The present invention relates to an apparatus, a method, and a computer program product related to lawful interception. More particularly, the present invention relates to an apparatus, a method, and a computer program product related to intercepting communication.
3GPP 3rd Generation Partnership Project
aka also known as
ADMF Administration Function
AGW Access Gateway
AF Access Function
AN Access Node
AS Application Server
ATIS Alliance for Telecommunications Industry Solutions
BCF Border Control Function
CALEA Communications Assistance for Law Enforcement Act
CC Call Content (or Communication Content)
CII Call Identifying Information (aka IRI)
CS Circuit Switched
CSCF Call State Control Function
CSP Communication Service Provider
CTF CC Intercept Triggering Function
DF Delivery Function
DF2 Delivery Function 2 (for IRI)
DF3 Delivery Function 3 (for CC)
EDGE Enhanced Datarate for GSM Evolution
EPS Evolved Packet System
ETSI European Telecommunications Standards Institute
ETSI TC LI ETSI Technical Committee Lawful Interception
GGSN Gateway GPRS Support Node
GPRS Generic Packet Radio Service
GSN GPRS Support Nodes
HI1 Handover Interface 1 (for admin)
HI2 Handover Interface 2 (for IRI)
HI3 Handover Interface 3 (for CC)
IBCF Interworking BCF
I-CSCF Interrogating CSCF
IAP Internet Access Point
ICE Intercepting Control Element
ID Identity or Identifier
Id Identity or Identifier
IM-MGW IMS Media Gateway
IMS IP Multimedia System
IMS-AGW IMS Access Gateway
IP Internet Protocol
IRI Intercept Related Information
LEA Law Enforcement Agency
LEMF Law Enforcement Monitoring Facility
LI Lawful Interception
LIG LI Gateway
LIID Lawful Interception Identifier
LIMS Lawful Interception Management System
LTE Long Term Evolution
LTE-A LTE Advanced
MF Mediation Function
MGCF Media Gateway Control Function
MGW Media Gateway
MRFC Media Resource Function Controller
MRFP Media Resource Function Processor
NSN Nokia Solutions and Networks
P-CSCF Proxy CSCF
PCRF Policy and Charging Rules Function
PDN Packet Data Network
PDN-GW PDN-Gateway
PDP Packet Data Protocol
S-CSCF Serving CSCF
TrGW Transit Gateway
TS Technical Specification
SA3 Services and Systems Aspects TSG 3
SDP Session Description Protocol
SIP Session Initiation Protocol
UMTS Universal Mobile Telecommunications System
US United States
UTRAN Universal Terrestrial Radio Access Network
VoIP Voice over IP
WiFi Wireless Fidelity
X1 X1 Interface (for admin between ADMF and access function)
X2 X2 Interface (for IRI between access function and DF2)
X3 X3 Interface (for CC between access function and DF3)
Lawful Interception (LI) is a legally authorized process of intercepting the communication of private individuals. The interception process is strongly regulated by national laws and telecom acts in each country/region.
3GPP TS 33.107 and TS 33.108 define LI configuration, internal and external LI interface for 3GPP network architectures, and 3GPP defined services. ATIS Standards in North America define the external LI interface to networks deployed in North America. This present application is related to IMS sessions, and therefore, the focus is on LI architecture related to IMS sessions.
Some of the LI architectures defined in 3GPP TS 33.107 are depicted in
The various LI architecture diagrams shown in
The diagram A of
Intercept Related Information (also named Call Data or CD in the US) comprises information about the targeted communications, including destination of a voice call (e.g., called party's telephone number), source of a call (caller's phone number), time of the call, duration, etc, which may also be named meta-data. Communication Content is namely the stream of data carrying the call.
The focus here is just on the IMS-related LI architectures. Not all the network nodes shown in
One example is the case where an incoming call to the target gets forwarded. Before the forwarding (e.g., call forward do not answer case), the PDN-GW/GGSN or the IMS-AGW associated with the target may provide the CC interception. After the call forwarding occurs, PDN-GW or GGSN associated with the forwarded-to user or the TrGW or the IM-MGW may provide the CC interception. Another example is the case where the target subscriber initiates an ad-hoc conference call. In this case, both the S-CSCF and the AS/MRFC may provide the IRI interception. The CC interception may happen at one of the nodes shown in diagram F and G or at the MRFP as show in diagram D.
It is an LI requirement that all the delivered IRI reports and the CC packets shall be correlated to each other. In other words, one IRI message shall be correlated to another IRI message that relates to the same session. The CC packets that correspond to that IMS session have to be correlated to each other and also have to be correlated to the corresponding IMS IRI messages related to the same session. With the possibility of involvement of different network nodes for the IRI interception and the CC interception, the correlating the information delivered to the LEA can be a challenge. One way is to have some mechanism within the network infrastructure so that one Correlation ID is used for all intercepted communication traffic—whether it is IRI or the CC. For example, the NSN implementation of IMS-based VoIP LI follows this approach. In this approach, the network nodes have to implement a method of exchanging that single correlation ID. The other option is to have a mechanism to inform the LEA how different communication traffics have to be correlated. The current published standards follow this approach.
Until the recently approved NSN CRs, the 3GPP LI specifications had defined the LI capabilities just for IMS IRI. The architecture expected the CC interception was based on the separate intercept activations at the packet core network. The NSN CRs provided the stage 2 level architecture definitions for the IMS-based VoIP LI capabilities. The NSN CRs also provided the stage 3 text for the delivery of CC. As explained hereinabove, the existing data structure module defined in 3GPP TS 33.108 expects the packets delivered from a bearer (PDP context) to contain the GPRS/EPS Correlation Number. That helps the LEA to correlate different packets coming from one bearer (PDP context). The current data structure module defined in 3GPP TS 33.108 expects the IMS IRI to contain the IMS Correlation Number and the GPRS/EPS Correlation Number of all the bearers (PDP contexts). The ASN.1 of the data structure module defined in 3GPP TS 33.108 is shown in
In the above definition, the CorrelationValues (noted as Correlation Values in the remaining part of the disclosure) within the IMS IRI is a choice between the three values:
The use-cases of the above three choices are not explained very well in the 3GPP TS 33.108. Anyway, for an interception that involves only the IRI, the choice iri-to-iri is used and an interception that involves both IRI and CC, the choice both-IRI-CC is used. The need to have the choice iri-to-cc is questionable. May be it is there to support implementations that provide SIP session interception solely based on the packet data network. This application will not go further into this iri-to-cc case.
The choice both-IRI-CC consists of:
In this, iri-iri is expected to carry the IMS Correlation Number and iri-cc is expected to carry the GPRS/EPS Correlation Numbers associated to the corresponding bearers or PDP contexts.
In NSN's implementation of IMS-based VoIP LI (also now standardized based on NSN CRs), the P-CSCF sends the CC intercept trigger to the PDN-GW or GGSN via the PCRF, if PDN-GW or GGSN is supposed to do the CC interception for a particular call scenario (see diagram F in
Intercept Function in 3GPP TS 33.107 based on the recent updates due to NSN CRs (see diagram E in
The CC intercept trigger sent to the CC Intercept Function is supposed to carry a Correlation Identifier, which the CC Intercept Function is supposed to use on the delivery of intercepted packets to the DF3. In the NSN implementation, the Correlation Identifier value, supplied to the CC Intercept Function, is transported with some proprietary SIP headers and thus, the S-CSCF is aware of the Correlation Identifier value contained in the delivered CC. The S-CSCF can deliver this Correlation Identifier to the DF2 which in turn can deliver the same to the LEA.
