6 Packet data domain
33.1083G Security3GPPHandover interface for Lawful Interception (LI)Release 17TS
6.1 Identifiers
6.1.0 Introduction
Specific identifiers are necessary to identify a target for interception uniquely and to correlate between the data, which is conveyed over the different handover interfaces (HI2 and HI3). The identifiers are defined in the subsequent subclauses of 6.1.
For the delivery of CC and IRI the SGSN or GGSN provide correlation numbers and target identities to the HI2 and HI3. The correlation number is unique per PDP context and is used to correlate CC with IRI and the different IRI’s of one PDP context. When the SGSN connects an UE to a S-GW through the S4 interface (TS 23.060 [42], see also NOTE) for a specific communication, the SGSN is not required to provide CC, IRIs for the PDP context associated with CC and correlation for that communication.
NOTE: The S4 is an intra-PLMN reference point between the SGSN and the S-GW.
6.1.1 Lawful interception identifier
For each target identity related to an interception measure, the authorized operator (NO/AN/SP) shall assign a special Lawful Interception Identifier (LIID), which has been agreed between the LEA and the operator (NO/AN/SP).
Using an indirect identification, pointing to a target identity makes it easier to keep the knowledge about a specific target limited within the authorized operator (NO/AN/SP) and the handling agents at the LEA.
The LIID is a component of the CC delivery procedure and of the IRI records. It shall be used within any information exchanged at the handover interfaces HI2 and HI3 for identification and correlation purposes.
The LIID format shall consist of alphanumeric characters. It might for example, among other information, contain a lawful authorization reference number, and the date, when the lawful authorization was issued.
The authorized operator (NO/AN/SP) shall either enter a unique LIID for each target identity of the target or a single LIID for multiple target identities all pertaining to the same target.
If more than one LEA intercepts the same target identity, there shall be unique LIIDs assigned relating to each LEA.
6.1.2 Network identifier
The network identifier (NID) is a mandatory parameter; it should be internationally unique. It consists of the following two identifiers.
1) Operator- (NO/AN/SP) identifier (mandatory):
Unique identification of network operator, access network provider or service provider.
2) Network element identifier NEID (optional):
The purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc.
A network element identifier may be an IP address or other identifier. For GSM and UMTS systems deployed in the U.S., the network element identifier is required.
A network element identifier may be an IP address or other identifier. National regulations may mandate the sending of the NEID.
6.1.3 Correlation number
The Correlation Number is unique per PDP context and used for the following purposes:
– correlate CC with IRI;
– correlate different IRI records within one PDP context;
– correlate LALS reports with the IRI records of the triggering events.
As an example, in the UMTS system, the Correlation Number may be the combination of GGSN address and charging ID.
NOTE: The Correlation Number is at a minimum unique for each concurrent communication (e.g. PDP context) of a target within a lawful authorization.
6.2 Timing and quality
6.2.1 Timing
As a general principle, within a telecommunication system, IRI, if buffered, should be buffered for as short a time as possible.
NOTE: If the transmission of IRI fails, it may be buffered or lost.
Subject to national requirements, the following timing requirements shall be supported:
– Each IRI data record shall be sent by the delivery function to the LEMF over the HI2 within seconds of the detection of the triggering event by the IAP at least 95% of the time;
– Each IRI data record shall contain a time-stamp, based on the intercepting nodes clock that is generated following the detection of the IRI triggering event. The timestamp precision should be at least 1 second (ETSI TS 101 671 [24]). Defining the required precision of an IRI timestamp however is subject to national requirements.
6.2.2 Quality
The quality of service associated with the result of interception should be (at least) equal to the quality of service of the original content of communication. This may be derived from the QoS class used for the original intercepted session, TS 23.107 [20]. However, when TCP is used as an OSI layer 4 protocol across the HI3, real time delivery of the result of the interception cannot be guaranteed. The QoS used from the operator (NO/AN/SP) to the LEMF is determined by what operators (NO?AN?SP) and law enforcement agree upon.
6.2.3 Void
(Void)
6.3 Security aspects
Security is defined by national requirements.
6.4 Quantitative aspects
The number of target interceptions supported is a national requirement.
The area of Quantitative Aspects addresses the ability to perform multiple, simultaneous interceptions within a provider’s network and at each of the relevant intercept access points within the network. Specifics related to this topic include:
– The ability to access and monitor all simultaneous communications originated, received, or redirected by the target;
– The ability for multiple LEAs (up to five) to monitor, simultaneously, the same target while maintaining unobtrusiveness, including between agencies;
– The ability of the network to simultaneously support a number of separate (i.e. multiple targets) legally authorized interceptions within its service area(s), including different levels of authorization for each interception, including between agencies (i.e. IRI only, or IRI and communication content).
6.5 IRI for packet domain
6.5.0 Introduction
The IRI will in principle be available in the following phases of a data transmission:
1. At connection attempt when the target identity becomes active, at which time packet transmission may or may not occur (set up of a data context, target may be the originating or terminating party);
2. At the end of a connection, when the target identity becomes inactive (removal of a data context);
3. At certain times when relevant information are available.
In addition, information on non-transmission related actions of a target constitute IRI and is sent via HI2, e.g. information on subscriber controlled input.
The IRI may be subdivided into the following categories:
1. Control information for HI2 (e.g. correlation information);
2. Basic data context information, for standard data transmission between two parties.
The events defined in TS 33.107 [19] are used to generate records for the delivery via HI2.
