7.15 LI at 5GMS AF
33.1283GPPProtocol and procedures for Lawful Interception (LI)Release 18SecurityStage 3TS
7.15.1 Provisioning over LI_X1
7.15.1.1 Provisioning of IRI-POI in 5GMS AF
The IRI-POI present in the 5GMS AF is provisioned over LI_X1 by the LIPF using the X1 protocol as described in clause 5.2.2.
The POI in the 5GMS AF shall support the target identifier types given in table 7.15.1.1-1.
Table 7.15.1.1-1: TargetIdentifier types for 5G media streaming
|
Identifier |
Owner |
ETSI TS 103 221-1 [7] TargetIdentifier type |
Definition |
|
gPSIMSISDN |
ETSI |
GPSIMSISDN |
See ETSI TS 103 221-1 [7] |
|
gPSINAI |
ETSI |
GPSINAI |
See ETSI TS 103 221-1 [7] |
Table 7.15.1.1-2 shows the minimum details of the LI_X1 ActivateTask message used for provisioning the IRI-POI in the 5GMS AF.
If the IRI-POI in the 5GMS AF receives an ActivateTask message and the ListOfServiceTypes parameter contains a ServiceType that is not supported, the IRI-POI in the 5GMS AF shall reject the task with an appropriate error as described in ETSI TS 103 221-1 [7] clause 6.2.1.2.
Table 7.15.1.1-2: ActivateTask message for the IRI-POI in the 5GMS AF
|
ETSI TS 103 221-1 [7] field name |
Description |
M/C/O |
|
XID |
XID assigned by LIPF. |
M |
|
TargetIdentifiers |
One of the target identifiers listed in the paragraph above. |
M |
|
DeliveryType |
Set to “X2Only”. |
M |
|
ListOfDIDs |
Delivery endpoints for LI_X2 for the IRI-POI in the 5GMS AF. These delivery endpoints are configured using the CreateDestination message as described in ETSI TS 103 221-1 [7] clause 6.3.1 prior to the task activation. |
M |
|
ListOfServiceTypes |
Shall be included when the explicit identification of specific CSP service types to be intercepted by the task as described in clause 5.2.4 is required. This parameter is defined in ETSI TS 103 221-1 [7], clause 6.2.1.2, table 4. |
M |
7.15.1.2 Provisioning of the MDF2
The MDF2 listed as the delivery endpoint over LI_X2 for xIRI generated by the 5GMS AF shall be provisioned over LI_X1 by the LIPF.
The target identities listed in clause 7.15.1.1 shall apply for the provisioning of MDF2.
Table 7.15.1.2-1 shows the minimum details of the LI_X1 ActivateTask message used for provisioning the MDF2.
Table 7.15.1.2-1 ActivateTask message for MDF2
|
ETSI TS 103 221-1 [7] field name |
Description |
M/C/O |
|
XID |
XID assigned by LIPF. |
M |
|
TargetIdentifiers |
One or more of the target identifiers listed in clause 7.15.1.1. |
M |
|
DeliveryType |
Set to “X2Only”. (Ignored by the MDF2). |
M |
|
ListOfDIDs |
Delivery endpoints of LI_HI2. These delivery endpoints shall be configured using the CreateDestination message as described in ETSI TS 103 221-1 [7] clause 6.3.1 prior to first use. |
M |
|
ListOfMediationDetails |
Sequence of Mediation Details, See table 7.15.1.2-2 |
M |
Table 7.15.1.2-2: Mediation Details for MDF2
|
ETSI TS 103 221-1 [7] field name |
Description |
M/C/O |
|
LIID |
Lawful Intercept ID associated with the task. |
M |
|
DeliveryType |
Set to “HI2Only”. |
M |
|
ListOfDIDs |
Details of where to send the IRI for this LIID. Shall be included if deviation from the ListofDIDs in the ActivateTask message is necessary. If included, the ListOfDIDs in the Mediation Details shall be used instead of any delivery destinations authorised by the ListOfDIDs field in the ActivateTask Message. |
C |
|
ServiceScoping |
Service type set to “Data”. Other fields are dependent on the warrant. |
M |
7.15.2 Generation of xIRI over LI_X2
7.15.2.1 General
The IRI-POI present in the 5GMS AF shall send the xIRIs over LI_X2 for each of the events listed in TS 33.127 [5] clause 7.15.4, the details of which are described in the following clauses.
