7.9 LI at NEF

33.1273GPPLawful Interception (LI) architecture and functionsRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

7.9.1 General

The present document specifies NEF as POI for:

– NIDD.

– Device triggering.

– MSISDN-less MO SMS.

– Parameter provisioning.

7.9.2 LI for NIDD using NEF

7.9.2.1 Architecture

The NEF shall provide both IRI-POI and CC-POI functions. Figure 7.9-1 gives a reference point representation of the LI architecture with NEF as a CP NF and UP NF providing the IRI-POI and CC-POI functions. NEF is the anchor point for PDU session establishment and NIDD traffic. The NIDD traffic is forwarded by NEF to the AF over the N33 interface.

Figure 7.9-1: LI architecture for NIDD using NEF showing LI at NEF

7.9.2.2 Target Identities

The LIPF present in the ADMF provisions the intercept information associated with the following target identities to the IRI-POI present in the NEF:

– SUPI.

– GPSI.

The interception performed on the above two identities are mutually independent, even though, an xIRI may contain the information about the other identities when available.

7.9.2.3 IRI events

NEF handles xIRIs including the following records for NIDD using NEF in both roaming and non-roaming situations:

– PDU session establishment.

– PDU session modification.

– PDU session release.

– Start of interception with established PDU session.

– Unsuccessful procedure.

The PDU session establishment xIRI is generated when the IRI-POI present in the NEF detects that a PDU session for NIDD using NEF has been established for the target UE. The NEF plays the role of anchor point for that PDU session.

The PDU session modification xIRI is generated when the IRI-POI present in the NEF detects that a PDU session for NIDD using NEF is modified for the target UE.

The PDU session release xIRI is generated when the IRI-POI present in the NEF detects that a PDU session for NIDD using NEF is released for the target UE.

The start of interception with an established PDU session xIRI is generated when the IRI-POI present in the NEF detects that interception is activated on the target UE that has an already established PDU session for NIDD using NEF in the 5GS. When a target UE has multiple PDU sessions, this xIRI shall be sent for each PDU session with a different value of correlation information.

When additional warrants are activated on a target UE, MDF2 shall be able to generate and deliver the start of interception with an established PDU session related IRI messages to the LEMF associated with the warrants without receiving the corresponding start of interception with an established PDU session xIRI.

The unsuccessful procedure xIRI is generated when the IRI-POI present in the NEF detects an unsuccessful procedure for PDU session establishment, modification or release.

NEF handles xCC for NIDD using NEF if CC is requested.

7.9.3 LI for device triggering

7.9.3.1 Background

Device triggering is the means by which an AF sends information to the UE via the NEF to trigger the UE to perform application specific actions that include initiating communication with the AF (see TS 23.502 [4] clause 4.13.2 and TS 29.522 [31] clause 4.4.3).

The device trigger request is authorized by NEF by submitting the GPSI of the UE to the UDM. After successful authorization, NEF forwards the Device trigger request with the SUPI of the UE to the corresponding SMS-SC to be delivered to that UE. The 5GS architecture for Device triggering is presented in figure 7.9-2.

The device trigger may be recalled or replaced by the AF if the UE is not reachable at the time the AF has delivered the device trigger to the UE.

Figure 7.9-2: 5GS architecture for device triggering

7.9.3.2 Architecture

Figure 7.9-1 without the CC-POI in NEF provides the architecture for LI for device triggering.

7.9.3.3 Target identities

The LIPF present in the ADMF provisions the intercept information associated with the following target identities to the IRI-POI present in the NEF:

– SUPI.

– GPSI.

The interception performed on the above two identities are mutually independent, even though, an xIRI may contain the information about the other identities when available.

7.9.3.4 IRI events

The IRI-POI present in the NEF shall generate xIRI, when it detects the following specific events or information related to the device triggering service:

– Device trigger.

– Device trigger replacement.

– Device trigger cancellation.

– Device trigger report notification.

The device trigger xIRI is generated when the IRI-POI present in the NEF detects that a device trigger has been received from an AF and is delivered to the SMS-SC for the target UE.