Unless otherwise noted, the following terminology applies to both GPRS and 3G GSN nodes:
GPRS attach – also applies to Mobile Station attach
GPRS detach – also applies to Mobile Station detach
gPRSEvent – also applies to PDP Context events and Mobile Station events
gPRSCorrelationNumber – also applies to PDP Context Correlation
gPRSOperationErrorCode – also applies to PDP Context Operation Error Codes
There are several different event types received at DF2 level. According to each event, a Record is sent to the LEMF if this is required. In the case of LALS reports, which are not associated with an event, a Record is sent to the LEMF without the event parameter.
The following table gives the mapping between event type received at DF2 level and record type sent to the LEMF.
Table 6.1: Mapping between UMTS Data Events and HI2 records type
|
Event |
IRI Record Type |
|
GPRS attach |
REPORT |
|
GPRS detach |
REPORT |
|
PDP context activation (successful) |
BEGIN |
|
PDP context modification |
CONTINUE |
|
PDP context activation (unsuccessful) |
REPORT |
|
Start of interception with mobile station attached (national option) |
REPORT |
|
Start of interception with PDP context active |
BEGIN or optionally CONTINUE |
|
PDP context deactivation |
END |
|
Location update |
REPORT |
|
SMS |
REPORT |
|
ServingSystem |
REPORT |
|
Packet Data Header Information |
REPORT |
|
HLR subscriber record change |
REPORT |
|
Cancel location |
REPORT |
|
Register location |
REPORT |
|
Location information request |
REPORT |
The UMTS PS LALS reports are sent to the LEMF in the REPORT IRI records.
A set of information is used to generate the records. The records used transmit the information from mediation function to LEMF. This set of information can be extended in the GSN or DF2 MF, if this is necessary in a specific country. The following table gives the mapping between information received per event and information sent in records.
Table 6.2: Mapping between Events information and IRI information
|
parameter |
description |
HI2 ASN.1 parameter |
|---|---|---|
|
Observed MSISDN |
Target Identifier with the MSISDN of the target. |
partyInformation (partyIdentiity/msISDN) |
|
Observed IMSI |
Target Identifier with the IMSI of the target. |
partyInformation (partyIdentity/imsi) |
|
Observed Non-Local ID |
Target Identifier with the E.164 number of the target |
partyInformation (partyIdentity/e164-Format) |
|
Observed IMEI |
Target Identifier with the IMEI of the target. |
partyInformation (party-Identity/imei) |
|
Observed PDP address |
PDP address(es) used by the target. In case of IPv4v6 two addresses may be carried. |
partyInformation (services-Data-Information) |
|
New observed MSISDN |
New target identifier with MSISDN of the target, when available |
partyInformation/(partyIdentity/msISDN) |
|
New observed IMSI |
New target identifier with IMSI of the target, when available |
partyInformation/(partyIdentity/imsi) |
|
New observed IMEI |
New target identifier with IMEI of the target, when available |
partyInformation/(partyIdentity/imei) |
|
Event type |
Description which type of event is delivered: PDP Context Activation, PDP Context Deactivation,GPRS Attach, HLR subscriber record change, Cancel location, Register location, Location information request, etc. |
gPRSevent (when using Annex B.3) or ePSevent (when using Annex B.9) |
|
Event date |
Date of the event generation in the xGSN or in the HLR |
timeStamp |
|
Event time |
Time of the event generation in the xGSN or in the HLR |
|
|
Access point name |
The Access Point Name contains a logical name (see TS 23.060 [42]) |
partyInformation (services-Data-Information) |
|
PDP type |
This field describes the PDP type as defined in 3GPP TS 29.060 [17], TS 24.008 [9], TS 29.002 [4] |
partyInformation (services-Data-Information) |
|
Initiator |
This field indicates whether the PDP context activation, deactivation, or modification is MS directed or network initiated. |
initiator |
|
Correlation number |
Unique number for each PDP context delivered to the LEMF, to help the LEA, to have a correlation between each PDP Context and the IRI. |
gPRSCorrelationNumber |
|
Lawful interception identifier |
Unique number for each lawful authorization. |
lawfulInterceptionIdentifier |
|
Location information |
When authorized, this field provides the location information of the target that is present at the SGSN or LI LCS Client at the time of event or LALS report record production. |
locationOfTheTarget |
|
Time of Location |
Date/Time of location. The time when location was obtained by the location source node. |
locationOfTheTarget |
|
Extended location parameters |
Additional location information and QoS information |
extendedLocParameters |
|
LALS error code |
Positioning error identification code |
locationErrorCode |
|
SMS |
The SMS content with header which is sent with the SMS-service |
sMS |
|
Failed context activation reason |
This field gives information about the reason for a failed context activation of the target. |
gPRSOperationErrorCode |
|
Failed attach reason |
This field gives information about the reason for a failed attach attempt of the target. |
gPRSOperationErrorCode |
|
Service center address |
This field identifies the address of the relevant server within the calling (if server is originating) or called (if server is terminating) party address parameters for SMS-MO or SMS-MT. |
serviceCenterAddress |
|
UMTS QOS |
This field indicates the Quality of Service associated with the PDP Context procedure. |
qOS |
|
Context deactivation reason |
