1、 ETSI TS 102 227 V4.1.1 (2004-05)Technical Specification Telecommunications and Internet ProtocolHarmonization Over Networks (TIPHON) Release 4;Functional Entities, Information Flow andReference Point Definitions;Lawful InterceptionETSI ETSI TS 102 227 V4.1.1 (2004-05) 2 Reference DTS/ TISPAN-07002-
2、TIPHON_R4 Keywords IP, lawful interception, security, telephony, VoIP ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 78
3、03/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference ver
4、sion is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of st
5、atus. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permis
6、sion. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2004. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Ma
7、rks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 227 V4.1.1 (2004-05) 3 Contents Intellectual Property Rights5 Foreword.5 Introduction 5 1 Scope 6
8、2 References 6 3 Definitions and abbreviations.7 3.1 Definitions7 3.2 Abbreviations .7 4 Background 7 5 Reference model for interception.8 5.1 Introduction 8 5.2 Description of functional elements.9 5.2.1 Lawful Interception Function (LIF)9 5.2.2 Content of Communication Interception Function (CCIF)
9、 .9 5.2.3 Lawful Interception Delivery Function (LIDF) 9 5.2.4 Lawful Intercept Administration Function (LIAF) .10 6 Interception of signalling11 6.1 Interception protocol at interface X211 6.2 Definition of IRI records 13 6.2.1 Begin record13 6.2.1.1 Begin record request .14 6.2.1.2 Begin record re
10、sponse.14 6.2.2 Continue record 15 6.2.2.1 Continue record request 15 6.2.2.2 Continue record response15 6.2.3 End record.16 6.2.3.1 End record request.16 6.2.3.2 End record response 16 6.2.4 Report record 16 6.2.4.1 Report record request 16 6.2.4.2 Report record response17 6.2.5 Concrete protocols
11、17 7 Interception of content of communication .17 7.1 Internal delivery of content of communication across interface X3.17 7.1.1 Carriage of IP packets.18 7.1.1.1 RTP header18 7.1.1.2 UDP header.18 7.1.1.3 IPv4 header .18 7.1.1.4 IPv6 header .19 Annex A (normative): Reporting of concrete protocols i
12、n IRI 20 A.1 Overview 20 A.2 SIP 20 A.3 H.32320 A.4 H.24821 Annex B (informative): Handover considerations.22 Annex C (informative): Management of X3 interface.23 ETSI ETSI TS 102 227 V4.1.1 (2004-05) 4 C.1 Address and port allocation for X3 23 Annex D (informative): Bibliography.24 History 25 ETSI
13、ETSI TS 102 227 V4.1.1 (2004-05) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI
14、 SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IP
15、R Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword Thi
16、s Technical Specification (TS) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). Introduction The present document is a product in TIPHONTM Release 4 (see TR 101 301) of step D of the TIPHONTM development
17、process described in TR 101 835. The data definitions given in the present document are illustrative of the stage 3 requirement and are presented as ASN.1 for illustrative purposes. ETSI ETSI TS 102 227 V4.1.1 (2004-05) 6 1 Scope The present document defines the intercept-related information to be d
18、erived from TIPHONTMrelease 4 networks, and its relationship to the LI framework. The present document describes when messages are to be sent across the IRI reference point X2 and what they should contain. The present document describes the information extracted from TIPHONTMsystems and presented us
19、ing the LI framework defined in 2 and 4. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication and/or edition number or version number) or non-spe
20、cific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. 1 ETSI TS 101 878: “Telecommunic
21、ations and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Service Capability Definition; Service Capabilities for TIPHON Release 4“. 2 ETSI TS 102 232 “Telecommunications security; Lawful Interception (LI); Handover specification for IP delivery“. 3 ETSI TS 101 314: “Telecommunica
22、tions and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Abstract Architecture and Reference Points Definition; Network Architecture and Reference Points“. 4 ETSI TS 101 671: “Telecommunications security; Lawful Interception (LI); Handover interface for the lawful interception of
23、telecommunications traffic“. 5 ETSI TS 101 882-1: “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Protocol Framework Definition; Part 1: Meta-protocol design rules, development method, and mapping guideline“. 6 ETSI TS 101 882-2: “Telecommunications and Inte
24、rnet Protocol Harmonization Over Networks (TIPHON) Release 4; Protocol Framework Definition; Part 2: Registration and Service Attachment service meta-protocol definition“. 7 ETSI TS 101 882-3: “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Protocol Framewor
25、k Definition; Part 3: TIPHON Simple Call service meta-protocol definition“. 8 ETSI TS 101 882-4: “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Protocol Framework Definition; Part 4: Media control Service meta-protocol definition“. 9 IETF RFC 3261: “SIP: Se
26、ssion Initiation Protocol “. 10 ITU-T Recommendation H.248.1: “Gateway control protocol“. 11 ITU-T Recommendation H.323: “Packet-based multimedia communications system“. ETSI ETSI TS 102 227 V4.1.1 (2004-05) 7 12 ITU-T Recommendation H.225.0: “Call signalling protocols and media stream packetization
27、 for packet-based multimedia communication systems“. 13 ITU-T Recommendation H.245: “Control protocol for multimedia communication“. 14 IETF STD 0007: “Transmission Control Protocol“. 15 IETR RFC 2126: “ISO Transport Service on top of TCP (ITOT)“. 16 ETSI TS 101 331: “Telecommunications security; La
28、wful Interception (LI); Requirements of Law Enforcement Agencies“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in TS 101 671 4 apply. 3.2 Abbreviations For the purposes of the present document, the abbreviations given in T
29、S 101 671 4 and the following apply: CC Content of Communication CCIF Content of Communication Interception Function IRI Information Related to Interception LEMF Law Enforcement Mediation Function LIAF Lawful Intercept Administration Function LIDF Lawful Interception Delivery Function LIF Lawful Int
30、erception Function SIP Session Initiation Protocol 4 Background The requirements for Lawful Interception of telecommunications are contained in TS 101 331 16. The building blocks for provision of the TIPHONTMLawful Interception service are contained in TS 101 878 1 as a set of service capabilities.
