8 3GPP WLAN Interworking
33.1083G Security3GPPHandover interface for Lawful Interception (LI)Release 17TS
8.0 General
NOTE: WLAN Interworking specification (TS 29.234 [41]) is no longer maintained Release 12 and onwards. Therefore, the entire clause 8 is not maintained Release 12 and onwards.
8.1 Identifiers
8.1.1 Overview
Specific identifiers are necessary to identify a target for interception uniquely and to correlate between the data, which is conveyed over the different handover interfaces (HI2 and HI3). The identifiers are defined in the subsections below.
For the delivery of CC and IRI the PDG or AAA server provide correlation numbers and target identities to the HI2 and HI3. The correlation number is unique per I-WLAN tunnel and is used to correlate CC with IRI and the different IRI’s of one I-WLAN tunnel.
8.1.2 Lawful interception identifier
For each target identity related to an interception measure, the authorized operator (NO/AN/SP) shall assign a special Lawful Interception Identifier (LIID), which has been agreed between the LEA and the operator (NO/AN/SP).
Using an indirect identification to point to a target identity makes it easier to keep the knowledge about a specific target limited within the authorized operator (NO/AN/SP) and the handling agents at the LEA.
The LIID is a component of the CC delivery procedure and of the IRI records. It shall be used within any information exchanged at the handover interfaces HI2 and HI3 for identification and correlation purposes.
The LIID format shall consist of alphanumeric characters. It might for example, among other information, contain a lawful authorization reference number, and the date, when the lawful authorization was issued.
The authorized operator (NO/AN/SP) shall either enter a unique LIID for each target identity of the target or a single LIID for multiple target identities all pertaining to the same target.
If more than one LEA intercepts the same target identity, there shall be unique LIIDs assigned relating to each LEA.
8.1.3 Network identifier
The network identifier (NID) is a mandatory parameter; it should be internationally unique. It consists of the following two identifiers.
1) Operator- (NO/AN/SP) identifier (mandatory):
Unique identification of network operator, access network provider or service provider.
2) Network element identifier NEID (optional):
The purpose of the network element identifier is to uniquely identify the relevant network element carrying out the LI operations, such as LI activation, IRI record sending, etc.
A network element identifier may be an IP address or other identifier. National regulations may mandate the sending of the NEID.
8.1.4 Correlation number
The Correlation Number is unique per I-WLAN tunnel and used for the following purposes:
– correlate CC with IRI (in the PDG),
– correlate different IRI records within one I-WLAN tunnel (for both PDG and AAA server).
NOTE: The Correlation Number is at a minimum unique for each concurrent communication (e.g. I-WLAN tunnel) in a specific node (e.g. AAA server or PDG) of an target within a lawful authorization.
8.2 Timing and quality
8.2.1 Timing
As a general principle, within a telecommunication system, IRI, if buffered, should be buffered for as short a time as possible.
NOTE: If the transmission of IRI fails, it may be buffered or lost.
Subject to national requirements, the following timing requirements shall be supported:
– Each IRI data record shall be sent by the delivery function to the LEMF over the HI2 within seconds of the detection of the triggering event by the IAP at least 95% of the time.
– Each IRI data record shall contain a time-stamp, based on the intercepting node’s clock that is generated following the detection of the IRI triggering event.
8.2.2 Quality
The quality of service associated with the result of interception should be (at least) equal to the quality of service of the original content of communication. This may be derived from the QoS class used for the original intercepted session, TS 23.107 [20]. However, when TCP is used as an OSI layer 4 protocol across the HI3, real time delivery of the result of the interception cannot be guaranteed. The QoS used from the operator (NO/AN/SP) to the LEMF is determined by what operators (NO/AN/SP) and law enforcement agree upon.
8.2.3 Void
(Void).
8.3 Security aspects
Security is defined by national requirements.
8.4 Quantitative aspects
The number of target interceptions supported is a national requirement.
