1、 ATIS-0700017 ATIS Standard on - NORTH AMERICAN CHANGES TO THE ATIS TRANSPOSED SPECIFICATIONS ON 3GPPTMRELEASE 6 LAWFUL INTERCEPTION As a leading technology and solutions development organization, the Alliance for Telecommunications Industry Solutions (ATIS) brings together the top global ICT compan
2、ies to advance the industrys most pressing business priorities. ATIS nearly 200 member companies are currently working to address the All-IP transition, network functions virtualization, big data analytics, cloud services, device solutions, emergency services, M2M, cyber security, network evolution,
3、 quality of service, billing support, operations, and much more. These priorities follow a fast-track development lifecycle from design and innovation through standards, specifications, requirements, business use cases, software toolkits, open source solutions, and interoperability testing. ATIS is
4、accredited by the American National Standards Institute (ANSI). The organization is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a founding Partner of the oneM2M global initiative, a member of and major U.S. contributor to the International Telecommuni
5、cation Union (ITU), as well as a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit www.atis.org. Notice of Disclaimer 3G security; Lawful Interception requirements.22 ATIS.3GPP.33.107V640-2005, Technical Specification Group Services and System Aspects; 3G
6、 security; Lawful interception architecture and functions.23 ATIS.3GPP.33.108V682-2005, Technical Specification Group Services and System Aspects; 3G security; Handover interface for Lawful Interception.24 ATIS-0700005.2007, Lawfully Authorized Electronic Surveillance (LAES) for 3GPP IMS-based VoIP
7、and other Multimedia Services.25 ATIS-0700005.a.2010, Supplement A to Lawfully Authorized Electronic Surveillance (LAES) for 3GPP IMS-based VoIP and other Multimedia Services.26 ATIS Operating Procedures, March 2015.23 3 Definitions, Acronyms, and - MMS (22). Message service delivery is independent
8、from network access technology. Clause 5.13 Modification End Clause 2 Modification Start add references used in clause 5.13 above. Again, reference numbers are maintained for alignment, although they cause a gap to appear after reference number 10 ATIS-0700017 5 21 3GPP TS 23.040: “Technical realiza
9、tion of the Short Message Service (SMS)“. 22 OMA OMA-AD-MMS-V1_3-20110913-A:“Multimedia Messaging Service Architecture“. Clause 2 Modification end 5 Deltas to Lawful Interception Architecture and Functions (3GPP TS 33.107) This section describes the changes that apply to ATIS.3GPP.33.107V640-2005 2.
10、 5.1 Delta : UMTS IRI Packet Data Header Information Reporting The following clauses: 2 and 7.3 have been modified to provide UMTS IRI Packet Data Header Information reporting to support U.S. national requirements. In addtion, a new clause, 7.4.x, has been added. The deltas are shown below: Clause 2
11、 Modification Start. Note: Reference numbers are maintained for alignment with later versions of the specification, although they cause a gap to appear here 39 IETF RFC 791: “Internet Protocol”. 40 IETF RFC 2460: “Internet Protocol, Version 6 (IPv6) Specification”. 41 IEFT RFC 3697: “IPv6 Flow Label
12、 Specification”. Clause 2 Modification End Clause 7.3 Modification Start 7.3 Provision of Intercept Related Information Intercept Related Information (Events) are necessary at the Mobile Station Attach, Mobile Station Detach, PDP Context Activation, Start of intercept with PDP context active, PDP Co
13、ntext Deactivation, RA update, Serving System, Packet Data Header Information reporting, and SMS events. Serving System event reporting is a national option. For systems deployed in the U.S., Packet Header Information Reporting records shall be delivered to Law Enforcement for IRI only authorization
14、s. Figure 21 shows the transfer of intercept related information to the DF2. If an event for / from a mobile subscriber occurs, the 3G GSN or the Home Location Register (HLR) sends the relevant data to the DF2. For Packet Data Header Information reporting, a 3G GSN either isolates the relevant data
15、and sends it to the DF2 or sends the packet stream to another entity in the network (e.g., DF3) for isolation which then provides the relevant data to the DF2. See Clause 7A for multi-media Intercept Related Information (IRI) produced at the CSCF. ATIS-0700017 6 intercepted subscriber HLRother party
16、DeliveryFunction 2 LEMF3G GSNFigure 21: Provision of Intercept Related Information 7.3.1 X2-interface The following information needs to be transferred from the 3G GSN or the HLR to the DF2 in order to allow a DF2 to perform its functionality: - target identity (MSISDN, IMSI, IMEI); - events and ass
17、ociated parameters as defined in clauses 7.3.2 and 7.4 may be provided; - the target location (if available) or the IAs in case of LDI; - Correlation number; - Quality of Service (QoS) identifier; - Encryption parameters (keys and associated parameters for decrypting CC), if available and necessary.
