery via HI2.
There are several different event types received at DF2 level. According to each event, a Record is sent to the LEMF if this is required. In the case of LALS reports which are not associated with an event, a Record is sent to the LEMF without the event parameter.
The following table gives the mapping between event type received at DF2 level and record type sent to the LEMF. The applicability of the events to specific access (E-UTRAN, trusted non-3GPP access, untrusted non-3GPP access) and network protocols (GTP/PMIP S5/S8 interface) is specified in TS 33.107 [19]. Additional events and mapping with IRI Record type are applicable to EPS in case of interworking between SGSN and PDN-GW over Gn/Gp interface, as specified in this document for PS interception.
Table 10.5.1: Mapping between EPS Events and HI2 records type
|
Event |
IRI Record Type |
|
E-UTRAN attach, NOTE 2 |
REPORT |
|
E-UTRAN detach, NOTE 2 |
REPORT |
|
Bearer activation (successful) |
BEGIN |
|
Bearer modification |
CONTINUE |
|
UE Requested bearer resource modification |
REPORT |
|
Bearer activation (unsuccessful) |
REPORT |
|
Start of interception with active bearer, NOTE 1 |
BEGIN or optionally CONTINUE |
|
Bearer deactivation |
END |
|
UE requested PDN connectivity, NOTE 2 |
REPORT |
|
UE requested PDN disconnection, NOTE 2 |
REPORT |
|
Tracking Area/EPS location update, NOTE 2 |
REPORT |
|
Serving Evolved Packet System, NOTE 2 |
REPORT |
|
PMIP attach/tunnel activation (successful) |
BEGIN |
|
PMIP attach/tunnel activation (unsuccessful) |
REPORT |
|
PMIP session modification |
CONTINUE |
|
PMIP detach/tunnel deactivation |
END |
|
Start of interception with active PMIP tunnel, NOTE 1 |
BEGIN (or optionally CONTINUE) |
|
PMIP PDN-GW initiated PDN disconnection |
END |
|
MIP registration/tunnel activation (successful) |
BEGIN |
|
MIP registration/tunnel activation (unsuccessful) |
REPORT |
|
MIP deregistration/tunnel deactivation |
END |
|
Start of interception with active MIP tunnel, NOTE 1 |
BEGIN |
|
DSMIP registration/tunnel activation (successful) |
BEGIN |
|
DSMIP registration/tunnel activation (unsuccessful) |
REPORT |
|
DSMIP session modification |
CONTINUE |
|
DSMIP deregistration/tunnel deactivation |
END |
|
Start of interception with active DSMIP tunnel, NOTE 1 |
BEGIN |
|
DSMIP HA Switch |
REPORT |
|
PMIP Resource Allocation Deactivation |
END |
|
MIP Resource Allocation Deactivation |
END |
|
Start of interception with E-UTRAN attached UE, NOTE 1, NOTE 2 |
REPORT |
|
Packet Data Header Information |
REPORT |
|
HSS subscriber record change, NOTE 2 |
REPORT |
|
Cancel location, NOTE 2 |
REPORT |
|
Register location |
REPORT |
|
Location information request |
REPORT |
|
ProSe Remote UE Report |
REPORT |
|
ProSe Remote UE start of communication |
BEGIN |
|
ProSe Remote UE end of communication |
END |
|
Start of interception with ProSe Remote UE ongoing communication, NOTE 1 |
BEGIN |
|
Start of interception for ProSe UE-to-NW Relay, NOTE 1 |
REPORT |
|
SCEF requested non-IP PDN disconnection |
REPORT |
NOTE 1: In some situation (e.g. during activation of second, third, etc, intercepts on the target), the MF/DF may have to detect on its own that an interception is activated on a target.
NOTE 2: These events are also used for IoT UE’s NIDD communications using SCEF.
The EPS LALS records are sent to the LEMF as the REPORT IRI Records.
A set of information is used to generate the records. The records used transmit the information from mediation function to LEMF. This set of information can be extended in the network nodes or DF2 MF, if this is necessary in a specific country. The following table gives the mapping between information received per event and information sent in records.
Table 10.5.2: Mapping between Events information and IRI information
|
parameter |
description |
HI2 ASN.1 parameter |
|---|---|---|
|
Observed MSISDN |
Target Identifier with the MSISDN of the target. |
partyInformation (partyIdentity/msISDN) |
|
Observed A-MSISDN |
Target Identifier with A-MSISDN of the target |
partyInformation (partyIdentity/msISDN) |
|
Observed IMSI |
Target Identifier with the IMSI of the target. |
partyInformation (partyIdentity/imsi) |
|
Observed ME Id |
Target Identifier with the ME Id of the target. |
partyInformation (partyidentity/imei) |
|
Observed MN NAI |
Target Identifier with the NAI of the target. |
partyInformation (partyidentity/nai) |
|
Observed IMEI |
Target Identifier with IMEI of the target |
partyInformation (partyIdentity/imei) |
|
Observed External Identifier |
Target Identifier with External Identifier of the target used for IoT UE |
partyInformation (partyIdentity/extId) |
|
New observed MSISDN |
New target identifier with MSISDN of the target, when available |
partyInformation (partyIdentity/msISDN) |
|
New observed IMSI |
New target identifier with IMSI of the target, when available |
partyInformation (partyIdentity/imsi) |
|
New observed IMEI |
New target identifier with IMEI of the targert, when available |
partyInformation (partyIdentity/imei) |
|
Event type |
Description which type of event is delivered |
ePSevent |
|
Event date |
Date of the event generation in the node |
timestamp |
|
Event time |
Time of the event generation in the node |
|
|
Access point name |
When provided by the MME, the parameter carries the Access Point Name provided by the UE. When provided by the S-GW/PDN-GW, it is the APN used for the PDN connection |
aPN |
|
APN-AMBR |
Contains the Aggregate Maximum Bit Rate for the APN |
aPN-AMBR |
|
PDN type |
Indicated the used IP version (IPv4, Ipv6, Ipv4/Ipv6) |
pDNType |
|
PDN address allocation |
Provides the IP version (Ipv4, Ipv6, Ipv4/Ipv6) and the IP address(es) allocated for the UE. |
pDNAddressAllocation |
|
Protocol Configuration Options |
Are used to transfer parameters between the UE and the PDN-GW (e.g. address allocation preference by DHCP) |
protConfigOptions |
|
Attach type |
Indicates the type of attach and may carry indication of handover in case of mobility with non-3GPP access. |
attachType |
|
RAT type |
Radio Access Type |
rATType |
|
Initiator |
This field indicates whether the procedure is UE or network initiated. |
Initiator |
|
Handover indication |
Provides information that the procedure is triggered as part of a handover |
handoverIndication, extendedHandoverIndication |
|
Procedure Transaction Identifier |
Identifies a set of messages belonging to the same procedure; the parameter is dynamically allocated by the UE |
procedureTransactionId |
|
EPS bearer identity |
Identifies an EPS bearer for one UE accessing via E-UTRAN. It is allocated by the MME. |
ePSBearerIdentity |
|
Bearer activation/ deactivation type |
Indicates the type of bearer being activated/deactivated, i.e. default or dedicated. |
bearerActivationType, bearerDeactivationType |
|
Linked EPS bearer identity |
Indicates, in case of dedicated bearer, the EPS bearer identity of the default bearer. |
linkedEPSBearerId |
|
Switch off indicator |
Indicates whether a detach procedure is due to a switch off situation or not. |
detachType |
|
Detach type |
Parameter sent by the network to the UE to indicate the type of detach. |
detachType |
|
Traffic Flow Template (TFT) |
Collection of all packet filters associated with the EPS bearer. |
tFT |
|
Traffic Aggregate Description (TAD) |
Consists of the description of the packet filter(s) for the traffic flow aggregate. |
trafficAggregateDescription |
|
Correlation number |
Unique number for each target connection delivered to the LEMF, to help the LEA, to have a correlation between each target connection and the IRI. |
ePSCorrelationNumber |
|
Lawful interception identifier |
Unique number for each lawful authorization. |
lawfulInterceptionIdentifier |
|
Location information |
When authorized, this field provides the location information of the target that is present at the node at the time of event record production. |