7.15.2.2 Service access information
The IRI-POI in the 5GMS AF shall generate an xIRI containing an 5GMSAFServiceAccessInformation record when the IRI-POI present in the 5GMS AF detects that an 5GMS AF has sent the service access information to the Media Session Handler in the target UE. The IRI-POI present in the 5GMS AF shall generate the xIRI for the following event (as specified in TS 26.512 [98], clause 11.2):
– 5GMS AF returns retrieveServiceAccessInformation response (i.e., 200 OK) in response to retrieveServiceAccessInformation request (i.e. GET) received from the Media Session Handler in the target UE which requests Service Access Information.
Table 7.15.2.2-1: Payload for FiveGMSAFServiceAccessInformation
|
Field name |
Description |
M/C/O |
|
gPSI |
GPSI of the target UE. |
M |
|
serviceAccessInformationResource |
Includes service access information resource data encoded according to 26.512 [98] clause 11.2.3. The SBIReference for this parameter shall be populated with ‘TS26512_M5_ServiceAccessInformation.yaml#/components/schemas/ServiceAccessInformationResource’ |
M |
7.15.2.3 Consumption reporting
The IRI-POI in the 5GMS AF shall generate an xIRI containing an 5GMSAFConsumptionReporting record when the IRI-POI present in the 5GMS AF detects that an 5GMS AF has received a consumption report from the target UE. The IRI-POI present in the 5GMS AF shall generate the xIRI for the following event (as specified in TS 26.512 [98], clause 11.3):
– 5GMS AF returns submitConsumptionReport Response (i.e. 204 No Content) in response to a submitConsumptionReport Request (i.e. POST) from the Media Session Handler in the target UE which submits a consumption report.
Table 7.15.2.3-1: Payload for FiveGMSAFConsumptionReporting
|
Field name |
Description |
M/C/O |
|
gPSI |
gPSI of the target UE. |
M |
|
consumptionReport |
Includes a consumption report according to 26.512 [98] clause 11.3.3. The SBIReference for this parameter shall be populated with ‘TS26512_M5_ ConsumptionReporting.yaml#/components/schemas/ConsumptionReport’. |
M |
7.15.2.4 Dynamic policy invocation
The IRI-POI in the 5GMS AF shall generate an xIRI containing an 5GMSAFDynamicPolicyInvocation record when the IRI-POI present in the 5GMS AF detects that an 5GMS AF has received a dynamic policy from the target UE. The IRI-POI present in the 5GMS AF shall generate the xIRI for the following events (as specified in TS 26.512 [98], clause 11.5):
– 5GMS AF returns a createDynamicPolicy Response (i.e. 201 Created) in response to a createDynamicPolicy Request (i.e. POST) from the Media Session Handler in the target UE which creates a dynamic policy resource.
– 5GMS AF returns a retrieveDynamicPolicy Response (i.e. 20O OK) in response to a retrieveDynamicPolicy Request (i.e. GET) from the Media Session Handler in the target UE which retrieves the dynamic policy resource.
– 5GMS AF returns an updateDynamicPolicy Response (i.e. 20O OK or 204 No Content) in response to an updateDynamicPolicy Request (i.e. PUT) from the Media Session Handler in the target UE which replaces the dynamic policy resource.
– 5GMS AF returns a patchDynamicPolicy Response (i.e. 20O OK or 204 No Content) in response to a patchDynamicPolicy Request (i.e. PATCH) from the Media Session Handler in the target UE which modifies the dynamic policy resource.
– 5GMS AF returns a destroyDynamicPolicy Response (i.e. 204 No Content) in response to a destroyDynamicPolicy Request (i.e. DELETE) from the Media Session Handler of the target UE which deletes the dynamic policy resource.
