Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lawful Interception Solutions

Published byCuthbert Fletcher Modified over 5 years ago

Similar presentations

Presentation on theme: "Lawful Interception Solutions"— Presentation transcript:

1 Lawful Interception Solutions
June 2018 Product Management Utimaco TS

2 Utimaco Lawful Interception Solutions
Services IP Multimedia Messaging LI VoLTE RCS VoIP PTT IOT Umbrella Hosted LI Remote Access Networks Mobile Fixed Sat 2G 3G 4G DSL Cable FTTx SAT Internet on Air 5G WLAN PSTN WLAN

3 General Architecture (Functional Model)
Lawful Interception General Architecture (Functional Model) Functional Model of Lawful Interception We segment the market in three functional areas: Access Function : IRI and CC is intercepted within the network operator network Mediation Function: Mapping of IRI and CC with intercept requests, conversion of data formats and protocols, delivery of IRI and CC over standardized interfaces to authorized law enforcement agencies Collection Function: Receipt and analysis of IRI and CC for interception target Handover interfaces are standardized by international bodies, like ETSI, 3GPP, ANSI/ATIS. National regulations usually refer to these standards. Internal Network Interfaces (INI or x-interface) are vendor proprietary or depending on the type of network element. There can be large number of different internal network interfaces in one network. IRI: Interception Related Information CC: Content of Communication x1, x2, x3: Internal Network Interfaces for LI administration, IRI and CC exchange HI1, HI2, HI3: Standard handover interface to the Law Enforcement Agency for LI administration, IRI and CC exchange

4 Utimaco LIMS System Overview

5 Lawful Interception in 2G/3G Wireless (Voice)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 HI-3 X1 X2 IRI PSTN/other PLMN 2G Radio Access GSM/UMTS Voice Interception (with direct handoff) 1) Receipt of intercept order via HI1 for target-ID (MSISDN/IMSI/IMEI) 2) LIMS provisions target-ID on all MSCs and optionally voic servers in the network using the X1 interface 3) MD receives IRI from MSC over vendor specific X2 interface 4) MD delivers IRI to LEA over HI2 interface 5) MSC and voic server deliver CC to LEA over HI3 interface (direct handoff over TDM links, ETSI TS , TS ) Options: HLR monitoring provides additional IRI messages (e.g. location updates, also for roaming users) Gateway MSC can be provisioned for B-number monitoring (‘Auslandskopfüberwachung’) 3G Radio Access Mobile Voice Core

6 Lawful Interception in 2G/3G Wireless (Voice)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI X3 CC PSTN/other PLMN 2G Radio Access GSM/UMTS Voice Interception (splitted architecture with IP-based handover) 1) Receipt of intercept order via HI1 for target-ID (MSISDN/IMSI/IMEI) 2) LIMS provisions target-ID on all MSS and optionally voic servers in the network using the X1 interface 3) MD receives IRI from MSS over vendor specific X2 interface 4) MD delivers IRI to LEA over HI2 interface 5) MGW and voic server intercept and forwards all targets’ calls to the LIMS MD for mediation and delivery to the LEA over standardized HI-3 (IP-based, ETSI TS , TS ) Options: HLR monitoring provides additional IRI messages (e.g. location updates, also for roaming users) Gateway MSC can be provisioned for B-number monitoring 3G Radio Access Mobile Voice Core

7 Lawful Interception in 2G/3G Wireless (Data)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI X3 CC Gb Gn Internet A 2G Radio Access IuPS Yu PSTN/other PLMN IuCS E GSM/UMTS Data Interception 1) Receipt of intercept order via HI1 for target-ID (MSISDN/IMSI/IMEI) 2) LIMS provisions target-ID on each SGSN in the network over the X1 interface 3) MD receives IRI from SGSN over vendor specific X2 interface and forwards the IRI to the LEA over HI2 interface 4) MD receives CC from SGSN over vendor specific X3 interface and forwards the CC to the LEA over HI3 interface Worldwide standard is ETSI TS (3GPP TS ) Options: Interception at the GGSN is feasible, too, and allows for surveillance of outbound roamers (when direct tunneling/home routing is enabled in the network) Passive monitoring, see next page 3G Radio Access Mobile Core

