G.5.5.2 Interception
33.1283GPPProtocol and procedures for Lawful Interception (LI)Release 18SecurityStage 3TS
G.5.5.2.1 IMS deployment
There are two deployment options for IMS for intercepting the service type of Voice (TS 33.127 [5]):
– Default.
– Alternate option.
It is expected that the CSP implements one of the two deployment options.
The conditions under which IRI-POI or CC-TF functions have to provided are illustrated within the deawing and are further clarified in table G.5-3 and G.5-4. The LIPF may have to indicate to the IRI-POI and CC-TF the condition in which they have to provide the respective functions.
G.5.5.2.2 Summary
Table G.5-3 provides the scope of NF domain that provides the IRI-POI/CC-TF/CC-POI functions for the service type of Voice with the IMS deployment option Default in HPLMN.
Table G.5-3: Scope of NF domain in IMS providing the LI functions with Default in HPLMN
|
NF with LI function |
Non-roaming |
Roaming with LBO |
Roaming with HR |
|||
|
VPLMN |
HPLMN |
VPLMN |
HPLMN |
|||
|
Default |
Alternate |
|||||
|
P-CSCF |
n/a |
IRI-POI |
n/a |
n/a |
n/a |
n/a |
|
P-CSCF |
n/a |
CC-TF |
n/a |
n/a |
n/a |
n/a |
|
IMS-AGW |
n/a |
CC-POI |
n/a |
n/a |
n/a |
n/a |
|
AS (NOTE 5) |
IRI-POI |
n/a |
n/a |
IRI-POI |
n/a |
IRI-POI |
|
MGCF |
IRI-POI |
n/a |
n/a |
IRI-POI |
n/a |
IRI-POI |
|
MGCF |
CC-TF |
n/a |
n/a |
CC-TF |
n/a |
CC-TF |
|
IM-MGW |
CC-POI |
n/a |
n/a |
CC-POI |
n/a |
CC-POI |
|
IBCF |
IRI-POI |
IRI-POI (NOTE 5) |
IRI-POI |
IRI-POI |
IRI-POI (NOTE5) |
IRI-POI |
|
IBCF |
CC-TF |
n/a |
CC-TF |
CC-TF |
n/a |
CC-TF |
|
TrGW |
CC-POI |
n/a |
CC-POI |
CC-POI |
n/a |
CC-POI |
|
LMISF-IRI |
n/a |
n/a |
n/a |
n/a |
IRI-POI |
n/a |
|
LMISF-CC |
n/a |
n/a |
n/a |
n/a |
CC-POI |
n/a |
Table G.5-4 provides the scope of NF domain that provides the IRI-POI/CC-TF/CC-POI functions for the service type of Voice with the IMS deployment option Alternate option in HPLMN.
Table G.5-4: Scope of NF domain in IMS providing the LI functions with Alternate option in HPLMN
|
NF with LI function |
Non-roaming |
Roaming with LBO |
Roaming with HR |
|||
|
VPLMN |
HPLMN |
VPLMN |
HPLMN |
|||
|
Default |
Alternate |
|||||
|
P-CSCF |
n/a |
IRI-POI |
n/a |
n/a |
n/a |
n/a |
|
P-CSCF |
n/a |
CC-TF |
n/a |
n/a |
n/a |
n/a |
|
IMS-AGW |
n/a |
CC-POI |
n/a |
n/a |
n/a |
n/a |
|
AS (NOTE 5) |
IRI-POI |
n/a |
n/a |
IRI-POI |
n/a |
IRI-POI |
|
S-CSCF |
IRI-POI |
n/a |
n/a |
IRI-POI |
n/a |
IRI-POI |
|
MGCF |
CC-TF |
n/a |
n/a |
CC-TF |
n/a |
CC-TF |
|
IM-MGW |
CC-POI |
n/a |
n/a |
CC-POI |
n/a |
CC-POI |
|
IBCF (NOTE 5) |
IRI-POI |
IRI-POI |
IRI-POI |
IRI-POI |
IRI-POI |
I-IRI-POI |
|
IBCF |
CC-TF |
n/a |
CC-TF |
CC-TF |
n/a |
CC-TF |
|
TrGW |
CC-POI |
n/a |
CC-POI |
CC-POI |
n/a |
CC-POI |
|
LMISF-IRI |
n/a |
n/a |
n/a |
n/a |
IRI-POI |
n/a |
|
LMISF-CC |
n/a |
n/a |
n/a |
n/a |
CC-POI |
n/a |
NOTE 1: In tables G.5-3 and G.5-4, the use of the phrase non-roaming/roaming applies to the party communicating with the target non-local ID.