Table 7.15.2.4-1: Payload for FiveGMSAFDynamicPolicyInvocation
|
Field name |
Description |
M/C/O |
|
gPSI |
GPSI of the target UE. |
M |
|
dynamicPolicyResource |
Includes a dynamic policy resource according to 26.512 [98] clause 11.5.3. The SBIReference for this parameter shall be populated with ‘TS26512_M5_ DynamicPolicies.yaml#/components/schemas/DynamicPolicy’. |
M |
|
dPIOperationType |
Type of operation applied to the dynamic policy resource, i.e. createDynamicPolicy, retrieveDynamicPolicy, updateDynamicPolicy, patchDynamicPolicy, destroyDynamicPolicy. |
M |
7.15.2.5 Metrics reporting
The IRI-POI in the 5GMS AF shall generate an xIRI containing an 5GMSAFMetricsReporting record when the IRI-POI present in the 5GMS AF detects that an 5GMS AF has received a metrics report from the target UE. The IRI-POI present in the 5GMS AF shall generate the xIRI for the following event (as specified in TS 26.512 [98], clause 11.4):
– 5GMS AF returns submitMetricsReport Response (i.e. 204 No Content) in response to a submitMetricsReport Request (i.e. POST) from the Media Session Handler in the target UE which submits a metrics report.
Table 7.15.2.5-1: Payload for FiveGMSAFMetricsReporting
|
Field name |
Description |
M/C/O |
|
gPSI |
GPSI of the target UE. |
M |
|
metricsReport |
Includes a metrics report according to 26.512 [98] clause 11.4.3. Encoded according to TS 26.512 [98] clause C.4.3 and TS 26.247 [99]. The XMLNamespace for this parameter shall be set to ‘urn:3gpp:metadata:2011:HSD:receptionreport’. |
M |
7.15.2.6 Network assistance
The IRI-POI in the 5GMS AF shall generate an xIRI containing an FiveGMSAFNetworkAssistance record when the IRI-POI present in the 5GMS AF detects that an 5GMS AF has received a network assistance from the target UE. The IRI-POI present in the 5GMS AF shall generate the xIRI for the following events (as specified in TS 26.512 [98], clause 11.6):
– 5GMS AF returns a createNetworkAssistanceSession Response (i.e. 201 Created) in response to a createNetworkAssistanceSession Request (i.e. POST) from the Media Session Handler in the target UE which creates a network assistance session resource.
– 5GMS AF returns a retrieveNetworkAssistanceSession Response (i.e. 200 OK) in response to a retrieveNetworkAssistanceSession Request (i.e. GET) from the Media Session Handler in the target UE which retrieves an existing network assistance session resource.
– 5GMS AF returns an updateNetworkAssistanceSession Response (i.e. 200 OK or 204 No Content) in response to an updateNetworkAssistanceSession Request (i.e. PUT) from the Media Session Handler in the target UE which replaces an existing network assistance session resource.
– 5GMS AF returns a patchNetworkAssistanceSession Response (i.e. 200 OK or 204 No Content) in response to a patchNetworkAssistanceSession Request (i.e. PATCH) from the Media Session Handler in the target UE which modifies the network assistance session resource.
– 5GMS AF returns a destroyNetworkAssistanceSession Response (i.e. 204 No Content) in response to a destroyNetworkAssistanceSession Request (i.e. DELETE) from the Media Session Handler in the target UE which deletes the network assistance session resource.
– 5GMS AF returns a requestBitRateRecommendation Response (i.e. 200 OK) in response to a requestBitRateRecommendation Request (i.e. GET) from the Media Session Handler in the target UE which requests a bit rate recommendation for the next recommendation window.
– 5GMS AF returns a requestDeliveryBoost Response (i.e. 200 OK) in response to a requestDeliveryBoost Request (i.e. POST) from the Media Session Handler in the target UE which requests a delivery boost.
Table 7.15.2.6-1: Payload for FiveGMSAFNetworkAssistance
|
Field name |
Description |
M/C/O |
|
gPSI |
GPSI of the target UE. |
M |
|
networkAssistanceSessionResource |
Includes a network assistance session resource according to 26.512 [98] clause 11.6.3. The SBIReference for this parameter shall be populated with ‘TS26512_M5_ NetworkAssistance.yaml#/components/schemas/ NetworkAssistanceSession’. |
M |
|
nAOperationType |
Type of operation applied to the network assistance resource, i.e., createNetworkAssistanceSession, retrieveNetworkAssistanceSession, updateNetworkAssistanceSession, patchNetworkAssistanceSession, destroyNetworkAssistanceSession, requestBitRateRecommendation and requestDeliveryBoost. |
M |
7.15.2.7 Unsuccessful procedure
The IRI-POI in the 5GMS AF shall generate an xIRI containing a FiveGMSAFUnsuccessfulProcedure record when the IRI-POI present in the 5GMS AF detects an unsuccessful procedure or error condition for a target UE. Accordingly, the IRI-POI in the 5GMS AF generates the xIRI when any of the following events are detected:
– 5GMS AF returns retrieveServiceAccessInformation response (i.e. 404 Not Found) in response to retrieveServiceAccessInformation request (i.e. GET) from the target UE.