8 Lawful Interception in 2G/3G Wireless (Data)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 HI-3 X1 X2 IRI X3 CC tap Gb Gn Gi Internet A 2G Radio Access Gr IuPS LIMS Access Point GTP E Yu PSTN/other PLMN IuCS GSM/UMTS Data Interception (passive monitoring) 1) Receipt of intercept order via HI1 for target-ID (MSISDN/IMSI/IMEI) 2) LIMS provisions target-ID on LIMS Access Point(s) GTP (network probe connected by tap) via X1 interface 3) MD receives IRI and CC from the probe(s) and forwards the IRI to the LEA over HI2+HI3 interface Worldwide standard is ETSI TS (3GPP TS ) Passive monitoring of the Gn interface (GTP) provides comparable results as active monitoring of SGSN/GGSN. Event messages solely available on the Gb/IuPS interface, however, cannot be intercepted; e.g. GPRS attach/detach. Options: Passive interception of roaming traffic on Gr interface (GTP) 3G Radio Access Mobile Core

9 Lawful Interception in 2G/3G Wireless (Voice&Data)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2/X3 tap Gb Gn Gi Internet A 2G Radio Access Gr IuPS E Yu PSTN/other PLMN IuCS LIMS Access Point GSM/UMTS Voice&Data Interception (passive monitoring in the access network – RAN ) 1) Receipt of intercept order via HI1 for target-ID (IMSI/IMEI) 2) LIMS provisions target-ID on LIMS Access Point(s) (network probe connected by tap) via X1 interface 3) MD receives IRI and CC from the probe(s) and forwards the IRI to the LEA over HI2+HI3 interface Worldwide standard is ETSI TS (3GPP TS ) Passive monitoring of the Gb/IuPS interface (GTP) is feasible when interfaces can be tapped and data is unencrypted. Passive monitoring of the A/IuCS interface (TDM) is feasible when interfaces can be tapped and data is unencrypted. Different bearer types/physical interface can be supported (TDM and IP). MSISDN is not available as target ID on these interfaces, but can be correlated by passive monitoring of MAP at the HLR. Options: Passive interception on Abis interface (BTS<->BSC) may be feasible, too when the interfaces can be tapped and data is unencrypted. 2G voice, SMS: A interface 2G data: Gb interface 3G voice: IuCS interface 3G data: IuPS interface 3G Radio Access Mobile Core

10 Lawful Interception in 4G Wireless (LTE)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 ETSI TS 3GPP TS X2 IRI X3 CC Internet other networks GERAN/UTRAN IAPs for LTE are the MME and the SGW. These nodes intercept all IRI and CC of targets in the home network. optional Interception Access Points: Outbound roamers: HSS: delivers additional IRI: serving EPC (when MS is roaming) Outbound roamers: PGW: delivers same IRI and CC as SGW (so LIMS must decide whether intercept shall be provisioned to SGW or PGW), PGW is the mobility anchor between 3GPP and non-3GPP accesses Non-3GPP clients: ePGW: delivers IRI and CC for non-3GPP clients, target ID = NAI PGW (PDN Gateway): The PDN Gateway provides connectivity from the UE to external packet data networks by being the point of exit and entry of traffic for the UE. A UE may have simultaneous connectivity with more than one PGW for accessing multiple PDNs. The PGW performs policy enforcement, packet filtering for each user, charging support, lawful Interception and packet screening. Another key role of the PGW is to act as the anchor for mobility between 3GPP and non-3GPP technologies such as WiMAX and 3GPP2 (CDMA 1X and EvDO). Home subscriber server The Home Subscriber Server (HSS), or User Profile Server Function (UPSF), is a master user database that supports the IMS network entities that actually handle calls. It contains the subscription-related information (subscriber profiles), performs authentication and authorization of the user, and can provide information about the subscriber's location and IP information. It is similar to the GSM Home Location Register (HLR) and Authentication Centre (AuC). LTE Radio Access Network Evolved Packet Core

