A-party: B-Party: C-Party: Network related data: Product: RF: Target: WAN:

In addition to those mentioned below, abbreviations used in this report are listed in GSM 01.04. CGI FTAM GSM HLR IMEI IMSI ISDN LEA MoU MoU-SG MS MSC MSISDN PLMN PSTN RF SMG SMG-SG SMS SS SS7 UDI WAN

Previous MoU-SG specification SG09 has defined the interception of GSM in general terms. This report will define the X-interface to the Public Lands Mobile Network (PLMN) to support interception.

This report describes the interface to the PLMN, defined as the X-interface. The interface is illustrated in Figure 1. The X-interface is between the Requesting Function (RF) and the PLMN. It is divided into three logical parts:

1. The X1-interface is used to present commands to the PLMN, from an administration centre. This interface is part of the switch management capability, usually over an X.25 interface or Wide Area Network (WAN).
2. The X2-interface receives "Network related data" from the Mobile-services Switching Centre (MSC), in switch management or file output format, probably over an X.25 network or WAN. Alternatively, it may be sent in combination with the ISDN product in the X3-interface described below.
3. The X3-interface receives "Product" (mobile user's speech and data) from the MSC. It is contained within one or more 64 kbit/s channels.

The objective of the X-interface is to allow a standard to be created so that a PLMN consisting of MSCs from different manufacturers may be combined. Although the X1-interface commands may be slightly different for each manufacturer, it should be possible to create a single intelligent system to manage the interface at a low cost, capable of managing all different manufacturers implementations. Similarly, the outputs defined in the X2 and X3 parts of the X-interface should be capable of processing by the same "Requesting Function".

The PLMN network should provide access to the "Product" and the "Network related data" of the mobile targets by means of the X-interface. As a minimum requirement the target should be identifiable by the Mobile Station International ISDN Number(s) (MSISDN(s)). There should be provision for unambiguous connection of the "Product" and the "Network related data" to the remote Requesting Functions (RFs). A secure means of administration of the service should be available to the PLMN operator and/or appropriate requesting functions in accordance with national laws.

The following minimum capabilities are required:

• it will be possible to support as "Product": speech, user data, fax and SMS, from the interception function;
• roamers from other PLMNs may also be targets;
• mobile originating, mobile terminating, and diversion or multiparty calls will be capable of interception;
• location information.

The interception function shall not alter the operation of a target's service or provide indication to any party involved in the call. Output product should be in "clear" form - no GSM radio interface or PLMN generated radio interface encoding or encryption is present (the PLMN cannot remove subscriber encryption). The service should not alter the standard functions of GSM network elements. The "Product" and the "Network related data" shall be delivered as near as possible to the time the call is made.

Data to be stored for target mobile station:

• MSISDN, or optionally the International Mobile Subscriber Identity (IMSI);
• Connection address for the Requesting Function (RF);
• Type of output:
  • "Product" or "Network related data" or both.

The following basic target administration functions are to be supported: ADD

• flag a target by MSISDN, or optionally IMSI;
• X2 delivery address, e.g. X.25 or WAN address;
• X3 "Product" delivery address, E.164 address;
• select "Network related data" alone, or "Network related data" and "Product".

REMOVE

• de-flag a target.

SHOW

• list one or more targeted MSISDNs.

The "Product" of the target and connected parties will be additionally connected to an output port of the MSC (for example by means of a three party bridge) which routes the "Product" to an RF, possibly via an optional mediation device. The mediation device provides interface conversion (if necessary) between the PLMN X2- and X3-interfaces and the RF. Different RFs may require the same information. The mediation device may simultaneously provide multiple output of "Product" and "Network related data" regarding one MSISDN to more than one RF. No information should be passed to the RF about which other RFs are using the information. Some types of call may require multiple links to the RF, for example Unrestricted Digital Interface (UDI) data services, and optionally in-band data (3.1 kHz) services.

A secure means of administrating the service by the PLMN operator and/or requesting function is necessary. This mechanism should provide for the addition and removal of subscribers from the marked list by authorised personnel, and a show marked MSISDNs command. Access should be policed by appropriate authentication and audit procedures.

This aspect of the service is not addressed by this report. It is a matter of discussion between relevant authorities and the PLMN operator as to responsibilities for the provision of the mediation device, and the means of handling product at the RF.

A GPRS subscriber identified by an IMSI (or an MSISDN) shall have a network layer address(es) temporarily and/or permanently associated with it that conforms to the standard addressing scheme of the respective network layer service used. GPRS shall provide a means to interwork with external data networks. The GPRS operator provides an appropriate Packet Data Protocol (PDP) address to the external data network for the subscriber as part of the GPRS subscription. That address can be either dynamic (e.g. the user's IP address is allocated from a pool of unused IP addresses every time the subscriber activates the access to an IP network) or static (e.g. a certain IP address is permanently allocated to a particular subscriber).