A new data structure module to carry the VoIP CC on HI3 interface has already been defined (this is CR SA31114_045r2 of NSN, approved at the April-May 2014 meeting). For reference, the ASN.1 object module is shown in
It is pointed to the parameter with the name VoIPCorrelationNumber (will be noted as VoIP Correlation Number, in the rest of this disclosure). It is similar to an EPS Correlation Number, however, for the CC Intercept Function, this will be provided by the CC Intercept Triggering Function (see diagram E in
Correlation Id (shown as c1) is used as IMS Correlation Number and as VoIP Correlation Number. Whether c1 has to be specified twice for the two media bearers or once is an implementation choice. It may be an issue for the LEAs to isolate the media packets to a particular bearer when the same Correlation Id is used for multiple bearers. But, this design approach has an advantage over the previous concept (shown in
It is an object of the present invention to improve the prior art.
According to a first aspect of the invention, there is provided an apparatus, comprising exchanging means adapted to exchange a first message of a session initiation protocol related to a call with a first control device, wherein the first message comprises a call identifier of the call; report generating means adapted to generate a report on an interception related information comprising a correlation identifier of the apparatus and the call identifier, wherein the interception related information is based on a second message of the session initiation protocol related to the call.
The apparatus may further comprise triggering means adapted to trigger interception of the call in a media node by a trigger message, wherein the trigger message comprises a media correlation identifier; correlation generating means adapted to generate a correlation message comprising the correlation identifier, the media correlation identifier, and the call identifier.
The apparatus may further comprise inhibiting means adapted to inhibit the report forwarding means from forwarding the report if the correlation forwarding means forwards the correlation message.
The apparatus may further comprise report forwarding means adapted to forward the report to a delivery function device; and correlation forwarding means adapted to forward the correlation message to the delivery function device.
The correlation forwarding means and the report forwarding means may be adapted to forward the correlation message separately from the report.
The exchanging means may be adapted to exchange a third message of the session initiation protocol related to the call with a second control device, wherein the third message comprises the call identifier; and the apparatus may comprise interception message generating means may be adapted to generate an interception message comprising the third message and at least one of the correlation identifier and the call identifier.
The exchanging means may comprise at least one of the following functions:
According to a second aspect of the invention, there is provided an apparatus, comprising exchanging circuitry configured to exchange a first message of a session initiation protocol related to a call with a first control device, wherein the first message comprises a call identifier of the call; report generating circuitry configured to generate a report on an interception related information comprising a correlation identifier of the apparatus and the call identifier, wherein the interception related information is based on a second message of the session initiation protocol related to the call.
The apparatus may further comprise triggering circuitry configured to trigger interception of the call in a media node by a trigger message, wherein the trigger message comprises a media correlation identifier; correlation generating circuitry configured to generate a correlation message comprising the correlation identifier, the media correlation identifier, and the call identifier.
The apparatus may further comprise inhibiting circuitry configured to inhibit the report forwarding circuitry from forwarding the report if the correlation forwarding circuitry forwards the correlation message.
The apparatus may further comprise report forwarding circuitry configured to forward the report to a delivery function device; and correlation forwarding circuitry configured to forward the correlation message to the delivery function device.
The correlation forwarding circuitry and the report forwarding circuitry may be configured to forward the correlation message separately from the report.
The exchanging circuitry may be configured to exchange a third message of the session initiation protocol related to the call with a second control device, wherein the third message comprises the call identifier; and the apparatus may comprise interception message generating circuitry may be configured to generate an interception message comprising the third message and at least one of the correlation identifier and the call identifier.
The exchanging circuitry may comprise at least one of the following functions:
According to a third aspect of the invention, there is provided an apparatus, comprising first match checking means adapted to check if a value of a main correlation identifier comprised in a first correlation message received from a first node and a value of the main correlation identifier comprised in a second correlation message received from a second node different from the first node are the same, wherein the first correlation message additionally comprises a first secondary correlation identifier, and the second correlation message additionally comprises a second secondary correlation identifier; and the apparatus further comprises generating means adapted to generate, if the value of the main correlation identifier comprised in the first correlation message and the value of the main correlation identifier comprised in the second correlation message are the same, a main correlation message comprising the first secondary correlation identifier.
The generating means may be adapted to generate the main correlation message such that it comprises additionally the second secondary correlation identifier.
One of the first correlation message and the second correlation message may additionally comprise an interception related information, and the generating means may be adapted to include the interception related message into the main correlation message.
The apparatus may further comprise first analyzing means adapted to analyze if a received first interception message comprising a first interception related information comprises one of the first secondary correlation identifier, the second secondary correlation identifier, and the main correlation identifier; first forwarding means adapted to forward the first interception related information together with the first secondary correlation identifier and the second secondary correlation identifier if the received first interception message comprises one of the first secondary correlation identifier and the second secondary correlation identifier.
The apparatus may further comprise first inhibiting means adapted to inhibit the generating means from including the second secondary correlation identifier in the main correlation message; second analyzing means adapted to analyze if a received second interception message comprising a second interception related information comprises one of the first secondary correlation identifier, the second secondary correlation identifier, and the main correlation identifier; forwarding means adapted to forward the second interception related information together with the first secondary correlation identifier if the received interception message comprises one of the first secondary correlation identifier and the second secondary correlation identifier; second inhibiting means adapted to inhibit the forwarding means from forwarding the second secondary correlation identifier with the second interception related information.
The apparatus may further comprise multiplicity checking means adapted to check if the second correlation message comprises two values of the main correlation identifier; second match checking means adapted to check if a value of the main correlation identifier comprised in a third correlation message received from a third node different from the first node and different from the second node is the same as one of the values of the main correlation identifier comprised in the second correlation message; wherein the third correlation message may additionally comprise a third secondary correlation identifier; and the generating means may be adapted to generate, if the value of the main correlation identifier comprised in the third correlation message is the same as one of the values of the main correlation identifier comprised by the second correlation message, the main correlation message additionally comprising the third secondary correlation identifier.
One of the first and second secondary correlation identifiers may be an identifier of a media transporting call content of the call. One of the first and second secondary correlation identifiers may be an identifier of a message of a session initiation protocol related to the call. The main correlation identifier may be a call identifier of a session initiating protocol session. In some embodiments, the main correlation message does not comprise the main correlation identifier.
According to a fourth aspect of the invention, there is provided an apparatus, comprising first match checking circuitry configured to check if a value of a main correlation identifier comprised in a first correlation message received from a first node and a value of the main correlation identifier comprised in a second correlation message received from a second node different from the first node are the same, wherein the first correlation message additionally comprises a first secondary correlation identifier, and the second correlation message additionally comprises a second secondary correlation identifier; and the apparatus further comprises generating circuitry configured to generate, if the value of the main correlation identifier comprised in the first correlation message and the value of the main correlation identifier comprised in the second correlation message are the same, a main correlation message comprising the first secondary correlation identifier.
The generating circuitry may be configured to generate the main correlation message such that it comprises additionally the second secondary correlation identifier.
One of the first correlation message and the second correlation message may additionally comprise an interception related information, and the generating circuitry may be configured to include the interception related message into the main correlation message.