11 Lawful Interception in 5G Wireless (SA)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 ETSI TS 3GPP TS X2 IRI X3 CC Internet other networks This shows the setup for the Standalone Architecture (full user and control plane capability for 5G NR, utilizing the new 5G Core) 5G standardization is in progress. 3GPP expects phase 1 release in 2019, with first commercial deployments in 2020. Pre-standard 5G trials starting in 2018. LI requirements will be considered in the 3GPP standards. AMF: event messages (IRI) for network access SMF: event messages (IRI) for user sessions and VoLTE interception in VPLMN UPF: content of communication (CC) Others network functions may provide additional IRI Note: Operators have several options to deploy 5GC together with 4G EPC 5G Radio Access Network 5G Core

12 Lawful Interception in 5G Wireless (NSA, EPC)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI X3 CC Internet 4G Radio Access Network other networks This shows the high-level LI setup for a Non-Standalone Architecture(3GPP Rel. 15, option 3) which will is used in early 5G deployments NSA utilizes the existing LTE radio and core network (EPC) as an anchor for mobility management and coverage while adding a new 5G carrier. 5G Radio Access Network 4G Evolved Packet Core

13 Lawful Interception of IMS/VoLTE
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI X3 CC Internet other networks GERAN/UTRAN When VoLTE is provided by an IMS (IP Multimedia Subsystem) there are the following IAPs: CSCF for the control plane (IRI), depending on the equipment vendor this can be the P-CSCF or S-CSCF. BGF for the user plane (CC) Depending on the network architecture other IAPs must be considered, too. E.g. TAS (MMTel) for monitoring complex call scenarios and supplementary services MGW for calls to/from other TDM networks The Handover Interface (HI) is defined by 3GPP/ETSI; ETSI TS and/or TS LTE/5G RAN EPC/5GNGC IMS Core

14 Lawful Interception of RCS
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI X3 CC Internet other networks RCS GERAN/UTRAN The Rich Communications Suite (RCS) is a set of applications and services running on top of an IMS (IP Multimedia Subsystem). RCS shall enable interoperable, enriched communications including enhanced phonebook, enhanced messaging and enriched audio and video calls. It provides features such as sharing of pictures or videos during a call, file transfer, instant text messages between two or more people, automatic discovery of peoples’ location and supported services. Monitoring RCS requires the interception of the following protocols: SIP (Signaling, control plane) RTP (audio and video media, user plane) MSRP (messaging, file exchange) XCAP/HTTP (presence, phone book, buddy lists) HTTP (file sharing) In the solution diagram above SIP/RTP/MSRP are intercepted by the Session Border Controllers (BGF, P-CSCF) towards the access network. In addition XCAP/HTTP can be intercepted at the RCS application server (in case a IIF is available). As on option as LIMS Access Point DPI can be used to intercept the XCAP/HTTP data. All intercepted data are mediated by LIMS and forwarded to the LEA in compliance with ETSI TS LTE/5G RAN EPC/5GNGC IMS Core

15 Lawful Interception of Cellular IOT (4G)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 (IRI) X3 (CC) SCEF MTC- IWF AS Cellular IOT services make use of a mobile network (4G, 5G) for access, authentication, authorization, accounting, etc.. The full signaling and media is routed via the mobile core network and can be intercepted at the at the MME and SGW (or PGW) in a 4G EPC. Cellular IOT services may use a separate network (from regular voice and data services) using „network slicing“. The full architecture is being standardized by 3GPP (NB-IOT in Rel. 13+ and 5G IOT in Rel. 15+). UE LTE Radio Access Network EPC IOT Platform

