In modern mobile telecommunications networks, a service provider may wish to know information about the access network that a subscriber is currently using. Some services are more suitable or less suitable depending on the access type, and some services are of more value to subscribers if the access network details are known by the network proxy which provides the user with services.
In other cases, the service provider may simply wish to know crude location information in order to provide certain services to the user. For example, many of the location based services available in wireless networks today require the home network to know the identity of the cell the user is being served by.
Some regulatory requirements also exist which require that, for cellular radio systems, the identity of the cell where an emergency call is established is made available to the emergency authorities.
In mobile telecommunications networks some services may be provided via an IP Multimedia Subsystem (IMS), which is a sub-network used for allowing a subscriber to access multimedia services via Internet Protocol (IP).
The IMS uses Session Initiation Protocol as a signaling protocol for setting up and tearing down multimedia communication sessions. SIP messages are exchanged between the User Agents (UAs), which may be user equipment having a SIP communication function, and SIP servers or proxies, collectively called Call Session Control Function (CSCF), which can process SIP signaling packets in the IMS.
SIP messages can contain private SIP headers (P-headers) that can be used only within trustable networks such as the 3rd-Generation Partnership Project (3GPP) networks. Among the P-headers, the so called P-Access-Network-Info header is used by SIP User Agents to relay information about the access technology to proxies that are providing services.
A proxy which is providing services to a UA may act upon any information present in the P-Access-Network-Info header value, if is present, to provide a different service depending on the network or the location through which the UA is accessing the server. For example, for cellular radio access networks the SIP proxy located in the home network may use the cell ID to provide basic localized services.
The handling of the P-Access-Network-Info header leads to problems, particularly in Lawful Interception (LI) systems and Data Retention systems (DRS).
In the LI solution, the Intercept Related Information (IRI) provided by a node to the Law Enforcement Mediation Function (LEMF) through the DF2 mediation may contain the P-Access-Network-Info (the only available location information), but a rogue UA could insert incorrect information in this field since the issuance of the Invite SIP message and influence lawful investigations on the UA that may be target of interception.
If a lawful agency orders the interception on target users both in GPRS nodes and in IMS nodes, it could receive different user location information.
An analogous problem can occur for the data retention solution. The only available location information provided by the IMS nodes is given by the P-Access-Network-Info. Also in this case incorrect information provided by the UA could influence lawful investigations.
Similar problems may generally occur in all those situations in which location information is provided to a function which relies on the user location, such as a charging system.