The area of Quantitative Aspects addresses the ability to perform multiple, simultaneous interceptions within a provider’s network and at each of the relevant intercept access points within the network. Specifics related to this topic include:
– The ability to access and monitor all simultaneous communications originated, received, or redirected by the target;
– The ability for multiple LEAs (up to five) to monitor, simultaneously, the same target while maintaining unobtrusiveness, including between agencies;
– The ability of the network to simultaneously support a number of separate (i.e. multiple targets) legally authorized interceptions within its service area(s), including different levels of authorization for each interception, including between agencies (i.e. IRI only, or IRI and communication content).
8.5 IRI for I-WLAN
8.5.0 Introduction
The IRI will in principle be available in the following phases of a data transmission:
1. At I-WLAN access initiation attempt, when the target identity becomes active, at which time packet transmission may or may not occur (at the set up of a I-WLAN tunnel, the target may be the originating or terminating party);
2. At the end of a connection, when the target identity becomes inactive (removal of a I-WLAN tunnel);
3. At certain times when relevant information are available.
In addition, information on non-transmission related actions of a target constitute IRI and is sent via HI2, e.g. information on subscriber controlled input.
The IRI may be subdivided into the following categories:
1. Control information for HI2 (e.g. correlation information);
2. Basic data communication information, for standard data transmission between two parties.
The events defined in TS 33.107 [19] are used to generate records for the delivery via HI2.
There are multiple different event types received at DF2 level. According to each event, a Record is sent to the LEMF if this is required. The following table gives the mapping between event type received at DF2 level and record type sent to the LEMF.
Table 8.1: Mapping between I-WLAN Events and HI2 records type
|
Event |
IRI Record Type |
|
I-WLAN Access Initiation |
REPORT |
|
I-WLAN Access Termination |
REPORT |
|
I-WLAN Tunnel Establishment (successful) |
BEGIN |
|
I-WLAN Tunnel Establishment (unsuccessful) |
REPORT |
|
I-WLAN Tunnel Disconnect |
END |
|
Start of intercept with I-WLAN Communication Active |
BEGIN or REPORT |
|
Packet Data Header Information |
REPORT |
A set of information is used to generate the records. The records used transmit the information from mediation function to LEMF. This set of information can be extended in the ICE or DF2 MF, if this is necessary in a specific country. The following table gives the mapping between information received per event and information sent in records.
For the event "Start of intercept with I-WLAN Communication Active" reported from a AAA server, this event is reported using a:
– REPORT record to provide an indication that I-WLAN Access Initiation event has already occurred, but there are no tunnels established yet.
– BEGIN record to provide an indication that one or more I-WLAN Tunnels are already established.
Table 8.2: Mapping between Events information and IRI information
|
parameter |
description |
HI2 ASN.1 parameter |
|---|---|---|
|
observed MSISDN |
Target Identifier with the MSISDN of the target. |
partyInformation (partyIdentiity) |
|
observed IMSI |
Target Identifier with the IMSI of the target. |
partyInformation (partyIdentity) |
|
observed NAI |
Target Identifier with the NAI of the target. |
partyInformation (partyIdentity) |
|
event type |
Description which type of event is delivered: I-WLAN Access Initiation, I-WLAN Access Termination, I-WLAN Tunnel Establishment, I-WLAN Tunnel Disconnect, Start of Intercept with I-WLAN Communication Active, Packet Data Header Information, etc. |
i-WLANevent |
|
event date |
Date of the event generation in the PDG or AAA server. |
timestamp |
|
event time |
Time of the event generation in the PDG or AAA server. |
|
|
WLAN access point name |
The WLAN Access Point Name contains a logical name of the access point (see TS 23.060 [42]) |
partyInformation (services-Data-Information) |
|
initiator |
This field indicates whether the event being reported is the result of an MS directed action or network initiated action when either one can initiate the action. |
initiator |
|
correlation number |
Unique number for each I-WLAN tunnel delivered to the LEMF, to help the LEA, to have a correlation between each I-WLAN tunnel and the IRI. |