ePSlocationOfTheTarget |
|
Time of Location |
Date/Time of location. The time when location was obtained by the location source node. |
ePSlocationOfTheTarget |
|
Additional Cell IDs |
The Secondary Cell (PSCell) groups of the target, if available. |
additionalCellIDs |
|
Old location information |
Location information of the target before Tracking Area Update. |
ePSlocationOfTheTarget |
|
Failure reason |
The reason for the failure or rejection of the Tracking Area Update |
failedTAUReason |
|
Failed bearer activation reason |
This field gives information about the reason for a failed bearer activation of the target. |
failedBearerActivationReason |
|
Failed attach reason |
This field gives information about the reason for a failed attach attempt of the target. |
failedEUTRANAttachreason, status, code (depending on the protocol) |
|
Session modification failure reason |
This field gives information about the reason for a failed session modification attempt of the target |
status |
|
EPS bearer QOS |
This field indicates the Quality of Service associated with the EPS bearer procedure. |
ePSBearerqOS |
|
Bearer deactivation reason |
This field gives information about the reason for bearer deactivation of the target. |
bearerDeactivationCause |
|
Network identifier |
Operator ID plus node address. |
networkIdentifier |
|
LogicalFunctionInformation |
Event source logical function identifier. |
logicalFunctionInformation |
|
Failed Bearer Modification reason |
The reason for failure of Bearer Modification |
failedBearerModReason |
|
ULI Timestamp |
Indicates the time when the User Location Information was acquired. |
uLITimestamp |
|
Lifetime |
Lifetime of the tunnel; it is set to a nonzero value in case of registration or lifetime extension; is set to zero in case of deregistration. |
Lifetime |
|
Access technology type |
Indicates the Radio Access Type |
accessTechnologyType |
|
UE address info |
Includes one or more IP addresses allocated to the UE. |
iPv6HomeNetworkPrefix, iPv4HomeAddress, iPv6careOfAddress, iPv4careOf Address |
|
Additional parameters |
Additional information provided by the UE, such as protocol configuration options |
protConfigurationOption |
|
Serving MME address |
Diameter Origin-Host and Origin-Realm of the serving MME or its IP address. |
servingMME-Address |
|
Revocation trigger |
Contains the reason which triggered a PDN-GW initiated PDN-disconnection (revocation) procedure. |
revocationTrigger |
|
Home Address |
Contains the UE Home IP address |
homeAddress |
|
Home Agent Address |
Contains the IP address of the Home Agent |
homeAgentAddress |
|
Requested Ipv6 Home Prefix |
The Ipv6 Home Prefix requested by the UE. |
requestedIPv6HomePrefix |
|
Care of Address |
The local IP address assigned to the UE by the Access Network. |
careOfAddress |
|
HSS/AAA address |
The address of the HSS/AAA triggering a pDN-GW reallocation. |
hSS-AAA-address |
|
Target PDN-GW address |
The address of the PDN-GW which the UE will be reallocated to. |
targetPDN-GW-Address |
|
Foreign domain address |
The relevant IP address in the foreign domain. |
foreignDomainAddress |
|
Visited network identifier |
An identifier that allows the home network to identify the visited network inside the EPS Serving System Update for non 3GPP access, coded according to TS 29.273 [53] |
visitedNetworkId |
|
DHCP v4 Address Allocation Indication |
Indicates that DHCPv4 is to be used to allocate the Ipv4 address to the UE |
dHCPv4AddressAllocationInd |
|
Serving Network |
Identifies, for E-UTRAN access, the serving network the UE is attached to |
servingNetwork |
|
Request type |
Provides the type of UE requested PDN connectivity |
requestType |
|
Failed reason |
Provides the failure cause for UE requested PDN connectivity |
uEReqPDNConnFailReason |
|
Destination IP address |
Identifies the destination IP address of a packet. |
destinationIPAddress |
|
Destination port number |
Identifies the destination port number of a packet |
destinationPortNumber |
|
Source IP address |
Identifies the source IP address of a packet. |
sourceIPAddress |
|
Source port number |
Identifies the source port number of a packet. |
sourcePortNumber |
|
Transport protocol |
Identifies the transport protocol (i.e., Protocol Field in Ipv4 or Next Header Field in Ipv6. |
transportProtocol |
|
Flow label |
The field in the Ipv6 header that is used by a source to label packets of a flow (see RFC 3697 [c]) |
flowLabel |
|
Packet count |
The number of packets detected and reported in a particular packet data summary report. |
packetCount |
|
Packet size |
The size of a packet (i.e., Total Length Field in Ipv4 [a] or Payload Length Field in Ipv6 [b]) |
packetsize |
|
Packet direction |
Identifies the direction of the intercepted packet (from target or to target) |
packetDirection |
|
Packet data header copy |
Provides a copy of the packet headers including IP layer and next layer, and extensions, but excluding content. |
packetDataHeaderCopy |
|
Summary period |
Provides the period of time during which the packets of the summary report were sent or received by the target. |
summaryPeriod |
|
Sum of packet sizes |
Sum of values in Total Length Fields in Ipv4 packets or Payload Length Field in Ipv6 packets. |
sumOfPacketSizes |
|
Packet data summary reason |
Provides the reason for a summary report. |
packetDataSummaryReason |
|
Packet data summary |
For each particular packet flow, identifies pertinent reporting information (e.g. source IP address, destination IP address, source port, destination port, transport protocol, packet count, time interval, sum of packet sizes) associated with the particular packet flow. |
packetDataSummary |
|
CSG Identity |
Uniquely identifies a CSG within a PLMN. |
csgIdentity |
|
HeNB Identity |
Identifies the HeNB providing access to a target UE. |
heNBIdentity |
|
HeNB IP address |
Identifies the IP Address associated with an HeNB providing access to a target UE. |
heNBiPAddress |
|
HeNB Location |
Identifies the location of an HeNB providing access to a target UE. |
heNBLocation |
|
Tunnel Protocol |
Identifies the tunnel protocol used to transport the signalling and communications between the HeNB and the EPC. |
tunnelProtocol |
|
UE Local IP address |
Identifies the UE local IP address (IP SEC terminal Point) observed by the ePDG and PDN-GW, based on local policy for Fixed Broadband access network interworking, in case the GTP based S2b interface TS 29.274 [46] is used. |
uELocalIPAddress |
|
UE UDP Port |
Identifies the UE UDP port (IP SEC terminal Point) reported on GTP based S2b interface TS 29.274 [46] if NAT is detected and local IP address is present for Fixed Broadband access network interworking. |
uEUdpPort |
|
Serving system identifier |
VPLMN ID of the serving system or of the third party network interworking, included in the Diameter AVP message with the HSS |
serving-System-Identifier |
|
Previous serving system identifier |
Previous VPLMN id of the target (Mobile Country Code and Mobile Network Country; defined in E212 [87]) ). |
Current-Previous-Systems/previous-Serving-System-Identifier |
|
Previous serving MME address |
Diameter Origin-Host and Origin-Realm of the previous serving MME. |
Current-Previous-Systems/previous-Serving-MME-Address |
|
Current visited Network Identifier |
An identifier that allows the home network to identify the current visited network (Mobile Country Code and Mobile Network Country defined in E212 [87] are included in this identifier) TS 29.273 [53]. |
Current-Previous-Systems/current-Serving-System-Identifier |
|
Current serving MME address |
Provide the previous Diameter Origin-Host and Origin-Realm of the previous current MME |
current-Previous-Systems/current-Serving-MME-Address |
|
Requesting network identifier |
The requesting network identifier PLMN id (Mobile Country Code and Mobile Network Country, |