The apparatus may further comprise first analyzing circuitry configured to analyze if a received first interception message comprising a first interception related information comprises one of the first secondary correlation identifier, the second secondary correlation identifier, and the main correlation identifier; first forwarding circuitry configured to forward the first interception related information together with the first secondary correlation identifier and the second secondary correlation identifier if the received first interception message comprises one of the first secondary correlation identifier and the second secondary correlation identifier.
The apparatus may further comprise first inhibiting circuitry configured to inhibit the generating circuitry from including the second secondary correlation identifier in the main correlation message; second analyzing circuitry configured to analyze if a received second interception message comprising a second interception related information comprises one of the first secondary correlation identifier, the second secondary correlation identifier, and the main correlation identifier; forwarding circuitry configured to forward the second interception related information together with the first secondary correlation identifier if the received interception message comprises one of the first secondary correlation identifier and the second secondary correlation identifier; second inhibiting circuitry configured to inhibit the forwarding circuitry from forwarding the second secondary correlation identifier with the second interception related information.
The apparatus may further comprise multiplicity checking circuitry configured to check if the second correlation message comprises two values of the main correlation identifier; second match checking circuitry configured to check if a value of the main correlation identifier comprised in a third correlation message received from a third node different from the first node and different from the second node is the same as one of the values of the main correlation identifier comprised in the second correlation message; wherein the third correlation message may additionally comprise a third secondary correlation identifier; and the generating circuitry may be configured to generate, if the value of the main correlation identifier comprised in the third correlation message is the same as one of the values of the main correlation identifier comprised by the second correlation message, the main correlation message additionally comprising the third secondary correlation identifier.
One of the first and second secondary correlation identifiers may be an identifier of a media transporting call content of the call. One of the first and second secondary correlation identifiers may be an identifier of a message of a session initiation protocol related to the call. The main correlation identifier may be a call identifier of a session initiating protocol session. In some embodiments, the main correlation message does not comprise the main correlation identifier.
According to a fifth aspect of the invention, there is provided an apparatus, comprising intercepting means adapted to intercept a call content of a call of a session initiation protocol after having received a trigger comprising a media correlation identifier of a media transporting the call; inhibiting means adapted to inhibit the apparatus from providing a correlation message comprising the media correlation identifier to a delivery function, wherein the correlation message does not comprise the call content.
The media means may be adapted to provide at least one of the following functions:
According to a sixth aspect of the invention, there is provided an apparatus, comprising intercepting circuitry configured to intercept a call content of a call of a session initiation protocol after having received a trigger comprising a media correlation identifier of a media transporting the call; inhibiting circuitry configured to inhibit the apparatus from providing a correlation message comprising the media correlation identifier to a delivery function, wherein the correlation message does not comprise the call content.
The media circuitry may be configured to provide at least one of the following functions:
According to a seventh aspect of the invention, there is provided an apparatus, comprising extracting means adapted to extract a first session correlation identifier and a first media correlation identifier from a received correlation message; first session evaluating means adapted to evaluate if a received first report comprises the first session correlation identifier, wherein a first interception related information is comprised in the first report; first media evaluating means adapted to evaluate if a received first message comprises the first media correlation identifier, wherein a first call content is comprised in the first message; correlating means adapted to correlate the first interception related information and the first call content if the first report comprises the first session correlation identifier and the first message comprises the first media correlation identifier.
The extracting means may be adapted to extract a second session correlation identifier different from the first session correlation identifier from the correlation message; and the apparatus may comprise second session evaluating means adapted to evaluate if a received second report comprises the second session correlation identifier, wherein a second interception related information is comprised in the second report; wherein the correlating means may be adapted to correlate the second interception related information with the first interception related information and the first call content if the second report comprises the second session correlation identifier.
The first report may be received from a first report delivery function, and the second report may be received from a second report delivery function different from the first report delivery function.
The extracting means may be adapted to extract a second media correlation identifier different from the first media correlation identifier from the correlation message; and the apparatus may comprise second media evaluating means adapted to evaluate if a received second message comprises the second media correlation identifier, wherein a second call content may be comprised in the second message; wherein the correlating means may be adapted to correlate the second call content with the first interception related information and the first call content if the second message comprises the second media correlation identifier.
The first message may be received from a first media node, and the second message may be received from a second media node different from the first media node.
According to an eighth aspect of the invention, there is provided an apparatus, comprising extracting circuitry configured to extract a first session correlation identifier and a first media correlation identifier from a received correlation message; first session evaluating circuitry configured to evaluate if a received first report comprises the first session correlation identifier, wherein a first interception related information is comprised in the first report; first media evaluating circuitry configured to evaluate if a received first message comprises the first media correlation identifier, wherein a first call content is comprised in the first message; correlating circuitry configured to correlate the first interception related information and the first call content if the first report comprises the first session correlation identifier and the first message comprises the first media correlation identifier.
The extracting circuitry may be configured to extract a second session correlation identifier different from the first session correlation identifier from the correlation message; and the apparatus may comprise second session evaluating circuitry configured to evaluate if a received second report comprises the second session correlation identifier, wherein a second interception related information is comprised in the second report; wherein the correlating circuitry may be configured to correlate the second interception related information with the first interception related information and the first call content if the second report comprises the second session correlation identifier.
The first report may be received from a first report delivery function, and the second report may be received from a second report delivery function different from the first report delivery function.
The extracting circuitry may be configured to extract a second media correlation identifier different from the first media correlation identifier from the correlation message; and the apparatus may comprise second media evaluating circuitry configured to evaluate if a received second message comprises the second media correlation identifier, wherein a second call content may be comprised in the second message; wherein the correlating circuitry may be configured to correlate the second call content with the first interception related information and the first call content if the second message comprises the second media correlation identifier.
The first message may be received from a first media node, and the second message may be received from a second media node different from the first media node.
According to a ninth aspect of the invention, there is provided a method, comprising exchanging a first message of a session initiation protocol related to a call with a first control device, wherein the first message comprises a call identifier of the call; generating a report on an interception related information comprising a correlation identifier of an apparatus performing the method and the call identifier, wherein the interception related information is based on a second message of the session initiation protocol related to the call.
The method may further comprise triggering interception of the call in a media node by a trigger message, wherein the trigger message comprises a media correlation identifier; generating a correlation message comprising the correlation identifier, the media correlation identifier, and the call identifier.
The method may further comprise inhibiting the report forwarding means from forwarding the report if the correlation forwarding means forwards the correlation message.
The method may further comprise forwarding the report to a delivery function device; and forwarding the correlation message to the delivery function device. The correlation message is forwarded separately from the report.
The method may further comprise exchanging a third message of the session initiation protocol related to the call with a second control device, wherein the third message comprises the call identifier; generating an interception message comprising the third message and at least one of the correlation identifier and the call identifier.
The apparatus may comprise at least one of the following functions:
According to a tenth aspect of the invention, there is provided a method, comprising checking if a value of a main correlation identifier comprised in a first correlation message received from a first node and a value of the main correlation identifier comprised in a second correlation message received from a second node different from the first node are the same, wherein the first correlation message additionally comprises a first secondary correlation identifier, and the second correlation message additionally comprises a second secondary correlation identifier; and the method further comprises generating, if the value of the main correlation identifier comprised in the first correlation message and the value of the main correlation identifier comprised in the second correlation message are the same, a main correlation message comprising the first secondary correlation identifier.