correlationNumber |
|
lawful interception identifier |
Unique number for each lawful authorization. |
lawfulInterceptionIdentifier |
|
WLAN UE Local IP address |
The Local IP address used by the target in a WLAN AN. |
partyInformation (services-data-information) |
|
WLAN UE MAC address |
MAC Address of WLAN UE on the WLAN |
i-WLANInformation (wLANMACAddress) |
|
WLAN Remote IP address |
It is the IP address of the WLAN UE in the network being accessed by the WLAN UE and is used in the data packet encapsulated by the WLAN UE-initiated tunnel. In addition, it is the source address used by applications in the WLAN UE. |
partyInformation (services-data-information) |
|
network identifier |
Operator ID plus PDG or AAA server address. |
networkIdentifier |
|
WLAN Operator name |
This field identifies the WLAN Operator serving the target. |
i-WLANInformation (wLANOperatorName) |
|
WLAN Location Data |
This field identifies the location of the WLAN serving the target. |
i-WLANInformation (wLANLocationData) |
|
WLAN Location Information |
This field provides detailed location information about the WLAN serving the target. |
i-WLANInformation (wLANLocationInformation) |
|
NAS IP/IPv6 address |
An IP address of the serving Network Access Server. |
i-WLANInformation (nasIPIPv6Address) |
|
visited PLMN ID |
This field identifies the visited PLMN that will either terminate or tunnel the target’s communications to the Home PLMN. |
visitedPLMNID |
|
session alive timer |
This field identifies the expected maximum duraton of the I-WLAN access being initiated. |
i-WLANInformation (sessionAliveTimer) |
|
failed access reason |
This field gives information about the reason for a failed access initiation attempt of the target. |
i-WLANOperationErrorCode |
|
session termination reason |
This field identifies the reason for the termination of the I-WLAN access. |
i-WLANOperationErrorCode |
|
failed tunnel establishment reason |
This field gives information ("Authentication failed" or Authorization failed") about the reason for a failed tunnel establishment of the target. |
i-WLANOperationErrorCode |
|
tunnel disconnect reason |
This field gives information about the reason for tunnel disconnect of the target. (For Further Study). |
i-WLANOperationErrorCode |
|
NSAPI |
Network layer Service Access Point Identifier. Information element contains an NSAPI identifying a PDP Context in a mobility management context specified by the Tunnel Endpoint Identifier Control Plane. This is an optional parameter to help DF/MF and LEA’s to distinguish between the sending mobile access networks when the GGSN is used as element of the PDG according TS 23.234 [43]. |
nSAPI |
|
destination IP address |
Identifies the destination IP address of a packet. |
destinationIPAddress |
|
destination port number |
Identifies the destination port number of a packet |
destinationPortNumber |
|
source IP address |
Identifies the source IP address of a packet. |
sourceIPAddress |
|
source port number |
Identifies the source port number of a packet. |
sourcePortNumber |
|
transport protocol |
Identifies the transport protocol (i.e., Protocol Field in IPv4 or Next Header Field in IPv6. |
transportProtocol |
|
flow label |
The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 [c]) |
flowLabel |
|
packet count |
The number of packets detected and reported in a particular packet data summary report. |
packetCount |
|
packet size |
The size of a packet (i.e., Total Length Field in IPv4 [a] or Payload Length Field in IPv6 [b]) |
packetsize |
|
packet direction |
Identifies the direction of the intercepted packet (from target or to target) |
packetDirection |
|
packet data header copy |
Provides a copy of the packet headers including IP layer and next layer, and extensions, but excluding content. |
packetDataHeaderCopy |
|
summary period |
Provides the period of time during which the packets of the summary report were sent or received by the target. |
summaryPeriod |
|
sum of packet sizes |
Sum of values in Total Length Fields in IPv4 packets or Payload Length Field in IPv6 packets. |
sumOfPacketSizes |
|
packet data summary reason |
Provides the reason for a summary report. |
packetDataSummaryReason |
|
packet data summary |
For each particular packet flow, identifies pertinent reporting information (e.g. source IP address, destination IP address, source port, destination port, transport protocol, packet count, time interval, sum of packet sizes) associated with the particular packet flow. |
packetDataSummary |
NOTE: LIID parameter has to be present in each record sent to the LEMF.