Requesting-Network-Identifier |
|
Requesting node type |
Type of requesting node such as MSC, SMS Centre, GMLC, MME, SGSN. |
Requesting-Node-Type |
|
Other update |
Carrier specific information related to its implementation or subscription process on its HSS. Raw data will be provided. CSP will provide to LEMF elements to understand such data. |
carrierSpecificData |
|
WLAN location information |
Provides location information in form of TWAN identifier, if available at ePDG/PDN-GW, in case the GTP based s2b interface TS 29.274 [46] is used. |
tWANIdentifier |
|
WLAN location timestamp |
Provides location information timestamp in form of TWAN identifier timestamp, if available at ePDG/PDN-GW, in case the GTP based s2b interface TS 29.274 [46] is used. |
tWANIdentifierTimestamp |
|
ProSe Remote UE Ids |
The identities of the connected ProSe remote Ues when the ProSe UE-to-NW Relay performs a Tracking Area/EPS Location Update. |
proSeRemoteUEContextConnected, |
|
ProSe Remote UE IP info |
The IP address(es) of the connected ProSe Remote UE(s) when the ProSe UE-to-NW Relay performs a Tracking Area/EPS Location Update. |
proSeRemoteUEContextConnected |
|
LALS location information |
Location information provided by LALS. |
locationOfTheTarget |
|
Extended location parameters |
Additional location information and QoS information. |
extendedLocParameters |
|
LALS error code |
Positioning error identification code. |
locationErrorCode |
|
Changed (old/new) IMSI or MSISDN/ or IMEI |
Provides the identity changes in Subscriber Record Change Event. |
Change-Of-Target-Identity |
|
Secondary RAT Usage Indication |
Provides an indication that the SGW has received the Secondary RAT Usage Report (see 3GPP TS 37.340 [99]) from the MME. If such information is not available, it doesn’t mean that Secondary RAT was not used. |
secondaryRATUsageIndication |
|
SCEF-ID |
Identifies the SCEF to which the UE has connected. |
scefID |
|
NOTE: The Additional Cell IDs parameter is used to report a primary cell of a secondary cell group. The Location Information parameter is used to report the primary cell of a primary cell group. Within the event message tables in this clause, for short hand, the Location Information parameter indicates that the primary cell id of the primary cell group and if available the primary cell id of the secondary cell group is reported meaning that both of the aforementioned parameters are reported assuming the conditions for including them have been met. |
||
NOTE 2: LIID parameter has to be present in each record sent to the LEMF.
10.5.1 Events and information
10.5.1.0 Introduction
This clause describes the information sent from the Delivery Function (DF) to the Law Enforcement Monitoring Facility (LEMF) to support Lawfully Authorized Electronic Surveillance (LAES). The information is described as records and information carried by a record. This focus is on describing the information being transferred to the LEMF.
The IRI events and data are encoded into records as defined in the Table 10.5.1 Mapping between EPS Events and HI2 records type and Annex B.9 Intercept related information (HI2). IRI is described in terms of a ‘causing event’ and information associated with that event. Within each IRI Record there is a set of events and associated information elements to support the particular service.
The communication events described in Table 10.5.1: Mapping between EPS Events and HI2 record type and Table 10.5.2: Mapping between Events information and IRI information convey the basic information for reporting the disposition of a communication. This clause describes those events and supporting information.
Each record described in this clause consists of a set of parameters. Each parameter is either:
mandatory (M) – required for the record,
conditional (C) – required in situations where a condition is met (the condition is given in the Description), or
optional (O) – provided at the discretion of the implementation.
The information to be carried by each parameter is identified. Both optional and conditional parameters are considered to be OPTIONAL syntactically in ASN.1 Stage 3 descriptions. The Stage 2 inclusion takes precedence over Stage 3 syntax.
10.5.1.1 REPORT record information
The REPORT record is used to report non-communication related target actions (events) and for reporting unsuccessful packet-mode communication attempts. In addition, this record is also used to report some target actions which may trigger communication attempts or modifications of an existing communication, when the communication attempt or the change of the existing communication itself is reported separately. The REPORT records are also used to deliver the LALS reports.
The REPORT record shall be triggered when:
– the target’s UE performs an E-UTRAN attach procedure (successful or unsuccessful) including via a HeNB;
– the target’s UE performs an E-UTRAN detach procedure including via a HeNB;
– the target’s UE is unsuccessful at performing an EPS bearer activation procedure;
– the target’s UE performs an UE requested bearer resource modification;
– the target’s UE performs a tracking area/EPS location update;
– optionally when the target’s UE leaves the old MME;
– the target’s UE performs an UE requested PDN connectivity procedure;
– the target’s UE performs an UE requested PDN disconnection procedure;
– the target’s UE is unsuccessful at performing a PMIP attach/tunnel activation procedure;
– the target’s UE is unsuccessful at performing a MIP registration/tunnel activation procedure;
– the target’s UE is unsuccessful at performing a DSMIP registration/tunnel activation procedure;
– optionally when the target’s UE enters or leaves IA (FFS);
– the target’s UE is ordered by the network to perform an home agent switch;
– as a national option, a mobile terminal is authorized for service with another network operator or service provider; in that case, other related events are required as cancel location, register location, location information request from a third party’s node;
— as a national option, a REPORT record have to be generated when there is a HSS subscriber record change of IMSI or of MSISDN or IMEI triggered by a messages to or from the HSS;
– the interception of a target is started with E-UTRAN attached target. If there are more than one PDN connections then a REPORT record is generated per PDN connection.;
– packet data header reporting is performed on an individual intercepted packet basis and a packet is detected as it is sent or received by the target for an EPS bearer/session.;
– when packet data summary reporting is performed on an summary basis for an EPS bearer/session associated with a particular packet flow (defined as the combination of source IP address, destination IP address, source port, destination port, and protocol and for Ipv6 also include the flow label) and:
– the packet flow starts,
– an interim packet summary report is to be provided, or
– packet flow ends including the case where the EPS bearer/session is deactivated.
An interim packet summary report is triggered if:
– the expiration of a configurable Summary Timer per intercept occurs. The Summary Timer is configurable in units of seconds, or
– a per-intercept configurable count threshold is reached;
– when a LALS report is received from the LI LCS Client.
Packet Data Header Information is reported either on a per-packet (i.e., non-summarised) basis or in a summary report. These reports provide IRI associated with the packets detected. The packet data header information related REPORT record is used to convey packet header information during an active EPS bearer/session.
NOTE: In the case of IP Fragments, Packet Data Header Information on a 6-tuple basis may only be available on the first packet and subsequent packets may not include such information and therefore may not be reported.
