ETSI TS 122 031-2017 Digital cellular telecommunications system (Phase 2+) (GSM) Universal Mobile Telecommunications System (UMTS) LTE 3G Security Fraud Information Gathering Syste.pdf

1、 ETSI TS 122 031 V14.0.0 (2017-03) Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3G Security; Fraud Information Gathering System (FIGS); Service description; Stage 1 (3GPP TS 22.031 version 14.0.0 Release 14) TECHNICAL SPECIFICAT

2、ION ETSI ETSI TS 122 031 V14.0.0 (2017-03)13GPP TS 22.031 version 14.0.0 Release 14Reference RTS/TSGS-0322031ve00 Keywords GSM,LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C As

3、sociation but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or p

4、rint versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept

5、 on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.asp

6、x If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying

7、and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2017. All

8、 rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered

9、and owned by the GSM Association. ETSI ETSI TS 122 031 V14.0.0 (2017-03)23GPP TS 22.031 version 14.0.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is

10、 publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the

11、 ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be

12、, or may become, essential to the present document. Foreword The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross referen

13、ce between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in cla

14、use 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 122 031 V14.0.0 (2017-03)33GPP TS 22.031 version 14.0.0 Release 14Contents Intellectual Property Rights 2g3

15、Foreword . 2g3Modal verbs terminology 2g3Foreword . 4g31 Scope 5g32 Normative references . 5g33 Definitions and abbreviations . 5g33.1 Definitions 5g33.2 Abbreviations . 6g34 Fraud Information Gathering System high level requirements 6g34.1 Description . 6g34.2 Applicability . 6g34.3 Normal Procedur

16、e. 6g35 Service conditions 7g35.1 Control of monitoring of subscriber activities 7g35.2 Number of calls monitored by a VPLMN 7g35.3 Interworking with non-supporting networks 7g35.4 Information Delivery Time. 8g36 Monitored activity 8g37 Interface between HPLMN and FDS . 8g38 Security Requirements be

17、tween HPLMN and VPLMN 8g3Annex A (normative): Information transferred by the VPLMN . 9g3Annex B (normative): Message flow in FIGS monitoring, normal procedure . 10g3Annex C (informative): Change history . 11g3History 12g3ETSI ETSI TS 122 031 V14.0.0 (2017-03)43GPP TS 22.031 version 14.0.0 Release 14

18、Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document,

19、 it will be re-released by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control.

20、y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. ETSI ETSI TS 122 031 V14.0.0 (2017-03)53GPP TS 22.031 version 14.0.0 Release 14

21、1 Scope This Technical Specification specifies the stage 1 description of the Fraud Information Gathering System (FIGS) feature which provides the means for the HPLMN to monitor the activities of its subscribers in a VPLMN. The purpose of this network feature is to enable the HPLMN to monitor the ac

22、tivities of its subscribers while they are roaming. The VPLMN collects information about a defined set of activities on monitored subscribers and sends this information back to the HPLMN. This enables the HPLMN to clear certain types of calls and so stop fraudulent use of the GSM system. This specif

23、ication enables service providers/ network operators to use FIGS, and service limitation controls such as Operator Determined Barring (ODB) and Immediate Service Termination (IST), to limit their financial exposure to subscribers producing large unpaid bills. HPLMNs may also choose to monitor the ac

24、tivities of its subscribers within the HPLMN. 2 Normative references The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication, edition number, version number, etc

25、.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in th

26、e same Release as the present document. 1 GSM 01.04: “Digital cellular telecommunications system (Phase 2+); Abbreviations and acronyms“. 2 3GPP TS 42.033: “Digital cellular telecommunications system (Phase 2+); Lawful Interception - stage 1“. 3 Definitions and abbreviations 3.1 Definitions For the

27、purposes of this specification the following definitions apply: A subscriber: The calling mobile subscriber. B subscriber: The mobile subscriber originally called by the A subscriber. C subscriber: The subscriber to whom the B subscriber has requested that calls be forwarded. The C subscriber may be

28、 fixed or mobile. call: both connection-oriented and connectionless services/events. call information: information about a call. call reference: a reference number for a call that shall remain constant throughout the duration of that call and that shall be unique to that call and the switch on which

29、 the call was made for a period of at least one week. home network: The home PLMN including non-GSM elements such as the Fraud Detection System (FDS), customer service systems and billing. ETSI ETSI TS 122 031 V14.0.0 (2017-03)63GPP TS 22.031 version 14.0.0 Release 14monitored activities: subscriber

30、 activities that shall be reported to the HPLMN. These can be call related events (e.g. call-set-up, call termination) or the invocation of call related and call independent supplementary services (e.g. Call Hold, Call Waiting, Call Transfer, Call Forwarding, Unstructured Supplementary Service Data)

31、. 3.2 Abbreviations Abbreviations used in this specification are also listed in GSM 01.04. For the purposes of this specification the following abbreviations apply: FIGS Fraud Information Gathering System FDS Fraud Detection System IST Immediate Service Termination MO Mobile Originated MT Mobile Ter