16 Lawful Interception of Cellular IOT (5G)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 (IRI) X3 (CC) SCEF MTC- IWF AS Cellular IOT services make use of a mobile network (4G, 5G) for access, authentication, authorization, accounting, etc.. The full signaling and media is routed via the mobile core network and can be intercepted at the AMF/SMF (IRI) and UPF (CC); respectively at the MME and SGW/PGW in a 4G EPC. Cellular IOT services may use a separate network (from regular voice and data services) using „network slicing“. The full architecture is being standardized by 3GPP (NB-IOT in Rel. 13+ and 5G IOT in Rel. 15+). SCEF : Service Capability Exposure Function MTC-IWF : Machine to Machine Communication Interworking Function AS : Application Server UE 4G/5G Radio Access Network 5G NGC IOT Platform

17 Lawful Interception of Cloud IOT
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 (IRI) X3 (CC) AS AS IOT Gateway Cloud-based IOT services are provided “over the top”. This means that devices connect to a (proprietary) IOT Gateway using various type of access networks (zigbee, Bluetooth, z-wave, …). The gateway acts as a bridge between sensors/IOT devices and the service platform in cloud. Many sensors/devices will “talk” to a gateway and the gateway will transmit this information to the IOT servers in the cloud (over HTTPS, MQTT, AMQPS or other OTT transport protocol). LIMS must interface with the IOT platform for lawful interception. UE Access Network Internet IOT Platform

18 Lawful Interception in WLAN
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X3 CC X2 IRI tap LIMS Access Point AAA WWW Internet SSG/BRAS WLAN Data Interception (hybrid monitoring) of a carrier WLAN services (WLAN hotspots) 1) Receipt of intercept order via HI1 for target-ID (e.g. user name, MSISDN/IMSI/IMEI for mobile hotspot services) 2) LIMS provisions target-ID on LIMS Access Point(s) AAA (network probe connected by tap) via X1 interface 3a) MD receives IRI from the probe(s) and forwards the IRI to the LEA over HI2 interface 3b) LIMS analyses all IRI and dynamically provisions CC intercept on the SSG or BRAS (Service Selection Gateway or Broadband Access Server) when a new target authentication has been detected (x1) 4) The SSG/BRAS intercepts the full IP data to and from a target and send the CC to the LIMS MD for mediation and delivery to the LEA via HI-3 Handover interface standard is ETSI TS Options: Passive interception of CC by IP probe (in case the IIF of the SSG/BRAS is not available) hotspot Core Network

19 Lawful Interception of Fixed Voice (PSTN)
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI PSTN C5 C4 Residential/Enterprise Core Network

20 Lawful Interception in xDSL Networks
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X3 CC X2 IRI LIMS Access Point AAA tap Internet Data Interception in Broadband xDSL Networks (hybrid access) 1) Receipt of intercept order via HI1 2) LIMS provisions the target-ID (e.g. line-ID, user-ID) on a LIMS Access Point AAA which is connected to the AAA server via a network tap (i.e. receives copies of the RADIUS (and/or DHCP) traffic) 3) MD receives IRI on AAA events incl. the source IP address of the target user and the ID of the appropriate BRAS (router) for CC interception 4a) MD delivers IRI to LEA over HI2 interface 4b) LIMS provisions CC intercept on the BRAS (Access Server) using the target user’s IP address or session-ID 5) MD receives CC of the target over x3 6) MD delivers CC and HI3 interface to LEA Options: - Active access: In case the AAA server supports a IIF, LIMS can provision the target here (instead of probe) - Passive intercept: In case the IP data can not be intercepted by the BRAS (or other router) as passive IP probe can be used (LIMS Access Point IP) - Optional target-Ids (triggers): depending on the capabilities of the network elements used, the triggers for monitoring the IP data may be different; e.g. Circuit-ID, Calling-Station-ID (RADIUS attr. 31), Accounting-Session-ID (RADIUS Attr. 44) - Database look-up: Optionally the LIMS can look up the appropriate target-ID from a user database DSLAM Service Provider Core Network

