3G security3GPP43.033Lawful InterceptionRelease 13Stage 2TS

The following picture shows the extract from the reference configuration which is relevant for the invocation of the lawful interception.

Figure 11: Functional model for Lawful Interception invocation

The X0_2 and X0_3-interfaces represent the interfaces between the LEA and two delivery functions. Both interfaces are subject to national requirements. They are included for completeness, but are beyond the scope of standardization. The delivery functions are used:

– to convert the information on the X2-interface to the corresponding information on the X0_2-interface;

– to distribute the intercept related information to the relevant LEA(s) (based on IAs, if defined);

– to distribute the intercept product to the relevant LEA(s) (based on IAs, if defined).

In case a call is selected based on several identities (MSISDN, IMSI, IMEI) of the same target, the MSC/VLR or GMSC will deliver IP and IRI only once to the DF2 and DF3. DF2 and DF3 will then distribute the information to the relevant LEA that requested interception on a particular target identity.

For the delivery of the IP and IRI the MSC/VLR or GMSC provides correlation number and target identity to the DF2 and DF3 which is used there in order to select the different LEAs where the product shall be delivered to.

NOTE: If interception has been activated for both parties of the call both IP and IRI will be delivered for each party as separate intercept activity.

The location dependency check occurs at the establishment of each call. Subsequent dependency checks for simultaneous calls are not required, but can be a national option.

If a target is marked using an IA in the MSC/VLR, the MSC/VLR shall perform a location dependency check at call set-up. Only if the target’s location matches the IA the call is intercepted.

If a target is marked using an IA in the DF2, the DF2 shall perform a location dependency check at reception of the first IRI for the call. Only if the target’s location matches the IA for certain LEAs the IRI is relayed to these LEAs. All subsequent IRIs for the call are sent to the same LEAs.

If a target is marked using an IA in the DF3, the DF3 shall perform a location dependency check at reception of the IP. Only if the target’s location matches the IA for certain LEAs the IP is relayed to these LEAs.

Gateway intercept is not possible when optimal routing is employed.

6.1 Provision of Intercept Product – Circuit Switched

Depending on the existing possibilities within the MSC/VLR or GMSC the access method for the delivering of call content can be bridged/ T-connection (see figure 12) or looped access (see figure 13).

Figure 12: Bridged Access

Figure 13: Looped access

6.1.1 Void

6.1.2 Two stubline configuration (circuit switched data or speech) to LEA

Figure 16 shows the configuration for a circuit switched data call. The signals of both parties of the configuration to be intercepted are delivered separately to the requesting function. Again the requesting function itself has no impact on the connection between the subscribers. Optionally this configuration can be used for speech, too.

If in the MSC/VLR or GMSC it isn’t known if a call is a data or speech call, it will be assumed that it is a data call.

The two stublines towards the requesting function are established in parallel to the call set up. For both stublines the address is used which has been provided during activation.

For multi-monitoring the DF3 must be able combine the two stublines to one, if one of the different LEAs wants this.

NOTE: For data calls it is necessary to provide means for fast call establishment towards the LEA so that it doesn’t miss the beginning of the data transmission.

Figure 16: Two stubline configuration to the LEA for the interception of
a circuit switched data or speech call

6.1.3 X3-interface

The following information needs to be transferred from the MSC/VLR or the GMSC to the DF3 in order to allow the DF3 to perform its functionality:

– the identity of the target (MSISDN, IMSI or IMEI); note 1

– the target location (if available) or the IAs in case of location dependent interception. note 1

– correlation number (IRI <-> CC);

– signal indicator (direction indication – Signal from target or signal to target); note 2

NOTE 1: For DF3 internal use only.

NOTE 2: e.g. integer, CC from target = 1, CC from other party = 2.

Additional information may be provided if required by national laws.

6.2 Provision of Intercept Product – Short Message Service

Figure 17 shows an SMS transfer from the MSC to the LEA. Quasi-parallel to the delivery from / to the mobile subscriber a message, which contains the contents of the SMS, is generated and sent via the Delivery Function 2 to the LEA in the same way as the Intercept Related Information.

The IRI will be delivered to the LEA:

– for a SMS-MO, when the SMS-Centre receives the SMS;

– for a SMS-MT, when the MS receives the SMS.

Figure 17: Provision of Intercept Product – Short Message Service

6.3 Provision of Intercept Related Information

Intercept Related Information (Events) are necessary at the Begin and End of the call, for all supplementary services during a call and for information which are not call associated. There are call related events and non call related events

Figure 18 shows the transfer of intercept related information to the DF2. If an event for / from a mobile subscriber occurs, the MSC/VLR or GMSC sends the relevant data to the DF2.