This field gives information about the reason for context deactivation of the target. |
gPRSOperationErrorCode |
|
Network identifier |
Operator ID plus SGSN, GGSN, or HLR address. |
networkIdentifier |
|
Serving system identifier |
VPLMN ID of the serving system or of the third party network interworking with the HLR |
serving-System-Identifier |
|
iP assignment |
Observed PDP address is statically or dynamically assigned. |
iP-assignment |
|
SMS originating address |
Identifies the originator of the SMS message. |
DataNodeAddress |
|
SMS terminating address |
Identifies the intended recipient of the SMS message. |
DataNodeAddress |
|
SMS initiator |
Indicates whether the SMS is MO, MT, or Undefined |
sms-initiator |
|
Serving SGSN number |
An E.164 number of the serving SGSN. |
servingSGSN-Number |
|
Serving SGSN address |
An IP address of the serving SGSN. In case of S4-SGSN, this may be provided as Diameter id and realm of the serving S4-SGSN connected via S6d interface to the HSS. |
servingSGSN-Address servingS4-SGSN-address |
|
NSAPI |
Network layer Service Access Point Identifier information element contains an NSAPI identifying a PDP Context in a mobility management context specified by the Tunnel Endpoint Identifier Control Plane This is an optional parameter to help DF/MF and LEA’s to distinguish between the sending mobile access networks when the GGSN is used as element of the PDG according TS 23.234 [43]. |
nSAPI |
|
ULI Timestamp |
Indicates the time when the User Location Information was acquired. |
uLITimestamp |
|
Destination IP address |
Identifies the destination IP address of a packet. |
destinationIPAddress |
|
Destination port number |
Identifies the destination port number of a packet |
destinationPortNumber |
|
Source IP address |
Identifies the source IP address of a packet. |
sourceIPAddress |
|
Source port number |
Identifies the source port number of a packet. |
sourcePortNumber |
|
Transport protocol |
Identifies the transport protocol (i.e., Protocol Field in IPv4 or Next Header Field in IPv6. |
transportProtocol |
|
Flow label |
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [70]) |
flowLabel |
|
Packet count |
The number of packets detected and reported in a particular packet data summary report. |
packetCount |
|
Packet size |
The size of a packet (i.e., Total Length Field in IPv4 [68] or Payload Length Field in IPv6 [69]) |
packetsize |
|
Packet direction |
Identifies the direction of the intercepted packet (from target or to target) |
packetDirection |
|
Packet data Header copy |
Provides a copy of the packet headers including IP layer and next layer, and extensions, but excluding content. |
packetDataHeaderCopy |
|
Summary period |
Provides the period of time during which the packets of the summary report were sent or received by the target. |
summaryPeriod |
|
Sum of packet sizes |
Sum of values in Total Length Fields in IPv4 packets or Payload Length Field in IPv6 packets. |
sumOfPacketSizes |
|
Packet data summary reason |
Provides the reason for a summary report. |
packetDataSummaryReason |
|
Packet data summary |
For each particular packet flow, identifies pertinent reporting information (e.g. source IP address, destination IP address, source port, destination port, transport protocol, packet count, time interval, sum of packet sizes) associated with the particular packet flow. |
packetDataSummary |
|
Current serving system identifier |
Current VPLMN id of the target |
current-Previous-Systems/current-Serving-System-Identifier |
|
Current serving SGSN-Number |
An E.164 number of the current serving SGSN, that comes from the intercepted MAP message . |
current-Previous-Systems/current-Serving-SGSN-Number |
|
Current serving SGSN-Address |
An IP address of the current serving SGSN, that comes from the intercepted MAP message |
current-Previous-Systems/current-Serving-SGSN- Address |
|
Current serving S4-SGSN-address |
In case of S4-SGSN, this may be provided as Diameter id and realm of the serving S4-SGSN connected via S6d interface to the HSS. It is in the intercepted Diameter message. |
current-Previous-Systems/current-Serving-SGSN- Address |
|
Previous serving system identifier |
Previous VPLMN id of the target |
current-Previous-Systems/previous-Serving-System-Identifier |
|
Previous serving SGSN-Number |
An E.164 number of the previous serving SGSN, included in the intercepted MAP message. |
current-Previous-Systems/previous-Serving-SGSN-Number |
|
Previous serving SGSN-Address |
An IP address of the previous serving SGSN, included in the intercepted MAP message. |
current-Previous-Systems/previous-Serving-SGSN- Address |
|
Previous Serving S4-SGSN-address |
In case of S4-SGSN, this may be provided as Diameter id and realm of the serving S4-SGSN connected via S6d interface to the HSS. |
current-Previous-Systems/previous-Serving-SGSN- Address |
|
Changed (old/new) IMSI or MSISDN or IMEI |
Provides the identity changes in Subscriber Record Change Event. |
change-Of-Target-Identity |
|
Requesting network identifier |
The requesting network identifier PLMN id (Mobile Country Code and Mobile Network Country, — defined in E.212 [87]). |
requesting-Network-Identifier |
|
Requesting node type |
Type of requesting node such as MSC, SMS Centre, GMLC, MME, SGSN. |
requesting-Node-Type |
|
Other update |
Carrier specific information related to its implementation or subscription process on its HLR that will be transmit to LEMF in raw format. CSP will provide to LEMF elements to understand such data. |
carrierSpecificData |
NOTE: LIID parameter has to be present in each record sent to the LEMF.