18、 The IRI should be sent to DF2 using a reliable transport mechanism. The 3G GSN detects packets containing Packet Data Header Information in the communications path, but the information needed for Packet Data Header Information reporting may need to be transferred from the 3G GSN either directly to
19、the DF2 or via another entity in order to allow the DF2 to perform its functionality. 7.3.2 Structure of the events There are several different events in which the information is sent to the DF2 if this is required. Details are described in the following clause. The events for interception are confi
20、gurable (if they are sent to DF2) in the 3G GSN or the HLR and can be suppressed in the DF2. The following events are applicable to 3G SGSN: - Mobile Station Attach; - Mobile Station Detach; - PDP context activation; - Start of interception with mobile station attached (national option); - Start of
21、intercept with PDP context active; - PDP context modification; - PDP context deactivation; - RA update; - SMS; - Packet Data Header Information reporting. ATIS-0700017 7 NOTE: 3G GGSN interception is a national option. Location information may not be available in this case. If interception is perfor
22、med at the 3G GGSN, then Packet Data Header Information reporting shall also be performed at the 3G GGSN and not at the 3G SGSN. The following events are applicable to the 3G GGSN: - PDP context activation; - PDP context modification; - PDP context deactivation; - Start of interception with PDP cont
23、ext active; - Packet Data Header Information reporting. The following events are applicable to the HLR: - Serving System. A set of elements as shown below can be associated with the events. The events trigger the transmission of the information from 3G GSN or HLR to DF2, perhaps via a MF in the case
24、 of Packet Data Header Information reporting. Available IEs from this set of elements as shown below can be extended in the 3G GSN or HLR, if this is necessary as a national option. DF2 can extend available information if this is necessary as a national option e.g. a unique number for each surveilla
25、nce warrant. ATIS-0700017 8 Table 2: Information Events for Packet Data Event Records Observed MSISDN MSISDN of the target subscriber (monitored subscriber). Observed IMSI IMSI of the target subscriber (monitored subscriber). Observed IMEI IMEI of the target subscriber (monitored subscriber),it shal
26、l be checked for each activation over the radio interface. Event type Description which type of event is delivered: MS attach, MS detach, PDP context activation, Start of intercept with PDP context active, PDP context deactivation, SMS, Serving System, Packet Data Header Information, Cell and/or RA
27、update. Event date Date of the event generation in the 3G GSN or the HLR. Event time Time of the event generation in the 3G GSN or the HLR. Timestamp shall be generated relative to GSN or HLR internal clock. PDP address The PDP address of the target subscriber. Note that this address might be dynami
28、c. Access Point Name The APN of the access point. (Typically the GGSN of the other party). Location Information Location Information is the Service Area Identity (SAI), RAI and/or location area identity that is present at the GSN at the time of event record production. Old Location Information Locat
29、ion Information of the subscriber before Routing Area Update PDP Type The used PDP type. Correlation Number The correlation number is used to correlate CC and IRI. SMS The SMS content with header which is sent with the SMS-service. The header also includes the SMS-Centre address. Network Element Ide
30、ntifier Unique identifier for the element reporting the ICE. Failed attach reason Reason for failed attach of the target subscriber. Failed context activation reason Reason for failed context activation of the target subscriber. IAs The observed Interception Areas. Initiator The initiator of the PDP
31、 context activation, deactivation or modification request either the network or the 3G MS. SMS Initiator SMS indicator whether the SMS is MO or MT. Deactivation / termination cause The termination cause of the PDP context. QoS This field indicates the Quality of Service associated with the PDP Conte
32、xt procedure. Serving System Address Information about the serving system (e.g. serving SGSN number or serving SGSN address). Destination IP Address The IP address, including type IPv4 or IPv6, of the destination of the IP packet. Destination Port Number The port number of the destination of the IP
33、packet. Flow Label (IPv6 only) The field in the IPv6 header that is used by a source to label packets of a flow (see RFC 3697 41). Packet Count The number of packets detected and reported (for a particular summary period). Packet Data Summary Reason The reason for a Packet Data Summary message being
