1. Field of the Invention
The present invention relates to telecommunications security and more particularly, the present invention relates to a technique for generating a correlation number for use in the lawful interception of telecommunications traffic, specifically, for use with GSM GPRS (General Packet Radio Service)/UMTS (Universal Mobile Telecommunication System) PS (Packet Switched) domain LI (Lawful Interception) data.
2. Description of Related Art
LEAs (Law Enforcement Agencies) throughout the world have used the lawful interception of communications between criminals and their co-conspirators and between groups of terrorists to thwart their criminal activities. In the past, when only telephone land line services were available, lawful wire-tapping of a telephone of a target entity was used, subject to the laws of the country in which the wire-tapping occurred.
Nowadays, with the advancement in technology and with the increased sophistication of both criminals and terrorists, it has become necessary to develop techniques to lawfully intercept more advanced telecommunications traffic. For example, it is the necessary to develop techniques for the lawful interception of GSM GPRS/UMTS PS domain LI data traffic.
In view of the fact that telecommunications traffic now reaches across countries and spans the globe, standards have been developed and are being developed by various international organizations to standardize lawful interception techniques of telecommunications traffic. For example, the European Telecommunications Standards Institute has produced standards by its ETSI Technical Committee Security (SEC), including ETSI Standard ES 201 158 V1.1.2, dated May, 1998, and ETSI Standard ES 201 671 V2.1.1, dated September, 2001. These standards, respectively entitled Telecommunications security: Lawful Interception (LI); Requirements for network functions and Telecommunications security; Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic, disclose the general requirements of Network Operators (NWOs), Service Providers (SPs) and Access Providers (APs) relating to the provision of lawful interception, with particular reference to the Handover Interface (HI). The provision of lawful interception is a requirement of national law, which is usually mandatory. From time to time, an NWO and/or SP will be required, according to a lawful authorization, to make available results of an interception, relating to specific identities, to a specific LEA. Furthermore, these standards specify the generic flow of information as well as the procedures and information elements which are applicable to any telecommunication network or service. The two aforesaid standards are publicly available on the Internet at the Web Site of the European Telecommunication Standards Institute at http://www.etsi.org and the contents of these two standards are incorporated by reference herein in their entirety.
Similarly, the 3rd Generation Partnership Project (3GPP) group has produced their own standards relating to the same subject matter as the two aforesaid standards from the European Telecommunication Standards Institute. 3GPP Standard TS 33.107 V5.0.0, dated June 2001, and entitled 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Lawful Interception Architecture and Functions (Release 5) and 3GPP Standards TS 33.108 V0.1.0, issued for approval on October 2001, and entitled 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Handover Interface for Lawful Intercept (Release 5), similarly disclose the architecture and functional requirements of lawful interception of telecommunications traffic as related to a 3rd Generation Mobile Communication System (3GPP MS) and further disclose the handover interfaces for lawful interception of Packet-Data Services, Circuit Switched Services, and Multimedia Services within the UMTS including the delivery of Intercept Related Information (HI2) and Content of Communication (HI3) to the Law Enforcement Monitoring Facility. These two standards are publicly available on the Internet at the Web Site of the 3rd Generation Partnership Project at http://www.3gpp.org and the contents of these two standards are incorporated by reference herein in their entirety.
The problems in prior art systems arise in implementing the GSM GPRS/UMTS PS domain LI correlation between CC (Content of Communication) and IRI (Intercept Related Information). The specifications require that the system should provide a correlation number for this purpose. The correlation number should be unique per PDP context and is used to correlate CC with IRI and the different IRIs of one PDP context.
Current specifications propose that the Correlation Number should be composed of e.g. Charging ID+GGSN IPv4/IPv6 address. Because the IPv6 addresses consist of 128 bits the correlation number becomes very long and consists of 8 or 20 octets depending on whether IPv4 or IPv6 address is used. This means that either 8 or 20 octets are consumed in every IRI or CC packet to be transmitted towards the LEA (Law Enforcement Agency). Another problem in current proposal is that the GGSN IP address must be an public IP address to assure the uniqueness of GGSN ID.
It is an object of the present invention to generate a correlation number for use in the lawful interception of telecommunications traffic.
In the present invention, one of either a xe2x80x9cPDP context activationxe2x80x9d event or xe2x80x9cStart of intercept(ion) with PDP context activexe2x80x9d event is handled and a unique PDP-ID (PDP Context Identifier) is generated in response thereto. PDP context activation is a procedure in which the serving GPRS support node (SGSN) together with the gateway GPRS support node (GGSN) that the subscriber will be using establishes a PDP context for routing purposes. An MCC (Mobile Country Code) and an MNC (Mobile Network Code) of a network operator are identified, as is a DF-ID of a DF (Delivery Function) The MCC and MNC are combined to generate an Operator-ID which is combined with the DF-ID and the generated PDP-ID to generate a correlation number.
The PDP-ID may consist of four octets while the Operator-ID may consist of three octets and the DF-ID may consist of one octet.
A unique PDP-ID (PDP Context Identifier) may be generated by incrementing a PDP-ID of a previous xe2x80x9cPDP context activationxe2x80x9d or xe2x80x9cStart of intercept (ion) with PDP context activexe2x80x9d event and comparing a resultant PDP-ID with all PDP-IDs in use and continuing incrementing until a resultant PDP-ID is different from all PDP-IDs in use.
A network including a correlation number generator to generate a correlation number for use in lawful interception of telecommunications traffic may include: at least one LEA (Law Enforcement Agency); and an IIF (Internal Interception Function) including DFs (Delivery Functions) to transmit lawfully intercepted communications traffic to the LEA, the correlation number generator being included in the DFs and including: a handler/generator to handle one of either a xe2x80x9cPDP (Packet Data Protocol) context activationxe2x80x9d or xe2x80x9cStart of intercept(ion) with PDP context activexe2x80x9d event and to generate a unique PDP-ID (PDP Context Identifier) in response thereto; a first identifier to identify an MCC (Mobile Country Code) of a network operator; a second identifier to identify an MNC (Mobile Network Code) of the network operator; a third identifier to identify a DF (Delivery Function)-ID of a DF; a first combiner/generator to combine the MCC and MNC to generate an Operator-ID; and a second combiner/generator to combine the generated PDP-ID and the generated Operator-ID and the DF-ID to generate a correlation number.
In one embodiment of the invention, the network further comprises a LEMF (Law Enforcement Monitoring Facility) to transmit lawfully intercepted telecommunications traffic to the at least one LEA, an IRI (Intercept Related Information) MF (Mediation Function) to forward IRI of lawfully intercepted telecommunications traffic to the at least one LEA via the LEMF, and a CC (Content of Communication) MF to forward CC of lawfully intercepted telecommunications traffic to the at least one LEA via the LEMF.
One advantage of the invention is that the correlation number is always 8 octets long (instead of 20 octets if prior art proposals are used with IPv6 addresses). A further advantage of the invention is that the generating of the correlation number does not require any GGSN-specific information. Because the correlation number consist only 8 octets instead of 20 octets, the overall performance of the HI2 and HI3 interfaces between DF and LEA is improved. Still another advantage of the invention is that the correlation number is always unique (while the prior art proposals for GGSN ID are unique only if the GGSN IP address is unique i.e. a public IP address).