6.2.2 LI at AMF

33.1273GPPLawful Interception (LI) architecture and functionsRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

6.2.2.1 Architecture

In the 5GC network, the AMF handles the access and mobility functions as well as provides or facilitates UE location information delivery to other NFs in the course of location-related service operations, such as LCS or Location Reporting. The AMF shall have LI capabilities to generate the target UE’s network access, registration, connection management, and location update related xIRI. Extending the generic LI architecture presented in clause 5, figure 6.2-3 below gives a reference point representation of the LI architecture with AMF as a CP NF providing the IRI-POI functions.

Figure 6.2-3: LI architecture for LI at AMF

The LICF present in the ADMF receives the warrant from an LEA, derives the intercept information from the warrant and provides the same to the LIPF.

The LIPF present in the ADMF provisions the IRI-POI (over LI_X1) present in the AMF and the MDF2. The LIPF may interact with the SIRF (over LI_SI) present in the NRF to discover the AMFs in the network.

The IRI-POI present in the AMF detects the target UE’s access and mobility related functions (network access, registration and connection management), generates and delivers the xIRI to the MDF2 over LI_X2. The MDF2 delivers the IRI messages as part of the Interception Product to the LEMF over LI_HI2.

6.2.2.2 Target identities

The LIPF present in the ADMF provisions the intercept information associated with the following target identities to the IRI-POI present in the AMF:

– SUPI.

– PEI.

– GPSI.

The interception performed on the above three identities are mutually independent, even though, an xIRI may contain the information about the other identities when available.

6.2.2.3 Identity privacy

TS 33.501 [9] defines the ability to prevent the SUPI being exposed over the 5G RAN through the use of SUCI. Where SUPI privacy is implemented by both the UDM and UE, the SUPI is not sent in the clear over the RAN. Therefore, AMF has to rely on the UDM to provide the SUPI as part of the registration procedure as defined in TS 33.501 [9].

If the AMF receives a SUCI from the UE then the AMF shall ensure for every registration (including re-registration) that SUPI has been provided by the UDM to the AMF and that the SUCI to SUPI mapping has been verified as defined in TS 33.501 [9]. This shall be performed regardless of whether the SUPI is a target of interception.

The AMF IRI-POI shall provide both the SUPI and the current SUCI in all applicable events defined in clause 6.2.2.4.

6.2.2.4 IRI events

The IRI-POI present in the AMF shall generate xIRI, when it detects the following specific events or information:

– Registration.

– Deregistration.

– Location update.

– Identifier association.

– Start of interception with already registered UE.

– Unsuccessful communication related attempt.

– Positioning info transfer.

– Handover.

NOTE: AMF reporting of UE state changes other than registration or deregistration is not supported in the present document.

The registration xIRI is generated when the IRI-POI present in an AMF detects that a target UE has successfully registered to the 5GS via 3GPP NG-RAN or non-3GPP access. The registration xIRI describes the type of registration performed (e.g. initial registration, periodic registration, registration mobility update) and the access type (e.g. 3GPP, non-3GPP). Unsuccessful registration shall be reported only if the target UE has been successfully authenticated.

The deregistration xIRI is generated when the IRI-POI present in an AMF detects that a target UE has deregistered from the 5GS. The deregistration xIRI shall indicate whether it was a UE-initiated or a network-initiated deregistration.

The location update xIRI is generated each time the IRI-POI present in an AMF detects that the target’s UE location is updated due to target UE mobility (e.g. in case of Xn based inter NG-RAN handover) or when the AMF observes target UE location information during some service operation (e.g., LCS, Location Reporting, or emergency services). The generation of such xIRI may be omitted if the updated UE location information is already included in other xIRIs (e.g. mobility registration) provided by the IRI-POI present in the same AMF. If the information in the AMF received over N2 (TS 38.413 [14]) includes one or more cell IDs, then all cell IDs shall be reported to the LEMF whenever location reporting is triggered at the AMF.

The identifier association xIRI is generated each time the IRI-POI in the AMF detects a SUCI or 5G-GUTI allocation change for a SUPI associated with the target UE.

The start of interception with already registered UE xIRI is generated when the IRI-POI present in an AMF detects that interception is activated on the target UE that has already been registered in the 5GS.

When additional warrants are activated on a target UE, MDF2 shall be able to generate and deliver the start of interception with already registered UE related IRI messages to the LEMF associated with the warrants without receiving the corresponding start of interception with already registered UE xIRI.

The unsuccessful communication related attempt xIRI is generated when the IRI-POI present in an AMF detects that a target UE initiated communication procedure (e.g. session establishment, SMS) is rejected or not accepted by the AMF before the proper NF handling the communication attempt itself is involved. The unsuccessful communications related attempt xIRI is also generated when the IRI-POI present in the AMF detects that a PDU session modification request to convert a single access PDU session to a Multi-Access PDU (MA PDU) session is not accepted by the AMF and therefore not forwarded to the SMF.

The IRI-POI in the AMF shall support per target selective activation or deactivation of reporting of identifier association xIRI independently of activation of LI for all other events. When identifier association xIRI only reporting is activated, the IRI-POI in the AMF shall also generate location update xIRI.

The positioning info transfer xIRI is generated when the IRI-POI present in the AMF detects one the the following events:

– network-based or network-assisted positioning requests, responses or reports related to a target UE are being exchanged between LMF and NG-RAN via the AMF.

– UE-based or UE-assisted positioning requests, responses or reports related to a target UE are being exchanged between LMF and the target UE via the AMF.

NOTE: The activation and invocation of the positioning info transfer capability exclusively for LALS is not supported in the current version of the specification. Instead, the capability is invoked whenever any LCS operation (including LALS) is performed on the target.

The handover xIRI is generated when the IRI-POI in the AMF detects that a target UE is the subject of a handover between radio access nodes in either 5GS to EPS, Intra 5GS, 5GS to UTRA, or EPS to 5GS scenarios.

6.2.2.5 Common IRI parameters

The list of xIRI parameters are specified in TS 33.128 [15]. All xIRI shall include the following:

– Target identity.

– Time stamp.

– Location information.

– Correlation information.

6.2.2.6 Specific IRI parameters

The list of parameters in each xIRI are defined in TS 33.128 [15]. The following give a summary.

The registration xIRI shall include the following:

– Registration type information.

– Access type information.

– Requested slice information.

The deregistration xIRI shall include the following:

– UE initiated de-registration.

– Access type information.

– Network initiated de-registration.

The location update xIRI shall include the following:

– Location of the target UE (see clause 7.3).

The identifier association xIRI shall include the following:

– Subscription permanent identifier.

– Temporary identifier association (i.e. SUCI or 5G-GUTI).

– Association change type indication.

The start of interception with already registered UE xIRI shall include the following:

– Access type information.

– Requested slice information.

The unsuccessful communication attempt xIRI shall include the following:

– Rejected type of communication attempt.

– Access type information.

– Failure reason.

The handover xIRI shall include the following:

– Handover type and reason.

– Radio related information.- UE capability information.

When the access type is non-3GPP, the IP address used by the UE to reach the N3A Entity shall be reported. The port shall also be reported if available.

6.2.2.7 Network topologies

The AMF shall provide the IRI-POI functions in the following network topology cases:

– Non-roaming case.

– Roaming case, in VPLMN.

– Roaming case, in HPLMN for non-3GPP access.

In a roaming case, it is possible that the target UE may use non-3GPP access with the N3A Entity present in the HPLMN.