6.5.1 Events and information
6.5.1.0 General
This clause describes the information sent from the Delivery Function (DF) to the Law Enforcement Monitoring Facility (LEMF) to support Lawfully Authorized Electronic Surveillance (LAES). The information is described as records and information carried by a record. This focus is on describing the information being transferred to the LEMF.
The IRI events and data are encoded into records as defined in the Table 6.1 Mapping between GPRS Events and HI2 records type and Annexes B.3 and B.9 Intercept related information (HI2) (see Note). IRI is described in terms of a ‘causing event’ and information associated with that event. Within each IRI Record there is a set of events and associated information elements to support the particular service.
NOTE: IRI events and data intercepted by the GPRS and 3G PS nodes may be delivered to the LEMF by using either the HI2 specified in Annex B.3 or the HI2 specified in Annex B.9. The latter option may be preferred when the GPRS and 3G PS nodes are interworking with SAE/EPS nodes, in order to deliver all the IRI events and data intercepted in the Packet based network by using the same HI2.
The communication events described in Table 6.1: Mapping between GPRS Events and HI2 record type and Table 6.2: Mapping between Events information and IRI information convey the basic information for reporting the disposition of a communication. This clause describes those events and supporting information.
Each record described in this clause consists of a set of parameters. Each parameter is either:
mandatory (M) – required for the record,
conditional (C) – required in situations where a condition is met (the condition is given in the Description), or
optional (O) – provided at the discretion of the implementation.
The information to be carried by each parameter is identified. Both optional and conditional parameters are considered to be OPTIONAL syntactically in ASN.1 Stage 3 descriptions. The Stage 2 inclusion takes precedence over Stage 3 syntax.
6.5.1.1 REPORT record information
The REPORT record is used to report non-communication related subscriber actions (events) and for reporting unsuccessful packet-mode communication attempts.
The REPORT record is also used for the PS LALS reports.
The REPORT record shall be triggered when:
– the target’s mobile station performs a GPRS attach procedure (successful or unsuccessful);
– the target’s mobile station performs a GPRS detach procedure;
– the target’s mobile station is unsuccessful at performing a PDP context activation procedure;
– the target’s mobile station performs a cell, routing area, or combined cell and routing area update;
– the interception is activated after target’s mobile station has successfully performed GPRS attach procedure;
– optionally when the target’s mobile station leaves the old SGSN;
– optionally when the target’s mobile station enters or leaves IA;
– the target’s mobile station sends an SMS-Mobile Originated (MO) communication. Dependent on national requirements, the triggering for the REPORT record event shall occur either when the 3G SGSN receives the SMS from the target MS or, when the 3G SGSN receives notification that the SMS-Centre successfully received the SMS;
a mobile station sends an SMS-Mobile Originated (MO) communication to a Non-Local ID target. Dependent on national requirements, the triggering event for the REPORT record shall occur either when the 3G SGSN receives the SMS from a MS for a Non-Local ID target or, when the 3G SGSN receives notification that the SMS-Centre successfully received the SMS for the Non-Local ID target;
– the target’s mobile station receives a SMS Mobile-Terminated (MT) communication. Dependent on national requirements, the triggering event for the REPORT record shall occur either when the 3G SGSN receives the SMS from the SMS-Centre or, when the 3G SGSN receives notification that the target MS successfully received the SMS;
a mobile station receives a SMS Mobile-Terminated (MT) communication from a Non-Local ID target. Dependent on national requirements, the triggering event for the REPORT record shall occur either when the 3G SGSN receives the SMS from the SMS-Centre originating from a Non-Local ID target or, when the 3G SGSN receives notification that the MS successfully received the SMS originating from a Non-Local ID target;
– as a national option, a mobile terminal is authorized for service with another network operator or service provider; in that case, other related events are required as cancel location, register location, location information request from a third party’s node;
– as a national option, a REPORT record have to be generated when there is a HLR subscriber record change of IMSI or of MSISDN triggered by a messages to or from the HLR;
– packet data header reporting is performed on an individual intercepted packet basis and a packet is detected as it is sent or received by the target for a packet-data communication PDP Context.;
– when packet data summary reporting is performed on a summary basis for a packet-data communication PDP Context.associated with a particular packet flow (defined as the combination of source IP address, destination IP address, source port, destination port, and protocol and for IPv6 also include the flow label) and:
– the packet flow starts,
– an interim packet summary report is to be provided, or
– packet flow ends including the case where PDP Context is deactivated.
An interim packet data summary report is triggered if:
– the expiration of a configurable Summary Timer per intercept occurs. The Summary Timer is configurable in units of seconds. Or
– a per-intercept configurable count threshold is reached.
– when a LALS report information is received from the LI LCS Client.
Packet Data Header Information is reported either on a per-packet (i.e. non-summarised) basis or in a summary report. These reports provide IRI associated with the packets detected. The packet data header information related REPORT record is used to convey packet data header information during an active packet-data communication PDP Context.
NOTE: In the case of IP Fragments, Packet Data Header Information on a 6-tuple basis may only be available on the first packet and subsequent packets may not include such information and therefore may not be reported.
