E.4 STIR/SHAKEN call flow example
33.1273GPPLawful Interception (LI) architecture and functionsRelease 18TS
The following procedure explains STIR/SHAKEN operation when SIP signaling is carried end-to-end between an originating and terminating service provider as illustrated in figure E.4.1-1.
Figure E.4.1-1: SHAKEN reference call flow using end-to-end SIP signalling
1. The originating UE, which first successfully registers to IMS creates a SIP INVITE request.
2. The S-CSCF of the originating service provider passes the SIP INVITE request to the Telephony AS.
3. The Telephony AS runs the telephony services related to the originating user and:
– May send a signing request (HTTP POST request) to the AS for signing. AS for signing using its private key generates an Identity header as defined in RFC 8224 [40] using the Caller ID to attest for the validity of the calling number. The AS for signing returns the signing response (HTTP 200 OK) containing the Identity header to telephony AS. The Telephony AS signs the SIP INVITE request with the SIP Identity header. The Telephony AS also obtains Identity header for each diverting identity as defined in RFC 8946 [41].
– May not sign the SIP INVITE request with the SIP Identity header if it knows the egress IBCF supports invoking the AS for signing for providing an Identity header field.
4. The Telephony AS passes the SIP INVITE request back to the S-CSCF.
5. The S-CSCF, through standard resolution, routes the telephony session to the egress IBCF.
6. If the egress IBCF does not find an Identity header field in the received SIP INVITE request, the IBCF sends a signing request (HTTP POST request) to the AS for signing. When the response to the request is received, the IBCF shall include the value of the "identity" claim in an Identity header field in the SIP INVITE request. If the SIP INVITE request contains one or more History-Info header fields, that determine that one or several diversions have occurred, the IBCF sends a signing request for each of the identities to be signed if no corresponding Identity header fields are found in the SIP INVITE request. The IBCF shall include the value of the "identity" claim in an Identity header field in the SIP INVITE request.
7. The SIP INVITE request is routed over the NNI through the standard inter-domain routing configuration. The terminating service provider ingress IBCF receives the SIP INVITE request containing one or more Identity header fields over the NNI.
8. The IBCF uses the identity header fields to build and send a verification request (HTTPS POST request) to the AS for verification related to the originating identity and forwarding identities if the IBCF supports invoking the AS for verification.
9. The AS for verification uses the "x5u" key in the Identity header field to determine the CR Uniform Resource Identifier (URI) and makes an HTTPS request to the CR. The AS for verification validates the certificate and then extracts the public key. It uses the public key to verify the signature in the Identity header field, which validates the Caller ID used when signing the SIP INVITE request on the originating service provider’s AS for signing.
10. The AS for verification returns a verification response (200 OK) to the ingress IBCF which adds the verification result (TN-Validation-Passed, TN-Validation-Failed, No-TN-Validation) as a VERSTAT parameter to the P-Asserted-Identity or From header in the SIP INVITE request. The TN-Validation-Failed result is associated with a failure response code to identify the specific error. The standard does not propose any authorization policy to follow based on the presence of a valid Identity header field, the presence of an invalid Identity header field or the absence of an Identity header field. However, it is anticipated that local policies could involve making different forwarding decisions or changing how the user is alerted or how identity is rendered in UE implementations.
11. The ingress IBCF passes the SIP INVITE request to the terminating S-CSCF.
12. The terminating S-CSCF passes the SIP INVITE request to the terminating Telephony AS.
13. If the verification has not been performed by the ingress IBCF, the Telephony AS runs the verification procedure toward the AS for verification before running the telephony services related to the terminating identity.
14. If the validation is successful, the SIP INVITE request is passed back to the terminating S-CSCF which continues to set up the session to the terminating UE.