21 Lawful Interception in xDSL Networks
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X3 CC X2 IRI LIMS Access Point AAA LIMS Access Point IP tap Internet tap Data Interception in Broadband xDSL Networks (passive access) 1) Receipt of intercept order via HI1 2) LIMS provisions the target-ID (e.g. line-ID, user-ID) on a LIMS Access Point AAA which is connected to the AAA server via a network tap (i.e. receives copies of the RADIUS (and/or DHCP) traffic) 3) MD receives IRI on AAA events incl. the source IP address of the target user and the ID of the appropriate BRAS (router) for CC interception 4a) MD delivers IRI to LEA over HI2 interface 4b) LIMS provisions CC intercept on a LIMS Access Point IP (probe) using the target user’s IP address. The probe intercepts all IP data to/from the target. 5) MD receives CC of the target over x3 6) MD delivers CC and HI3 interface to LEA - Optional target-Ids (triggers): depending on the capabilities of the network elements used, the triggers for monitoring the IP data may be different; e.g. Circuit-ID, Calling-Station-ID (RADIUS attr. 31), Accounting-Session-ID (RADIUS Attr. 44) - Database look-up: Optionally the LIMS can look up the appropriate target-ID from a user database DSLAM Service Provider Core Network

22 Lawful Interception in Cable Networks
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X3 CC X2 IRI LIMS Access Point AAA tap Internet Data Interception in Broadband Cable Networks (hybrid access) 1) Receipt of intercept order via HI1 2) LIMS provisions the target-ID (e.g. MAC address, user-ID) on a LIMS Access Point AAA which is connected to the AAA server via a network tap (i.e. receives copies of the DHCP traffic) 3) MD receives IRI on AAA events incl. the source IP address of the target user and the ID of the appropriate BRAS (router) for CC interception 4a) MD delivers IRI to LEA over HI2 interface 4b) LIMS provisions CC intercept on the BRAS (Access Server) using the target user’s IP address or MAC address 5) MD receives CC of the target over x3 6) MD delivers CC and HI3 interface to LEA Options: - In some networks the target-ID (modem MAC address) can be queried from a database. In this case the target-ID can be provisioned to the CMTS directly (no dynamic provisioning) Residential/Enterprise Service Provider Core Network

23 Lawful Interception of E-Mail
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI X3 CC LIMS Access Point tap Internet Interception (passive access) A LIMS Access Point (i.e. a probe or filter) is introduced into the service provider’s network to intercept the traffic of persons under surveillance. For this purpose the entire traffic is mirrored by a tap or switch span port and sent to the LIMS Access Point . The probe intercepts to/from a target to the mediation device which forwards the data to the LEA using the standardized HI2 and HI3 interfaces. HI standard is ETSI TS Options: - Active interception can be implemented in case the server integrates basic interception capabilities. Residential/Enterprise Service Provider Core Network

24 Lawful Interception of VoIP
Utimaco LIMS Law Enforcement Agency LIMS Management Server Monitoring Center HI-1 LIMS Mediation Device HI-2 X1 HI-3 X2 IRI X3 CC Internet other networks GERAN/UTRAN VoIP Interception (active) 1) LIMS provisions the target-ID (Tel-URL or SIP-URI) on the central softswitch using the X1 interface 2a) The IFF of the softswitch mirrors all signaling data to/from a target to the LIMS MD over the X2 interface 2b) The softswitch dynamically provisions the IIF of the appropriate gateway (BGF, MGF) to intercept the call media (CC). This depends on the routing of a call. Intercepted CC is mirrored to the LIMS MD by the CC-IIF. 3) MD delivers the IRI to the LEA over HI2 interface 4) MD delivers the CC to the LEA over HI3 interface Common HI standards: ETSI TS , ATIS T1.678 Options: SBC only intercept: LIMS provisions targets on all SBC (access SBC) to intercept both signaling and media Passive intercept: LIMS provisions one or more LIMS Access Point VoIP which are connected to the VoIP core network via taps. Residential/Enterprise IMS Core