– 5GMS AF returns submitConsumptionReport Response (i.e. 400 Bad Request or 415 Unsupported Media Type) in response to a submitConsumptionReport Request (i.e. POST) from the target UE.
– 5GMS AF returns submitMetricsReport Response (i.e. 400 Bad Request or 415 Unsupported Media Type) in response to a submitMetricsReport Request (i.e. POST) from the target UE.
– 5GMS AF returns a createDynamicPolicy Response (i.e. 400 Bad Request or 401 Unauthorized) in response to a createDynamicPolicy Request (i.e. POST) from the target UE.
– 5GMS AF returns a retrieveDynamicPolicy Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a retrieveDynamicPolicy Request (i.e. GET) from the target UE.
– 5GMS AF returns an updateDynamicPolicy Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to an updateDynamicPolicy Request (i.e. PUT) from the target UE.
– 5GMS AF returns a patchDynamicPolicy Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a patchDynamicPolicy Request (i.e. PATCH) from the target UE.
– 5GMS AF returns a destroyDynamicPolicy Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a destroyDynamicPolicy Request (i.e. DELETE) from the target UE.
– 5GMS AF returns a createNetworkAssistanceSession Response (i.e. 400 Bad Request or 401 Unauthorized) in response to a createNetworkAssistanceSession Request (i.e. POST) from the target UE.
– 5GMS AF returns a retrieveNetworkAssistanceSession Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a retrieveNetworkAssistanceSession Request (i.e. GET) from the target UE.
– 5GMS AF returns an updateNetworkAssistanceSession Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to an updateNetworkAssistanceSession Request (i.e. PUT) from the target UE.
– 5GMS AF returns a patchNetworkAssistanceSession Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a patchNetworkAssistanceSession Request (i.e. PATCH) from the target UE.
– 5GMS AF returns a destroyNetworkAssistanceSession Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a destroyNetworkAssistanceSession Request (i.e. DELETE) from the target UE.
– 5GMS AF returns a requestBitRateRecommendation Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a requestBitRateRecommendation Request (i.e. GET) from the target UE.
– 5GMS AF returns a requestDeliveryBoost Response (i.e. Either 400 Bad Request or 401 Unauthorized or 404 Not Found) in response to a requestDeliveryBoost Request (i.e. POST) from the target UE.
Table 7.15.2.7-1: Payload for FiveGMSAFNetworkAssistance
|
Field name |
Description |
M/C/O |
|
gPSI |
GPSI of the target UE. |
M |
|
fiveGMSAFUnsuccessfulOperation |
Type of unsuccessful operation. |
M |
|
fiveGMSAFErrorCode |
Error code returned for the unsuccessful operation. |
M |
7.15.2.8 Start of interception with already configured UE
The IRI-POI in the 5GMS AF shall generate an xIRI containing an FiveGMSAFStartOfInterceptionWithAlreadyConfiguredUE record when the IRI-POI present in the 5GMS AF detects that interception is activated for a target UE which Media Session Handler has already been configured with the service access information.
Table 7.15.2.8-1: Payload for FiveGMSAFStartOfInterceptionWithAlreadyConfiguredUE
|
Field name |
Description |
M/C/O |
|
gPSI |
GPSI of the target UE. |
M |
|
serviceAccessInformationResource |
Includes service access information resource data encoded according to 26.512 [98] clause 11.2.3. The SBIReference for this parameter shall be populated with ‘TS26512_M5_ServiceAccessInformation.yaml#/components/schemas/ServiceAccessInformationResource’. |
M |
7.15.3 Generation of IRI over LI_HI2
When an xIRI is received over LI_X2 from the IRI-POI in the 5GMS AF, the MDF2 shall send the IRI message over LI_HI2 without undue delay. The IRI message shall contain a copy of the relevant record received from LI_X2. The record may be enriched by other information available at the MDF (e.g. additional location information).