The main correlation message may be generated such that it comprises additionally the second secondary correlation identifier.
One of the first correlation message and the second correlation message may additionally comprise an interception related information, and the interception related message may be included into the main correlation message.
The method may further comprise analyzing if a received first interception message comprising a first interception related information comprises one of the first secondary correlation identifier, the second secondary correlation identifier, and the main correlation identifier; forwarding the first interception related information together with the first secondary correlation identifier and the second secondary correlation identifier if the received first interception message comprises one of the first secondary correlation identifier and the second secondary correlation identifier.
The method may further comprise inhibiting an apparatus performing the method from including the second secondary correlation identifier in the main correlation message; analyzing if a received second interception message comprising a second interception related information comprises one of the first secondary correlation identifier, the second secondary correlation identifier, and the main correlation identifier; forwarding the second interception related information together with the first secondary correlation identifier if the received interception message comprises one of the first secondary correlation identifier and the second secondary correlation identifier; inhibiting the apparatus from forwarding the second secondary correlation identifier with the second interception related information.
The method may further comprise checking if the second correlation message comprises two values of the main correlation identifier; checking if a value of the main correlation identifier comprised in a third correlation message received from a third node different from the first node and different from the second node is the same as one of the values of the main correlation identifier comprised in the second correlation message; wherein the third correlation message additionally may comprise a third secondary correlation identifier; and generating, if the value of the main correlation identifier comprised in the third correlation message is the same as one of the values of the main correlation identifier comprised by the second correlation message, the main correlation message additionally comprising the third secondary correlation identifier.
One of the first and second secondary correlation identifiers may be an identifier of a media transporting call content of the call. One of the first and second secondary correlation identifiers is an identifier of a message of a session initiation protocol related to the call. The main correlation identifier may be a call identifier of a session initiating protocol session. In some embodiments, the main correlation message does not comprise the main correlation identifier.
According to an eleventh aspect of the invention, there is provided a method, comprising intercepting a call content of a call of a session initiation protocol after having received a trigger comprising a media correlation identifier of a media transporting the call; inhibiting an apparatus performing the method from providing a correlation message comprising the media correlation identifier to a delivery function, wherein the correlation message does not comprise the call content.
The apparatus may provide at least one of the following functions:
According to a twelfth aspect of the invention, there is provided a method, comprising extracting a first session correlation identifier and a first media correlation identifier from a received correlation message; evaluating if a received first report comprises the first session correlation identifier, wherein a first interception related information is comprised in the first report; evaluating if a received first message comprises the first media correlation identifier, wherein a first call content is comprised in the first message; correlating the first interception related information and the first call content if the first report comprises the first session correlation identifier and the first message comprises the first media correlation identifier.
The method may further comprise extracting a second session correlation identifier different from the first session correlation identifier from the correlation message; evaluating if a received second report comprises the second session correlation identifier, wherein a second interception related information is comprised in the second report; and correlating the second interception related information with the first interception related information and the first call content if the second report comprises the second session correlation identifier.
The first report may be received from a first report delivery function, and the second report may be received from a second report delivery function different from the first report delivery function.
The method may further comprise extracting a second media correlation identifier different from the first media correlation identifier from the correlation message; evaluating if a received second message comprises the second media correlation identifier, wherein a second call content may be comprised in the second message; and correlating the second call content with the first interception related information and the first call content if the second message comprises the second media correlation identifier.
The first message may be received from a first media node, and the second message may be received from a second media node different from the first media node.
Each of the methods of the ninth to twelfth aspects may be a method for intercepting.
According to a thirteenth aspect of the invention, there is provided a computer program product comprising a set of instructions which, when executed on an apparatus, is configured to cause the apparatus to carry out the method according to any one of the ninth to twelfth aspects. The computer program product may be embodied as a computer-readable medium or directly loadable into a computer.
According to some embodiments of the invention, at least one of the following advantages may be achieved:
It is to be understood that any of the above modifications can be applied singly or in combination to the respective aspects to which they refer, unless they are explicitly stated as excluding alternatives.
Further details, features, objects, and advantages are apparent from the following detailed description of the preferred embodiments of the present invention which is to be taken in conjunction with the appended drawings, wherein
Herein below, certain embodiments of the present invention are described in detail with reference to the accompanying drawings, wherein the features of the embodiments can be freely combined with each other unless otherwise described. However, it is to be expressly understood that the description of certain embodiments is given for by way of example only, and that it is by no way intended to be understood as limiting the invention to the disclosed details.
Moreover, it is to be understood that the apparatus is configured to perform the corresponding method, although in some cases only the apparatus or only the method are described.
In the figures, c1 is the IMS Correlation Number, and m1 is the EPS Correlation Number associated with the media bearer #1 and m2 is the EPS Correlation Number associated with the media bearer #2. The IMS signalling bearer has the EPS Correlation Number s1.
There are problems in the concepts that relate to the standardized approach, based on the specification, to correlate all IRI reports and CC packages based on informing LEA on the correlation. Embodiments of the invention solve these problems and allow the implementers to have a flexible design approach.
As explained hereinabave, in reference to the IMS sessions, several network nodes may be involved in providing the intercept functions. 3GPP TS 33.108 defines the data structure for delivering more than one correlation numbers in the IRI messages. But, the concepts that govern that data structure are weak and prone to have some errors. For example, the concepts that govern the data structure of 33.108 are based on the assumption that the CC interception for an IMS session is done at the GGSN (as shown in diagram A) and the PDN-GW (as shown in diagram B).
The concepts that define the data structure modules within 3GPP TS 33.108 assume that each GPRS/UMTS PDP context has own GPRS Correlation Number. In the same way, each EPS bearer has own EPS Correlation Number. The packets delivered from the respective nodes (i.e., GGSN or PDN-GW) carry the corresponding GPRS/EPS Correlation Number to the LEA. Using this GPRS/EPS Correlation Number, the LEAs are able to correlate the packets coming off of the one bearer. For an IMS session, these packets coming from the GPRS PDP context or EPS bearer are referred to as CC.
Based on those concepts, a different Correlation Number is used by the IMS node. The data structure module defined in 3GPP TS 33.108 allows the DF2 to deliver this Correlation Number and the GPRS/EPS Correlation Number in the IMS IRI messages. The 3GPP TS 33.108 does not clearly explain how the GPRS/EPS Correlation Number is supplied to the DF2 that delivers the IMS IRI to the LEA. As illustrated in
There is one way to make DF2 (that delivers the IMS IRI) have the GPRS/EPS Correlation Number: if the same DF2 is used for the delivery of packet data IRI messages. In this approach, the packet core network (GPRS/UMTS or EPS) as a part of packet data interception, deliver the GPRS/EPS Correlation Number to the DF2 as packet data IRI when the associated PDP context/bearer is created within the packet core network. It is assumed that the packet data IRI and IMS IRI have the same Lawful Interception Identifier (LIID) value. LIID identifies the target to be intercepted. The DF2, with the help of LIID, is able to associate the GPRS/EPS Correlation Number to the IMS Correlation Number and report both Correlation Numbers to the LEA. This particular concept is illustrated in
The above concept breaks in the following possible scenarios:
In summary, the above paragraphs identify and describe some of the problems with the concepts that are standardized in providing the LI for IMS based sessions.