15. The terminating UE receives the SIP INVITE request and normal SIP processing of the session continues.
Annex Z (informative):
Change history
|
Change history |
|||||||
|---|---|---|---|---|---|---|---|
|
Date |
Meeting |
TDoc |
CR |
Rev |
Cat |
Subject/Comment |
New version |
|
2018-12 |
SA#82 |
SP-180991 |
Release 15 draft Approved at TSG SA#82 |
15.0.0 |
|||
|
2019-03 |
SA#83 |
SP-190042 |
0001 |
1 |
F |
LI Support for VoNR in R15 |
15.1.0 |
|
2019-03 |
SA#83 |
SP-190042 |
0003 |
1 |
F |
Virtualised EPC Clarification |
15.1.0 |
|
2019-03 |
SA#83 |
SP-190042 |
0006 |
– |
F |
Non-3GPP Access IP Address |
15.1.0 |
|
2019-06 |
SA#84 |
SP-190343 |
0014 |
1 |
B |
SecondaryCellGroupPSCell Reporting |
15.2.0 |
|
2019-06 |
SA#84 |
SP-190345 |
0015 |
1 |
F |
Missing references |
15.2.0 |
|
2019-06 |
SA#84 |
SP-190344 |
0010 |
1 |
F |
Usage of LIID and other parameters |
16.0.0 |
|
2019-06 |
SA#84 |
SP-190344 |
0011 |
1 |
B |
Coverage of subscriber de-provisioning while under a warrant |
16.0.0 |
|
2019-06 |
SA#84 |
SP-190346 |
0019 |
2 |
C |
Introducing CC POI Aggregator for 5GC LI |
16.0.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0028 |
1 |
F |
Minor corrections to TS 33.127 |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0029 |
1 |
F |
Editorial fixes to pass consistency check |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0030 |
1 |
F |
Fix pic for CC POI Aggregator for 5GC LI |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0032 |
2 |
C |
Introductory clause for IMS from the pCR |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0033 |
1 |
F |
Additional text to the IMS clause |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0034 |
1 |
B |
Updated architecture figures |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0035 |
1 |
B |
IMS Architecture Figures |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190635 |
0036 |
1 |
F |
Support for MMS |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190661 |
0038 |
1 |
A |
Removal of notes on LI_X2 and LI_X3 |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190662 |
0040 |
3 |
C |
LI Virtualisation Procedures |
16.1.0 |
|
2019-09 |
SA#85 |
SP-190662 |
0044 |
1 |
B |
LI in VPLMN with home routed roaming scenario |
16.1.0 |
|
2019-12 |
SA#86 |
SP-190985 |
0047 |
1 |
B |
Porting LI for EPC into TS 33.127 |
16.2.0 |
|
2019-12 |
SA#86 |
SP-190985 |
0049 |
1 |
B |
Support for PTC Stage 2 |
16.2.0 |
|
2019-12 |
SA#86 |
SP-190985 |
0056 |
1 |
D |
Editorial name change for ETSI TS 103 221-x references |
16.2.0 |
|
2020-03 |
SA#87 |
SP-200031 |
0057 |
1 |
F |
LI in VPLMN with home routed roaming scenario – updates to the common part |
16.3.0 |
|
2020-03 |
SA#87 |
SP-200031 |
0058 |
1 |
F |
LI in VPLMN with home routed roaming scenario – S8HR LI |
16.3.0 |
|
2020-03 |
SA#87 |
SP-200031 |
0059 |
1 |
F |
LI in VPLMN with home routed roaming scenario – N9HR LI |
16.3.0 |
|
2020-03 |
SA#87 |
SP-200031 |
0060 |
2 |
C |
ADMF descriptive details |
16.3.0 |
|
2020-03 |
SA#87 |
SP-200031 |
0061 |
2 |
B |
Support of manual LI Suspend and Resume |
16.3.0 |
|
2020-03 |
SA#87 |
SP-200030 |
0063 |
– |
A |
Correction of the MLP reference |
16.3.0 |
|
2020-03 |
SA#87 |
SP-200031 |
0064 |
1 |
F |
MMS Stage 2 |
16.3.0 |
|
2020-03 |
SA#87 |
SP-200031 |
0065 |
1 |
F |
CC-PAG provisioning and deployment corrections |
16.3.0 |
|
2020-07 |
SA#88-e |
SP-200407 |
0069 |
– |
F |
Fixing the typos |
16.4.0 |
|
2020-07 |
SA#88-e |
SP-200407 |
0070 |
1 |
F |
Clarifications on the NFs that provide POI/TF functions for conferencing |
16.4.0 |
|
2020-07 |
SA#88-e |
SP-200407 |
0072 |
2 |
C |
Virtualisation details |
16.4.0 |
|
2020-07 |
SA#88-e |
SP-200407 |
0073 |
– |
F |
Fixing the incorrect internal references |
16.4.0 |
|
2020-07 |
SA#88-e |
SP-200407 |
0074 |
– |
F |
Clarification to the IMS clause for the legacy CC-POI functions |
16.4.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0076 |
– |
F |
Correction on LI_X3_LITE_M interface |
16.5.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0078 |
1 |
F |
