The provision of a lawful interception is a requirement of national law, which is usually mandatory. From time to time, a network operator and/or a service provider will be required, according to a lawful authorization, to make results of interception relating to specific identities available to a specific intercepting authority or Law Enforcement Agency (LEA).
There are various aspects of interception. The respective national law describes under what conditions and with what restrictions interception is allowed. If an LEA wishes to use lawful interception as a tool, it will ask a prosecuting judge or other responsible body for a lawful authorization, such as a warrant. If the lawful authorization is granted, the LEA will present the lawful authorization to an access provider which provides access from a user's terminal to that network, to the network operator, or to the service provider via an administrative interface or procedure. When a lawful interception is authorized, an Intercept Related Information (IRI) and/or the content of the corresponding communication (CC) is delivered to the LEA.
The lawful authorization may describe the IRI and the content of the communication that are allowed to be delivered for this LEA; typically, the interception period and interception target (e.g., a person's name or MSISDN number(s) related to SIM card(s) or IMEI code of a mobile terminal). For different LEAs and for different investigations, different constraints can apply that further limit the general borders set by the law. The interception target may also be described in different ways in a lawful authorization, e.g. subscriber address, physical address, location, services etc.
Such a lawful interception functionality is also needed in the packet switched part of new mobile data networks such as the GPRS and the UMTS.
Lawful interception is based on an EU Council resolution, which concerns all telecommunications systems, not only mobile ones. The European Telecommunications Standards Institute (ETSI) has defined further technical requirements. These requirements define three interfaces:    X0—1 (=HI1): administrative tasks (may be on paper or fax or online or otherwise)    X0—2 (=HI2): network signaling (near real time)    X0_3 (=HI3): intercepted user data (near real time)
The interface X0—1 carries interception requests, authorization documents, encryption keys and the like. The interface X0—2 carries IRI (Interception Related Information) like phone numbers, service information, time stamps etc. The interface X0—3 carries the content of communication (CC), i.e., the intercepted packets containing data sent and/or received etc. The exact definitions of the three interfaces are left to local legislation and authorities. The interfaces X0—1 to X0—3 are referred in the GSM 03.03 (where GPRS annex was included June 1999). The three X0 interfaces are defined in ETSI ES 201 671 V1.1.1 as HI1/HI2/HI3 interfaces, wherein symbols X0—1 to X0—3 correspond to HI1 to HI3, respectively.
With respect to FIG. 1, the lawful interception is described in more detail. FIG. 1 shows a reference configuration for the lawful interception for GPRS (General Packet Radio Systems). Reference numeral 1 denotes a Law Enforcement Agency (LEA) mentioned above. The symbols X0—1, X0—2 and X0—3 denote the above mentioned interfaces between the LEA and respective network elements which are described in the following. Numeral 2_1 denotes an Administrative Function for LI (Lawful Interception) in the network. Numeral 2_2 indicates an IRI delivery function (also known as DF2P for packet data like GPRS), whereas numeral 2_3 indicates a CC delivery function (also known as DF3P for packet data). The ADMF 2_1, the IRI delivery function 2_2 and the CC delivery function 2_3 are connected to a GSN (GPRS Support Node) 3 via interfaces X1—1p, X2p and X3p. In addition, the IRI and CC delivery functions are connected with the ADMF 2_1 via interfaces X1—2p and X1—3p, respectively. The GSN 3 can be a SGSN or a GGSN or other node intercepting user activity or frames containing user level packet data.
In this manner, the ADMF 2_1 is used together with the delivery functions to hide from the GSN that there might be multiple activations by different Law Enforcement Agencies (LEAs) on the same target. Additionally, the packet network complexity is hidden from the LEA(s).
The above described LI structure works satisfactorily in case of circuit switched services like GSM. However, the situation is different for packet switched services like GPRS.
That is, in case of a packet switched services, the IRI and CC data are transmitted in packets to the LEA 1. The packet flow starts from the packet intercepting node (i.e., GSN 3 in FIG. 1) to the delivery function nodes (i.e., IRI and CC delivery functions 2_2 and 2_3 in FIG. 1) to the LEA 1. The LEA system has a mass memory for packets, but it may also monitor packets as near real time streams. In GPRS, for example, the IRI data is defined to have some network attachment and/or PDP (Packet Data Protocol) context related data incorporated that relates the IRI to certain subscriber activity. The packets relate to a certain PDP context.
In the packet switched networks as described above, there is a possibility that due to delay changes in the networks, e.g., because of handovers, packets are received in a different order than they were sent. In other words, user data (CC) relating to a single communication session (PDP context in GPRS networks) may be routed via different nodes towards a delivery function and finally to the LEA due to handovers (like SGSN handovers in GPRS networks) or Network Element (NE) redundancy cases where NE2 takes over the responsibility of another NE1 of similar kind, due to capacity or NE failure reasons. Hence, it is possible that the packets (either IRI or CC) sent from the SGN 3 to the LEA will arrive in a different order than that in which they were actually sent.
It is known that packets can be numbered to allow the reconstruction of the actual packet order. However, in Lawful Interception (LI) it may not be enough to only reconstruct the actual order of packets itself. By contrast, it is also important to know which IRI packets relates to which CC packet. Since IRI packets and CC packets are transmitted via logically separate connections to the LEA and the number of CC and IRI packets are typically not 1:1, it is difficult to relate the two kinds of packets to each other in an efficient way. Hence, if in LI such delays and misorders of IRI and/or CC packets occur, this will cause serious problems since organizing the packets afterwards into a correct order is a more complicated task than getting them in an easily identifiable order from the first possible point.
Document WO 99 17499 A discloses a method of performing a lawful interception in a packet network. This method comprises the steps of generating interception related information packets and communication content packets from a communication or network activity to be intercepted, providing identification data for the packets and transmitting the packets to an interception authority device.