Recent updates to the 3GPP TS 33.107 and 3GPP TS 33.108 (based on NSN CRs) have enhanced the IMS-based VoIP interception (Diagram E of
As explained hereinabove (problem #2), it appears that 3GPP TS 33.108 fails to realize that iri-cc cannot be reported unless a media bearer (or PDP context) is created within the packet core network. The media bearer (or PDP context) is established as a part of the call establishment and in some rare situations it may not happen till the call is answered (e.g., if the SDP answer is sent in a SIP ACK message). Typically, no SIP messages are exchanged between the user and the IMS network once the call is setup (until the call is released). This implies that there may be situations where the DF2 may never get an opportunity (or get it only at the call release time) to report the GPRS/EPS Correlation Numbers to the LEA. This will be an issue because if that is the case then the LEAs will not be able to correlate the IRIs and the CCs of an IMS session. Additionally, the current data structure module perhaps presumes that GPRS/EPS Correlation Numbers of all bearers (PDP contexts) are reported (note: not all bearers (PDP contexts) carry the CC of an IMS session). With the approach of reporting the GPRS/EPS Correlation Numbers of all bearers (PDP contexts), the method cannot isolate and associate the CC with the appropriate IRI in the event the target is engaged in multiple concurrent calls.
All the packets delivered from EPS to the LEA (via DF3) contain the EPS Correlation Number values that correspond to the associated EPS bearer. Note that in the existing LI architecture these packets carry packet-specific CC. All SIP messages and the voice media are treated as CC as far as packet data interception is concerned. The packet core network sends the packet data IRI to the DF2. These IRI also carry the EPS Correlation Number associated with the bearer. If the DF2 used for the packet data IRI and the DF2 used for IMS IRI are one and the same, then that DF2 can use the LIID value received in the packet data IRI and the IMS IRI to associate a correlation between the IMS Correlation Number and the EPS Correlation Number. In this approach, all the hitherto known EPS Correlation Numbers will be associated to the IMS Correlation Numbers. If there are more than one IMS Correlation Numbers for an IMS session, then what DF2 has to do is not explained. Anyway, those are internal functions of a DF2.
Until an IRI message that contains the m1, m2 along with c1 is received, LEA cannot correlate the received media packets with the IRI. Also, if no IRI message is received after the establishment of the media bearers, the LEA will not have an opportunity to receive an IRI that would correlate the m1 and m2 to the c1. This makes the correlation almost impossible. The 3GPP TS 33.108 suggests that the LEA can also associate the CC with the IRI, by comparing the LIID values received in the packets and the IRI. But, if the target is involved in multiple concurrent calls (or multiple call legs), then the LEAs cannot use that logic to associate the CC with the IRI.
Embodiments of the invention provide a method and an apparatus performing the method to deliver the correlation information from different nodes of CSP infrastructure and/or provide a method for the delivery function (DF2) to coordinate and send that information to the LEA and provide instructions on how the LEAs have to use that information. As a part of this method, a new data structure module is defined for the HI2 interface in a more generic way so that different implementations (i.e., other than the NSN implementations) can also take advantage of. The data structure module will support the possibility of multiple call legs, multiple concurrent calls and multiple media streams, as such would solve the problems discussed hereinabove. The idea of multiple concurrent calls, multiple media streams, correlating the SIP messages intercepted at multiple nodes (e.g., S-CSCF, AS, MRFC), are not discussed so far within the industry.
Embodiments of the invention provide a method to deliver the correlation information to the LEAs so as to help the LEAs to correlate the IRI and the CC for an IMS session. The method may be used to support NSN's implementation of VoIP LI (where only one Correlation Identifier value is used for IRI and CC) and also other implementations where multiple Correlation Identifier values may be used. The said method can also be used to correlate the IRI intercepted at S-CSCF, or AS, or AS/MRFC or even the P-CSCF even if those nodes use separate Correlation Identifier values. (In this respect, note that some implementations may adopt a concept of using different Correlation Identifier values at different nodes to avoid changes to the messages exchanged between the networks nodes within the IMS network).
As a part of this method according to some embodiments of the invention, a message called Correlation Message used to deliver the correlation information from the IMS network to the DF2 and then from the DF2 to the LEA may be introduced. Alternatively, in some embodiments of the invention, the Correlation Message may sometimes not be a standalone message. In these embodiments, the correlation information may be passed along with the IMS IRI messages to the LEA. If no IMS IRI message needs to be delivered, then an independent (standalone) Correlation Message may be sent. Depending on the implementation, the DF2 may or may not send all the correlation information every time it sends a IMS IRI message to the LEA.
Some embodiments of the invention provide a method that allows the DF2 to relate different identifier values that it receives from the IMS IRI or CTF to a particular IMS session. They allow an IMS session to have multiple media bearers each with own VoIP Correlation Number. Some embodiments of the invention do not require that the DF2 used to deliver the packet data IRI and DF2 used to deliver the IMS IRI be the same. As a matter of fact, the IMS VoIP interception can be independent of a packet data interception. According to some embodiments of the invention, the target may be involved in multiple concurrent IMS sessions each having separate distinct Correlation Ids both for IMS IRI and for the CC.
Accordingly, a data structure module for the delivery of correlation information to the LEA is defined. In order to maintain the backward compatibility, the existing data structure module defined in 3GPP TS 33.108 is enhanced to include the IMS VoIP specific variant.
In
Node B. The SIP Node A provides the CC Intercept Triggering Function and assigns m-cor-1 as the Correlation Number to be used for the media and sends the same to the Media Node that provides the media interception within the Intercept Trigger. The Media Node includes m-cor-1 as the VoIP Correlation Number (see
As and when a Correlation Number is assigned, the corresponding SIP Node sends that Correlation Number (m-cor-1) in a message referred here as Correlation Message over the X2 interface to the DF2. The Correlation Message also contains the LIID (as currently implied by the 3GPP TS 33.108, not shown in
For
In
LEA uses the information received in the Correlation Message to correlate different IRI messages (may be intercepted at different nodes) and the CC. In this illustration of
As shown in
Correlation Numbers received from different SIP Nodes to one IMS session. For example, when Correlation Message with [sip-cor-1], [m-cor-1], [sip-call-id-1] and later [sip-cor-2], [sip-call-id-1] are received, the DF2 uses the [sip-call-id-1] to associate a correlation between [sip-cor-2] and [sip-cor-1] & [m-cor-1].
Embodiments of the invention work for basic IMS sessions and also for more complex IMS sessions such as call forwarding or IMS-based conferencing where the Media Node that provides the media interception may change during the session. A new Correlation Message may be sent to the LEA to update the correlation information. Embodiments of the invention also work if more than one media bearer is present in an IMS session.
In the embodiment shown in
Message comprising sip-cor-3, sip-call-id2, and m-cor-2.
In some embodiments of the invention, the SIP Node B does not remove sip-cor-1 and sip-call-id-1 (instead adds the sip-cor-3 and sip-call-id-3) in the Correlation Message that it sends to the DF2. Then, the DF2 may include both m-cor-1 (and sip-cor-1) and m-cor-2 (and sip-cor-3) in the Correlation Message sent to the LEA. In this case, the LEA may correlate any media packets received with VoIP Correlation Number m-cor-1 and any media packets received with VoIP Correlation Number m-cor-2 with the IMS session that may utilize the IMS Correlation Numbers sip-cor-2 (SIP Node B), sip-cor-3 (SIP Node C) and sip-cor-1 (SIP Node A). This case may be particularly applicable for certain scenarios such as conferencing and can be made applicable even if only one of the two Media Nodes provide the media interception. Because in the last case, even though the LEA may expect to receive the media packets with VoIP Correlation Number m-cor-1, since Media Node is not performing the media interception, no media packets with VoIP Correlation Number m-cor-1 are delivered to the LEA. Whether or not sip-cor-1 and sip-call-id-1 are removed from the Correlation message may depend on the particular implementation.
