M.1 HI.1 delivery methods preferences:

33.1083G Security3GPPHandover interface for Lawful Interception (LI)Release 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Based on clause 4.4 of this TS 33.108, this annex defines a system of management notification of LI system with the Handover interface port 1 (HI1).

The handover interface port 1 (HI1) have to transport specific LI service O&M information from the operator’s (NO/AN/SP) administration function to the LEMF. The individual notification parameters should be coded using ASN.1 and the basic encoding rules (BER). The delivery of HI1 has to be performed directly using the HI2 mechanism, in order to limit and to protect the LI MF and DF in terms of the number of interface to any other CSP’s O&M.

NOTE 1: The different O&M models, specially the 3GPP TMF that may apply are for further studies.

NOTE 2: This annex may be applied to LI HI1 solutions framework described in ETSI TS 101 671.

The notification of some actions performed by the operator on the LI system is requested, only to notify the different elements of the LEA warrant, except the target’s IDs. For security reason, any flow including such value may have to be limited. It is recommended to have a manual input in the LI system by the accredited staff of the operator.

If the HI1 is used for notification, it may be used for LI management to send electronic notification to the LEMF in the following cases:

1) after the activation of lawful interception,

2) after the deactivation of lawful interception,

3) after the modification of an active lawful interception.

NOTE: The detailed following points are for further studies:

– broadcast status system,

– alarm, especially support for reporting alarm conditions (O&M alarm NNI) ,.- an applicative keep-alive system.

The IRI of HI 1 may include:

– the OID,

– Lawful Interception IDentifier (LIID) that may be provided by the LEA or by default by the CSP,

– Network-Identifier, to identify the operator or part of the network of the operator, sending such IRI. The value may be determined by national regulation,

– BroadcastArea ID, to identify to which geographical area apply the interception. A Broadcast Area is used to select the group of NEs (network elements) which an interception applies to. This group may be built on the basis of network type, technology type or geographic details to fit national regulation and jurisdiction. The pre-defined values may be decided by national regulation or the CSP to determinate the specific part of the network or platform on which the target identity (ies) has to be activated or deactivated,

– deliveryInformation which has been decided by the LEA in terms of delivery numbers, IP addresses for HI2 and HI3,

– liActivatedTime, in Generalized time with UTC format, unless defined by national regulation. The day and time either given by the warrant, or of the actual LI activation by the operator, may be used as a value of this field.,

– liDeactivatedTime,in Generalized time with UTC format, unless defined by national regulation. The day and time either given by the warrant, or of the time of the actual LI deactivation by the operator, may be used as a value of this field,

– liSetUpTime the date and time when the warrant is entered into the ADMF. Format to be decided by national regulation. It is recommended to use Generalized time with UTC format,

– type of interception (voice IRI and CC, voice IRI only, data IRI and CC, data IRI only, voice and data IRI and CC, voice and data IRI only ) ,

– specific threeGPP National-HI1 parameters, if requested by national regulation.

It is recommended to have no direct control over the NO/AP/SP’s equipment by the LEA/LEMF.

As other IRIs, the individual notifications parameters may have to be sent to the LEMF as soon as possible with the lowest latency at least once (if available)

The DF 2 may have to deliver the HI1 notification operation to LEMF.