B.3 Invocation of Lawful Interception

03.333G security3GPPLawful InterceptionStage 2TS

The following picture shows the extract from the reference configuration which is relevant for the invocation of the lawful interception.

Figure B11: Functional model for GPRS Lawful Interception invocation

The X0_2 and X0_3-interfaces represent the interfaces between the LEA and two delivery functions. Both interfaces are subject to national requirements. They are included for completeness, but are beyond the scope of the present document . The delivery functions are used:

– to convert the information on the X2p-interface to the corresponding information on the X0_2-interface;

– to distribute the intercept related information to the relevant LEA(s);

– to distribute the intercept product to the relevant LEA(s).

In case a packet data communication is selected based on several identities (MSISDN, IMSI, IMEI, ,) of the same target, the SGSN or GGSN will deliver IP and IRI only once to the DF2P and DF3P. DF2P and DF3P will then distribute the information to the relevant LEA that requested interception on a particular target identity.

For the delivery of the IP and IRI the SGSN or GGSN provides correlation number and target identity to the DF2P and DF3P which is used there in order to select the different LEAs where the product shall be delivered to.

The correlation number is unique in the whole PLMN and is used to correlate IP with IRI and the different IRI’s of one PDP context.

The correlation number shall be generated by using existing parameters related to the PDP context.

NOTE: If interception has been activated for both parties of the packet data communication both IP and IRI will be delivered for each party as separate intercept activity.

In case of location dependent interception :

– for each target, the location dependency check occurs at each packet data session establishment or release and at each cell and/or RA update to determine permanently the relevant IAs (and deduce, the possible LEAs within these IAs),

– concerning the IRI:

– when an IA is left, a GPRS detach event is sent when changing SGSNs or a cell and/or RA update event is sent when changing IAs inside the same SGSN to DF2P.

– when a new IA is entered a cell and/or RA update event is sent to DF2P and, optionally, a Start of Interception with Active PDP Context event for each PDP context

– concerning the IP, when crossing IAs, the IP is not sent anymore to the DF3P of the old IA but sent to the DF3P of the new IA.

B.3.1 Provision of Intercept Product – GPRS

The access method for the delivering of GPRS Intercept Product is based on duplication of packets without modification at GSN The duplicated packets with additional information in the header are sent to DF3P for further delivery via a tunnel.

Figure B12: Configuration for interception of GPRS product data

B.3.1.1 X3p-interface

The following information needs to be transferred from the GSN to the DF3P in order to allow the DF3P to perform its functionality:

– the identity of the target;

– correlation number;

– the target location (if available) or the IAs in case of location dependent interception.

Additional information may be provided as a national option.

B.3.2 Provision of Intercept Product – Short Message Service

Figure B13 shows an SMS transfer from the SGSN to the LEA. Quasi-parallel to the delivery from / to the mobile subscriber a message, which contains the contents of the SMS, is generated and sent via the Delivery Function 2P to the LEA in the same way as the Intercept Related Information.

The IRI will be delivered to the LEA:

– for a SMS-MO, when the SMS-Centre receives the SMS;

– for a SMS-MT, when the MS receives the SMS.

Figure B13: Provision of Intercept Product – Short Message Service

B.3.3 Provision of Intercept Related Information

Intercept Related Information (Events) are necessary at the GPRS Attach, GPRS Detach, PDP Context Activation, Start of intercept with PDP context active, PDP Context Deactivation, Cell and/or RA update, and SMS events.

Figure B14 shows the transfer of intercept related information to the DF2P. If an event for / from a mobile subscriber occurs, the GSN sends the relevant data to the DF2P.

Figure B14: Provision of Intercept Related Information

B.3.3.1 X2p-interface

The following information needs to be transferred from the GSN to the DF2P in order to allow a DF2P to perform its functionality:

– identity of the target (MSISDN, IMSI, IMEI);

– events and associated parameters as defined in section B.3.3.2 and B.3.3.3 may be provided;

– the target location (if available) or the IAs in case of location dependent interception.

B.3.3.2 Structure of the events

There are seven different events in which the information is sent to the DF2P if this is required. Details are described in following section. The events for interception are configurable (if they are sent to DF2P) in the SGSN or GGSN and can be suppressed in the DF2P.

