1、 ETSI TR 103 657 V1.2.1 (2011-12) Lawful Interception (LI); Retained data handling; System Architecture and Internal Interfaces Technical Report ETSI ETSI TR 103 657 V1.2.1 (2011-12) 2Reference RTR/LI-00091 Keywords architecture, handover, retention ETSI 650 Route des Lucioles F-06921 Sophia Antipol
2、is Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present
3、document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of
4、the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status
5、/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction
6、extend to reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Mem
7、bers and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 103 657 V1.2.1 (2011-12) 3Contents Intellectual Property Rights 4g3Foreword . 4g3Introduction 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 I
8、nformative references 5g33 Definitions and abbreviations . 6g33.1 Definitions 6g33.2 Abbreviations . 6g34 Reference model . 7g34.1 Design principles 8g34.1.1 Choice of storage for Retained Data . 8g34.1.2 Prompt delivery 9g34.1.3 Storage format 9g34.2 Functional elements 10g34.2.1 Administrative Fun
9、ction . 10g34.2.2 Data Collection Function 10g34.2.3 Data Store Management Function 10g34.2.4 Data Store Function 11g34.2.5 Mediation Function . 11g34.3 Operational considerations . 11g34.3.1 Cancelling a request 11g34.3.2 Expiry of RD records 11g35 Internal Handover Interfaces 11g35.1 IHI-1 . 11g35
10、.1.1 IHI-1a 11g35.1.2 IHI-1b . 12g35.1.3 IHI-1c 12g35.2 IHI-2 . 13g35.3 IHI-3 . 13g35.4 IHI-4 . 13g35.5 IHI-5 . 14g35.5.1 Storage in and retrieval from internal database. 14g35.5.2 Retrieval from external data storage . 14g35.6 Message flows 14g35.6.1 Standard scenario 15g35.6.2 Multi-part delivery
11、scenario 16g35.6.3 Authorized Organisation initiated scenario . 17g35.6.4 Collection and destruction of retained data . 18g3Annex A: Change request history . 19g3History 20g3ETSI ETSI TR 103 657 V1.2.1 (2011-12) 4Intellectual Property Rights IPRs essential or potentially essential to the present doc
12、ument may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect o
13、f ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSIIPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IP
14、Rs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Lawful Interception (LI). Introduction The objective of the present d
15、ocument is to provide guidelines and considerations to CSPs that can be useful for implementation of their internal data retention system. ETSI ETSI TR 103 657 V1.2.1 (2011-12) 51 Scope The present document elaborates on RD system architecture and assigns and describes internal interfaces to specifi
16、c services and functional entities on the CSP side. It provides guidance on implementation issues that CSPs have to deal with. The present document contains: A reference model in the network operator and communication service provider domain. A high level description of Internal Network Functions an
17、d Interfaces. Application of the reference model to some typical CSPs. It does not intend to replace any existing document which specifies network operator and communication service providers architecture and internal network interfaces. The present document does not override or supersede any specif
18、ications or requirements for the Retained Data. In particular, it does not override any clauses in TS 102 656 i.2 and TS 102 657 i.3. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only
19、 the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hype
20、rlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references The following referen
21、ced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with th
22、e provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. i.2 ETSI TS 102 656: “Lawful Interception (LI); Retained Data; Requirements of Law Enforcement Agencies for handling Retained Data“. i.3 ETSI TS 102 657: “Lawf
23、ul Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data“. i.4 ETSI TR 102 661: “Lawful Interception (LI); Security framework in Lawful Interception and Retained Data environment“. i.5 IETF RFC 5424: “The Syslog Protocol“. ETSI ETSI TR 103 657 V1
24、.2.1 (2011-12) 63 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: Authorized Organization (AO): any authority legally authorized to request or receive retained data e.g. a Law Enforcement Agency Handover Interface A (
25、HI-A): administrative handover interface comprising requests for information and their responses Handover Interface B (HI-B): data handover interface comprising the retained data transmission of information number: any address (E.164, IP, email, URI) used for routing in a network or in a service on
26、a user level or network/service level request: legal requirement for a Communications Service Provider (CSP) to disclose retained data in accordance with relevant national law requesting authority: any entity possessing the necessary jurisdiction and authority pursuant to law to compel a service pro
27、vider to deliver retained subscriber information or traffic data specified in a query response to request of information: response from the CSP to the requesting authority acknowledging or rejecting a request for information retained data record: set of data elements for a specific subscriber/user r
28、elated to a specific service transaction service transaction: instance of a service given by a CSP to a subscriber/user transmission of information: transmission of retained data from the CSP to the requesting authority 3.2 Abbreviations For the purposes of the present document, the following abbrev
29、iations apply: AF Administrative Function ASN.1 Abstract Syntax Notation One BER Basic Encoding Rules CPE Customer Premises Equipment CSP Communications Service Provider DCF Data Collection Function DSF Data Store Function DSMF Data Store Management Function GSM Global System for Mobile communicatio
30、ns HI Handover Interface HTTP HyperText Transfer Protocol ID Identifier IHI Internal Handover Interface IP Internet Protocol LI Lawful Interception MF Mediation Function RD Retained DataRDHI Retained Data Handover Interface TCP Transmission Control ProtocolURI Uniform Resource Identifier XML eXtensi