25 Umbrella LIMS Utimaco LIMS Law Enforcement Agency 1
Monitoring Center Law Enforcement Agency 1 LIMS Management Server X1 HI-1 X2 ADMF Network 1 LIMS Mediation Devices Monitoring Center Law Enforcement Agency 2 DF2 HI-2 Network 2 X3 DF3 HI-3 Monitoring Center Law Enforcement Agency 3 LIMS Gateway X3 (CS) DF3 Network n

26 Remote Access Interface
Utimaco LIMS Monitoring Center Law Enforcement Agency LIMS Management Server X1 HI-1 (Utimaco RAI) HI-2 X2 ADMF HI-3 Network 1 LIMS Mediation Devices DF2 Network 2 X3 DF3 LIMS Gateway X3 (CS) DF3 Network n Utimaco RAI provides an API for remote administration and/or operation of LIMS by the LEA Warrant management (ICD) Target management NE management LEA/MC management User management Logs & alarms

27 Law Enforcement Agency 1
Hosted LI Utimaco LIMS Monitoring Center Law Enforcement Agency 1 LIMS Management Server X1 HI-1 HI-2 X2 ADMF HI-3 Network 1 LIMS Mediation Devices DF2 Network 2 X3 DF3 LIMS Gateway X3 (CS) DF3 Network n Managed Service Provider Utimaco LIMS can be operated as a multi-tenant system enabling hosted LI services (LI as a service) Full network separation User separation LEA separation (if needed) LIMS DF servers (MD) can be deployed centrally or at every operator (depending on security requirements and bandwidth).

28 Lawful Interception for SAT Internet
Law Enforcement Agency Monitoring Center SAT HI-1 HI-2 HI-3 Utimaco LIMS Gn LIMS Management Server X1 X2 (IRI) LIMS Mediation Device E X3 (CC) Internet via SAT - Voice & Data Interception 1) Receipt of intercept order via HI1 for target-ID (MSISDN/IMSI/IMEI, Login, user name) 2) LIMS provisions target-ID on the MSC and SGSN nodes in the service provider’s core network 3) LIMS MD receives IRI and CC over vendor specific X2/X3 interface 4) LIMs MD evaluates location information and delivers mediated IRI/CC to national LEA when the user location is within the country’s jurisdiction HI-2/HI-3 are commonly based on ETSI LI standards. National specifics can be accommodated (depending on the target’s location). SAT Ground Station Operator Core Network

29 Lawful Interception for inflight Internet
Law Enforcement Agency Monitoring Center SAT HI-1 HI-2 HI-3 Utimaco LIMS Gn LIMS Management Server X1 X2 (IRI) LIMS Mediation Device E X3 (CC) Inflight Voice & Data Interception 1) Receipt of intercept order via HI1 for target-ID (MSISDN/IMSI/IMEI, Login, user name) 2) LIMS provisions target-ID on the MSC and SGSN nodes in the service provider’s core network 3) LIMS MD receives IRI and CC over vendor specific X2/X3 interface 4) LIMs MD evaluates location information and delivers mediated IRI/CC to national LEA when the plane location is within the country’s jurisdiction HI-2/HI-3 are commonly based on ETSI LI standards. National specifics can be accommodated (depending on the plane’s location). SAT Ground Station Operator Core Network

30

31 Lawful Interception Access Methods Active Passive
Network elements with IIF Active Passive Utimaco LIMS X1’ X1 (target provisioning) X2/X3 (IRI/CC delivery) Network with tap and probe Utimaco LIMS X1 (target provisioning) X2/X3 (IRI/CC delivery) LIMS Access Point Active: LIMS (ADMF) provisions LI targets on network nodes with IIF (Internal Interception Function) over x1 IIF sometimes distributes targets internally to all serving nodes (x1’) IIFs mirror IRI and CC and forward to LIMS (DF) over x2 and x3 interfaces Passive: LIMS (ADMF) provisions LI targets on network probes (LIMS Access Point) over x1 LI Probe monitors a tapped copy of the entire traffic for relevant target data and mirror IRI and CC and forward to LIMS (DF) over x2 and x3 interfaces

Download ppt "Lawful Interception Solutions"

Similar presentations

University of California at Berkeley

University of California at Berkeley
1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.