Table 10.5.1.1.1: E-UTRAN Attach REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed ME Id |
||
|
event type |
C |
Provide E-UTRAN Attach event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Failed attach reason |
C |
Provide information about the reason for failed attach attempt of the target. |
|
PDN Type |
C |
Indicated the used IP version (Ipv4, Ipv6, Ipv4/Ipv6), including possible reason for modification by the network |
|
APN |
C |
Provides the Access Point Name |
|
Protocol Configuration Options |
C |
Provides information sent from the UE to the network |
|
Attach type |
C |
Provides the type of attach |
|
EPS bearer identity |
C |
When the attach is successful, provides the allocated EPS bearer identity. |
|
CSG Identity |
C |
Provide if closed/hybrid HeNB is used in the UE attachment to the network |
|
HeNB Identity |
C |
Provide information to identify the HeNB serving the target’s UE. |
|
HeNB IP address |
C |
Provide the IP Address of the HeNB serving the target’s UE used during location verification. |
|
HeNB Location |
C |
Provide, when authorized, to identify location information for the HeNB serving the target’s UE. |
|
Tunnel Protocol |
C |
Provide to identify the tunnel protocol used to transport the signalling and communications between the HeNB and the EPC. |
Table 10.5.1.1.2: E-UTRAN Detach REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed ME Id |
||
|
event type |
C |
Provide E-UTRAN Detach event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s MS, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Initiator |
C |
Provided to indicate whether the detach is UE or network initiated |
|
Switch off indicator |
C |
Provided to indicate whether the detach is due to a switch off |
|
Detach type |
C |
Sent by the network to the UE to indicate the type of detach |
|
CSG Identity |
C |
Provide if closed/hybrid HeNB is used in the UE detachment from the network |
|
HeNB Identity |
C |
Provide information to identify the HeNB serving the target’s UE. |
|
HeNB IP address |
C |
Provide the IP Address of the HeNB serving the target’s UE. |
|
HeNB Location |
C |
Provide, when authorized, to identify location information for the HeNB serving the target’s UE. |
Table 10.5.1.1.3: Bearer Activation (unsuccessful) REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
Observed ME Id |
||
|
PDN address allocation |
C |
Provides the PDN type and PDN address(es) used by the network. |
|
Event type |
C |
Provide EPS Bearer Activation event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
access point name |
C |
Provide to identify the packet data network to which the attempt to connect was made; this information may be provided by the UE; the parameter is applicable only for default bearer activation. |
|
RAT type |
C |
Provide the Radio Access Type used by the target. |
|
Initiator |
C |
Provide to indicate whether the EPS bearer activation is network-initiated, target-initiated, or not available. |
|
Network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Failed bearer activation reason |
C |
Provide information about the reason for failed bearer activation attempts of the target. |
|
EPS bearer QOS |
C |
Provide to identify the QOS parameters. The parameter carries the requested EPS bearer QOS. |
|
Bearer activation type |
C |
Provides information on default or dedicated bearer failed activation |
|
APN-AMBR |
C |
The Aggregate Maximum Bit Rate foreseen for the APN. The parameter carries the subscribed APN-AMBR. |
|
Protocol configuration options |
C |
Provide information about the protocol configuration options requested by the UE |
|
Procedure transaction identifier |
C |
Used to associate the EPS bearer activation attempt to other messages triggering the procedure. |
|
Linked EPS bearer identity |
C |
Provides, in case of failed dedicated bearer activation attempt, the EPS bearer id of the associated default bearer; not applicable in case of default bearer activation attempt. |
|
Traffic Flow Template TFT |
C |
The TFT associated to the dedicated bearer activation attempt; not applicable in case of default bearer activation attempt |
|
Handover indication |
C |
Provide information that the procedure is triggered as part of a handover |
|
UE Local IP Address |
C |
The UE local IP address reported over GTP based S2b interface TS 29.274 [46]. |
|
UE UDP Port |
C |
The UE UDP Port number provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location information |
C |
The TWAN identifier provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location timestamp |
C |
The TWAN identifier timestamp provided in case of GTP based S2b interface TS 29.274 [46]. |
Table 10.5.1.1.4: UE requested bearer resource modification REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
Observed ME Id |
||
|
event type |
C |
Provide UE requested bearer resource modification event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Failed bearer modification reason |
C |
Provide information about the reason for failed UE requested bearer resource modification. |
|
EPS bearer QOS |
C |
Provide to identify the QOS parameters. |
|
Procedure transaction identifier |
C |
Used to associate the UE requested bearer resource modification to other messages related to the procedure. |
|
Linked EPS bearer identity |
C |
Provides the EPS bearer id of the associated default bearer. |
|
EPS Bearer identity |
C |
Provides the EPS bearer id of the bearer which the request refers to. |
|
Traffic Aggregate Description |
C |
Description of the packet filter(s) for the traffic flow aggregate |
|
Protocol Configuration Options |
C |
Provide information about the protocol configuration options requested by the UE. |
Table 10.5.1.1.5: Tracking Area/EPS Location Update REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed ME Id |
||
|
event type |
C |
Provide Tracking Area/EPS Location Update event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s MS, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. This parameter, in case of inter-MME TAU, will be sent only by the new MME. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Old location information |
O |
Provide (only by the old MME), when authorized and if available, to identify the old location information for the target’s MS, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
ProSe Remote UE(s) IDs |
C |
Applicable in case the target UE is a ProSe UE-to-NW Relay. Provided if available. |
|
ProSe Remote UE(s) IP info |
C |
Applicable in case the target UE is a ProSe UE-to-NW Relay. Provided if available. |
|
Failure reason |
C |
Provide, in unsuccessful case, the reason for the failure or rejection of the network procedure. |
In case of inter-MME TAU, Tracking Area/EPS Location Update REPORT Record shall be sent in the following cases:
– when the target’s UE moves to the new MME.
– optionally when the target’s UE leaves the old MME.
In addition to the case of Tracking Area Update, a Tracking Area/EPS Location Update REPORT Record shall also be sent in the following cases:
– the target’s UE performs an UE triggered service request.
– the target’s UE is involved in an X2-based handover.
– the target’s UE is involved in a S1-based handover.
– an S1AP E-RAB MODIFICATION INDICATION message is received as a result of Dual Connectivity activation/release for the target’s UE (see TS 37.340 [99], clause 10).