32、minatedCGI Cell Global Identifier 4 Fraud Information Gathering System high level requirements 4.1 Description It shall be possible for the HPLMN to request the VPLMN to supply certain information about a subscriber from the time the subscriber registers in that VPLMN to the time the last of the mon

33、itored activities is finished in that VPLMN, which can be after the subscribers de-registration from the VPLMN. The information received by the HPLMN shall be passed to the relevant network or service providers and used to instruct the VPLMN to act in an appropriate way. Fraud information gathering

34、is controlled by the HPLMN and can be activated and deactivated by the HPLMN only. The information is received in the HPLMN and is forwarded to fraud detection and control systems. Such systems are out of the scope of this standard. The subscriber is specified by the IMSI or MSISDN. 4.2 Applicabilit

35、y This network feature applies to all subscribed Bearer Services and Teleservices and supplementary services of the subscriber. It is not possible to apply FIGS independently to individual Services. The HPLMN shall be able to specify whether it would like call information on MO calls, MT calls, or b

36、oth. 4.3 Normal Procedure The HPLMN shall be able to request a VPLMN to monitor a subscriber. See Annex A for the definition of the information to be sent for each call event. If the VPLMN cannot monitor the subscriber, it shall indicate this as a response to the FIGS request. The FDS will process t

37、his information and may then limit the activities of the subscriber using ODB or terminate the subscriber activities using IST, or may allow the subscriber to proceed. When the home network no longer wishes the subscriber to be monitored by the VPLMN it requests the VPLMN to stop monitoring the acti

38、vities of the subscriber. Figure B.1 shows the sequence of FIGS messages passed during a normal case. ETSI ETSI TS 122 031 V14.0.0 (2017-03)73GPP TS 22.031 version 14.0.0 Release 145 Service conditions 5.1 Control of monitoring of subscriber activities The HPLMN can request a VPLMN to begin monitori

39、ng the activities of a subscriber when the subscriber has registers on that VPLMN or at any time after registration. If the VPLMN is able to monitor a subscriber as requested it shall send a confirmation of monitoring message to the HPLMN. The HPLMN does not need to know the status of the target sub

40、scriber before initiation or subsequent termination of fraud information gathering. Fraud information cannot be switched on or off by the subscriber or other (unauthorised) party. Subscribers upon which fraud information gathering has been set shall not be able by interrogating the network to determ

41、ine that they are subject to fraud information gathering. Subscribers upon which fraud information gathering has been set shall not be able, for example by significant changes to normal call set up times, speech quality or general transmission characteristics, to determine that they are subject to f

42、raud information gathering. If the VPLMN receives a request to monitor the activities of a subscriber and an activity to be monitored is already ongoing it is not necessary for the VPLMN to send information on this particular activity to the HPLMN. If the VPLMN receives a request to cease monitoring

43、 the activities of a subscriber and an activity is already ongoing and being monitored, the VPLMN shall immediately cease sending information on this activity to the HPLMN. 5.2 Number of calls monitored by a VPLMN If the VPLMN has to monitor the activities of a large number of subscribers for FIGS t

44、his may degrade the performance of the VPLMN. Each VPLMN (in reality, each network entity involved in FIGS monitoring) will therefore have a maximum number of subscribers that it can monitor. If the number of monitored subscribers has reached this upper limit the VPLMN shall reject requests for moni

45、toring of subscribers from HPLMNs until the number of monitored subscribers decreases below the limit. Each VPLMN may have a limit per HPLMN on the number of subscribers from that HPLMN that it will monitor. When an HPLMN has requested a VPLMN to monitor a number of subscribers equal to the limit fo

46、r that HPLMN, the VPLMN can refuse any subsequent requests for FIGS monitoring from that PLMN, until the number of monitored subscribers drops below the limit. The principles behind the setting of these limits are outside the scope of this specification. In order to minimise the number of subscriber

47、s that a VPLMN has to monitor, the HPLMN should ideally limit itself to requesting information about subscribers monitored activities in: - the current VPLMN; - the last previously served VPLMN. 5.3 Interworking with non-supporting networks If the HPLMN does not receive a positive acknowledgement to

48、 the request for FIGS monitoring sent to a VPLMN, it shall assume that the VPLMN does not support FIGS. The HPLMN may then act as appropriate (e.g. put appropriate ODB categories in place). ETSI ETSI TS 122 031 V14.0.0 (2017-03)83GPP TS 22.031 version 14.0.0 Release 145.4 Information Delivery Time T

49、he need for up to date information is a critical part of any fraud information system. The sooner data is transferred to the HPLMN, the sooner fraud can be stopped. Therefore the prescribed information shall be transferred from the VPLMN network to the HPLMN within two minutes of the occurrence of a FIGS-monitored event, if real time implementations of FIGS are used. The information should be transferred from the VPLMN to the HPLMN over appropriate communication links. 6 Monitored activity The authorised party can request the VPLMN to monitor both call activity an