31、The present document identifies how the service capabilities identified in TS 101 878 1 are used in provision of the TIPHONTMLawful Interception service. The present document also identifies how the meta-protocols defined in TS 101 882 provide data relating to interception and from the mappings and
32、profiles of candidate protocols defined in TS 101 883 and TS 101 884 provide data content relating to interception. The Lawful Interception service may be required in any or all functional groups within the TIPHONTMarchitecture. NOTE: The present document is written with the assumption that within o
33、ne Administrative Domain there will be only one functional group that implements Lawful Interception for a particular target entity. ETSI ETSI TS 102 227 V4.1.1 (2004-05) 8 The framework for lawful interception described in 2 defines aspects of the handover interface between a network operator and l
34、aw enforcement agencies that are not specific to a particular network architecture or technology. This definition includes: identification of interception targets; identification of intercept access points; correlation between HI2 and HI3; time-stamping of intercepted events; session management on H
35、I2 and HI3; reliability of handover interfaces; security of handover interfaces; mapping of handover information to physical interfaces. 5 Reference model for interception 5.1 Introduction In figure 1 the overall reference model of TIPHON Lawful Interception is shown. TIPHON Lawful Interception Func
36、tion (LIF) Lawful Interception Delivery Function (LIDF) Law Enforcement Monitoring Function (LEMF) X2 wful Interception Function IF) Content of Communication Interception Function (CCIF) X3 HI3 HI2 NXLawful Interception Administration Function (LIAF) HI1 Out of scope of the present document Figure 1
37、: Reference model for lawful interception ETSI ETSI TS 102 227 V4.1.1 (2004-05) 9 Internal interface X2 carries Intercept Related Information (IRI) from the Lawful Interception function. Internal interface X3 carries Content of Communication (CC) information. The NXinterface carries control informat
38、ion to indicate where the CCIF should be activated and what address should be used to send the CC to the LIDF. The information carried across Nx may be appropriate for the Media Layer or Transport Layer implementations of the CCIF. 5.2 Description of functional elements 5.2.1 Lawful Interception Fun
39、ction (LIF) The purpose of the Lawful Interception function is to generate information related to calls or and other information involving interception targets identified by a Law Enforcement Authority (LEA) sessions, i.e. Information Related to Interception (IRI). The IRI information is sent to the
40、 Lawful Intercept Delivery Function (LIDF) to be delivered to the LEMF over interface HI2. 5.2.2 Content of Communication Interception Function (CCIF) The Content of Communication Interception Function (CCIF) shall cause the content of communication to be duplicated and passed to the Lawful Intercep
41、tion Delivery Function. The content may be duplicated within the Media Layer or within the transport layer and this may be achieved by any means such that the sender and recipient(s) are unaware of the copying process and cannot take steps that will reveal the copying process is taking place. The co
42、ntent of communication is sent to the Lawful Interception Delivery Function and it is formatted in accordance with later clauses for delivery to the LEMF over interface HI3. 5.2.3 Lawful Interception Delivery Function (LIDF) Within each administrative domains which contains one or more of the functi
43、onal groups specified in TS 101 314 3 there shall be an additional functional entity - the Lawful Interception Delivery Function. This function receives information from the Lawful Interception function(s) within the administrative domains and formats them to be passed on to the Law Enforcement Medi
44、ation Function (LEMF) using the interface design specified in the Handover specification for IP Delivery 2. If there is more than one Lawful Interception function within an administrative domain the Lawful Interception Delivery Function shall manage the reporting state of the call so that informatio
45、n is sent to the LEMF as if it were from a single Lawful Interception function. In this case the LIDF shall ensure that the reported information elements represent a consistent and single view of the intercept. ETSI ETSI TS 102 227 V4.1.1 (2004-05) 105.2.4 Lawful Intercept Administration Function (L
46、IAF) In each administrative domain there exists a Lawful Interception Administration Function (LIAF) to manage requests for interception . This function ensures that the request from an LEA to send IRI and or CC information to an LEMF is acted upon. This function is not the subject of the present do
47、cument and it listed here for completeness. The information available at the LIAF includes: NOTE: This list is adapted from clause 7.1 of TS 101 671 4. Identification of the interception subject (Target Identity). The agreed lawful interception identifier (LIID). Start and end, or start and duration
48、, of the interception. Kind of interception information, i.e. IR, CC or both. Destination address of the LEMF to which IRI information should be sent i.e. the HI2 destination address (if applicable). Destination address of the LEMF to which CC information should be sent i.e. the HI3 destination addr
49、ess (if applicable). Other details related to the intercept such as the value of options. A reference for authorization of the interception. Other information as required. This information is placed in the lawful Interception Function, Lawful Interception Mediation Function and Content of Communications Interception Function as necessary by means that are not described in the present document. ETSI ETSI TS 102 227 V4.1.1 (2004-05) 11SendIRIInterceptActiveSetInterceptEventPrepareIRICopy