Content for TS 33.127 Word version: 18.8.0

0… 5… 5.4… 5.6… 5.7… 6… 6.2.2… 6.2.3… 6.2.5… 6.3… 6.3.3… 6.3.4… 6.4… 7… 7.3… 7.4… 7.4.7… 7.5… 7.6… 7.7… 7.8… 7.9… 7.10… 7.11… 7.12… 7.13… 7.14… 7.15… 7.16… 8… A… A.2… A.3… A.4… B… D… E…

3.1 Definitions 3.2 Symbols 3.3 Abbreviations
...

0 Introduction p. 12

The present document has been produced by the 3GPP TSG SA to standardise Lawful Interception of telecommunications. The present document specifies the architecture and functions required to support Lawful Interception in 3GPP networks. Lawful Interception shall always be done in accordance with the applicable national or regional laws and technical regulations. Such national laws and regulations define the extent to which functional capabilities in the present document are applicable in specific jurisdictions.

1 Scope p. 13

The present document specifies both the architectural and functional system requirements for Lawful Interception (LI) in 3GPP networks. The present document provides an LI architecture supporting both network layer based and service layer based Interception.

National regulations determine the specific set of LI functional capabilities that are applicable to a specific 3GPP operator deployment.

2 References p. 13

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]

TR 21.905: "Vocabulary for 3GPP Specifications".

[2]

TS 23.501: "System Architecture for the 5G System".

[3]

TS 33.126: "Lawful interception requirements".

[4]

TS 23.502: "Procedures for the 5G System; Stage 2".

[5]

TS 23.271: "Functional stage 2 description of Location Services (LCS)".

[6]

OMA-TS-MLP-V3_5-20181211-C: "Open Mobile Alliance; Mobile Location Protocol, Candidate Version 3.5", https://www.openmobilealliance.org/release/MLS/V1_4-20181211-C/OMA-TS-MLP-V3_5-20181211-C.pdf".

[7]

ETSI TS 103 120: "Lawful Interception (LI); Interface for warrant information".

[8]

ETSI TS 103 221-1: "Lawful Interception (LI); Internal Network Interfaces; Part 1: X1 ".

[9]

TS 33.501: "Security Architecture and Procedures for the 5G System".

[10]

ETSI GR NFV-SEC 011: "Network Functions Virtualisation (NFV); Security; Report on NFV LI Architecture".

[11]

TS 33.107: "3G Security; Lawful interception architecture and functions".

[12]

TS 23.214: "Architecture enhancements for control and user plane separation of EPC nodes; Stage 2".

[13]

TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2".

[14]

TS 38.413: "NG-RAN; NG Application Protocol (NGAP)".

[15]

TS 33.128: "Protocol and Procedures for Lawful Interception; Stage 3".

[16]

ETSI TS 103 221-2: " Lawful Interception (LI); Internal Network Interfaces; Part 2: X2/X3".

[17]

MMS Architecture OMA-AD-MMS-V1_3-20110913-A.

[18]

Multimedia Messaging Service Encapsulation Protocol OMA-TS-MMS_ENC-V1_3-20110913-A.

[19]

TS 22.140: "Multimedia Messaging Service (MMS); Stage 1".

[20]

ETSI GS NFV-IFA 026: "Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Architecture enhancement for Security Management Specification".

[21]

TS 33.108: "Handover Interface for Lawful Interception (LI)".

[22]

TS 23.401: "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access".

[23]

TS 23.402: "Architecture enhancements for non-3GPP accesses".

[24]

TS 23.280: "Common functional architecture to support mission critical services; Stage 2".

[25]

OMA-AD-PoC-V2_1-20110802-A: "Push to talk over Cellular (PoC) Architecture".

[26]

GSMA IR.92: "IMS Profile for Voice and SMS".

[27]

GSMA NG.114: "IMS Profile for Voice, Video and Messaging over 5GS".

[28]

TS 24.147: "Conferencing using the IP Multimedia (IM) Core Network (CN) subsystem; Stage 3".

[29]

ETSI GS NFV-SEC 012: "Network Functions Virtualisation (NFV) Release 3; Security; System architecture specification for execution of sensitive NFV components".