The device trigger replacement xIRI is generated when the IRI-POI present in the NEF detects that a device trigger replacement has been received from an AF and delivered to the SMS-SC to replace previously submitted device trigger message which is not yet delivered to the target UE.

The device trigger cancellation xIRI is generated when the IRI-POI in the NEF detects that a device trigger cancellation has been received from an AF and delivered to the SMS-SC to recall previously submitted device trigger which is not yet delivered to the target UE.

The device trigger report notification xIRI is generated when the IRI-POI present in the NEF detects that a device trigger report is returned to the AF with a cause value indicating the trigger delivery outcome (e.g. succeeded, unknown or failed and the reason for the failure).

7.9.4 LI for MSISDN-less MO SMS

7.9.4.1 Background

An MSISDN-less MO SMS is sent by a UE without MSISDN as originator and received by a third party application as destination (i.e. AF) via SMS-SC and NEF as presented in figure 7.9-3. MSISDN-less means that the GPSI of the UE is not an MSISDN but an External Identifier which form is username@realm. MSISDN-less MO-SMS service allows MSISDN-less UE to send small data to an AF using SMS-MO. The SMS-MO received by the SMS-SC through MO submission procedure as defined in TS 23.040 [50], is directly forwarded to the NEF for further transfer to the recipient AF (see TS 23.502 [4] clause 4.13.7 and TS 29.522 [31] clause 4.4.10).

The NEF queries the UDM with the SUPI of the UE, obtains the corresponding GPSI of the UE sending the SMS, and forwards it to the AF including the GPSI (i.e. external identifier) of the originating UE.

Figure 7.9-3: 5GS architecture for MSISDN-less MO SMS

7.9.4.2 Architecture

Figure 7.9-1 without the CC-POI in NEF provides the architecture for LI for MSISN-less MO SMS.

7.9.4.3 Target identities

The LIPF present in the ADMF provisions the intercept information associated with the following target identities to the IRI-POI present in the NEF:

– SUPI.

– GPSI.

The interception performed on the above two identities are mutually independent, even though, an xIRI may contain the information about the other identities when available.

7.9.4.4 IRI events

The IRI-POI present in the NEF shall generate xIRI, when it detects the following specific events or information related to the MSISDN-less MO SMS:

– MSISDN-less MO SMS.

The MSISDN-less MO SMS xIRI is generated when the IRI-POI present in the NEF detects that a MSISDN-less MO SMS has been received from a target UE by the NEF and is delivered to the recipient AF.

7.9.5 LI for parameter provisioning

7.9.5.1 Background

Parameter provisioning is a capability exposed by NEF to AF (see TS 23.502 [4] clause 4.15.6 and TS 29.522 [31] clause 4.4.11). The AF can use this capability to tell the network when a device is expected to communicate. The core network can then use this information to create assistance information for the RAN. The RAN may then use the assistance information to minimize UE state transitions. The AF provides the Expected UE behaviour data specified in TS 29.503 [25] to NEF, and NEF updates the UE subscription data via UDM as described in figure 7.9-4. Each parameter within the Expected UE Behaviour shall have an associating validity time. The validity time indicates when the Expected UE Behaviour parameter expires. The validity time may be set to indicate that the particular Expected UE Behaviour parameter has no expiration time.

Figure 7.9-4: 5GS architecture for Parameter provisioning

7.9.5.2 Architecture

Figure 7.9-1 without the CC-POI in NEF provides the architecture for LI for parameter provisioning.

7.9.5.3 Target identities

The LIPF present in the ADMF provisions the intercept information associated with the following target identities to the IRI-POI present in the NEF:

– GPSI.

7.9.5.4 IRI events

The IRI-POI present in the NEF shall generate xIRI, when it detects the following specific events or information related to parameter provisioning:

– Expected UE behaviour update.

The expected UE behaviour update xIRI is generated when the IRI-POI present in the NEF detects that an AF sent a request to create, update, delete or get expected UE behaviour data related to the target UE and the NEF updates or gets these data from the UE subscription profile via UDM.