The following events are applicable to SGSN:

  • GPRS attach;
  • GPRS detach;
  • PDP context activation;
  • Start of intercept with PDP context active;
  • PDP context deactivation;
  • Cell and /or RA update;
  • SMS.

NOTE: GGSN interception is a national option

The following events are applicable to GGSN:

  • PDP context activation ;
  • PDP context deactivation ;
  • Start of interception with PDP context active.

A set of fields as shown below is used to generate the events. The events transmit the information from GSN to DF2P. This set of fields as shown below can be extended in the GSN, if this is necessary as a national option. DF2P can extend this information if this is necessary as a national option e.g. a unique number for each surveillance warrant.

observed MSISDN

MSISDN of the target subscriber (monitored subscriber)

observed IMSI

IMSI of the target subscriber (monitored subscriber)

observed IMEI

IMEI of the target subscriber (monitored subscriber),it must be checked for each activation over the radio interface.

event type

Description which type of event is delivered: PDP attach, PDP detach, PDP context activation, Start of intercept with PDP context active, PDP context deactivation, SMS, Cell and/or RA update,

event date

Date of the event generation in the GSN

event time

Time of the event generation in the GSN

PDP address

The PDP address of the target subscriber. Note that this address might be dynamic.

Access Point Name

The APN of the access point.

Routing Area Code

The routing area code of the target defines the RA in a PLMN.

PDP Type

The used PDP type.

Correlation Number

The correlation number is used to correlate IP and IRI.

SMS

The SMS content with header which is sent with the SMS-service. The header also includes the SMS-Centre address.

CGI

Cell Global Identity

Failed attach reason

Reason for failed attach of the target subscriber.

Failed context activation reason

Reason for failed context activation of the target subscriber.

IAs

The observed Interception Areas

B.3.3.3 GPRS related events

B.3.3.3.1 GPRS attach

For attach an attach-event is generated. When an attach activation is generated from the mobile to SGSN this event is generated. These fields will be delivered to the DF2P if available:

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

CGI

Routing area code

Failed attach reason

IAs (if applicable)

B.3.3.3.2 GPRS detach

For detach a detach-event is generated, this is for the common (end) detach. These fields will be delivered to the DF2P if available:

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

CGI

Routing Area code

IAs (if applicable)

B.3.3.3.3 GPRS PDP context activation

For PDP context activation a PDP context activation-event is generated. When a PDP context activation is generated from the mobile to GSN this event is generated. These fields will be delivered to the DF2P if available:

Observed MSISDN

Observed IMSI

Observed IMEI

PDP address of observed party

Event Type

Event Time

Event Date

Correlation number

Access Point Name

PDP Type

CGI

Routing area code

Failed context activation reason

IAs (if applicable)

B.3.3.3.4 Start of interception with PDP context active

This event will be generated if interception for a target is started and if the target has at least one PDP context active. If more then one PDP context are open for each of them an event record is generated. These fields will be delivered to the DF2P if available:

Observed MSISDN

Observed IMSI

Observed IMEI

PDP address of observed party

Event Type

Event Time

Event Date

Correlation number

Access Point Name

PDP Type

CGI

Routing area code

IAs (if applicable)

B.3.3.3.5 GPRS PDP context deactivation

At PDP context deactivation a PDP context deactivation-event is generated. These fields will be delivered to the DF2P if available:

Observed MSISDN

Observed IMSI

Observed IMEI

PDP address of observed party

Event Type

Event Time

Event Date

Correlation number

Access point name

CGI

Routing area code

IAs (if applicable)

B.3.3.3.6 Cell and/or RA update

For each cell and/or RA update an update-event with the fields about the new location is generated. These fields will be delivered to the DF2P if available:

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

CGI

Routing area code

IAs (if applicable)

B.3.3.3.7 SMS

For MO-SMS the event is generated in the SGSN, when the SMS-Centre successfully receives the SMS; for MT-SMS the event is generated in the SGSN when the target receives the message. This fields will be delivered to the DF2P if available:

Observed MSISDN

Observed IMSI

Observed IMEI

Event Type

Event Time

Event Date

CGI

Routing area code

SMS

IAs (if applicable)

B.3.4 Intercept cases for supplementary services

Supplementary services may be used with GPRS. However they are not standardised and therefore Lawful Interception interwork cases can not be defined.