Table 10.5.1.1.6: UE requested PDN connectivity REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed ME Id |
||
|
event type |
C |
Provide UE requested PDN connectivity event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
access point name |
C |
Provide to identify the packet data network to which the attempt to connect was made; this information may be provided by the UE (valid only for default bearer activation). |
|
Request type |
C |
Indicates the type of request, i.e. initial request or handover |
|
PDN type |
C |
Provide to describe the IP version requested by the target UE. |
|
Network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Failed reason |
C |
Provide information about the reason for failed procedure. |
|
Protocol configuration options |
C |
Provide information about the protocol configuration options requested by the UE |
|
EPS bearer identity |
C |
The identity of the allocated EPS bearer |
|
HeNB Identity |
C |
Provide information to identify the HeNB serving the target’s UE. |
|
HeNB IP address |
C |
Provide the IP Address of the HeNB serving the target’s UE. |
|
HeNB Location |
C |
Provide, when authorized, to identify location information for the HeNB serving the target’s UE. |
|
SCEF ID |
C |
Identifies the SCEF to which the UE has connected. |
Table 10.5.1.1.7: UE requested PDN disconnection REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed ME Id |
||
|
event type |
C |
Provide UE requested PDN disconnection event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Linked EPS bearer identity |
C |
The identity of the default EPS bearer associated with the PDN connection being disconnected. |
|
HeNB Identity |
C |
Provide information to identify the HeNB serving the target’s UE. |
|
HeNB IP address |
C |
Provide the IP Address of the HeNB serving the target’s UE. |
|
HeNB Location |
C |
Provide, when authorized, to identify location information for the HeNB serving the target’s UE. |
Table 10.5.1.1.7A: SCEF requested non-IP PDN disconnection REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed ME Id |
||
|
event type |
C |
Provide UE requested PDN disconnection event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE, including the primary cell ID from each of the Master Cell (Pcell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Linked EPS bearer identity |
C |
The identity of the default EPS bearer associated with the PDN connection being disconnected. |
Table 10.5.1.1.8: PMIP Attach/tunnel activation (unsuccessful) REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed MSISDN |
||
|
observed ME Id |
||
|
observed IMSI |
||
|
event type |
C |
Provide PMIP Attach/tunnel activation event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
Network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lifetime |
C |
The requested lifetime for the tunnel |
|
Access technology type |
C |
Provide the radio access type |
|
failed attach reason |
C |
Provide information about the reason for failed attach/tunnel activation attempt of the target. |
|
Handover indicator |
C |
Provide information that the procedure is triggered as part of the handover |
|
APN |
C |
Provide the Access Point Name |
|
UE address info |
C |
Includes one or more addresses allocated to the UE |
|
Additional parameters |
C |
Provide additional parameters sent by the UE. |
|
Serving Network |
C |
Provide to identify the serving network the UE is attached to in case of E-UTRAN access and PMIP based S5/S8 interfaces. |
|
DHCPv4 Address Allocation Indication |
C |
Indicates that DHCPv4 is to be used to allocate the Ipv4 address to the UE in case of E-UTRAN access and PMIP based S5/S8 interfaces |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
Table 10.5.1.1.9: MIP registration/tunnel activation (unsuccessful) REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide MIP registration/tunnel activation event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
Network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lifetime |
C |
The requested lifetime for the tunnel |
|
failed attach reason |
C |
Provide information about the reason for failed registration/tunnel activation attempt of the target. |
|
Home Address |
C |
Provide the UE Home IP Address |
|
Care of Address |
C |
The local IP address provided by the access network |
|
Home Agent Address |
C |
Provide the Home Agent address |
Table 10.5.1.1.10: DSMIP registration/tunnel activation (unsuccessful) REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available. |
|
Observed IMSI |
||
|
event type |
C |
Provide DSMIP registration/tunnel activation event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
Network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lifetime |
C |
The requested lifetime for the tunnel. |
|
Failed attach reason |
C |
Provide information about the reason for failed registration/tunnel activation attempt of the target. |
|
Requested Ipv6 Home Prefix |
C |
Provide the UE Ipv6 Home Prefix. |
|
Home address |
C |
Provide the assigned home address. |
|
APN |
C |
Provides the Access Point Name. |
|
Care of address |
C |
The local IP address provided by the access network. |
Table 10.5.1.1.11: DSMIP Home Agent Switch REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide DSMIP Home Agent Switch event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
Network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
HSS/AAA address |
C |
Provide the address of the HSS/AAA triggering the procedure |
|
Target PDN-GW address |
M |
Provide the address of the new PDN-GW |
Table 10.5.1.1.12: Serving Evolved Packet System REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
Observed IMSI |
||
|
observed ME Id |
||
|
observed External Identifier |
||
|
event type |
C |
Provide Serving Evolved Packet System event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Network identifier of the HSS reporting the event (Network element identifier included). |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
Serving MME address |
C |
Provide the Diameter Origin-Host and the Diameter Origin‑Realm of the serving MME (in case of E-UTRAN access), or IP address of the serving MME |
|
Visited Network Identifier |
C |
An identifier that allows the home network to identify the visited network (Mobile Country Code and Mobile Network Country defined in E.212 [87] are included in this identifier) TS 29.273 [53] |
Table 10.5.1.1.13: Start of interception with E-UTRAN attached UE REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed ME Id |
||
|
event type |
C |
Provide start of interception with PDN connection active |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE, including the primary cell ID from each of the Master Cell (PCell) and Secondary Cell (PSCell) groups of the target, if available. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
access point name |
C |
Provide to identify the packet data network to which the attempt to connect was made; this information may be provided by the UE (valid only for default bearer activation). |
|
PDN type |
C |
Provide to describe the IP version requested by the target UE. |
|
EPS bearer identity |
C |
The identity of the default EPS bearer |
|
lawful intercept identifier |
M |
Shall be provided. |
|
CSG Identity |
C |
Provide if closed/hybrid HeNB is used in the UE attachment to the network |
|
HeNB Identity |
C |
Provide information to identify the HeNB serving the target’s UE. |
|
HeNB IP address |
C |
Provide the IP Address of the HeNB serving the target’s UE. |
|
HeNB Location |
C |
Provide, when authorized, to identify location information for the HeNB serving the target’s UE. |
|
Tunnel Protocol |
C |
Provide to identify the tunnel protocol used to transport the signalling and communications between the HeNB and the EPC. |
|
SCEF ID |
C |
Identifies the SCEF to which the UE has connected. |
When the ICE (i.e. S-GW, PDN-GW) is not aware of the activation of multiple lawfully authorized intercepts when UE is already attached to the E-UTRAN, the MF/DF shall generate the Start of Interception with E-UTRAN attached UE REPORT record on its own using information that it has retained.
The DF2 shall not send the Start of Interception with E-UTRAN attached UE REPORT record to the LEMFs that were already intercepting the target due previous LI activation on the same target.