[30]

TS 23.273: "5G System (5GS) Location Services (LCS); Stage 2".

[31]

TS 29.522: "5G System; Network Exposure Function Northbound APIs; Stage3".

[32]

TS 29.122: "T8 reference point for Northbound APIs".

[33]

TS 23.682: "Architecture enhancements to facilitate communications with packet data networks and applications".

[34]

OMA-AD-CPM-V2_2-20170926-C: "Open Mobile Alliance, OMA Converged IP Messaging System Description", http://www.openmobilealliance.org/release/CPM/V2_2-20200907-C/OMA-AD-CPM-V2_2-20170926-C.pdf.

[35]

GSMA RCC.07: "Rich Communication Suite - Advanced Communications Services and Client Specification".

[36]

RFC 4975: "The Message Session Relay Protocol (MSRP)".

[37]

RFC 6714: "Connection Establishment for Media Anchoring (CEMA) for the Message Session Relay Protocol (MSRP)".

[38]

RFC 3862: "Common Presence and Instant Messaging (CPIM): Message Format".

[39]

TS 24.229: "IP Multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3".

[40]

RFC 8224: "Authenticated Identity Management in the Session Initiation Protocol (SIP)".

[41]

RFC 8946: "Personal Assertion Token (PASSporT) Extension for Diverted Calls".

[42]

draft-ietf-stir-passport-rcd-26: "PASSporT Extension for Rich Call Data".

[43]

RFC 7095: "jCard: The JSON Format for vCard".

[44]

TS 24.196: "Enhanced Calling Name (eCNAM)".

[45]

RFC 8816: "Secure Telephone Identity Revisited (STIR) Out-of-Band Architecture and Use Cases".

[46]

RFC 9475: "Messaging Use Cases and Extensions for Secure Telephone Identity Revisited (STIR)".

[47]

TS 33.535: "Authentication and Key Management for Applications (AKMA) based on 3GPP credentials in the 5G System (5GS)".

[48]

TS 33.220: "Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA)".

[49]

TS 33.222: "Generic Authentication Architecture (GAA); Access to network application functions using Hypertext Transfer Protocol over Transport Layer Security (HTTPS)".

[50]

TS 23.040: "Technical realization of the Short Message Service (SMS)".

[51]

TS 23.558: "Architecture for enabling Edge Applications".

[52]

TS 29.518: "5G System; Access and Mobility Management Services; Stage 3".

[53]

TS 26.501: "5G Media Streaming (5GMS); General description and architecture".

[54]

TS 29.272: "Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol".

[55]

TS 23.288: "Architecture enhancements for 5G System (5GS) to support network data analytics services".

3 Definitions, symbols and abbreviations p. 15

3.1 Definitions p. 15

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

Content of Communication (CC):

The content of communication as forwarded from the Mediation and Delivery Function 3 (over the LI_HI3 interface) to the Law Enforcement Monitoring Facility.

Control Plane (CP) Entity:

The network elements or network functions responsible for handling the Control Plane Functions. These include the SGW and PGW in EPS without CUPS, the SGW-C and PGW-C in EPS with CUPS and the SMF in 5GS.

CUPS:

As defined in TS 23.214, represents PLMN with architecture enhancements for control and user plane separation of EPC nodes.

Intercept Related Information (IRI):

The intercept related information as forwarded from the Mediation and Delivery Function 2 (over the LI_HI2 interface) to the Law Enforcement Monitoring Facility.

IRI event:

The network procedure or event that created an xIRI in the Point Of Interception.

LI component:

The function and equipment involved in handling the Lawful Interception functionality in the CSP's network.

Lawful Interception Identifier (LIID):

Unique identifier that associates a warrant to Lawful Interception Product delivered by the CSP to the LEA.

LI system:

The collection of all LI components involved in handling the Lawful Interception functionality in the CSP's network.

Non-3GPP Access Entity (N3A Entity):

The network functions responsible for interworking between 3GPP Core Network Functions and Non-3GPP access networks. These include TWIF, TNGF, N3IWF and W-AGF.

Non-local ID:

An identity assigned and managed at a different CSP than the CSP performing LI.