8.5.1 Events and information
8.5.1.1 Overview
This clause describes the information sent from the Delivery Function (DF) to the Law Enforcement Monitoring Facility (LEMF) to support Lawful Interception (LI). The information is described as records and information carried by a record. This focus is on describing the information being transferred to the LEMF.
The IRI events and data are encoded into records as defined in the Table 8.1 Mapping between I-WLAN Events and HI2 records type and Annex B.7 Intercept related information (HI2). IRI is described in terms of a ‘causing event’ and information associated with that event. Within each IRI record there is a set of events and associated information elements to support the particular service.
The communication events described in Table 8.1: Mapping between I-WLAN Events and HI2 record type and Table 8.2: Mapping between Events information and IRI information convey the basic information for reporting the disposition of a communication. This clause describes those events and supporting information.
Each record described in this clause consists of a set of parameters. Each parameter is either:
mandatory (M) – required for the record,
conditional (C) – required in situations where a condition is met (the condition is given in the Description), or
optional (O) – provided at the discretion of the implementation.
The information to be carried by each parameter is identified. Both optional and conditional parameters are considered to be OPTIONAL syntactically in ASN.1 Stage 3 descriptions. The Stage 2 inclusion takes precedence over Stage 3 syntax.
8.5.1.2 REPORT record information
The REPORT record is used to report non-communication related target actions (events) and for reporting unsuccessful packet-mode communication attempts.
The REPORT record shall be triggered when:
– the target’s WLAN UE performs a (successful or unsuccessful) I-WLAN access initiation procedure (triggered by AAA server);
– the target’s WLAN UE performs a (successful or unsuccessful) re-authentication (triggered by AAA server);
– the target’s WLAN UE performs a I-WLAN access termination detach procedure (triggered by AAA server);
– the target’s WLAN UE is unsuccessful at performing a I-WLAN tunnel establishment procedure (triggered by AAA server or PDG);
– the interception of a target’s communications is started and the WLAN UE has already successfully performed a I-WLAN access initiation procedure (triggered by AAA server), but there are no tunnels established;
– packet data header reporting is performed on an individual intercepted packet basis and a packet is detected as it is sent or received by the target for I-WLAN communications;
– when packet data summary reporting is performed on an summary basis for I-WLAN communications associated with a particular packet flow (defined as the combination of source IP address, destination IP address, source port, destination port, and protocol and for IPv6 also include the flow label) and:
– the packet flow starts,
– an interim packet summary report is to be provided, or
– packet flow ends including the case where the I-WLAN interworking tunnel is deactivated.
An interim packet summary report is triggered if:
– the expiration of a configurable Summary Timer per intercept occurs. The Summary Timer is configurable in units of seconds. Or
– a per-intercept configurable count threshold is reached.
Packet Data Header Information is reported either on a per-packet (i.e., non-summarised) basis or in a summary report. These reports provide IRI associated with the packets detected. The packet data header information related REPORT record is used to convey packet data header information during active I-WLAN communications.
NOTE: in the case of IP Fragments, Packet Data Header Information on a 6-tuple basis may only be available on the first packet and subsequent packets may not include such information and therefore may not be reported.
