ATIS 1000031-2010 Implementation Guidelines for ATIS-1000013 2007 Lawfully Authorized Electronic Surveillance (LAES) for Internet Access and Services.pdf

1、 TECHNICAL REPORT ATIS-1000031 IMPLEMENTATION GUIDELINES FOR ATIS-1000013.2007, LAWFULLY AUTHORIZED ELECTRONIC SURVEILLANCE (LAES) FOR INTERNET ACCESS AND SERVICES ATIS is the leading technical planning and standards development organization committed to the rapid development of global, market-drive

2、n standards for the information, entertainment and communications industry. More than 250 companies actively formulate standards in ATIS 18 Committees, covering issues including: IPTV, Service Oriented Networks, Energy Efficiency, IP-Based and Wireless Technologies, Quality of Service, and Billing a

3、nd Operational Support. In addition, numerous Incubators, Focus and Exploratory Groups address emerging industry priorities including “Green”, IP Downloadable Security, Next Generation Carrier Interconnect, IPv6 and Convergence. ATIS is the North American Organizational Partner for the 3rd Generatio

4、n Partnership Project (3GPP), a member and major U.S. contributor to the International Telecommunication Union (ITU) Radio and Telecommunications Sectors, and a member of the Inter-American Telecommunication Commission (CITEL). For more information, please visit . Notice of Disclaimer hyphen (-); un

5、derscore (_); and period (.). Note that the case identity is assigned by the LEA with coordination between the LEA and the IASP. 5.3 Security and Integrity Mechanisms for meeting the Security and Integrity requirements of Ref 1 and Ref 2 include the following: Private leased lines with appropriate b

6、andwidth; Frame relay and ATM PVCs with appropriate bandwidth; BGP/MPLS IP provider provisioned Virtual Private Network (VPN) with appropriate bandwidth Ref 3; Layer 2 provider provisioned VPNs with appropriate bandwidth Ref 4; The buffering mechanism described in ATIS-1000021 Ref 5; IPsec security

7、protocols (i.e., from the DF to the CF) Ref 6; and Transport Layer Security (TLS) Ref 7. NOTE: One or more of these mechanisms may be used to provide security and integrity. Other mechanisms that are based upon standard protocols may also be used. The IASP and the LEA need to negotiate and agree on

8、the mechanism(s) to be used. 5.4 Location Information Location information in the access messages and packet-data messages is intended to provide information about the subjects current location when reasonably available and when lawfully authorized. When not lawfully authorized, the optional Locatio

9、n field in the messages should be omitted. When lawfully authorized but unknown (i.e., location is unknown or not reasonably available), the location-type subfield in the ASN.1 Location should be set to the string value “Unknown”. ATIS-1000031 6 5.5 Access Signaling Message Report Although the Acces

10、s Signaling Message Report may be used in lieu of the other access messages, it is preferable to the LEA to generate the access messages when possible. The Access Signaling Message Report may also be used to supplement the access messages by reporting access-related information that does not map to

11、the other access messages. 5.6 Handling of Tunneled Packets There are a variety of circumstances and protocols where the intercept subjects packets are tunneled by the IASP (i.e., encapsulated within a packet that typically has different IP addresses). For an IASPs tunnel carrying an intercept subje

12、cts packets, if the endpoint of that tunnel is in the IASPs network, interception shall be performed on the subjects packets. 5.7 Redundant CACmII Reporting When the lawful authorization includes CmC, the content packets including the IP packet headers are delivered to the LEA, and the information contained in CACmII (i.e., the Packet Data Header Reports and Packet Data Summary Reports) is redundant. In this case, it is recommended not to deliver CACmII.