Provisioning:

The action taken by the CSP to provide its Lawful Interception functions information that identifies the target and the specific communication services of interest to the LEA, sourced from the LEA provided warrant.

Triggering:

The action taken by a dedicated function (Triggering Function) to provide another dedicated function (Triggered POI), that Provisioning could not directly be applied to, with information that identifies the specific target communication to be intercepted.

User Plane (UP) Entity:

The network elements or network functions responsible for handling the User Plane Functions. These include the SGW and PGW in EPS without CUPS, the SGW-U and PGW-U in EPS with CUPS and the UPF in 5GS.

Warrant:

The formal mechanism to require Lawful Interception from a LEA served to the CSP on a single target identifier. Depending on jurisdiction also known as: intercept request, intercept order, lawful order, court order, lawful order or judicial order (in association with supporting legislation).

xCC:

The content of communication as forwarded from the Point Of Interception (over the LI_X3) interface to the Mediation and Delivery Function 3.

xIRI:

The intercept related information as forwarded from the Point Of Interception (over the LI_X2) interface to the Mediation and Delivery Function 2.

3.2 Symbols p. 16

Void

3.3 Abbreviations p. 16

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.

5GC

5G Core Network

5GMS

5G Media Streaming

5GS

5G System

AAnF

AKMA Anchor Function

Application Client

ACR

Application Context Relocation

ADMF

LI Administration Function

Application Function

AF_ID

Application Function Identity

AKA

Authentication and Key Agreement

A-KID

AKMA Key IDentifier

AKMA

Authentication and Key Management for Applications

AMF

Access and Mobility Management Function

Application Server

AUSF

Authentication Server Function

BBIFF

Bearer Binding Intercept and Forward Function

BSS

Business Support System

CAG

Closed Access Group

Content of Communication

Control Plane

CPIM

Common Presence and Instant Messaging

CPS

Call Placement Service

CSI

Cell Supplemental Information

CSP

Communication Service Provider

CSR

Cell Site Report

CUPS

Control and User Plane Separation

Data Network

DNAI

Data Network Access Identifier

DoNAS

Data over NAS

EAP

Extensible Authentication Protocol

EAS

Edge Application Server

ECGI

E-UTRAN Cell Global Identifier

eCNAM

Enhanced Calling Name

ECSP

Edge Computing Service Provider

E-CSCF

Emergency - Call Session Control Function

EDN

Edge Data Network

EEC

Edge Enabler Client

EECID

Edge Enabler Client IDentifier

EES

Edge Enabler Server

GPSI

Generic Public Subscription Identifier

HMEE

Hardware Mediated Execution Enclave

Home Routed

IBCF

Interconnection Border Control Functions

ICF

Identity Caching Function

IEF

Identity Event Function

IMS-AGW

IMS Access Gateway

IM-MGW

IM Media Gateway

Interception Product

IQF

Identity Query Function

IRI

Intercept Related Information

K_AF

AKMA Application Key

K_AKMA

AKMA Anchor Key

KID

Key IDentifier

K_LI

Decryption key(s) for services encrypted by CSP-provided keys

KSF

Key Server Function

LAF

Location Acquisition Function

LALS

Lawful Access Location Services

LARF

Location Acquisition Requesting Function

LBO

Local Break Out

LEA

Law Enforcement Agency

LEMF

Law Enforcement Monitoring Facility

Lawful Interception

LI CA

Lawful Interception Certificate Authority

LICF

Lawful Interception Control Function

LI_HI1

Lawful Interception Handover Interface 1

LI_HI2

Lawful Interception Handover Interface 2

LI_HI3

Lawful Interception Handover Interface 3

LI_HI4

Lawful Interception Handover Interface 4

LI_HILA

Lawful Interception Handover Interface Location Acquisition

LI_HIQR

Lawful Interception Handover Interface Query Response

LIID

Lawful Interception Identifier

LIPF

Lawful Interception Provisioning Function

LIR

Location Immediate Request

LI_SI

Lawful Interception System Information Interface

LISSF

Lawful Interception State Storage Function