Table 8.3: I-WLAN Access Initiation REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Initiation event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
WLAN Operator Name |
C |
Provide, when available, to identify the WLAN operator serving the target. |
|
WLAN Location Data |
C |
Provide, when available, to identify the WLAN location serving the target. |
|
WLAN Location Information |
C |
Provide, when available, to identify the location information of the WLAN serving the target. |
|
NAS IP/IPv6 address |
C |
Provide, when available, to identify the address of the NAS serving the target. |
|
WLAN UE MAC address |
C |
Provide, when available, to identify the MAC address of the target in the WLAN serving the target. |
|
visited PLMN ID |
C |
Provide, when available, to identiy the visited PLMN that will either terminate or tunnel the target’s communications to the Home PLMN. |
|
session alive time |
C |
Provide, when available, to identify the expected maximum duration of the I-WLAN Access being initiated. |
|
failed access reason |
C |
Provide information about the reason for failed access initiation attempts of the target. |
Table 8.4: I-WLAN Access Termination REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Access Termination event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
WLAN Operator Name |
C |
Provide, when available, to identify the WLAN operator serving the target. |
|
WLAN Location Data |
C |
Provide, when available, to identify the WLAN location serving the target. |
|
WLAN Location Information |
C |
Provide, when authorized, to identify the location information of the WLAN serving the target. |
|
NAS IP/IPv6 address |
C |
Provide, when available, to identify the address of the NAS serving the target. |
|
WLAN UE MAC address |
C |
Provide, when available, to identify the MAC address of the target in the WLAN serving the target. |
|
session termination reason |
C |
Provide information about the reason for termination of I-WLAN access of the target. |
Table 8.5: I-WLAN Tunnel Establishment (unsuccessful) REPORT Record – PDG
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Tunnel Establishment event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target requested to be connected when the target’s WLAN UE is unsuccessful at performing a I-WLAN tunnel establishment procedure (MS to Network). |
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
WLAN UE Local IP address |
C |
Provide, when available, to identify the IP address associated with the target in the WLAN. |
|
WLAN UE Remote IP address |
C |
Provide, when available, to identify the IP address associated with the target in the network being accessed by the target. |
|
failed I-WLAN tunnel establishment reason |
C |
Provide information about the reason for failed I-WLAN tunnel establishment attempts of the target. |
Table 8.6: I-WLAN Tunnel Establishment (unsuccessful) REPORT Record – AAA Server
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Tunnel Establishment event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target requested to be connected when the target’s WLAN UE is unsuccessful at performing a I-WLAN tunnel establishment procedure (MS to Network). |
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
failed I-WLAN tunnel establishment reason |
C |
Provide information about the reason for failed I-WLAN tunnel establishment attempts of the target. |
|
visited PLMN ID |
C |
Provide, when available, to identiy the visited PLMN that will either terminate or tunnel the target’s communications to the Home PLMN. |
Table 8.7: Start of Intercept With I-WLAN Communication Active REPORT Record – AAA Server
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide Start of Intercept With I-WLAN Communication Active event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
network identifier |
M |
Shall be provided. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
WLAN Operator Name |
C |
Provide, when available, to identify the WLAN operator serving the target. |
|
WLAN Location Data |
C |
Provide, when available, to identify the WLAN location serving the target. |
|
WLAN Location Information |
C |
Provide, when available, to identify the location information of the WLAN serving the target. |
|
NAS IP/IPv6 address |
C |
Provide, when available, to identify the address of the NAS serving the target. |
|
WLAN UE MAC address |
C |
Provide, when available, to identify the MAC address of the target in the WLAN serving the target. |
|
visited PLMN ID |
C |
Provide, when available, to identiy the visited PLMN that will either terminate or tunnel the target’s communications to the Home PLMN. |
|
session alive time |
C |
Provide, when available, to identify the expected maximum duration of the I-WLAN Access being initiated. |
