7.6 Identifier Association Reporting
33.1283GPPProtocol and procedures for Lawful Interception (LI)Release 18SecurityStage 3TS
7.6.1 General
The IEF, ICF and IQF are responsible for detecting, storing and providing to the LEA permanent to temporary identifier associations, requested by the LEA in authorised requests. The IEF as defined in clause 6.2.2A is responsible for detecting and generating identifier associations records. The ICF is responsible for caching identifier associations for short duration and the IQF is responsible for handling requests from the LEA and providing those requests to the ICF in order to identify the matching identifier associations.
7.6.2 ICF
7.6.2.1 General
The ICF is responsible for caching identifier associations provided in event records from the IEF over LI_XER and handling queries and subsequent responses from the IQF for responses over LI_XQR.
7.6.2.2 ICF receipt of records over LI_XER
When the ICF receives an identifier association event record over LI_XER from an IEF (see clause 5.9), the ICF shall use the records to update the identifier associations cached by the ICF. The ICF shall handle the event records as described in clause 7.6.2.4.
7.6.2.3 ICF Query and Response over LI_XQR
When the ICF receives an identifier association query request from the IQF, the ICF shall search the cached identifier associations to establish a match, based on RequestValues received in the request (see clause 5.8), subject to clause 7.6.2.4.
Upon successful matching of one or more identifier associations which were active at or around (within a pre-defined search time window) the observed time specified in the query, the ICF shall provide a response to the IQF using the IdentityAssociationResponse message as defined in clause 5.8. Where the ICF is not able to provide a single identifier association based on the RequestValues, the IQF is responsible for any subsequent handling of multiple identifier associations in terms of whether to provide all associations to the LEA over LI_HIQR.
7.6.2.4 ICF Identifier Association Event Handling
Upon receipt of an Association event as defined in clause 6.2.2A.2, the ICF shall cache the identifier association(s) contained within the record as followings:
– SUPI to 5G-GUTI association received, in an IEFAssociationRecord is stored by ICF as an active association. The previous active association for the same SUPI, if any, is marked as a previously active association and cached until the cache time limit is reached.
– If the IEFAssociationRecord also contains a SUCI, the SUCI is stored as a part of the received SUPI to 5G-GUTI association, for the lifetime of that association.
– Where the IEFDeassociationRecord corresponds to an active SUPI to 5G-GUTI association at ICF, the association is marked as a previously active association and cached until the cache time limit is reached.
The ICF shall have a CSP defined maximum active association lifetime (upon expiry of which the association is deleted from the ICF).
NOTE 1: This is needed to prevent an association from not being deleted from ICF under some error conditions (e.g. a loss of IEF message carrying IEFDeassociationRecord caused by the implicit deregistration of an out-of-service UE). The selection of the maximum active association lifetime value needs to ensure that no valid active associations are deleted upon the lifetime expiry, i.e. the longest possible association refresh time supported by CSP’s network needs to be accommodated.
For previous associations placed in the cache, the ICF shall store the times of association and disassociation, respectively.
Where an IEFAssociationRecord contains a PEI, GPSI, NCGI or a TAI list, the ICF shall store the received values and associate them both the current received SUPI to 5G-GUTI association and any future association until:
– A subsequent IEFAssociationRecord is received which updates the PEI, GPSI, NCGI or TAI list values.
– The old PEI / GPSI / NCGI / TAI list shall be retained in association with previous SUPI to 5G-GUTI associations until those associations are deleted from cache.
– New PEI / GPSI / NCGI / TAI list shall be used in association with both the association(s) with which it was received and any subsequent associations until another update is received.
– All SUPI associations for which the PEI / GPSI / NCGI / TAI list is valid are deleted from the cache.
When the ICF receives a query request from the IQF as defined in clause 7.6.2.3, the ICF shall search available identifier associations (both active associations and those marked for deletion in the cache) for a match. The ICF shall be able to use both time and TAI (as a single TAI and in relation to a TAI list) to identify the correct SUPI to 5G-GUTI association(s). For associations which have been disassociated (and will be deleted once the cache time limit is reached), the time of disassociation is used by the ICF to identify the correct association match (based on observed time in LEA request), where multiple associations are held in the cache.
NOTE 2: Use of nCGI to match associations based on physical location for SUCI / 5G-S-TMSI to SUPI requests, is out of scope of the present document.
As the LEA and CSP are unlikely to have synchronised the time of identifier observation / association provided by the LEA in the query request, with NF time of the IEFs, the ICF shall search the cached identifier associations using a short window time duration both before and after (subject to overall cache duration) the observed time provided by the LEA in the RequestValues over LI_XQR.
NOTE 3: While the search window duration before and after the LEA provided observed time value is outside the scope of the present document, selection of this value by the CSP needs to take into consideration, among other aspects, the duration of a potential period of recovery from a 5G-GUTI update error, in order to prevent missing of otherwise matching associations due to discrepancies between their stored association/disassociation time and the observed time provided by LEA.
NOTE 4: While the value of the short-term caching time is outside the scope of the present document, selection of this value by the CSP needs to take into consideration, among other aspects, the duration of potential period of recovery from a 5G-GUTI update error, in order to prevent previous associations being deleted before they have been fully disassociated by both the UE and AMF.
7.6.3 IQF
7.6.3.1 General
The IQF is responsible for receiving and responding to LEA requests over LI_HIQR. Following receipt of a request over LI_HIQR, the IQF shall validate the request and ensure that the request is within the cache period of associations stored in the ICF. If the request is valid and within the ICF cache period, the IQF shall send an association search request to the ICF over LI_XQR. If the request is not within the ICF cache period or overwise invalid, the IQF shall reject the request and respond to the LEA over LI_HIQR.
Following receipt of an association search request response from the ICF over LI_XQR, the IQF shall forward any matching identifier association(s) to the LEA over LI_HIQR. If the ICF indicates zero matches were found based on the information provided in the initial request over LI_HIQR, the IQF shall respond to the LEA over LI_HIQR indicating that no identifier associations were found based on the request from the LEA.
If the ICF responds with multiple associations of 5G-GUTIs / SUCIs to a single SUPI, the IQF shall provide all matched associations to the LEA over LI_HIQR. Handling in the case of multiple SUPIs to a single 5G-GUTI (where the initial request over LI_HIQR is based on 5G-S-TMSI or SUCI) is outside the scope of the present document.
7.6.3.2 IQF Query and Response over LI_HIQR
The IQF is responsible for receiving query requests from and providing query responses to the LEA over LI_HIQR. Further details of LI_HIQR messages are defined in clause 5.7.
7.6.3.3 IQF Query and Response over LI_XQR
The IQF is responsible for generating queries to and receiving query responses requests from the ICF over LI_XQR, based on queries received from the LEA over LI_HIQR. Further details of LI_XQR messages are defined in clause 5.8.