The timestamp field of the ETSI TS 102 232-1 [9] PSHeader structure shall be set to the time at which the 5GMS AF event was observed (i.e. the timestamp field of the xIRI).
The IRI type parameter shall be included and coded according to table 7.14.2-19 (see ETSI TS 102 232-1 [9] clause 5.2.10).
Table 7.15.3-1: IRI type for IRI messages
|
Record type |
IRI Type |
|
FiveGMSAFServiceAccessInformation |
REPORT |
|
FiveGMSAFConsumptionReporting |
REPORT |
|
FiveGMSAFDynamicPolicyInvocation |
REPORT |
|
FiveGMSAFMetricsReporting |
REPORT |
|
FiveGMSAFNetworkAssistance |
REPORT |
|
FiveGMSAFUnsuccessfulProcedure |
REPORT |
|
FiveGMSAFStartOfInterceptionWithAlreadyConfiguredUE |
REPORT |
The threeGPP33128DefinedIRI field (see ETSI TS 102 232-7 [10] clause 15) shall be populated with the BER-encoded IRIPayload.
MDF2 delivers the IRI to the LEMF with GPSI as the target identity if and only if GPSI is present in the xIRI.
Annex A (normative):
ASN.1 Schema for the Internal and External Interfaces
The ASN.1 module describing the structures used for LI_X2, LI_X3, LI_HI2 and LI_HI3 ("TS33128Payloads") is given in the file TS33128Payloads.asn which accompanies the present document.
Annex B (normative):
LI Notification
Based on clause 5.6 of the present document, this annex defines a system of management notification of LI system with the LI_HI4 interface.
The LI_HI4 interface shall be used to transport specific LI service O&M information (referred to as LI Notification) from the CSP to the LEMF. The individual parameters of the LI Notification message shall be coded using ASN.1 and the basic encoding rules (BER). The delivery of LI Notification shall be performed directly using the same mechanism as used for delivery of IRI messages over LI_HI2 and CC over LI_HI3.
The LI Notification shall be used to send electronic notification to the LEMF in the following cases:
1) after the activation of lawful interception;
2) after the deactivation of lawful interception;
3) after the modification of an active lawful interception.
Table B.1-1: LINotification message
|
Field name |
Description |
M/C/O |
|
notificationType |
Information on the type of notification: activation, deactivation or modification |
M |
|
deliveryInformation |
Delivery Information which has been decided by the LEA in terms of delivery numbers, IP addresses for LI_HI2 and LI_HI3 |
O |
|
appliedTargetID |
Target Identifier applied in the ADMF for the warrant |
O |
|
appliedStartTime |
Start time applied to the ADMF for the warrant |
C |
|
appliedEndTime |
End time applied to the ADMF for the warrant |
C |
Conditional parameters shall be set as follows:
|
LI Activation Notification |
||
|
Field name |
Description |
M/C/O |
|
notificationType |
Activation |
M |
|
appliedStartTime |
Always present and represents: The Start Date/Time in the warrant or, The Date/Time of the CSP activation in the ADMF or, The scheduled future Start Date/Time. |
C |
|
appliedEndTime |
Absence means the interception has been activated with no predefined End Date/Time. Presence means the End time is scheduled to be applied at that (future) time. |
C |
|
LI Modification Notification |
||
|
Field name |
Description |
M/C/O |
|
notificationType |
Modification |
M |
|
appliedStartTime |
Present and provides the new Start Date/Time if modified by the LI Modification command |
C |
|
appliedEndTime |
Present and provides the new End Date/Time if modified by the LI Modification command |
C |
|
LI Deactivation Notification |
||
|
Field name |
Description |
M/C/O |
|
notificationType |
Deactivation |
M |
|
appliedStartTime |
Absent |
C |
|
appliedEndTime |
Present and provides the actual End Date/Time, e.g. timed stop as per initial warrant or as per new warrant, or as pre-emptive audited stop from the LEA, or major LI failure. |
C |
The individual notifications parameters shall be sent to the LEMF as soon as possible with the lowest latency at least once (if available).
The MDF2/3 will deliver the LINotification message to LEMF.
Annex C (normative):
XSD Schema for LI_X1 extensions
The XSD schema describing the extensions used for LI_X1 is given in the file urn_3GPP_ns_li_3GPPX1Extensions.xsd which accompanies the present document.
Annex D (informative):
Drafting Guidance