34、 sent to the LEMF (e.g., timed out, counter expiration, end of session). Packet Size The size of the packet (i.e., Total Length Field in IPv4 or Payload Length field in IPv6). ATIS-0700017 9 Source IP Address The IP address, including type IPv4 or IPv6, of the source of the IP packet. Source Port Nu
35、mber The port number of the source of the IP packet. Sum of Packet Sizes (for a particular summary period) The sum of values contained in the Total Length fields of the IPv4 packets or the sum of the values contained in the Payload Length fields of the IPv6 packets. Summary Period Includes the dates
36、 and times of the first and last packets in a particular packet data interval. Transport Protocol (e.g., TCP) The identification of the transport protocol of the packet or packet flow being reported. Clause 7.3 Modification End New Clause 7.4.11 Insertion Start. This leaves a gap after the current 7
37、.4.9 for alignment. 7.4.11 Packet Data Header Information Reporting 7.4.11.0 Introduction Packet Data Header Information reporting can be done either on a per-packet (i.e., non-summarized) basis or in a summary report. 7.4.11.1 Packet Data Header Report This event is used to provide packet header re
38、ports on a per packet basis (non-summarized reporting) and is triggered by each packet sent or received by the target. These elements will be delivered either directly to DF2 or via another network entity if available: Observed MSISDN Observed IMSI Observed IMEI PDP address of observed party Event T
39、ype Event Time Event Date Correlation Number Access Point Name PDP Type Network Element Identifier Source IP Address Source Port Number Destination IP Address Destination Port Number Transport Protocol (e.g., TCP) Packet Size Flow Label (IPv6 only) 7.4.11.2 Packet Data Summary Report This event is u
40、sed to report: 1) The source and destination information derived from the packet headers, including: a) Source and destination IP Addresses, b) IP next-layer protocol, c) Layer-4 ports, and d) Flow label, if the packet is IPv6. 2) Summary information for the number of packets and bytes transmitted o
41、r received by the subject for each unique packet flow within a PDP context, and ATIS-0700017 10 3) The date and the time of the first and last packets associated with that packet flow. A packet flow is defined as the 6-tuple of source/destination IP address/port number and the layer 4 protocol and P
42、DP Context. IP addresses and the IP next-layer protocol are always reported, the flow label is reported if the packet is IPv6, and the layer-4 ports are reported. The event provides packet summary reports for each unique packet data session (PDP context) and packet flow, and is triggered by one of t
43、he following: Start of a packet flow associated with a PDP Context. An interim report for a packet flow associated with a PDP Context is to be reported. End of a packet flow associated with a PDP Context (including end of the PDP Context itself). An interim report can be triggered by: The expiration
44、 of a configurable timer per intercept (called a Summary Timer). The Summary Timer is configurable in units of seconds. A per-intercept configurable count threshold being reached. These elements will be delivered either directly to DF2 or via an MF for each packet flow if available: Observed MSISDN
45、Observed IMSI Observed IMEI PDP address of observed party Event Type Event Time Event Date Correlation Number Access Point Name PDP Type Network Element Identifier Source IP Address Source Port Number Destination IP Address Destination Port Number Transport Protocol (e.g., TCP) Flow Label (IPv6 only
46、) Summary Period Packet Count (for this summary period) Sum of Packet Sizes (for this summary period) If the packets are IPv4, the sum of all observed packet sizes is the sum of the values contained in the Total Length field of each packet as specified in IETF RFC 79118. If the packet is IPv6, the s
47、um of all observed packet sizes is the sum of the values contained in the Payload Length field for each packet as specified in IETF RFC 2460 19. If no packets were detected for the duration of the Summary Timer, then the Packet Data Summary Report shall not be sent. New Clause 7.4.11 Insertion End A
48、TIS-0700017 11 5.2 Delta : UMTS Start of interception for already attached UE Reporting 3GPP TS 33.107 release 6 does not address the cases when interception starts for an already attached UE with no PDP context. When LI is activated after UE has attached, a new event “Start of interception” shall b
49、e sent. The clauses: 7.3.2 and 7.4 have been modified to provide UMTS Start of interception for already attached UE message to support US national requirements. Clause 7.3.2 Modification Start 7.3.2 Structure of the events There are several different events in which the information is sent to the DF2 if this is required. Details are described in the following clause. The events for interception are configurable (if they are sent to DF2) in the 3G GSN or the HLR and can be suppressed in the DF2. The following events
