Interception of phone calls is used in modern telecommunications networks for allowing Law Enforcement Agencies (LEAs), authorised by a national law or a Court, to watch particular users who exchange potentially illicit information over the telecommunications network.
A standard reference architecture for Lawful Interception (LI) is provided in ETSI specification ES 201 671 v.2.1.1 and is depicted in FIG. 1.
The standard architecture 10 comprises an Intercepting Control Element (ICE) 11 providing the user equipment of the target user with an access to the telecommunications network. An ICE may be, for instance, a 3G Mobile service Switching Centre (USC) Server, a 3G Gateway MSC Server, a Serving GPRS Support Node (SGSN), or a Gateway GSN.
The architecture 10 further comprises one or more Law Enforcement Monitoring Facilities (LEMFs) 12 through which respective LEAs receive interception information.
An Administration Function (ADMF) entity 13 is further provided for sending the target identity and LI authorisation data from the LEAs to the ICE. The ADMF interfaces with all the LEAs that may require interception in the intercepting network, keeps the intercept activities of individual LEAs separate and interfaces to the intercepting network. The ADMF 13 is also used to hide from the ICE 11 that there might be multiple activations by different LEAs on the same target.
Every physical ICE 11 is linked to the ADMF by means of its own X1—1 interface. Consequently, every single ICE performs interception, i.e. activation, deactivation, interrogation as well as invocation, independently from other ICEs.
In order to deliver the intercepted information to the LEAs, two Delivery Function (DF) entities are provided, each exchanging respective portions of information with the ADMF 13 (through X1—2 and X1—3 interfaces) and the LEMF 12.
In particular, a DF2 entity 14 receives Intercept Related Information (IRI) from the ICE, through an X2 interface, and converts and distributes the IRI to the relevant LEAs via a Handover Interface 2 HI2 by means of a Mediation Function (MF) 15. The Handover Interfaces are described in detail, for example, in the specification 3GPP TS 33.108, release 6, which is herein incorporated by reference.
The IRI is a collection of information or data associated with telecommunication services involving the target identity, such as call associated information or data (e.g. unsuccessful call attempts), service associated information or data (e.g. service profile management by subscriber) and location information.
A DF3 entity 16, instead, receives Content of Communications (CC) information from the ICE through an X3 interface, and converts and distributes such information to the relevant LEA through an MF 17 and an HI3 interface.
The CC is information, different from the IRI, which is exchanged between two or more users of a telecommunications service and, more in general, includes information which may, as part of some telecommunications service, be stored by one user for subsequent retrieval by another user.
With reference to Circuit Switched (CS) calls, interception of calls between an intercepted subscriber 23 and a calling/called party 24 is accomplished through the schematic access arrangement depicted in FIG. 2, which is described in 3GPP TS 33.107 v6.1.0. In particular, the signals of both parties 23 and 24 are separately delivered to the LEMF 22 through a T connection at a Media Gateway 21 and a DF3 26.
For the delivery of the CC and IRI, the 3G MSC Server provides a target identity and a correlation number to the DF2 and DF3 which is used in order to select the different LEAs to which the LI product shall be delivered. The target identity typically comprises one of an International Mobile Subscriber Identity (IMSI), a Mobile Subscriber ISDN Number (MSISDN) and an International Mobile Equipment Identity (IMEI). If interception has been activated for both parties of the call both CC and IRI will be delivered for each party as separate intercept activity.
The access method for delivering Packet Data GSN Intercept Product is accomplished through the schematic arrangement depicted in FIG. 3. The method is based on duplication of packets.
A duplicator of packets 35 is provided at the 3G GSN 31 for duplicating packets intercepted between the target subscriber 33 and the other party 34.
The duplicated packets are then sent to the DF3 36 for further delivery to LEA 32 through a tunnel. The DF3 extracts and interprets a header for each duplicated packet from the X3 interface so as to allow the DF3 36 to perform its functionality.
In the current DF3 architecture, X3 and HI3 interfaces are not suitable for high CC inflows deriving from interception of high bandwidth-consuming services like, for instance, IP-TV or broadcasting, which may be as high as Gbits of information per second.
According to the above LI standards, for each single intercepted packet received on X3, a dedicated LI header is to be extracted and interpreted by the DF3 in order to mediate, direct and possibly multiply the packet towards all interested LEAs via the HI3. Similarly, the same packet needs to be re-built on the HI3 before being sent to the LEA.