Table 10.5.1.1.14: Packet Data Header Information REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ME Id |
||
|
event type |
C |
Provide Packet Data Header Information event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
initiator |
C |
Provide to indicate whether the EPS bearer modification is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
EPS bearer id |
C |
Provides the EPS bearer id allocated by the network. |
|
Handover indication |
C |
Provide information that the procedure is triggered as part of a handover. |
|
Correlation number |
M |
Provide to uniquely identify the EPS bearer/tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
lifetime |
C |
The lifetime for the tunnel |
|
Requested IPv6 Home Prefix |
C |
Provide the UE IPv6 Home Prefix |
|
Home address |
C |
Provide the assigned home address |
|
APN |
C |
Provides the Access Point Name |
|
Care of address |
C |
The IP address provided by the access network |
|
packet data header information |
M |
Shall be provided to identify the packet header information to be reported on a per-packet basis as defined in Table 10.5.1.1.15 or on a summary basis. For summary reporting includes one or more packet flow summaries where each packet flow summary is associated with a particular packet flow as defined in Table 10.5.1.1.16. |
Table 10.5.1.1.15: Contents of a per-packet packet data header information parameter
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Source IP address |
C |
Provide when mapping packet header information to identify the source IP address for a particular packet flow. |
|
Source port number |
C |
Provide when mapping packet header information to report the source port number for a particular packet flow when the transport protocol supports port numbers. |
|
Destination IP address |
C |
Provide when mapping packet header information to Identify the destination IP address for a particular packet flow. |
|
Destination port number |
C |
Provide when mapping packet header information to report the destination port number for a particular packet flow when the transport protocol supports port numbers. |
|
Transport protocol |
C |
Provide when mapping packet header information to identify the transport protocol (e.g. TCP) for a particular packet flow. |
|
Flow label |
C |
Provide when mapping packet header information for Ipv6 only for a particular packet flow. |
|
Direction |
M |
Shall be provided. Identifies the direction of the packet (from target or to target). |
|
Packet size |
C |
Provide when mapping packet header information to convey the value contained in Total Length Fields of the Ipv4 packets or the value contained in the Payload Length fields of the Ipv6 packets. |
|
Packet data header copy |
C |
Provide when reporting a copy of the entire packet header information rather than mapping individual information and so it is alternative to the individual information. |
Table 10.5.1.1.16: Contents of a single summary flow packet data header information parameter
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
Source IP address |
M |
Shall be provided. Identifies the source IP address for a particular packet flow. |
|
Source port number |
C |
Provide to report the source port number for a particular packet flow when the transport protocol supports port numbers. |
|
Destination IP address |
M |
Shall be provided. Identifies the destination IP address for a particular packet flow. |
|
Destination port number |
C |
Provide to report the destination port number for a particular packet flow when the transport protocol supports port numbers. |
|
Transport protocol |
M |
Identifies the transport protocol (e.g. TCP) for a particular packet flow. |
|
Flow label |
C |
Provide for Ipv6 only for a particular packet flow. |
|
Summary period |
M |
Provides the period of time during which the packets of a particular packet flow of the summary report were sent or received by the target and defined by specifying the time when the first packet and the last packet of the reporting period were detected. |
|
Packet count |
M |
Provides the number of packets detected for a particular packet flow. |
|
Sum of packet sizes |
M |
Provides the sum of values contained in Total Length Fields of the Ipv4 packets or the sum of the values contained in the Payload Length fields of the Ipv6 packets. |
|
Packet data summary reason |
M |
Provides the reason for the report being delivered to the LEMF (i.e. timeout, count limit, end of session). |
Table 10.5.1.1.17: HSS subscriber record change REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
new observed MSISDN or A-MSISDN |
C |
Provide at least one and others when available. |
|
new observed IMSI |
||
|
new observed External Identifier |
||
|
new observed IMEI |
||
|
observed MSISDN or A-MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
observed External Identifier |
||
|
observed IMEI |
||
|
event type |
C |
Provide HSS subscriber record change event type. |
|
Event date |
M |
Provide the date and time the event is detected. |
|
Event time |
||
|
network identifier |
M |
Network identifier of the HSS reporting the event (Network element identifier included). |
|
Lawful intercept identifier |
M |
Shall be provided. |
|
changed (old/new) IMSI or MSISDN or IMEI or External Identifier) |
M |
Indicates what was changed (old/new MSISDN, old/new A-MSISDN, old/new IMSI or old/new IMEI) |
|
carrier Specific Data |
C |
Provide to raw data of this specific update. |
Table 10.5.1.1.18: Cancel location REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed External Identifier |
||
|
observed IMSI |
||
|
event type |
C |
Provide cancel Location change event type. (purge from HLR sent to SGSN included). |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Network identifier of the HSS reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
previous serving system identifier |
C |
Provide the previous VPLMN id (Mobile Country Code and Mobile Network Country, defined in E.212 [87]). |
|
previous serving MME Identifier |
C |
An identifier that allows the home network to identify the previous visited MME, such as its IP address or its Diameter Origin Host and Origin Realm. |
Table 10.5.1.1.19: Register location REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
event type |
C |
Provide register location event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Network identifier of the HSS reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
previous serving MME identifier |
C |
An identifier that qualify the serving MME, such as its IP address or its Diameter Origin Host and Origin Realm. |
|
current serving MME Identifier |
C |
An identifier that qualify the serving MME, such as its IP address or its Diameter Origin Host and Origin Realm. |
Table 10.5.1.1.20: Location information request REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
event type |
C |
Provide location information request event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Network identifier of the HSS reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
requesting network identifier |
C |
Provide the requesting network identifier PLMN id (Mobile Country Code and Mobile Network Country, defined in E.212 [87], TS 23.003 [25] included in the Diameter routing AVPs Origin-Realm and Origin-Host from the requesting node or proxy) |
|
requesting node type |
C |
Provide the requesting node type that may be based from the Diameter routing AVPs Origin-Realm and Origin-Host from the requesting node or proxy, such as Diameter Name and Realm Identifier of a MSC Server; a SMS Centre; a GMLC, a MME, a SGSN. |
Table 10.5.1.1.21: LALS Target Positioning REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ME id |
||
|
event date |
M |
Shall provide the date and time the report is created. |
|
event time |
||
|
network identifier |
M |
Network identifier of the LI LCS Client (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide the LALS location information, if the positioning is successful |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
extended location parameters |
O |
If available, additional location information and associated QoS information. |
|
LALS error code |
C |
Provide the error identification code if the positioning is not successful. |
Table 10.5.1.1.22: LALS Enhanced Location for IRI REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event date |
M |
Provide the date and time the LCS Report is available at LI LCS Client. |
|
event time |
||
|
network identifier |
M |
Network identifier of the LI LCS Client (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
C |
Provided for correlation with the IRI records of the call, if available in the corresponding LALS triggering event. |
|
location information |
C |
Provide the LALS location information, if the positioning is successful. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
extended location parameters |
O |
If available, additional location information and associated QoS information. |
|
LALS error code |
C |
Provide the error identification code if the positioning is not successful. |
NOTE 1: See the TS 33.107 [19] for a detailed description of LALS. See Annex O for information on using of the EPS ASN.1 information object for the LALS reporting.
NOTE 2: In some specific scenarios the amount of Enhanced Location for IRI reports data may overload the X2 and/or HI2 interfaces. To prevent the overload, a flow control for Enhanced Location for IRI Reports may be implemented, e.g. by limiting the frequency of the reports for individual target.
10.5.1.2 BEGIN record information
The BEGIN record is used to convey the first event of EPS communication interception.
The BEGIN record shall be triggered in the following cases:
– successful EPS bearer activation or tunnel establishment;
– the interception of a target’s communications is started and at least one EPS bearer or tunnel is active. In this case, some of the parameters, available at EPS bearer or tunnel activation may be not available any longer at the node. It is not required to store these parameters at the node to be used just in case of LI activation at later stage. If more than one EPS bearer or tunnel is active, a BEGIN record shall be generated for each EPS bearer or tunnel that is active;
– during the S-GW relocation, when there is a change in the PLMN or when the information about the change in the PLMN is not available at the DF/MF;
– the target entered an interception area and has at least one EPS bearer/tunnel active (FFS).