NOTE 2: The use of "n/a" in the above table implies that the LI function is not applicable to the NF for the indicated scenario.
NOTE 3: The LIPF is not aware of the above role played by the host NFs in providing the LI functions.
NOTE 4: MDF2, MDF3 and LI-LCS Client which are also involved in providing the LI functions are not shown in the tables above.
NOTE 5: Only when the interception of STIR/SHAKEN is required.
G.5.5.2.3 STIR/SHAKEN
When the target is non-local ID, the IRI-POI in AS is not provisioned for IMS-LI. The IRI-POI in IBCF is provisioned except for the case where the alternate option is deployed in the HPLMN for IMS LI (target non-local ID) and default option is used for IMS-LI in the VPLMN (target non-local ID).
The diagram shown in figure G.5-9A illustrates that when the interception of STIR/SHAKEN is required in the network, and the target Id is IMPU, and the target is non-local ID, the IBCF is provisioned even when the alternate option for IMS LI is used in the HPLMN and default option is used for IMS LI in the VPLMN.
The diagram shown in figure G.5-6A (clause G.5.4.1) illustrates the LI provisioning just from STIR/SHAKEN perspective. However, from an overall provisioning perspective for target non-local ID, it is embedded within the LIPF logic of IMS LI provisioning as illustrated in clause G.5.5.1.
Table G.5-5 shows the NFs that will have to provide the STIR/SHAKEN LI (signing) for various scenarios and table G.5-6 shows the NFs that will have to provide the STIR/SHAKEN LI (verification) for various scenarios.
The signing for STIR/SHAKEN happens in the HPLMN. In these tables the indicated scenarios are from the perspective of the party communicating with the target non-local ID.
Table G.5-5: Scope of NF domain in IMS providing the LI functions for STIR/SHAKEN (signing)
|
Scenario |
CSP choice AS |
CSP choice is IBCF |
|
|
RCD present |
AS |
AS |
|
|
Intra-CSP session |
n/a |
n/a |
|
|
Inter-CSP session |
Intra-CSP session signing/verification is required |
AS |
AS |
|
Intra-CSP session signing/verification not required |
AS |
IBCF |
|
Table G.5-6: Scope of NF domain in IMS providing the LI functions for STIR/SHAKEN (verification)
|
Scenario |
HPLMN |
VPLMN |
|||
|
CSP choice AS |
CSP choice is IBCF |
Default |
Alternate |
||
|
Inbound roaming with LBO |
n/a |
n/a |
P-CSCF |
IBCF |
|
|
Inbound roaming with Home-Routed |
n/a |
n/a |
LMISF-IRI |
LMISF-IRI |
|
|
Intra-CSP session |
n/a |
n/a |
n/a |
n/a |
|
|
Inter-CSP session |
Intra-CSP session signing/verification is required |
AS |
AS |
See NOTE |
See NOTE |
|
Intra-CSP session signing/verification not required |
AS |
IBCF |
See NOTE |
See NOTE |
|
NOTE: Same as in the rows for inbound roaming (LBO) and inbound roaming (HR).
The indicated CSP choice is applicable when the signing/verification of only inter-CSP session is required. The CSP choice for signing and verification need not be the same.