Figure 18: Provision of Intercept Related Information

6.3.1 X2-interface

The following information needs to be transferred from the MSC/VLR or the GMSC to the DF2 in order to allow a DF2 to perform its functionality:

– identity of the target (MSISDN, IMSI or IMEI);

– the target location (if available) or the IAs in case of location dependent interception;

– events and associated parameters as defined in subclauses 6.3.3 and 6.3.4 may be provided.

6.3.2 Structure of the events

There are eight different events in which the information is sent to the DF2 if this is required. There are call related and non call related events. Details are described in following subclause. The events for interception are configurable (if the are sent to DF2) in the MSC/VLR or GMSC and can be suppressed in the DF2.

It is a implementation option if the redundant information will be sent for each further event.

The following events are applicable to the MSC/VLR:

Call related events:

– Call establishment;

– Answer;

– Supplementary service;

– Handover;

– Release.

Non call related events:

– SMS;

– Location update;

– Subscriber controlled input.

The following events are applicable to the GMSC:

Call related events:

– Call establishment;

– Answer;

– Supplementary service;

– Release.

A set of information is used to generate the events. The events transmit the information from MSC/VLR or GMSC to DF2. This set of information can be extended in MSC/VLR or GMSC, if this is necessary in a specific country. DF2 can extend this information if this is necessary in a specific country e.g. a unique number for each surveillance warrant.

6.3.3 Call Related events

6.3.3.1 Call establishment

For call establishment a call establishment-event is generated. At the begin of a call when the MSC/VLR or GMSC wants to reach the subscriber this event is generated. This information will be delivered to the DF2 if available:

6.3.3.2 Answer

If the called party answers, a answer- event is generated. This information will be delivered to the DF2 if available:

6.3.3.3 Supplementary Services

For supplementary services event are generated with the information which supplementary service is used e.g. Call Forwarding (CF), Call Waiting (CW), Explicit Call Transfer (ECT), Multi Party (MPTY), Call Hold and information correlated to the service like the forwarded to number. This information will be delivered to the DF2 if available:

6.3.3.4 Handover

For each handover a handover-event with the information about the new location (cell-id) is generated. This information will be delivered to the DF2 if available:

6.3.3.5 Release

For release of the observed call a release-event is generated, this is for the common (end) release of call and also for all failed call attempts, with the information about the reason for failed call attempts. This information will be delivered to the DF2 if available:

6.3.4 Non Call Related events

6.3.4.1 SMS

For MO-SMS the event is generated in the MSC/VLR, when the SMS-Centre successfully receives the SMS; for MT-SMS the event is generated in the MSC/VLR when the target receives the message. This information will be delivered to the DF2 if available:

6.3.4.2 Location update

For location updates a Location update-event is generated, with the new location (location area) information. This information will be delivered to the DF2 if available:

6.3.4.3 Subscriber Controlled Input (SCI)

For subscriber controlled inputs (e.g. this are activations, deactivations and changes of services) a SCI-event is generated with information about the SCI. This information will be delivered to the DF2 if available:

6.4 Intercept cases for supplementary services

6.4.1 Interception of Multiparty call

Figure 19: Option 1: Interception of Multiparty for IP

Figure 20: Option 2: Interception of Multiparty for IP

6.4.1.1 Intercept Product only for Multiparty

One correlation number for each leg of a call. Call Content is delivered like it is in figure 19 or in figure 20 if subscriber A is monitored.

If one of B, C or D is monitored, the surveillance of intercept product works like a ordinary telephony call.

6.4.1.2 Intercept Related Information for Multiparty

In the event is the information about B, C and D if subscriber A is monitored. If one of B, C or D is monitored in the events is only the information about A but not the other parties of the conference.

6.4.2 Interception for Call Forwarding / Call Deflection

Figure 21: Interception for Call Forwarding / Deflection

For delivery of the Intercept Product it doesn’t matter which of the three is monitored.

For Intercept Related Information it depends who is monitored:

– If subscriber A is monitored the number of A and B are mandatory in the event information and the number of C if available.

– If subscriber B is monitored the number of B and C are mandatory in the event information and the number of A if available.

– If subscriber C is monitored the number of C is mandatory in the event information and the number of A if available.

When optimal routing is employed, interception of call forwarding by party B may be unavailable.

6.4.3 Interception on Call Hold / Call Waiting

For interception on call hold it depends which method is used, if it is like in figure 19 no interception on call hold is possible, with the method like in figure 20 it is also possible to hear what the subscriber on hold is talking.

6.4.4 Interception after ECT

For interception on Explicit Call Transfer (ECT) it depends which method is used, if it is like in figure 19 no interception on call hold is possible, with the method like in figure 20 it is also possible to hear what the subscriber on hold is talking. The explicit transfer is handled similar to a forwarded call.