Table 6.3: GPRS Attach REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event type |
M |
Shall provide GPRS Attach event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
failed attach reason |
C |
For failed attach attempts of the target, provide information about the reason for the failed attach attempt. |
Table 6.4: GPRS Detach REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event type |
M |
Shall provide GPRS Detach event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
Table 6.5: PDP Context Activation (unsuccessful) REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed PDP address |
C |
When a: – static address requested by the target’s MS in association with a target-initiated PDP context activation request is unsuccessful; or – address offered by the network in association with a network-initiated PDP context activation request and the target’s MS rejects the network-initiated PDP context activation, The address requested or offered shall be reported. |
|
iP assignment |
C |
When an observed PDP address is reported, shall provide to indicate observed PDP address is statically or dynamically assigned. |
|
event type |
M |
Shall provide PDP Context Activation event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
access point name |
C |
If available (i.e., provided by the UE) shall identify either the: – packet data network to which the target requested to be connected when the target’s mobile station is unsuccessful at performing a PDP context activation procedure (MS to Network); or – access point of the packet data network that requested to be connected to the MS when the target’s mobile station rejects a network-initiated PDP context activation (Network to MS). |
|
PDP type |
C |
When an observed PDP address is reported, provide to describe the PDP type of the observed PDP address. The PDP Type defines the end user protocol to be used between the external packet data network and the MS. |
|
initiator |
M |
Shall be provided to indicate whether the PDP context activation is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
failed context activation reason |
M |
Information about the reason for failed context activation attempts of the target shall be provided. |
|
umts QOS |
C |
Provide to identify the QOS parameters. |
Table 6.6: Location Information Update REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event type |
M |
Shall provide Location Information Update event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. This parameter, in case of inter-SGSN RAU, will be sent only by the new SGSN. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
old location information |
O |
Provide (only by the old SGSN), when authorized and if available, to identify the old location information for the target’s MS. |
|
ldi event |
O |
Provide, when authorized, to indicate whether the target is entering or leaving the interception area (only applicable for location dependant interception). |
Location Information Update REPORT Record shall be sent in the following cases:
– when the target’s mobile station moves to the new SGSN;
– optionally when the target’s mobile station leaves the old SGSN.
Table 6.7: SMS-MO and SMS-MT Communication REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed Non-Local ID |
||
|
event type |
M |
Shall provide SMS event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
SMS originating address |
O |
Provide to identify the originating and destination address of the |
|
SMS destination address |
SMS message |
|
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
SMS |
C |
Provide, when authorized, to deliver SMS content, including header which is sent with the SMS-service. |
|
service centre address |
C |
If SMS content is not provided, shall be provided to identify the address of the relevant SMS-C server. If SMS content is provided, this parameter is optional. |
|
SMS initiator |
M |
Shall be provided to indicate whether the SMS is MO, MT, or Undefined. |
Table 6.8: Serving System REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
observed IMEI |
||
|
event type |
M |
Shall provide Serving System event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Network identifier of the HLR reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
serving system identifier |
M |
Shall provide the VPLMN id (Mobile Country Code and Mobile Network Country, E. 212 number [87]). |
Table 6.9: Start Of Interception with mobile station attached REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event type |
M |
Shall provide Start Of Interception with mobile station attached event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
Start Of Interception with mobile station attached REPORT Record shall be sent in the following case:
– the interception is activated any time after target’s mobile station has successfully performed GPRS attach procedure.
When the ICE (i.e. SGSN, GGSN) is not aware of the activation of multiple lawfully authorized intercepts when the mobile station has already completed the GPRS attach procedures, the MF/DF shall generate the Start of Interception with mobile station attached REPORT record on its own using information that it has retained.
When the REPORT-record is used to convey the start of interception with mobile station attached, the DF2 shall not send the Start of Interception with mobile station attached REPORT record to the LEMFs that were already intercepting the target due previous LI activation on the same target.
Table 6.9A: Packet Data Header Information REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed PDP address |
C |
If available, shall be provided in the following cases to identify the: – static address requested by the target’s MS, and allocated by the Network for a successful PDP context activation. – address allocated dynamically by the network to the target MS in association with a PDP context activation (i.e. address is sent by the Network in an Activate PDP Context Accept) for a successful PDP context activation procedure when the PDP Context activation request does not contain a static PDP address. – address offered by the network in association with a network-initiated PDP context activation request when the target’s MS accepts the network-initiated PDP context activation request. |
|
event type |
M |
Shall provide the Packet Data Header Information event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
access point name |
C |
If available, shall be provided to identify the packet data network to which the target is connected. |
|
PDP type |
C |
When a PDP address is provided, shall provide the PDP type of the observed PDP address. The PDP Type defines the end user protocol to be used between the external packet data network and the MS. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
M |
Shall provide to uniquely identify the PDP context delivered to the LEMF used to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
packet data header information |
M |
Shall be provided to identify the packet header information to be reported on a per-packet basis as defined in Table 6.9B or on a summary basis. For summary reporting includes one or more packet flow summaries where each packet flow summary is associated with a particular packet flow as defined in Table 6.9C. |
|
NSAPI |
O |
Provided for additional information. |
Table 6.9B: Contents of per-packet, packet data header information parameter
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
source IP address |
C |
Provide when mapping packet header information to identify the source IP address for a particular packet flow. |
|
source port number |
C |
Provide when mapping packet header information to report the source port number for a particular packet flow when the transport protocol supports port numbers. |
|
destination IP address |
C |
Provide when mapping packet header information to Identify the destination IP address for a particular packet flow. |
|
destination port number |
C |