Table 10.5.1.2.1: Bearer Activation (successful) and Start of Interception
with active bearer BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ME Id |
||
|
event type |
C |
Provide, depending on the reported event, Bearer activation or Start of interception with active bearer event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
access point name |
C |
Provide to identify the packet data network to which the connection is made (valid only for default bearer activation). |
|
PDN address allocation |
C |
Provides the PDN type and PDN address(es) used by the network. |
|
initiator |
C |
Provide to indicate whether the EPS bearer activation is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
EPS bearer QOS |
C |
Provide to identify the QOS parameters. It carries the EPS bearer QOS associated to the established bearer. |
|
Bearer activation type |
C |
Provides information on default or dedicated bearer activation. |
|
APN-AMBR |
C |
The Aggregate Maximum Bit Rate foreseen for the APN. The parameter carries the APN-AMBR used for the established bearer |
|
Protocol configuration options |
C |
Provide information about the protocol configuration options requested by the UE. |
|
Procedure transaction identifier |
C |
Used to associate the EPS bearer activation to other messages triggering the procedure. |
|
EPS bearer id |
C |
Provides the EPS bearer id allocated by the network. |
|
Linked EPS bearer identity |
C |
Provides, in case of dedicated bearer activation, the EPS bearer id of the associated default bearer; not applicable in case of default bearer activation. |
|
Traffic Flow Template(s) TFT |
C |
The TFT associated to the dedicated bearer activation; not applicable in case of default bearer activation. |
|
Handover indication |
C |
Provide information that the procedure is triggered as part of a handover. |
|
RAT type |
C |
The Radio Access Type used by the target subscriber (only applicable to default bearer activation). |
|
Correlation number |
M |
Shall be provided to uniquely identify the EPS bearer delivered to the LEMF and to correlate IRI records with CC. |
|
UE Local IP Address |
C |
The UE local IP address reported over GTP based S2b interface TS 29.274 [46]. |
|
UE UDP Port |
C |
The UE UDP Port provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location information |
C |
The TWAN identifier provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location timestamp |
C |
The TWAN identifier timestamp provided in case of GTP based S2b interface TS 29.274 [46]. |
Table 10.5.1.2.2: PMIP Attach/tunnel activation (successful) and
Start of Interception with active PMIP tunnel BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed MSISDN |
||
|
Observed ME Id |
||
|
observed IMSI |
||
|
event type |
C |
Provide, depending on the reported event, PMIP Attach/tunnel activation or Start of interception with active PMIP tunnel event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lifetime |
C |
The lifetime for the tunnel |
|
Access technology type |
C |
Provide the radio access type |
|
Handover indicator |
C |
Provide information that the procedure is triggered as part of the handover |
|
APN |
C |
Provides the Access Point Name |
|
UE address info |
C |
Includes one or more addresses allocated to the UE |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
Serving Network |
C |
Provide to identify the serving network the UE is attached to in case of E-UTRAN access and PMIP based S5/S8 interfaces. |
|
DHCPv5 Address Allocation Indication |
C |
Indicates that DHCPv5 is to be used to allocate the IPv4 address to the UE in case of E-UTRAN access and PMIP based S5/S8 interfaces. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
Table 10.5.1.2.3: MIP registration/tunnel activation (successful) and
Start of Interception with active MIP tunnel BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide, depending on the reported event, MIP registration/tunnel activation or Start of interception with active MIP tunnel event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lifetime |
C |
The lifetime for the tunnel. |
|
Home Address |
C |
Provide the UE Home IP Address. |
|
Care of address |
C |
The IP address provided by the access network. |
|
Home Agent Address |
C |
Provide the Home Agent address |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
APN |
C |
Provides the Access Point Name |
Table 10.5.1.2.4: DSMIP registration/tunnel activation (successful) and
Start of Interception with active DSMIP tunnel BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide, depending on the reported event, DSMIP registration/tunnel activation or Start of interception with active DSMIP tunnel event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
lifetime |
C |
The lifetime for the tunnel |
|
Requested IPv6 Home Prefix |
C |
Provide the UE IPv6 Home Prefix |
|
Home address |
C |
Provide the assigned home address |
|
APN |
C |
Provides the Access Point Name |
|
Care of address |
C |
The IP address provided by the access network |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
When the ICE (e.g. S-GW, PDN-GW) is not aware of the activation of multiple lawfully authorized interception a target with active bearer or with active PMIP/MIP/DSMIP tunnel, the MF/DF shall generate the BEGIN record on its own using information that it has retained.
When the BEGIN-record is used to convey the start of interception with active bearer, or active PMIP tunnel, or active MIP tunnel, or active DSMIP tunnel, the DF2 shall not send the BEGIN record to the LEMFs that were already intercepting the target due previous LI activation on the same target.
10.5.1.3 CONTINUE record information
The CONTINUE record is used to convey events during an active EPS bearer/tunnel.
The CONTINUE record shall be triggered in the following cases:
– An active EPS bearer/session is modified.
– During the S-GW relocation, when target has got at least one EPS bearer/tunnel active, the PLMN does not change and the triggering event information is available at the DF/MF.
NOTE: This scenario does not apply to DSMIP and MIP protocol cases.
– In case of handover between different accesses when GTP based messages are intercepted. In this case, the RAT type indicates the new access after the handover.
In order to enable the LEMF to correlate the information on HI3, a new correlation number shall not be generated within a CONTINUE record.
Table 10.5.1.3.1: Bearer Modification CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ME Id |
||
|
event type |
C |
Provide Bearer modification event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
initiator |
C |
Provide to indicate whether the EPS bearer modification is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
EPS bearer QOS |
C |
Provide to identify the QOS parameters. |
|
APN-AMBR |
C |
The Aggregate Maximum Bit Rate for the APN. |
|
Procedure transaction identifier |
C |
Used to associate the EPS bearer modification to other messages triggering the procedure. |
|
EPS bearer id |
C |
Provides the EPS bearer id allocated by the network. |
|
Traffic Flow Template(s) TFT |
C |
The TFT associated to the EPS bearer modification; |
|
RAT type |
C |
The Radio Access Type used by the target. |
|
APN-AMBR |
C |
The Aggregate Maximum Bit Rate foreseen for the APN. |
|
Handover indication |
C |
Provide information that the procedure is triggered as part of a handover. |
|
Correlation number |
M |
Shall be provided to uniquely identify the EPS bearer delivered to the LEMF and to correlate IRI records with CC. |
|
Failed bearer modification reason |
C |
Provide information about the reason for failed bearer modification |
|
UE Local IP Address |
C |
The UE local IP address reported over GTP based S2b interface TS 29.274 [46]. |
|
UE UDP Port |
C |
The UE UDP Port provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location information |
C |
The TWAN identifier provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location timestamp |
C |
The TWAN identifier timestamp provided in case of GTP based S2b interface TS 29.274 [46]. |
|
Secondary RAT Usage Indication |
O |
The Secondary RAT Usage Indication (see TS 37.340 [99]). |
Table 10.5.1.3.2: Start of Interception with active bearer CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ME Id |
||
|
event type |
C |
Provide Start of interception with active bearer event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
access point name |
C |
Provide to identify the packet data network to which the connection is made (valid only for default bearer). |
|
PDN address allocation |
C |
Provides the PDN type and PDN address(es) used by the network. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
EPS bearer QOS |
C |
Provide to identify the QOS parameters. |
|
Bearer activation type |
C |
Provides information on default or dedicated bearer. |
|
APN-AMBR |
C |
The Aggregate Maximum Bit Rate foreseen for the APN. |
|
Protocol configuration options |
C |
Provide, if available, information about the protocol configuration options requested by the UE (valid only for default bearer). |
|
Procedure transaction identifier |
C |
Used, if available, to associate the EPS bearer to other messages triggering the previous bearer activation. |
|
EPS bearer id |
C |
Provides the EPS bearer id allocated by the network. |
|
Linked EPS bearer identity |
C |
Provides, in case of dedicated bearer, the EPS bearer id of the associated default bearer; not applicable in case of default bearer. |
|
Traffic Flow Template(s) TFT |
C |
The TFT associated to the dedicated bearer; not applicable in case of default bearer. |
|
Handover indication |
C |
Provide information that the procedure is triggered as part of a handover. |
|
RAT type |
C |
The Radio Access Type used by the target (only applicable to default bearer). |
|
Correlation number |
M |
Shall be provided to uniquely identify the EPS bearer delivered to the LEMF and to correlate IRI records with CC. |
Table 10.5.1.3.3: Start of Interception with active PMIP tunnel CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed MSISDN |
||
|
observed ME Id |
||
|
observed IMSI |
||
|
event type |
C |
Provide Start of interception with active PMIP tunnel event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lifetime |
C |
The lifetime for the tunnel |
|
Access technology type |
C |
Provide the radio access type |
|
Handover indicator |
C |
Provide information that the procedure is triggered as part of the handover |
|
APN |
C |
Provides the Access Point Name |
|
UE address info |
C |
Includes one or more addresses allocated to the UE |
|
Additional parameters |
C |
Provide additional parameters sent by the UE. |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
Serving Network |
C |
Provide to identify the serving network the UE is attached to in case of E-UTRAN access and PMIP based S5/S8 interfaces. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
Table 10.5.1.3.4: PMIP session modification CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed MSISDN |
||
|
observed ME Id |
||
|
observed IMSI |
||
|
event type |
C |
Provide PMIP session modification. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Lifetime |
C |
The lifetime for the tunnel |
|
Access technology type |
C |
Provide the radio access type |
|
Handover indicator |
C |
Provide information that the procedure is triggered as part of the handover |
|
APN |
C |
Provides the Access Point Name |
|
UE address info |
C |
Includes one or more addresses allocated to the UE |
|
Additional parameters |
C |
Provide additional parameters sent by the UE. |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
Serving Network |
C |
Provide to identify the serving network the UE is attached to |
|
DHCPv4 Address Allocation Indication |
C |
Indicates that DHCPv4 is to be used to allocate the IPv4 address to the UE |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
Table 10.5.1.3.5: DSMIP session modification CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide DSMIP session modification. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
lifetime |
C |
The lifetime for the tunnel |
|
Requested IPv6 Home Prefix |
C |
Provide the UE IPv6 Home Prefix |
|
Home address |
C |
Provide the assigned home address |
|
APN |
C |
Provides the Access Point Name |
|
Care of address |
C |
The IP address provided by the access network |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
Session modification failure reason |
C |
Provides the reason for failure |
10.5.1.4 END record information
The END record is used to convey the last event of EPS communication.
