6.3.2 LI at the MME

33.1273GPPLawful Interception (LI) architecture and functionsRelease 18TS

6.3.2.1 Architecture

In the EPC network, the MME handles the mobility management and connection management as specified in TS 23.401 [22]. The MME shall have LI capabilities to generate the target UE’s network access, registration and connection management related xIRI. Extending the generic LI architecture presented in clause 5, figure 6.3-1 below gives a reference point representation of the LI architecture with MME as a CP Network Element providing the IRI-POI functions.

Figure 6.3-1: LI architecture for LI at MME

The LICF present in the ADMF receives the warrant from an LEA, derives the intercept information from the warrant and provides the same to the LIPF.

The LIPF present in the ADMF provisions the IRI-POI (over LI_X1) present in the MME and the MDF2.

The IRI-POI present in the MME detects the target UE’s access and mobility related functions (network access, registration and connection management), generates and delivers the xIRI to the MDF2 over LI_X2. The MDF2 delivers the IRI messages as part of the Interception Product to the LEMF over LI_HI2.

6.3.2.2 Target identities

The LIPF provisions the IRI-POI present in the MME with the following target identities:

– IMSI.

– MSISDN.

– IMEI.

The interception performed on the above three identities are mutually independent, even though, an xIRI may contain the information about the other identities when available.

6.3.2.3 IRI events

6.3.2.3.1 Option A

The IRI-POI present in the MME shall generate xIRI, when it detects the following specific events or information:

– Attach.

– Detach.

– Tracking Area/EPS Location Update.

– Start of interception with EPS attached UE.

– Unsuccessful communication related attempt.

– Identifier association.

– Positioning info transfer.

The attach xIRI is generated when the IRI-POI present in an MME detects that a target UE has performed an E-UTRAN attach procedure including via a HeNB. The attach xIRI describes the type of attach performed. Unsuccessful registration shall be reported only if the target UE has been successfully authenticated.

The detach xIRI is generated when the IRI-POI present in an MME detects that a target UE has detached from the EPS including via a HeNB. The detach xIRI shall indicate whether it was a UE-initiated or a network-initiated detach.

The tracking area/EPS location update xIRI is generated each time the IRI-POI present in an MME detects that the target UE location is updated due to target UE mobility (e.g. in case of X2 based handover, S1 based handover) or when the MME observes target UE location information during some service operation (e.g., periodic Tracking Area Update, UE triggered Service Request). If the information in the MME received over S1 (TS 36.413 [14]) includes one or more cell IDs, then all cell IDs shall be reported to the LEMF whenever location reporting is triggered at the MME.

The start of interception with EPS attached UE xIRI is generated when the IRI-POI present in an MME detects that interception is activated on a target UE that is already attached to the EPS. If there are multiple PDN connections active for the target, then a start of interception with EPS attached UE xIRI is generated for each of them.

When additional warrants are activated on a target UE, MDF2 shall be able to generate and deliver the start of interception with E-UTRAN attached UE related IRI messages to the LEMF associated with the warrants without receiving the corresponding start of interception with already registered UE xIRI.

The unsuccessful communication related attempt xIRI is generated when the IRI-POI present in an MME detects that a target UE initiated communication procedure (e.g. service request, SMS) is rejected or not accepted by the MME before the proper NF handling the communication attempt itself is involved.

The identifier association xIRI is generated each time the IRI-POI in the MME detects a GUTI allocation change for an IMSI associated with the target UE.

The IRI-POI in the MME shall support per target selective activation or deactivation of reporting of only identifier association xIRI independently of activation of LI for all other events. When identifier association xIRI only reporting is activated, the IRI-POI in the MME shall also generate Tracking Area/EPS Location Update xIRI.

The positioning info transfer xIRI is generated when the IRI-POI present in the MME detects one the following events:

– network-based or network-assisted positioning requests, responses or reports related to a target UE are being exchanged between E-SMSC and eNB via the MME.

– UE-based or UE-assisted positioning requests, responses or reports related to a target UE are being exchanged between E-SMLC and the target UE via the MME.

NOTE: The activation and invocation of the positioning info transfer capability exclusively for LALS is not supported in the current version of the specification. Instead, the capability is invoked whenever any LCS operation (including LALS) is performed on the target.

6.3.2.3.2 Option B

The IRI-POI present in the MME shall generate xIRI, when it detects the applicable events specified in TS 33.107 [11].

In addition to the events specified in TS 33.107 [11] the MME shall generate xIRI, when it detects the following additional event:

– Identifier association.

The identifier association xIRI is generated each time the IRI-POI in the MME detects a GUTI allocation change for an IMSI associated with the target UE.

The IRI-POI in the MME shall support per target selective activation or deactivation of reporting of only identifier association xIRI independently of activation of LI for all other events. When identifier association xIRI only reporting is activated, the IRI-POI in the MME shall also generate Tracking Area/EPS Location Update xIRI.

6.3.2.4 Common IRI parameters

The list of xIRI parameters are specified in TS 33.128 [15]. All xIRI shall include the following:

– Target identity.

– Time stamp.

– Location information.

– Correlation information.

6.3.2.5 Specific IRI parameters

6.3.2.5.1 Option A

The list of parameters in each xIRI are defined in TS 33.128 [15]. The following give a summary.

The attach xIRI shall include the following:

– Attach type information.

– Access type information.

– HeNB information.

The detach xIRI shall include the following:

– Detach Direction.

– Detach type information.

– HeNB information.

The tracking area/EPS location update xIRI shall include the following:

– Location of the target (see clause 7.3).

– HeNB information.

The start of interception with EPS attached UE xIRI shall include the following:

– Attach type information.

– Access type information.

– PDN connection information.

The unsuccessful communication attempt xIRI shall include the following:

– Rejected type of communication attempt.

– Access type information.

– Failure reason.

The identifier association xIRI shall include the following:

– IMSI.

– IMEI.

– Temporary identifier association (i.e. GUTI).

– Association change type indication.

6.3.2.5.2 Option B

The list of parameters in each xIRI are defined in TS 33.128 [15], for events which are imported from TS 33.107 [11] clause 12.2.1.2.

The identifier association xIRI shall include the following:

– IMSI.

– IMEI.

– Temporary identifier association (i.e. GUTI).

– Association change type indication.

6.3.2.6 Network topologies

The MME shall provide the IRI-POI functions in the following network topology cases:

– Non-roaming case.

– Roaming case, in VPLMN.