Provide when mapping packet header information to report the destination port number for a particular packet flow when the transport protocol supports port numbers. |
|
transport protocol |
C |
Provide when mapping packet header information to identify the transport protocol (e.g. TCP) for a particular packet flow. |
|
flow label |
C |
Provide when mapping packet header information for IPv6 only for a particular packet flow. |
|
direction |
M |
Shall be provided. Identifies the direction of the packet (from target or to target). |
|
packet size |
O |
Provide when mapping packet header information to convey the value contained in Total Length Fields of the IPv4 packets or the value contained in the Payload Length fields of the IPv6 packets. |
|
packet data header copy |
C |
Provide when reporting a copy of the entire packet header information rather than mapping individual information and so it is alternative to the individual information. |
Table 6.9C: Contents of a single summary flow packet data header information parameter
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
source IP address |
M |
Shall be provided. Identifies the source IP address for a particular packet flow. |
|
source port number |
C |
Provide to report the source port number for a particular packet flow when the transport protocol supports port numbers. |
|
destination IP address |
M |
Shall be provided. Identifies the destination IP address for a particular packet flow. |
|
destination port number |
C |
Provide to report the destination port number for a particular packet flow when the transport protocol supports port numbers. |
|
transport protocol |
M |
Identifies the transport protocol (e.g. TCP) for a particular packet flow. |
|
flow label |
C |
Provide for IPv6 only for a particular packet flow. |
|
summary period |
M |
Shall provide the period of time during which the packets of a particular packet flow of the summary report were sent or received by the target and defined by specifying the time when the first packet and the last packet of the reporting period were detected. |
|
packet count |
M |
Shall provide the number of packets detected for a particular packet flow. |
|
sum of packet sizes |
O |
Provides the sum of values contained in Total Length Fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets. |
|
packet data summary reason |
M |
Shall provide the reason for the report being delivered to the LEMF (i.e. timeout, count limit, end of session). |
Table 6.9D: HLR subscriber record change REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
new observed MSISDN |
C |
Provide at least one and others when available. |
|
new observed IMSI |
||
|
new Observed IMEI |
||
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
observed IMEI |
||
|
event type |
M |
Shall provide HLR subscriber record change event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall provide the network identifier of the HLR reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
changed (old/new) IMSI or MSISDN or IMEI |
M |
Shall provide what was changed (old/new MSISDN, old/new IMSI or old/new IMEI) |
|
carrier Specific Data |
O |
Provide raw data of this specific update. |
Table 6.9E: Cancel location REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
event type |
M |
Shall provide cancel Location change event type. (purge from HLR sent to SGSN included). |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall provide the network identifier of the HLR reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
previous serving system identifier |
C |
If available, shall provide the previous VPLMN id (Mobile Country Code and Mobile Network Country, defined in E.212 [87]). |
|
previous serving SGSN-Number |
C |
Provide the E.164 number of the previous serving SGSN, if available. |
|
previous serving SGSN-Address |
C |
Provide the IP address of the previous serving SGSN, if available. |
|
previous serving S4-SGSN-address |
C |
Provide the Diameter Origin-Host and Origin-Realm of the previous serving S4‑SGSN, if available. |
Table 6.9F: Register location REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
event type |
M |
Shall provide register location event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall provide the network identifier of the HLR reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
previous serving system identifier |
C |
If available, shall provide the previous VPLMN id (Mobile Country Code and Mobile Network Country; defined in E.212 [87]). |
|
previous serving SGSN-Number |
C |
Provide the E.164 number of the previous serving SGSN, if available. |
|
previous serving SGSN-Address |
C |
Provide the IP address of the previous serving SGSN, if available. |
|
previous serving S4-SGSN-address |
C |
Provide the Diameter Origin-Host and Origin-Realm of the previous serving S4‑SGSN, if available. |
|
current serving system identifier |
M |
Shall provide the current VPLMN id (Mobile Country Code and Mobile Network Country, defined in E.212 [87]). |
|
current serving SGSN-Number |
C |
Provide the E.164 number of the current serving SGSN, if available. |
|
current serving SGSN-Address |
C |
Provide the IP address of the current serving SGSN, if available. |
|
current serving S4-SGSN-address |
C |
Provide the Diameter Origin-Host and Origin-Realm of the current serving S4‑SGSN, if available. |
Table 6.9G: Location information request REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
C |
Provide at least one and others when available. |
|
observed IMSI |
||
|
event type |
M |
Shall provide location information request event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall provide the network identifier of the HLR reporting the event (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
requesting network identifier |
C |
Provide the requesting network identifier PLMN id (Mobile Country Code and Mobile Network Country, defined in E.212 [87]). Editor’s Note: The specific condition for this parameter needs clarification and consideration can be given to reporting whatever requesting network identifier is observed regardless of whether that identifier is a PLMN id in accordance with E212. |
|
requesting node type |
C |
For GMSC; SMS Centre; GMLC, MME, SGSN, shall provide the requesting node type (GMSC; SMS Centre; GMLC, MME, SGSN) |
Table 6.9H: LALS Target Positioning REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event date |
M |
Shall provide the date and time the report is created. |
|
event time |
||
|
network identifier |
M |
Network identifier of the LI LCS Client (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide the LALS location information, if the positioning is successful. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
extended location parameters |
O |
If available, additional location information and associated QoS information. |
|
LALS error code |
C |
Provide the error identification code, if the positioning is not successful. |
Table 6.9I: LALS Enhanced Location for IRI REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event date |
M |
Provide the date and time the LCS Report is available at LI LCS Client. |
|
event time |
||
|
network identifier |
M |
Network identifier of the LI LCS Client (Network element identifier included). |
|
lawful intercept identifier |
M |
Shall be provided. |
|
correlation number |
C |
Provided for correlation with the IRI records of the call, if available in the corresponding LALS triggering event. |
|
location information |
C |
Provide the LALS location information, if the positioning is successful. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
extended location parameters |
O |
If available, additional location information and associated QoS information. |
|
LALS error code |
C |
Provide the error identification code if the positioning is not successful. |
In the present document, the LALS Target Positioning reports are only sent when the target is successfully located. If the location information is not available, e.g. when the target is not attached to the network, no record is sent to the LEMF.