Table 8.8: Packet Data Header Information REPORT Record
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event type |
M |
Provide the Packet Data Header Information event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target is connected. |
|
WLAN local IP address |
C |
Provide to identify the IP address associated with the target in the WLAN. |
|
WLAN remote IP address |
C |
Provide to identify the IP address associated with the target in the network being accessed by the target for the I-WLAN tunnel. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
M |
Provide to uniquely identify the I-WLAN interworking communications delivered to the LEMF used to correlate IRI records with CC. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
packet data header information |
M |
Shall be provided to identify the packet header information to be reported on a per-packet basis as defined in Table 8.9 or on a summary basis. For summary reporting includes one or more packet flow summaries where each packet flow summary is associated with a particular packet flow as defined in Table 8.10. |
|
NSAPI |
O |
Provided for additional information. |
Table 8.9: Contents of per-packet, packet data header information parameter
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
source IP address |
C |
Provide when mapping packet header information to identify the source IP address for a particular packet flow. |
|
source port number |
C |
Provide when mapping packet header information to report the source port number for a particular packet flow when the transport protocol supports port numbers. |
|
destination IP address |
C |
Provide when mapping packet header information to Identify the destination IP address for a particular packet flow. |
|
destination port number |
C |
Provide when mapping packet header information to report the destination port number for a particular packet flow when the transport protocol supports port numbers. |
|
transport protocol |
C |
Provide when mapping packet header information to identify the transport protocol (e.g. TCP) for a particular packet flow. |
|
flow label |
C |
Provide when mapping packet header information for IPv6 only for a particular packet flow. |
|
direction |
M |
Shall be provided. Identifies the direction of the packet (from target or to target). |
|
packet size |
O |
Provide when mapping packet header information to convey the value contained in Total Length Fields of the IPv4 packets or the value contained in the Payload Length fields of the IPv6 packets. |
|
packet data header copy |
C |
Provide when reporting a copy of the entire packet header information rather than mapping individual information and so it is alternative to the individual information. |
Table 8.10: Contents of a single summary flow packet data header information parameter
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
source IP address |
M |
Shall be provided. Identifies the source IP address for a particular packet flow. |
|
source port number |
C |
Provide to report the source port number for a particular packet flow when the transport protocol supports port numbers. |
|
destination IP address |
M |
Shall be provided. Identifies the destination IP address for a particular packet flow. |
|
destination port number |
C |
Provide to report the destination port number for a particular packet flow when the transport protocol supports port numbers. |
|
transport protocol |
M |
Identifies the transport protocol (e.g. TCP) for a particular packet flow. |
|
flow label |
C |
Provide for IPv6 only for a particular packet flow. |
|
summary period |
M |
Provides the period of time during which the packets of a particular packet flow of the summary report were sent or received by the subject and defined by specifying the time when the first packet and the last packet of the reporting period were detected. |
|
packet count |
M |
Provides the number of packets detected for a particular packet flow. |
|
sum of packet sizes |
O |
Provides the sum of values contained in Total Length Fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets. |
|
packet data summary reason |
M |
Provides the reason for the report being delivered to the LEMF (i.e., timeout, count limit, end of session). |
8.5.1.3 BEGIN record information
The BEGIN record is used to convey the first event of I-WLAN interworking communication interception.
The BEGIN record shall be triggered when:
– there is a successful establishment of an I-WLAN tunnel (triggered by AAA server or PDG);
– the interception of a target’s communications is started and at least one I-WLAN tunnel is established. If more than one I-WLAN tunnel is established, a BEGIN record shall be generated for each I-WLAN tunnel that is established (triggered by AAA server or PDG).