Embodiments of the invention may be used for all cases of IMS based VoIP interceptions - i.e., it can be used when the media interception is performed at the PDN-GW, GGSN, IMS-AGW, IM-MGW, TrGW and even the MRFP. The SIP Nodes that provide the IMS IRI interception can be P-CSCF, S-CSCF or AS/MRFC. The CTF can be P-CSCF, MGCF, IBCF or AS/MRFC. Embodiments of the invention may even apply if the MGCF and IBCF provide some IMS IRI events.
In order to accommodate the delivery of multiple Correlation Numbers to the LEA, the Correlation Values present within the conventional HI2 data structure module for IMS IRI messages requires some enhancements. A new data structure module according to embodiments of the invention may be preferably designed in such a way that it keeps the existing structure (to provide any backward compatibility needs) and adds the IMS VoIP specifics as a variant. In other words, a new CHOICE is added to the Correlation Values parameter to support the IMS VoIP scenario. Even though the VoIP is considered here, the new CHOICE, in principle, can be used for any IMS sessions. The concepts assume the recently approved stage 2 LI architecture definitions (based on NSN CRs) where the IMS provides a Correlation Identifier to be used for the delivery of the intercepted media packets (CC). Even though within NSN implementation only one Correlation Identifier is used as IMS Correlation Number and the VoIP Correlation Number, the data structure module defined here is applicable to implementations with plural Correlation Identifiers. The new data structure module definition is as shown in
For the delivery of IMS VoIP Correlation Message or the IMS IRI message,
As shown in
Hereinafter, some examples are provided that illustrate how embodiments of the invention handle some few IMS scenarios.
This may be a typical call origination scenario.
In this case, SIP Node 1 and SIP Node 2 are involved. SIP Node 1 and SIP Node 2 use sip-call-id-1 for the SIP messages exchanged between them. MN-1 (Media Node 1) provides the interception of the media. SIP Node 2 provides the interception of SIP messages. SIP Node 1 may also provide the interception of SIP messages, but it does not have to.
SIP Node 1 assigns VoIP Correlation Number (m-cor-1) and sends the same to the MN-1 along with the Intercept Trigger. SIP Node 1 uses the sip-cor-1 as the IMS Correlation Number. SIP Node 2 uses the sip-cor-2 as the IMS Correlation Number. SIP Node 1 sends the correlation information (sip-cor-1, m-cor-1 and sip-call-id-1) to the DF2. SIP Node 2 sends the correlation information (sip-cor-2 and sip-call-id-1) to the DF2 (marked with A in
On the HI2 interface, the DF2 delivers the correlation information (sip-cor-2, sip-cor-1 and m-cor-1) to the LEA.
In some IMS originating call scenario, SIP Node 2 may also provide SIP Call ID associated with the outgoing SIP messages (towards the destination party) as a part of the correlation information to the DF2. This capability allows the SIP Node 2 to intercept the SIP messages sent or received from destination side of the call leg.
In a typical implementation, P-CSCF takes the role of SIP Node 1 and S-CSCF takes the role of SIP Node 2. MN-1 may be a PDN-GW, GGSN or an IMS-AGW.
This may be a typical call termination scenario.
In this case, SIP Node 2 and SIP Node 3 are involved. SIP Node 2 and SIP Node 3 use sip-call-id-2 for the SIP messages exchanged between them. In this case, sip-call-id-1 is presumed to be the SIP Call ID associated with the SIP messages received at SIP Node 2 from the originating side of the call. MN-2 (Media Node 2) provides the interception of the media. SIP Node 2 provides the interception of SIP messages. SIP Node 3 may also provide the interception of SIP messages, but it does not have to.
SIP Node 3 assigns VoIP Correlation Number (m-cor-2) and sends the same to the MN-2 along with the Intercept Trigger. SIP Node 3 uses the sip-cor-3 as the IMS Correlation Number. SIP Node 2 uses the sip-cor-2 as the IMS Correlation Number. SIP Node 3 sends the correlation information (sip-cor-3, m-cor-2 and sip-call-id-2) to the DF2. SIP Node 2 sends the correlation information (sip-cor-2, sip-call-id-2 and sip-call-id-1) to the DF2 (marked as B in
On the HI2 interface, the DF2 delivers the correlation information (sip-cor-2, sip-cor-3 and m-cor-2) to the LEA.
In a typical implementation, P-CSCF takes the role of SIP Node 3 and S-CSCF takes the role of SIP Node 2. MN-2 can be a PDN-GW, GGSN or an IMS-AGW.
This may be a typical call forwarding scenario, where the target (person/entity to be intercepted) forwards the call.
In this case, SIP Node 2, SIP Node 4 and SIP Node 5 are involved. SIP Node 2 and SIP Node 4 use sip-call-id-3 for the SIP messages exchanged between them. SIP Node 4 and SIP Node 5 use sip-call-id-4 for the SIP messages exchanged between them. In this case, sip-call-id-1 is presumed to be the SIP Call ID associated with the SIP messages received at SIP Node 2 from the originating side of the call. MN-3 (Media Node 3) provides the interception of the media. SIP Node 2 provides the interception of SIP messages.
SIP Node 2 uses the sip-cor-2 as the IMS Correlation Number. SIP Node 4 uses the sip-cor-4 as the IMS Correlation Number. SIP Node 5 uses the sip-cor-5 as the IMS Correlation Number. SIP Node 2 sends the correlation information (sip-cor-2, sip-call-id-3 and sip-call-id-1) to the DF2 (marked as C in
On the HI2 interface, the DF2 delivers the correlation information (sip-cor-2, sip-cor-4, sip-cor-5 and m-cor-3) to the LEA.
In a typical implementation, S-CSCF takes the role of SIP Node 2. S-CSCF takes the role of SIP Node 4 (even though S-CSCF (as SIP Node 4) may not be the next hop SIP node from a S-CSCF (as SIP Node 2), from a correlation information collection perspective, such an assumption can be made). P-CSCF takes the role of SIP Node 5 and MN-3 can be a PDN-GW, GGSN or an IMS-AGW. For a call forwarding case, MN-3 may also be a IM-MGW (in this case the SIP Node 5 is MGCF) or a TrGW (in this case, the SIP Node 5 may be IBCF).
This may be a typical call forwarding scenario where the forwarded-to party happens to be the target (i.e. the person/entity to be intercepted).
In this case, SIP Node 2, SIP Node 4, and SIP Node 5 are involved. From a SIP signalling perspective, this case is same as the case 3. The difference is that in this case the forwarded-to-party is the target whereas in case 3, the forwarding party is the target. Therefore, in case 3 SIP Node 2 provides the IMS IRI interception whereas in this case SIP Node 4 provides the IMS IRI interception.