NOTE 1: See the TS 33.107 [19] for a detailed description of LALS. See Annex O for information on using of the PS ASN.1 information object for the LALS reporting.
NOTE 2: In some specific scenarios the amount of Enhanced Location for IRI reports data may overload the X2 and/or HI2 interfaces. To prevent the overload, a flow control for Enhanced Location for IRI Reports may be implemented, e.g. by limiting the frequency of the reports for individual target.
6.5.1.2 BEGIN record information
The BEGIN record is used to convey the first event of packet-data communication interception.
The BEGIN record shall be triggered when:
– successful PDP context activation;
– the interception of a target’s communications is started and at least one PDP context is active. If more than one PDP context is active, a BEGIN record shall be generated for each PDP context that is active;
– during the inter-SGSN RAU, when the target has at least one PDP context active and the PLNM has changed;
– the target entered an interception area and has at least one PDP context active.
Table 6.10: PDP Context Activation (successful) BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed PDP address |
M |
Shall provide one of the following: – static address requested by the target’s MS, and allocated by the Network for a successful PDP context activation; – address allocated dynamically by the network to the target MS in association with a PDP context activation (i.e. address is sent by the Network in an Activate PDP Context Accept) for a successful PDP context activation procedure when the PDP Context activation request does not contain a static PDP address; or – address offered by the network in association with a network-initiated PDP context activation request when the target’s MS accepts the network-initiated PDP context activation request. |
|
iP assignment |
M |
Shall provide to indicate observed PDP address is statically or dynamically assigned. |
|
event type |
M |
Shall provide PDP Context Activation event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
access point name |
M |
Shall provide to identify the: – packet data network to which the target requested to be connected when the target’s MS is successful at performing a PDP context activation procedure (MS to Network). – access point of the packet data network that requested to be connected to the MS when the target’s MS accepts a network-initiated PDP context activation (Network to MS). |
|
PDP type |
M |
Shall provide to describe the PDP type of the observed PDP address. The PDP Type defines the end user protocol to be used between the external packet data network and the MS. |
|
initiator |
M |
Shall provide to indicate whether the PDP context activation is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
M |
Shall provide to uniquely identify the PDP context delivered to the LEMF and to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
umts QOS |
C |
If available, shall provide to identify the QOS parameters. |
|
NSAPI |
O |
Provided for additional information. |
Table 6.11: Start Of Interception (with PDP Context Active) BEGIN Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed PDP address |
M |
Shall provide the: – static address requested by the target’s MS, and allocated by the Network for a successful PDP context activation. – address allocated dynamically by the network to the target MS in association with a PDP context activation (i.e. address is sent by the Network in an Activate PDP Context Accept) for a successful PDP context activation procedure when the PDP Context activation request does not contain a static PDP address. – address offered by the network in association with a network-initiated PDP context activation request when the target’s MS accepts the network-initiated PDP context activation request. |
|
event type |
M |
Shall provide Start Of Interception With PDP Context Active event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
access point name |
M |
Shall provide to identify the: – packet data network to which the target requested to be connected when the target’s MS is successful at performing a PDP context activation procedure (MS to Network). – access point of the packet data network that requested to be connected to the MS when the target’s MS accepts a network-initiated PDP context activation (Network to MS). |
|
PDP type |
M |
Shall provide to describe the PDP type of the observed PDP address. The PDP Type defines the end user protocol to be used between the external packet data network and the MS. |
|
initiator |
C |
If available, shall provide to indicate whether the PDP context activation is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
M |
Shall provide to uniquely identify the PDP context delivered to the LEMF and to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
umts QOS |
C |
If available, shall provide to identify the QOS parameters. |
|
NSAPI |
O |
Provided for additional information. |
When the ICE (i.e. SGSN, GGSN) is not aware of the activation of multiple lawfully authorized intercepts when at least one PDP context is already active, the MF/DF shall generate the Start of Interception (with PDP Context Active) BEGIN record on its own using information that it has retained.
When the BEGIN-record is used to convey the start of interception with at least one PDP context active, the DF2 shall not send the Start of Interception (with PDP Context Active) BEGIN record to the LEMFs that were already intercepting the target due previous LI activation on the same target.
6.5.1.3 CONTINUE record information
The CONTINUE record is used to convey events during an active packet-data communication PDP Context.
The CONTINUE record shall be triggered when:
– an active PDP context is modified;
– during the inter-SGSN RAU, when target has got at least one PDP context active, the PLMN does not change and the triggering event information is available at the DF/MF.