Porting of HSS LI stage 2 from TS 33.107 to TS 33.127 |
16.5.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0079 |
1 |
F |
Clarification on the LI architecture |
16.5.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0086 |
1 |
F |
One PDU session connects to only one DN |
16.5.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0088 |
1 |
F |
MA-PDU LI at the SMF |
16.5.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0089 |
1 |
F |
Addition of DNAI to SA PDU Reporting |
16.5.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0090 |
1 |
F |
MA-PDU LI requirements at the AMF |
16.5.0 |
|
2020-09 |
SA#89-e |
SP-200807 |
0091 |
1 |
F |
Clarification of LMF and GMLC Event Reporting at the AMF |
16.5.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0092 |
– |
F |
Missing functional requirements on logging at ADMF |
16.6.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0094 |
1 |
C |
ADMF LI Function Targeting |
16.6.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0095 |
1 |
F |
Corrections to specify non-local ID as a target type rather than as target identifier |
16.6.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0096 |
1 |
B |
Enhancement for Subscriber Record Change |
16.6.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0097 |
3 |
B |
Identifier Association |
16.6.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0098 |
1 |
F |
Corrections to the architecture for SMF/UPF |
16.6.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0099 |
– |
F |
Changes to the architecture in the EPC clause |
16.6.0 |
|
2020-12 |
SA#90-e |
SP-200940 |
0100 |
– |
F |
Changes to the architecture diagrams in the LALS clause |
16.6.0 |
|
2021-03 |
SA#91-e |
SP-210031 |
0102 |
2 |
F |
GUTI allocation procedure reporting correction |
16.7.0 |
|
2021-03 |
SA#91-e |
SP-210031 |
0110 |
1 |
F |
IMS LI: Alternate option has potentially missing IRI-POI for certain scenarios |
16.7.0 |
|
2021-03 |
SA#91-e |
SP-210031 |
0111 |
1 |
F |
IMS LI: Independent default/alternate option for non-local ID targets |
16.7.0 |
|
2021-03 |
SA#91-e |
SP-210031 |
0112 |
1 |
F |
IMS LI: Separate LI_X1 to CC-TF and IRI-POI when in the same NF |
16.7.0 |
|
2021-03 |
SA#91-e |
SP-210032 |
0107 |
1 |
C |
Clarification on ID Mapping Location Delivery |
17.0.0 |
|
2021-03 |
SA#91-e |
SP-210032 |
0109 |
1 |
F |
Port of EPC MME Target Identifiers |
17.0.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0113 |
– |
F |
LALS: Correcting the diagrams |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210302 |
0115 |
– |
A |
UDM: Stage 2 and stage 3 are not aligned |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0118 |
1 |
F |
IMS: clarifying the introductory sentence for accuracy |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0119 |
1 |
B |
IMS: Addressing the interception due to the application of special media |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0120 |
1 |
B |
IMS: SMS over IMS in stage 2 |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0122 |
3 |
C |
IMS: Removing IBCF from the alternate option for non-local ID in the VPLMN |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0123 |
1 |
C |
Port of EPC MME LI |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0125 |
1 |
C |
LALS Updates 127 |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0127 |
2 |
B |
LI for NEF Services (NIDD included) |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0128 |
2 |
B |
LI for SCEF services |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210302 |
0130 |
1 |
A |
Addition of TWIF and TNGF as Non-3GPP Accesses |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0132 |
2 |
B |
Correction to LI Architecture for the SGW/PGW |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210303 |
0133 |
1 |
F |
Changes to align stage 2 and stage 3 PTC service |
17.1.0 |
|
2021-06 |
SA#92-e |
SP-210302 |
0134 |
– |
A |
LI state transfers in SMF sets |
17.1.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0135 |
4 |
B |
stage 2 of RCS |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0136 |
5 |
B |