SIP Node 2 and SIP Node 4 use sip-call-id-3 for the SIP messages exchanged between them. SIP Node 4 and SIP Node 5 use sip-call-id-4 for the SIP messages exchanged between them. MN-3 (Media Node 3) provides the interception of the media. SIP Node 4 provides the interception of SIP messages.
SIP Node 4 uses the sip-cor-4 as the IMS Correlation Number. SIP Node 5 uses the sip-cor-5 as the IMS Correlation Number.
SIP Node 4 sends the correlation information (sip-cor-4, sip-call-id-3 and sip-call-id-4) to the DF2. SIP Node 5 assigns VoIP Correlation Number (m-cor-3) and sends the same to the MN-3 along with the Intercept Trigger. SIP Node 5 sends the correlation information (sip-cor-5, m-cor-3 and sip-call-id-4) to the DF2.
On the HI2 interface, the DF2 delivers the correlation information (sip-cor-4, sip-cor-5 and m-cor-3) to the LEA.
When this case is compared to case 3, MN-3 in both cases provides the media interception. However, the LIID happens to be different and hence, the LEA is able to associate the received CC with a particular IMS session. In a typical implementation, the MN-3 may provide two copies of the intercepted media to the LEA because the interception is done for two different targets. However, this particular point (i.e., whether one vs. two copies of media packets) is not of relevance in the present context.
In a typical implementation, S-CSCF takes the role of SIP Node 2. S-CSCF takes the role of SIP Node 4 (even though S-CSCF (as SIP Node 2) may not be the previous hop SIP node to the S-CSCF (as SIP Node 4), from a correlation information collection perspective, such an assumption can be made). P-CSCF takes the role of SIP Node 5 and MN-3 can be a PDN-GW, GGSN or an IMS-AGW.
This may be a typical Conferencing scenario.
In this case, SIP Node 1, SIP Node 2 and SIP Node 6 are involved. SIP Node 1 and SIP Node 2 use sip-call-id-1 for the SIP messages exchanged between them. SIP Node 2 and SIP Node 6 use sip-call-id-5 for the SIP messages exchanged between them. MN-1 (Media Node 1) provides the interception of the media. SIP Node 2 and SIP Node 6 provide the interception of SIP messages. SIP Node 1 may also provide the interception of SIP messages, but it does not have to.
SIP Node 1 assigns VoIP Correlation Number (m-cor-1) and sends the same to the MN-1 along with the Intercept Trigger. SIP Node 1 uses the sip-cor-1 as the IMS Correlation Number. SIP Node 2 uses the sip-cor-2 as the IMS Correlation Number. SIP Node 6 uses the sip-cor-6 as the IMS Correlation Number. SIP Node 1 sends the correlation information (sip-cor-1, m-cor-1 and sip-call-id-1) to the DF2. SIP Node 2 sends the correlation information (sip-cor-2, sip-call-id-1 and sip-call-id-5) to the DF2 (marked as D in
On the HI2 interface, the DF2 delivers the correlation information (sip-cor-2, sip-cor-1, sip-cor-6 and m-cor-1) to the LEA.
In a typical implementation, P-CSCF takes the role of SIP Node 1 and S-CSCF takes the role of SIP Node 2. AS/MRFC can take the role of SIP Node 6. MN-1 can be a PDN-GW, GGSN or an IMS-AGW.
This may be another Conferencing scenario. The scenario is very similar to scenario 5 except that here the media interception is done at the Media Node 4 (MN-4). And also, in this case, SIP Node 1 does not provide any IMS IRI interception. The case where SIP Node 1 also providing the IMS IRI interception and MN-4 providing the media interception can be another case by itself (not illustrated here).
In this case, SIP Node 2 and SIP Node 6 are involved. SIP Node 2 and SIP Node 6 use sip-call-id-5 for the SIP messages exchanged between them. MN-4 (Media Node 4) provides the interception of the media. SIP Node 2 and SIP Node 6 provide the interception of SIP messages.
SIP Node 2 uses the sip-cor-2 as the IMS Correlation Number. SIP Node 6 uses the sip-cor-6 as the IMS Correlation Number. SIP Node 2 sends the correlation information (sip-cor-2 and sip-call-id-5) to the DF2 (marked as E in
On the HI2 interface, the DF2 delivers the correlation information (sip-cor-2, sip-cor-6 and m-cor-4) to the LEA.
In a typical implementation, S-CSCF takes the role of SIP Node 2. AS/MRFC can take the role of SIP Node 6. MRFP takes the role of MN-4.
As an implementation alternative, the SIP Node 2 can include sip-call-id-1 in the correlation information that it delivers to the DF2. This allows the SIP Node 1 also provide IMS IRI interception. However, in this case, m-cor-1 may also be included in the correlation information. But, this approach will have one of the two outcomes: Either the LEA receive media packets from MN-1 and MN-4 (duplicate call content reception) or IMS network would stop the interception at MN-1 and hence, even if the LEA is prepared to receive the media packets with m-cor-1 as the VoIP Correlation Number, it won't receive any.
This may be another Conferencing scenario. In this case, only SIP Node 6 provides the IMS IRI interception. The media interception is performed at the MN-4 as in case 6.
In this case, SIP Node 6 is involved. SIP Node 6 uses sip-call-id-5 for the SIP messages that it receives. SIP Node 6 uses the sip-cor-6 as the IMS Correlation Number. SIP Node 6 sends the correlation information (sip-cor-6, sip-call-id-5, m-cor-4) to the DF2. Since SIP Node 6 is the sole IMS IRI interception point, sip-call-id-5 can be skipped from reporting to the DF2. That may be an implementation alternative.
On the HI2 interface, the DF2 delivers the correlation information (sip-cor-6 and m-cor-4) to the LEA.
In a typical implementation, AS/MRFC can take the role of SIP Node 6 and MRFP takes the role of MN-4.
From an implementation perspective, some alternatives do exist for embodiments of the invention, e.g.:
These 5 implementation alternatives are illustrated in
While alternatives 1 and 2 are related to the forming of the correlation message to LEA, alternatives 3 to 5 also consider handling of intercepted SIP messages at DF2.
Alternative 5 is a variant of Alternatives 4 and 5 related to the X2 interface between SIP node(s) and DF2. In
Among these alternatives, sending of the Correlation Message along with IMS IRI message and DF2 including the entire correlation information in the IRI messages may be the preferred alternative.
Two call flows are shown in
LEA, the P-CSCF sends the Correlation Message with sip-cor-1, m-cor-1 and sip-call-id-1. The DF2 forwards this Correlation Message to the LEA with the correlation information containing sip-cor-1 and m-cor-1.
The S-CSCF intercepts the SIP INVITE and sends the Correlation Message with IMS IRI message and contains the sip-cor-2 and sip-call-id-1. The DF2 delivers the Correlation Message with the IMS IRI message and contains the sip-cor-2, sip-cor-1 and m-cor-1.
In this call flow, the subsequent SIP messages delivered contain just the sip-cor-2. The CC contains m-cor-1 as Correlation Number. Based on the previously received Correlation Message, the LEA is able to correlate all the IRI messages and the CC with the IRI messages.
Message with IMS IRI message and contains the sip-cor-2 and sip-call-id-1. The DF2 delivers the Correlation Message with the IMS IRI message and contains the sip-cor-2. When the SIP INVITE comes back from the AS with a different SIP Call Id, the S-CSCF sends a Correlation Message to the DF2 and contains sip-cor-2 and sip-call-id-2. The DF2 which is aware of the sip-cor-2 notes the association between sip-call-id-1 and sip-call-id-2 and sip-cor-2. Since, the correlation information pertaining to the sip-cor-2 is already reported to the LEA, DF2 does not send any new Correlation Message here.