In order to enable the LEMF to correlate the information on HI3, a new correlation number shall not be generated within a CONTINUE record.
Table 6.12: PDP Context Modification CONTINUE Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed PDP address |
C |
If the PDP address is modified, shall provide the observed address after modification to identify the: – static address requested by the target’s MS, and allocated by the Network for a successful PDP context activation. – address allocated dynamically by the network to the target MS in association with a PDP context activation (i.e. address is sent by the Network in an Activate PDP Context Accept) for a successful PDP context activation procedure when the PDP Context activation request does not contain a static PDP address. – address offered by the network in association with a network-initiated PDP context activation request when the target’s MS accepts the network-initiated PDP context activation request. Otherwise, it is optional to send it. |
|
event type |
M |
Shall provide the PDP Context Modification event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
access point name |
M |
Shall provide to identify the: – packet data network to which the target requested to be connected when the target’s MS is successful at performing a PDP context activation procedure (MS to Network). – access point of the packet data network that requested to be connected to the MS when the target’s MS accepts a network-initiated PDP context activation (Network to MS). |
|
PDP type |
C |
When reporting the PDP address, shall provide the PDP type of the observed PDP address. The PDP Type defines the end user protocol to be used between the external packet data network and the MS. |
|
initiator |
C |
If available shall provide to indicate whether the PDP context modification is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
M |
Shall provide to uniquely identify the PDP context delivered to the LEMF used to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
umts QOS |
C |
If available and changed, shall provide to identify the QOS parameters. If umts QOS is not changed, it is optional to be reported. |
|
NSAPI |
O |
Provided for additional information. |
Table 6.13: Start Of Interception (with PDP Context Active) CONTINUE Record (optional)
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed PDP address |
M |
Shall provide to identify the: – static address requested by the target’s MS, and allocated by the Network for a successful PDP context activation. – address allocated dynamically by the network to the target MS in association with a PDP context activation (i.e. address is sent by the Network in an Activate PDP Context Accept) for a successful PDP context activation procedure when the PDP Context activation request does not contain a static PDP address. – address offered by the network in association with a network-initiated PDP context activation request when the target’s MS accepts the network-initiated PDP context activation request. |
|
event type |
M |
Shall provide the Continue interception with active PDP event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
access point name |
M |
Shall provide to identify the: – packet data network to which the target requested to be connected when the target’s MS is successful at performing a PDP context activation procedure (MS to Network). – access point of the packet data network that requested to be connected to the MS when the target’s MS accepts a network-initiated PDP context activation (Network to MS). |
|
PDP type |
M |
Shall provide to describe the PDP type of the observed PDP address. The PDP Type defines the end user protocol to be used between the external packet data network and the MS. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
C |
If available shall provide to uniquely identify the PDP context delivered to the LEMF used to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
umts QOS |
C |
If available shall provide to identify the QOS parameters. |
|
NSAPI |
O |
Provided for additional information. |
6.5.1.4 END record information
The END record is used to convey the last event of packet-data communication.
The END record shall be triggered when:
– PDP context deactivation.
Table 6.14: PDP Context Deactivation END Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
observed PDP address |
C |
Provide to identify the PDP address assigned to the target, if available. |
|
event type |
M |
Shall provide PDP Context Deactivation event type. |
|
event date |
M |
Shall provide the date and time the event is detected. |
|
event time |
||
|
access point name |
M |
Shall provide to identify the packet data network to which the target was connected. |
|
PDP type |
C |
When the PDP address is reported, shall provide to describe the PDP type of the observed PDP address. The PDP Type defines the end user protocol to be used between the external packet data network and the MS. |
|
initiator |
M |
Shall provide to indicate whether the PDP context deactivation was network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
M |
Shall provide to uniquely identify the PDP context delivered to the LEM and to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
location information |
C |
Provide, when authorized, to identify location information for the target’s MS. |
|
Time of Location |
C |
Date/Time of Location. (if target location provided). |
|
context deactivation reason |
M |
Shall provide to indicate reason for deactivation. |
|
NSAPI |
O |
Provided for additional information. |
|
ULI Timestamp |
O |
Indicates the time when the User Location Information was acquired. |
6.6 IRI reporting for packet domain at GGSN
Interception in the GGSN is a national option. However, if 3G direct tunnel functionality with the GGSN (as defined in TS 23.060 [42]) is used in the network, then the GGSN shall perform the interception of IRI.
As a national option, in the case where the GGSN is reporting IRI for a target, the target is handed off to another SGSN and the same GGSN continues to handle the content of communications subject to roaming agreements, the GGSN shall continue to report the following IRI of the content of communication:
– PDP context activation;
– PDP context deactivation;
– Start of interception with PDP context active;
– PDP context modification;
– Packet Data Header Information.
NOTE: In some situation (e.g, during activation of second, third, etc, intercepts on the target), the MF/DF may have to detect on its own that an interception is activated on a target with PDP context active.
6.7 Content of communication interception for packet domain at GGSN
Interception in the GGSN is a national option. However, if 3G direct tunnel functionality with the GGSN (as defined in TS 23.060 [42]) is used in the network, then the GGSN shall perform the interception of content of communication.
As a national option, in the case where the GGSN is performing interception of the content of communications, the target is handed off to another SGSN and the same GGSN continues to handle the content of communications subject to roaming agreements, the GGSN shall continue to perform the interception of the content of communication.