The END record shall be triggered in the following cases:
– EPS bearer deactivation;
– Tunnel deactivation;
– Resource allocation deactivation.
Table 10.5.1.4.1: Bearer Deactivation END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed ME Id |
||
|
event type |
C |
Provide Bearer Deactivation event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
initiator |
C |
Provide to indicate whether the EPS deactivation is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
correlation number |
M |
Shall be provided to uniquely identify the PDP context delivered to the LEM and to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
|
Bearer deactivation type |
C |
Provides information on default or dedicated bearer deactivation. |
|
Bearer deactivation cause |
C |
Provide to indicate reason for deactivation. |
|
EPS bearer id |
O |
Provides the identity of the deactivated bearer. |
|
Procedure Transaction Identifier |
C |
Used to associate the EPS bearer deactivation to other messages triggering the procedure. |
|
ULI Timestamp |
O |
Indicates the time when the User Location Information was acquired. |
|
UE Local IP Address |
C |
The UE local IP address reported over GTP based S2b interface TS 29.274 [46]. |
|
UE UDP Port |
C |
The UE UDP Port provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location information |
C |
The TWAN identifier provided in case of GTP based S2b interface TS 29.274 [46]. |
|
WLAN location timestamp |
C |
The TWAN identifier timestamp provided in case of GTP based S2b interface TS 29.274 [46]. |
|
Secondary RAT Usage Information |
O |
Secondary RAT Usage Information (see TS 37.340 [99]). |
Table 10.5.1.4.2: PMIP Detach/tunnel deactivation END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed MSISDN |
||
|
observed ME Id |
||
|
observed IMSI |
||
|
event type |
C |
Provide PMIP Detach/tunnel deactivation event type |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
APN |
C |
The access point name |
|
Initiator |
C |
Provide to indicate whether the tunnel deactivation is network-initiated, target-initiated |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
Table 10.5.1.4.3: MIP deregistration/tunnel deactivation END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide MIP deregistration/tunnel deactivation. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Home Agent address |
C |
Provide the Home Agent address |
|
Home Address |
C |
Provide the UE Home IP Address |
|
Care of address |
C |
The local IP address provided by the access network. |
|
Initiator |
C |
Provide to indicate whether the tunnel deactivation is network-initiated, target-initiated |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
Table 10.5.1.4.4: DSMIP deregistration/tunnel deactivation END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide DSMIP deregistration/tunnel deactivation. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Home address |
C |
Provide the IPv6 home address |
|
Care of Address |
C |
The IP address provided by the access network |
|
Initiator |
C |
Provide to indicate whether the tunnel deactivation is network-initiated, target-initiated |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
Table 10.5.1.4.5: PMIP Resource Allocation Deactivation END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed MSISDN |
||
|
observed ME Id |
||
|
observed IMSI |
||
|
event type |
C |
Provide PMIP Resource Allocation Deactivation event type |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Revocation trigger |
C |
Provide the cause for the revocation procedure |
|
UE Address Info |
C |
Includes one or more addresses allocated to the UE (i.e. UE PMIP tunnel information) |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
Table 10.5.1.4.6: PMIP PDN-GW initiated PDN disconnection END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed MSISDN |
||
|
observed ME Id |
||
|
observed IMSI |
||
|
event type |
C |
Provide PMIP PDN-GW initiated PDN disconnection event type |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Revocation trigger |
C |
Provide the cause for the revocation procedure |
|
PDN address(es) |
C |
Provide the PDN address(es) for which the disconnection is done |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
|
Location information |
C |
Provide, when authorized, to identify location information for the target’s UE. |
|
Time of Location |
C |
Date/Time of Location (if target location provided). |
Table 10.5.1.4.7: MIP Resource Allocation Deactivation END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MN NAI |
C |
Provide at least one and others when available |
|
observed IMSI |
||
|
event type |
C |
Provide MIP deregistration/tunnel deactivation. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
lawful intercept identifier |
M |
Shall be provided. |
|
network identifier |
M |
Shall be provided. |
|
logicalFunctionInformation |
O |
Used to distinguish between multiple logical functions operating in a single physical network element. |
|
Revocation trigger |
C |
Provide the cause for the revocation procedure |
|
Home Address |
C |
Provide the UE Home IP Address |
|
Foreign domain address |
C |
The relevant IP address in the foreign domain. |
|
Correlation number |
M |
Shall be provided to uniquely identify tunnel delivered to the LEMF and to correlate IRI records with CC. |
10.6 IRI reporting for evolved packet domain at PDN-GW
Interception in the PDN-GW is a national option. However, in certain scenarios the PDN-GW is the only ICE in the 3GPP network where interception in the PLMN accessed by the target can be performed (i.e., for trusted non-3GPP access, the HPLMN in case of non roaming and the VPLMN in case of roaming with local breakout).
As a national option, in the case where the PDN-GW is reporting IRI for a target, the target is handed off to another S-GW and the same PDN-GW continues to handle the content of communications subject to roaming agreements, the PDN-GW shall continue to report the IRIs.
NOTE: In some situation (e.g. during activation of second, third, etc, intercepts on the target), the MF/DF may have to detect on its own that an interception is activated on a target with active bearer or with active PMIP/MIP/DSMIP tunnel.
10.7 Content of communication interception for evolved packet domain at PDN-GW
Interception in the PDN-GW is a national option. However, in certain scenarios the PDN-GW is the only ICE in the 3GPP network where interception in the PLMN accessed by the target can be performed (i.e., for trusted non-3GPP access, the HPLMN in case of non roaming and the VPLMN in case of roaming with local breakout).
As a national option, in the case where the PDN-GW is performing interception of the content of communications, the target is handed off to another S-GW and the same PDN-GW continues to handle the content of communications subject to roaming agreements, the PDN-GW shall continue to perform the interception of the content of communication.