Arya lawful Intercept

The purpose of HI1 is for administrative control for LEMF to add/list/update/delete LI targets. The various modes of HI1 interface are:

• Manual interface like issuing a hard copy of LI warrant to MNO with LI target details. In this case MNO will be activating the LI target using the LI dashboard.
• Using the LEMF dashboard provided by LI server.
• Direct integration with LEMF using the provided REST interfaces for managing LI targets.

However, in any of the modes listed above when LEMF manages LI targets using HI1 each LI target is identified by following identifiers:

• Lawful Interception Identifier - Unique identifier allocated for LI target by the LI server. This identifier is used in all interfaces to correlate the records/information pertaining to the LI target.

In addition to the LIID above, LEMF provides other information required to provision LI for the target service:

• Target identity - The target service related information like MSISDN, IMIE etc.
• LI start time - The time when LI of the target service should start.
• LI end time - The time when LI of the target service should end.
• Interception Type - Should LI activity involve IRI records only, CC information only or both.
• HI2 Destination - The destination address(i.e ftp server) where IRI records to be pushed.
• HI3 Destination - The destination address(i.e ftp server) where CC records to be pushed
• Additional Transport Information - Any additional transport information required for HI2/HI3 transportation.
• LI Warrant Handle - The reference to actual LI warrant for the corresponding target approved using eWarrant interface or physical warrant.

After LI target is added/enabled by the LEMF, the network elements in the mobile network will start tracking the target services. For each communication/call activity of the LI target the LI server will publish the IRI record furnishing all the call related and required information. The communication/call activity may translate into single or multiple IRI records. The IRI records belonging to same call could be identified by IRI control information. The following are the main fields in IRI control information:

• Record Type - indicates if the IRI record is a IRI-BEGIN, IRI-CONTINUE, IRI-END, IRI-REPORT.
• Version Information - Version of the HI2 interface
• Communication Identifier - Network Identifier(Globally unique number that identifies the network) + Unique identifier allocated for the current call.
• Lawful Interception Identifier - Unique identifier allocated for the LI target.
• Temporal Information - Date and time of the IRI record generation.

In addition to IRI control information, the IRI record also consists of basic call information and supplementary service attributes of the current call.

The HI3 interface is used for transferring of actual communication information during the call establishment phase. The form of information transferred depends on the service that is being intercepted. In some cases the the CC payload information is transformed to the required format using mediation function provided by LI server. The CC payload is encoded using TLVs with other metadata information relating the CC payload to a specific LI target and IRI records etc. The CC records are streamed to LEMF target destination using secure FTP.

The X1 interface is used by LE server to enable/disable and list targets. The LI could invoke X1 interface for single or multiple targets. Each target is identified by the service specific target identifier that will help network element to identify the target to be intercepted. For example IMSI, IMEI, IP address, MAC address etc. In addition to target identifier X1 interface will also indicate the delivery type(IRI only, CC only or both) and destination identifiers. The destination identifier specify where the interception information should be transferred. The destination specified are intermediate destination specified by the LI server where these records go through mediation function for transformation to the agreed HI2/HI3 formats. The delivery function on LI server will further transfer the records to the LEMF destination.

The X2 interface is used by network element to notify LE server of all the call related events. For example call establishment, call answer, call release, call handover etc. All these events carry a call correlation identifier that is used for uniquely identifying the span of a call. In addition all supplementary services related information like call directing, conferencing etc and non call events like location updates, SMS events will also be reported. All the events that are notified will carry the target identifiers like MSISDN, IMSI, IMEI, network element identifier, timestamps and local information etc. The event information delivered through X2 interface undergoes mediation function if required at LI server before delivery function transfers the IRI records using HI2 interface.

The X3 interface is used by network element to transfer CC payload to LE server. In addition to CC payload X3 interface also carries target identifier and call correlation identifier for LI server to identify the intercept content. The intercepted content may undergo transformation through mediation function before it is delivered to LEMF by delivery function.