LI_ST

Lawful Interception State Transfer Interface

LI_T1

Lawful Interception Internal Triggering Interface 1

LI_T2

Lawful Interception Internal Triggering Interface 2

LI_T3

Lawful Interception Internal Triggering Interface 3

LI_X0

Lawful Interception Internal Interface 0

LI_X1

Lawful Interception Internal Interface 1

LI_X2

Lawful Interception Internal Interface 2

LI_X2_LA

Lawful Interception Internal Interface 2 Location Acquisition

LI_X3

Lawful Interception Internal Interface 3

LI_X3A

Lawful Interception Internal Interface 3 Aggregator

LI_XEM1

Lawful Interception Internal Interface Event Management Interface 1

LI_XER

Lawful Interception Internal Interface Event Record

LI_XLA

Lawful Interception Internal Interface Location Acquisition

LI_XQR

Lawful Interception Internal Interface Query Response

LMF

Location Management Function

LMISF

LI Mirror IMS State Function

LMISF-CC

LMISF for the handling of CC

LMISF-IRI

LMISF for the handling of IRI

LTF

Location Triggering Function

Multi-Access

MANO

Management and Orchestration

MDF

Mediation and Delivery Function

MDF2

Mediation and Delivery Function 2

MDF3

Mediation and Delivery Function 3

MRFP

Multimedia Resource Function Processor

MSRP

Message Session Relay Protocol

N3A

Non-3GPP Access

N3IWF

Non 3GPP Inter Working Function

N9HR

N9 Home Routed

NAS

Non-Access Stratum

NCGI

NR Cell Global Identity

NEF

Network Exposure Function

NFV

Network Function Virtualisation

NFVI

Network Function Virtualisation Infrastructure

NFVO

Network Function Virtualisation Orchestrator

NIDD

Non-IP Data Delivery

NPLI

Network Provided Location Information

New Radio

NRF

Network Repository Function

NSSF

Network Slice Selection Function

NWDAF

Network Data Analytics Function

OSS

Operations Support System

PAG

POI Aggregator

PCF

Policy Control Function

P-CSCF

Proxy - Call Session Control Function

PEI

Permanent Equipment Identifier

PGW

PDN Gateway

PGW-C

PDN Gateway Control Plane

PGW-U

PDN Gateway User Plane

POI

Point Of Interception

PLMN

Public Land Mobile Network

PTC

Push to Talk over Cellular

RCD

Rich Call Data

RCS

Rich Communication Suite

S8HR

S8 Home Routed

SCEF

Service Capability Exposure Function

SCS

Service Capability Server

SGW

Serving Gateway

SGW-C

Serving Gateway Control Plane

SGW-U

Serving Gateway User Plane

SHAKEN

Signature-based Handling of Asserted information using toKENs

SIRF

System Information Retrieval Function

S-CSCF

Serving - Call Session Control Function

SIP

Session Initiation Protocol

SMF

Session Management Function

SMSF

SMS-Function

STF

Security Terminating Function

STIR

Secure Telephony Identity Revisited

SUCI

Subscriber Concealed Identifier

SUPI

Subscriber Permanent Identifier

TAI

Tracking Area Identity

Triggering Function

TLS

Transport Layer Security

TNGF

Trusted Non-3GPP Gateway Function

TrGW

Transit Gateway

TWIF

Trusted WLAN Interworking Function

UDM

Unified Data Management

UDR

Unified Data Repository

UDSF

Unstructured Data Storage Function

UPF

User Plane Function

VNF

Virtual Network Function

VNFC

Virtual Network Function Component

W-AFG

Wireline Access Gateway Function

xCC

LI_X3 Content of Communication

xIRI

LI_X2 Intercept Related Information

4 Requirements realisation p. 19

The LI architecture set out in the present document is designed to allow CSP deployments to meet the set of LI requirements described in TS 33.126 that are determined to be applicable by the relevant national regulation for that deployment. For more details on the relationship between LI requirements and national legislation, see clause 4 of TS 33.126.

A CSP may deploy different network technologies or services considered in the present document. A CSP should consider each of these network technologies or services separately with respect to the present document, bearing in mind that a different subset of LI requirements may apply according to relevant national legislation, and that a warrant may require the CSP to intercept multiple network technologies or services.