STIR/SHAKEN/eCNAM/RCD in Stage 2 |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210828 |
0138 |
– |
A |
Correction of Caching Duration Setting Guidance |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0139 |
– |
C |
Clarification of Non-3GPP access reporting |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0140 |
1 |
B |
CR adding LI for AKMA (stage 2) |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0141 |
1 |
C |
Annex A.1 and A.2 Corrections for 33.127 |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0142 |
1 |
F |
Changes to align stage 2 and stage 3 PTC service |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0144 |
1 |
F |
Update of stage 2 language for packet header information reporting |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0145 |
1 |
F |
Changes to 5G core-anchored LI architecture figure |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0146 |
1 |
F |
Changes to EPC/5G Interworking LI architecture figure |
17.2.0 |
|
2021-09 |
SA#93-e |
SP-210829 |
0148 |
– |
F |
Correction of LI architecture for LI at the ePDG |
17.2.0 |
|
2021-12 |
SA#94-e |
SP-211409 |
0152 |
– |
F |
Wrong stage 2 normative text of identifier association xIRI for the IRI-POI in the AMF and MME |
17.3.0 |
|
2021-12 |
SA#94-e |
SP-211409 |
0153 |
1 |
B |
LI for EPC-5GC Interworking Stage 2 |
17.3.0 |
|
2021-12 |
SA#94-e |
SP-211409 |
0154 |
1 |
F |
IMS stage 2 clarification due to STIR/SHAKEN and RCD/eCNAM |
17.3.0 |
|
2021-12 |
SA#94-e |
SP-211409 |
0155 |
– |
F |
IMS stage 2 clarification on PBX target identities |
17.3.0 |
|
2021-12 |
SA#94-e |
SP-211409 |
0156 |
– |
C |
GPSI for AIC – State 2 |
17.3.0 |
|
2022-03 |
SA#95-e |
SP-220258 |
0157 |
1 |
B |
Enhancements to LI at the UDM Stage 2 |
17.4.0 |
|
2022-03 |
SA#95-e |
SP-220258 |
0159 |
1 |
C |
Updates to Stage 2 RCS Topologies and IMS utilisation |
17.4.0 |
|
2022-03 |
SA#95-e |
SP-220258 |
0160 |
2 |
C |
Measurement Report with LI/LALS in EPC |
17.4.0 |
|
2022-03 |
SA#95-e |
SP-220258 |
0161 |
2 |
C |
Measurement Report with LI/LALS in 5GC |
17.4.0 |
|
2022-03 |
SA#95-e |
SP-220258 |
0162 |
1 |
C |
Enhancement of LI/LALS system in VPLMN |
17.4.0 |
|
2022-03 |
SA#95-e |
SP-220258 |
0163 |
1 |
F |
Corrections and Editorial changes |
17.4.0 |
|
2022-06 |
SA#96 |
SP-220386 |
0165 |
1 |
F |
Inconsistent use of IEF, ICF and IQF terminology |
17.5.0 |
|
2022-06 |
SA#96 |
SP-220386 |
0168 |
– |
D |
Correction and homogenization of terms designating UE |
17.5.0 |
|
2022-06 |
SA#96 |
SP-220386 |
0170 |
1 |
C |
Corrections to LI for combined SMF+PGW-C |
17.5.0 |
|
2022-06 |
SA#96 |
SP-220386 |
0171 |
– |
F |
Correction of IMEI Target Identifier description |
17.5.0 |
|
2022-06 |
SA#96 |
SP-220386 |
0172 |
– |
F |
Clarification of Location Translation Stage 2 |
17.5.0 |
|
2022-06 |
SA#96 |
SP-220387 |
0167 |
1 |
B |
Addition of Handover LI Stage 2 |
18.0.0 |
|
2022-09 |
SA#97-e |
SP-220756 |
0173 |
2 |
B |
Edge Computing Aware UE |
18.1.0 |
|
2022-09 |
SA#97-e |
SP-220756 |
0176 |
2 |
B |
Location acquisition architectures |
18.1.0 |
|
2022-09 |
SA#97-e |
SP-220755 |
0178 |
1 |
A |
Corrections to LI at UDM |
18.1.0 |
|
2022-09 |
SA#97-e |
SP-220756 |
0180 |
2 |
B |
Support of location information request for both T2P and P2T requests in alignment with TS 33.128 |
18.1.0 |
|
2022-12 |
SA#98-e |
SP-221031 |
0181 |
1 |
A |
Correction to UDM xIRI generation |
18.2.0 |
|
2022-12 |
SA#98-e |
SP-221031 |
0184 |
2 |
A |
STIR/SHAKEN: Updates to have alignment with stage 3 |
18.2.0 |
|
2022-12 |
SA#98-e |
SP-221031 |
0185 |
1 |
B |
Addition of UDM Start of Intercept and De-Reg Records Stage 2 |
18.2.0 |
|
2022-12 |
SA#98-e |
SP-221031 |
0186 |
1 |
B |
LI of 5G Media Streaming (5GMS) (Control plane) |
18.2.0 |
|
2022-12 |
SA#98-e |
SP-221031 |
0188 |
1 |
A |
Corrections on functional requirements for LI for NIDD |
18.2.0 |
|
2022-12 |
SA#98-e |
SP-221031 |
0190 |
1 |
A |
STIR/SHAKEN – changes to correct a scenario that never happens |
18.2.0 |
|
2022-12 |
SA#98-e |
SP-221031 |
0191 |
1 |
B |
HSS-UDM Interworking LI Stage 2 |
18.2.0 |