1 © 2005 Cisco Systems, Inc. All rights reserved. Craig Mulholland Consulting Engineer February 8, 2006 Cisco Systems Lawful Intercept Capabilities The.
1 LTE / HSPA / EPC knowledge nuggets Red Banana Wireless Ltd – Copyright 2013 Connecting to the IMS www.red-banana.org www.4g-seminar.com Connecting to.

1 LTE / HSPA / EPC knowledge nuggets Red Banana Wireless Ltd – Copyright 2013 Connecting to the IMS Connecting to.
1 General Packet Radio Service (GPRS) Adapted from a presentation by Miao Lu Nancy Samaan SITE, Ottawa.

1 General Packet Radio Service (GPRS) Adapted from a presentation by Miao Lu Nancy Samaan SITE, Ottawa.
IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.

IP Multimedia Subsystem (IMS) 江培文. Agenda Background IMS Definition IMS Architecture IMS Entities IMS-CS Interworking.
IMS Workshop- Summary James Rafferty August 10. 2006.

IMS Workshop- Summary James Rafferty August
Lawful Interception in 3G IP Multimedia Subsystem

Lawful Interception in 3G IP Multimedia Subsystem
Telefónica Móviles España GPRS (General Packet Radio Service)

Telefónica Móviles España GPRS (General Packet Radio Service)
6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.

6 The IP Multimedia Subsystem Selected Topics in Information Security – Bazara Barry.
Fixed Mobile Convergence T-109.7510 Research Seminar on Telecommunications Business Johanna Heinonen.

Fixed Mobile Convergence T Research Seminar on Telecommunications Business Johanna Heinonen.
All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균

All IP Network Architecture 2001 년 12 월 5 일 통신공학연구실 석사 4 차 유성균
 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.
General Packet Radio Service (GPRS) A new Dimension to Wireless Communication.

General Packet Radio Service (GPRS) A new Dimension to Wireless Communication.
LTE roaming – a whole new world Acme Packet 3 Session Border Control (SBC) category creator and leader with over 60% market share Mission: enable delivery.

LTE roaming – a whole new world Acme Packet 3 Session Border Control (SBC) category creator and leader with over 60% market share Mission: enable delivery.
DECISION Group Inc.. Decision Group www.edecision4u.com Mediation Device for Internet Access Provider.

DECISION Group Inc.. Decision Group Mediation Device for Internet Access Provider.
THE Mobile Broadband Standard © 3GPP 2012 LTE Latin America, 17 th – 18 th April 2012 1 1 1 3GPP Core Network Migration Towards the Evolved Packet Core.

THE Mobile Broadband Standard © 3GPP 2012 LTE Latin America, 17 th – 18 th April GPP Core Network Migration Towards the Evolved Packet Core.
260 Kommunikatsiooniteenuste arendus IRT0080 Loeng 6/2008 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

260 Kommunikatsiooniteenuste arendus IRT0080 Loeng 6/2008 Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
Ronald D. (Ron) Ryan Chair T1P1.SAH Slide 1 Copyright Nortel Networks T1P1/2001-046 Overview 3G UMTS LI Capabilities T1P1.SAH April 2001.

Ronald D. (Ron) Ryan Chair T1P1.SAH Slide 1 Copyright Nortel Networks T1P1/ Overview 3G UMTS LI Capabilities T1P1.SAH April 2001.
STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.

STAR-GATE for PACKET DATA Arkady Linshitz Product Manager.
LTE Architecture KANNAN M JTO(3G).

LTE Architecture KANNAN M JTO(3G).

Similar presentations

Ads by Google