The P-CSCF, upon receiving the SIP-INVITE from the S-CSCF, interacts with the IMS-AGW and sends the intercept trigger which includes the m-cor-1 to be used as the Correlation Id when the intercepted media is delivered to the LEA via the DF3. Since, this SIP INVITE (from P-CSCF) is not delivered to the LEA, the P-CSCF sends the Correlation Message with sip-cor-1, m-cor-1 and sip-call-id-1. The DF2 forwards this Correlation Message to the LEA with the correlation information containing sip-cor-2, sip-cor-1 and m-cor-1.
In this call flow, the subsequent SIP messages delivered contain just the sip-cor-2. The CC contains m-cor-1 as Correlation Number. Based on the previously received Correlation Message, the LEA is able to correlate all the IRI messages and the CC with the IRI messages.
As shown in
The following section compares the new data structure module according to embodiments of the invention with the conventional data structure module.
If one Correlation Id is used for IMS IRI and for CC, then the previous data structure module can still be used. However, as noted hereinabove, the use of single Correlation Id has some limitations.
One drawback in the previous data structure module is that the iri-cc is not optional. Therefore, the DF2 has to indicate that one-cor-1 is the Correlation Id for the CC even before a media bearer is setup and established.
If multiple Correlation Ids are used by different SIP Nodes, then the previous data structure module cannot be used for some scenarios, as illustrated in
In the example illustrated in
The apparatus comprises exchanging means 10 and report generating means 20.
The exchanging means 10 exchanges a first message of a session initiation protocol related to a call with a control device (such as a SIP node) (S10). The first message comprises a call identifier of the call.
The report generating means 20 generates a report on an interception related information comprising a correlation identifier of the apparatus and the call identifier (S20). The interception related information (IRI) may be based on the first message but it may be based on other SIP messages exchanged in connection to the call instead. I.e. IRI provides information about the respective SIP message.
In some embodiments of the invention, a report forwarding means may forward the report to a delivery function device such as DF2.
The apparatus comprises first match checking means 110 and generating means 120.
The first match checking means 110 checks if a value of a main correlation identifier comprised in a first correlation message received from a first node and a value of the main correlation identifier comprised in a second correlation message received from a second node different from the first node are the same (S110). The main correlation identifier may be a SIP-call id. The first correlation message additionally comprises a first secondary correlation identifier, and the second correlation message additionally comprises a second secondary correlation identifier. Each of the secondary correlation identifiers may be e.g. an identifier of media or an identifier of a SIP node.
The generating means 120 generates, if the value of the main correlation identifier comprised in the first correlation message and the value of the main correlation identifier comprised in the second correlation message are the same, a main correlation message comprising at least one of the first secondary correlation identifier and the second secondary correlation identifier (S120). The main correlation message may or may not comprise the main correlation identifier.
The apparatus comprises intercepting means 210 and inhibiting means 220.
The intercepting means 210 intercepts a call content of a call of a session initiation protocol after having received a trigger comprising a media correlation identifier of a media transporting the call (S210).
The inhibiting means 220 inhibits the apparatus from providing a correlation message comprising the media correlation identifier to a delivery function such as DF2 if the correlation message does not comprise the call content (S220). For example, the apparatus may not have a function to provide a correlation message without call content to a delivery function.
The apparatus comprises extracting means 310, session evaluating means 320, media evaluating means 330, and correlating means 340.
The extracting means 310 extracts a session correlation identifier and a media correlation identifier from a received correlation message (S310). For example, the correlation message may be received from a delivery function such as DF2.
The session evaluating means 320 evaluates if a received report comprises the session correlation identifier (S320). In addition, the report comprises an interception related information. For example, the report may be received from a delivery function such as DF2. It may be the same DF2 or a different DF2 than the DF2 from which the correlation message is received.
The media evaluating means 330 evaluates if a received message comprises the media correlation identifier (S330). In addition, the first message comprises a call content. For example, the message may be received from a delivery function such as DF3.
The sequence of steps S320 and S330 may be interchanged, or these steps may be performed in parallel.
If the report comprises the session correlation identifier (S320: “yes”) and the message comprises the media correlation identifier (S330: “yes”) the correlating means 340 correlates the interception related information and the call content (S340).
Within this application, sometimes it is referred to VoIP. VoIP is one of the most prominent SIP applications. However, the application and the embodiments of the invention are applicable to other SIP applications, too.
Embodiments of the invention may be employed in other cases, too. One example is Single Radio Voice Call Continuity (SR-VCC) where different access network (packet core and CS-domain) are involved within a session. The standard bodies are yet to define how LI would work on SR-VCC. Embodiments of the invention solve the generic problem of correlation for this configuration, too.
The terms Correlation ID and Correlation Number are used synonymously in this application. The term Correlation Number is used in the 3GPP specifications, to which the present application refers quite often.
The term “bearer” is used in the EPS and the same is known as a PDP context in the GPRS/UMTS network. For the present application, the term “bearer” should be taken as a bearer in
EPS or a PDP context in GPRS/UMTS. It may also mean a corresponding item (“bearer”) in other network technologies.
Embodiments of the invention may be employed in a LTE-A network. They may be employed also in other mobile and fixed networks such as CDMA, EDGE, LTE, UTRAN, WiFi networks, etc, where SIP is implemented.
A terminal may be a user equipment such as a mobile phone, a smart phone, a PDA, a laptop, a tablet PC, or any other device which may be connected to the respective mobile network.
One piece of information may be transmitted in one or plural messages from one entity to another entity. Each of these messages may comprise further (different) pieces of information.
Names of network elements, protocols, and methods are based on current standards. In other versions or other technologies, the names of these network elements and/or protocols and/or methods may be different, as long as they provide a corresponding functionality.
If not otherwise stated or otherwise made clear from the context, the statement that two entities are different means that they perform different functions. It does not necessarily mean that they are based on different hardware. That is, each of the entities described in the present description may be based on a different hardware, or some or all of the entities may be based on the same hardware. It does not necessarily mean that they are based on different software. That is, each of the entities described in the present description may be based on different software, or some or all of the entities may be based on the same software.
According to the above description, it should thus be apparent that exemplary embodiments of the present invention provide, for example a SIP node or a component thereof, an apparatus embodying the same, a method for controlling and/or operating the same, and computer program(s) controlling and/or operating the same as well as mediums carrying such computer program(s) and forming computer program product(s). According to the above description, it should thus be apparent that exemplary embodiments of the present invention provide, for example a delivery function such as DF2, or a component thereof, an apparatus embodying the same, a method for controlling and/or operating the same, and computer program(s) controlling and/or operating the same as well as mediums carrying such computer program(s) and forming computer program product(s).
Implementations of any of the above described blocks, apparatuses, systems, techniques or methods include, as non limiting examples, implementations as hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
It is to be understood that what is described above is what is presently considered the preferred embodiments of the present invention. However, it should be noted that the description of the preferred embodiments is given by way of example only and that various modifications may be made without departing from the scope of the invention as defined by the appended claims.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/EP2014/064986 | 7/11/2014 | WO | 00 |