Table 8.8: I-WLAN Tunnel Establishment (successful) BEGIN Record – PDG
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Tunnel Establishment event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target requested to be connected when the target’s WLAN UE is successful at performing a I-WLAN tunnel establishment procedure. |
|
network identifier |
M |
Shall be provided. |
|
WLAN local IP address |
M |
Provide to identify the IP address associated with the target in the WLAN. |
|
WLAN remote IP address |
M |
Provide to identify the IP address associated with the target in the network being accessed by the target for the I-WLAN tunnel. |
|
correlation number |
C |
Provide to allow correlation of CC and IRI and the correlation of IRI records. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
NSAPI |
O |
Provided for additional information. |
Table 8.9: I-WLAN Tunnel Establishment (successful) BEGIN Record – AAA Server
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Tunnel Establishment event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target requested to be connected when the target’s WLAN UE is successful at performing a I-WLAN tunnel establishment procedure. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
C |
Provide to allow correlation of IRI records. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
visited PLMN ID |
C |
Provide to identify the visited PLMN, if available. |
Table 8.10: Start Of Interception (with I-WLAN Tunnel Established) BEGIN Record – PDG
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event type |
C |
Provide Start Of Interception With I-WLAN Communication Active event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target requested to be connected when the target’s WLAN UE is successful at performing a I-WLAN tunnel establishment procedure. |
|
network identifier |
M |
Shall be provided. |
|
WLAN local IP address |
M |
Provide to identify the IP address associated with the target in the WLAN. |
|
WLAN remote IP address |
M |
Provide to identify the IP address associated with the target in the network being accessed by the target for the I-WLAN tunnel. |
|
correlation number |
C |
Provide to allow correlation of CC and IRI and the correlation of IRI records. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
NSAPI |
O |
Provided for additional information. |
Table 8.11: Start Of Interception (with I-WLAN Tunnel Established) BEGIN Record – AAA Server
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed IMEI |
||
|
event type |
C |
Provide Start Of Interception With I-WLAN Communication Active event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target requested to be connected when the target’s WLAN UE is successful at performing a I-WLAN tunnel establishment procedure. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
C |
Provide to allow correlation of IRI records. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
visited PLMN ID |
C |
Provide to identify the visited PLMN, if available. |
|
WLAN Operator Name |
C |
Provide, when available (at the time of event generation), to identify the WLAN operator serving the target. |
|
WLAN Location Data |
C |
Provide, when available (at the time of event generation), to identify the WLAN location serving the target. |
|
WLAN Location Information |
C |
Provide, when available (at the time of event generation), to identify the location information of the WLAN serving the target. |
|
NAS IP/IPv6 address |
C |
Provide, when available (at the time of event generation), to identify the address of the NAS serving the target. |
|
WLAN UE MAC address |
C |
Provide, when available (at the time of event generation), to identify the MAC address of the target in the WLAN serving the target. |
|
session alive time |
C |
Provide, when available (at the time of event generation), to identify the expected maximum duration of the I-WLAN Access being initiated. |
8.5.1.4 END record information
The END record is used to convey the last event of packet-data communication.
The END record shall be triggered when:
– I-WLAN tunnel disconnect occurs (triggered by the AAA server or the PDG).
Table 8.12: I-WLAN Tunnel Disconnect END Record – PDG
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Tunnel Disconnect event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target is connected. |
|
initiator |
C |
Provide to indicate whether the I-WLAN tunnel disconnection is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
WLAN local IP address |
M |
Provide to identify the IP address associated with the target in the WLAN. |
|
WLAN remote IP address |
M |
Provide to identify the IP address associated with the target in the network being accessed by the target for the I-WLAN tunnel. |
|
correlation number |
C |
Provide to allow correlation of CC and IRI and the correlation of IRI records. |
|
lawful intercept identifier |
M |
Shall be provided. |
|
NSAPI |
O |
Provided for additional information. |
Table 8.13: I-WLAN Tunnel Disconnect END Record – AAA Server
|
Parameter |
MOC |
Description/Conditions |
|---|---|---|
|
observed MSISDN |
||
|
observed IMSI |
C |
Provide at least one and others when available. |
|
observed NAI |
||
|
event type |
C |
Provide I-WLAN Tunnel Disconnect event type. |
|
event date |
M |
Provide the date and time the event is detected. |
|
event time |
||
|
WLAN access point name |
C |
Provide to identify the packet data network to which the target is connected. |
|
initiator |
C |
Provide to indicate whether the I-WLAN tunnel disconnection is network-initiated, target-initiated, or not available. |
|
network identifier |
M |
Shall be provided. |
|
correlation number |
C |
Provide to allow correlation of IRI records. |
|
lawful intercept identifier |
M |
Shall be provided. |
8.6 CC for I-WLAN
The interface protocols and data structures defined in Annex B.4, Annex C, and Annex G of this specification are applicable to the delivery of the intercepted CC for I-WLAN over the HI3 PS interface. The mandatory or optionality of the parameters is not changed for I-WLAN. However the availability of relevant intercepted information will affect the population of the parameters.