31、ble Markup LanguageAO Authorized Organization DHCP Dynamic Host Configuration Protocol FTP File Transfer Protocol SNMP Simple Network Management Protocol ETSI ETSI TR 103 657 V1.2.1 (2011-12) 7SQL Structured Query Language 4 Reference model The overall retained data framework is extended from the mo
32、del described in clause 4 of TS 102 657 i.3 (see figure 1). Figure 1: Functional diagram showing handover interface HI (from TS 102 657 i.3) Furthermore, TS 102 657 i.3 identifies two functions as part of the Authorized Organization (AO): an issuing authority responsible for initiating new Retained
33、Data Handover Interface (RDHI) requests and a receiving authority to accept the RDHI responses, respectively. However, the focus of the present document is not on the Authorized Organizations, but on the element marked “Communications Service Provider (CSP)“ in figure 1. A generic reference model fo
34、r this functional element is given in figure 2. Issuing Authority Receiving Authority Administrative Function Internal Network Elements Data Store Management Function Data Collection Function HI-A HI-B Authorized Organisation CSP IHI-1a IHI-3 IHI-4 Mediation Function (MF-B) IHI-1b IHI-2 MF-A IHI-1c
35、Data Store Function IHI-5 Figure 2: Retained Data reference model In this reference model, five internal CSP functions can be identified: an administrative function (AF) to manage the RD requests and responses; a data collection function (DCF) to collect data from the various internal network elemen
36、ts and prepare the data for retention; a data store management function (DSMF) to execute queries, and eventually erase RD after the mandatory retention period; Handover interface HI-A: administrative Handover interface HI-B: transmission of RD material CSP Authorized Organization ETSI ETSI TR 103 6
37、57 V1.2.1 (2011-12) 8 a data store function (DSF) to store the data; a mediation function (MF) to implement the handover interfaces A and B. These functions will be further explained in clause 4.2. Also, the reference model shows five internal CSP interfaces: Internal Handover Interface 1 (IHI-1a, I
38、HI-1b, IHI-1c) to manage and monitor the Data Collection Function, Data Store Management Function, and the Mediation Function; Internal Handover Interface 2 (IHI-2) to deliver the results of RD queries from the DSMF to the MF; Internal Handover Interface 3 (IHI-3) to let the DCF add new RD records t
39、o the DSMF; Internal Handover Interface 4 (IHI-4) to let the DCF collect data from the various network elements; Internal Handover Interface 5 (IHI-5) to let the DSMF operate the DSF. These internal interfaces will be further explained in clause 5. In addition to these internal interfaces, it is ass
40、umed that the Issuing Authority and the Receiving Authority share a communication channel. This internal interface is not specified in the present document. 4.1 Design principles In summary, the design principles discussed here are: Storage: Retained data may either be kept in a separate storage or
41、secured in regular network nodes during the retention period. Availability: Data to be retained will be made available to law enforcement as soon as it is at hand in network nodes. Storage format: Retained data may be stored either in a free format or a format according to RDHI specifications. 4.1.1
42、 Choice of storage for Retained Data The alternatives considered here are: 1) Separate storage: Data is extracted from network nodes and transferred to an area that is dedicated for retained data. 2) Integrated storage: The set of data that is to be retained is labelled and protected against deletio
43、n from network nodes during the time of retention. ETSI ETSI TR 103 657 V1.2.1 (2011-12) 9The pros and cons for these alternatives may be listed as follows: Pros Cons Separate storage Data is protected against volatility of storage formats due to modifications of the business critical systems. Speci
44、al security measures can be applied to protect integrity of the retained data. It may be less costly to query the data base of retained data, compared to having it spread out in the regular network data bases. Since only a small fraction of the retained data will ever be requested by law enforcement
45、, it will be unnecessarily costly to move all retained data to separate storage. Keeping retained data in separate storage increases risk of exposure of logs and queries to hackers. Integrated storage Nothing needs to be moved; it will be sufficient to label relevant data for protection during the r
46、etention period. The procedures for management of retained data in network nodes have to be modified when business critical systems are upgraded. Retained data will be kept along with operational data, so there may be an increased risk for information leaks. Requests for retained data will have to b
47、e forwarded to storage and/or data bases outside the RD system. This would disclose what LEAs are looking for and also call for additional interfaces between the RD system and network nodes. 4.1.2 Prompt delivery The word “prompt“ is to be understood as “without undue delay“ and means that data to b
48、e retained should be made available to law enforcement as soon as regular operative procedures of the CSP allow. The issue of defining what “promptly“ means varies from case to case, depending on technical facilities and operational conditions. This is an issue for national requirements and agreemen
49、ts with CSPs. According to the Directive i.1, CSPs are obliged to retain only the data that they generate or process for business purposes. Implicitly this would mean that data could not be extracted before it is available according to standard routines. 4.1.3 Storage format The alternatives considered here are: 1) Native format: Data are kept as-is in the format it occurs in network nodes. Before delivery it will be converted to RDHI format by the MF. 2) RDHI format: The flow of data from network nodes o