WO2017102019A1 - Ims signalling correlation in srvcc service interception - Google Patents

Ims signalling correlation in srvcc service interception Download PDF

Info

Publication number
WO2017102019A1
WO2017102019A1 PCT/EP2015/080386 EP2015080386W WO2017102019A1 WO 2017102019 A1 WO2017102019 A1 WO 2017102019A1 EP 2015080386 W EP2015080386 W EP 2015080386W WO 2017102019 A1 WO2017102019 A1 WO 2017102019A1
Authority
WO
WIPO (PCT)
Prior art keywords
session
uri
intercepted
srvcc
sip
Prior art date
Application number
PCT/EP2015/080386
Other languages
French (fr)
Inventor
Mario ASCIONE
Andrea SENATORE
Francesco TORO
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/EP2015/080386 priority Critical patent/WO2017102019A1/en
Publication of WO2017102019A1 publication Critical patent/WO2017102019A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Definitions

  • the present technology relates to a method and a mediation device in a LI system.
  • a correlation method and mediation device in which the correlation method correlates lawful intercepted IMS signalling of a session involving a target User Equipment.
  • LTE Long Term Evolution
  • IMS IP Multimedia Subsystem
  • LTE is the natural upgrade path for carriers with both Global System for Mobile Communications / Universal Mobile Telecommunications System (GSM/UMTS) networks and Code Division Multiple Access 2000 (CDMA2000) networks.
  • IMS core network is the evolution of Mobile Softswitch Solution (MSS) core network where the telephony services are provided through AS (Application Server).
  • MSS Mobile Softswitch Solution
  • IMS network is able to provide telephony services regardless of access technology (e.g. 3G, LTE, WiFi) although when LTE access technology is used high quality of service can be guaranteed especially for real-time services.
  • access technology e.g. 3G, LTE, WiFi
  • a Voice over LTE (VoLTE) call can be seen as an IMS Voice over Internet Protocol (VoIP) call using the LTE access network.
  • VoIP Voice over Internet Protocol
  • SRVCC Single Radio Voice Call Continuity
  • the enhancements to the SRVCC mechanism define two logical entities: the Access Transfer Control Function (ATCF) is a signalling controller and the Access Transfer Gateway (ATGW) is a media anchor point. They facilitate rapid and predictable handover from LTE to circuit 2G/3G networks and update the application server (AS) after the access transfer. The combination of these new functions and improved call flow reduces the signalling hops required to handover the active voice call to the new access network.
  • ATCF Access Transfer Control Function
  • ATGW Access Transfer Gateway
  • SRVCC procedure starts when UE move from 4G radio coverage to 3G (GSM and Wide-CDMA (WCDMA)) radio coverage, the MSS sends an INVITE message to the Access Transfer Control Function (ATCF) in the Proxy Call Session Control Function (P-CSCF).
  • ATCF Access Transfer Control Function
  • P-CSCF Proxy Call Session Control Function
  • the SRVCC is initiated with an initial INVITE from MSS.
  • the media path remains anchored in the ATGW function in the IMS system in order to guarantee the voice service continuity in the call .
  • the Single Radio Voice Call Continuity mechanism allows the voice call service to continue when the UE leaves LTE radio coverage and enters GSM/WCDMA radio coverage. As result there is no out of service for the end user since the call doesn't end.
  • One object of this disclosure is to offer a technique and technology to overcome the problem for a LEA to correlate SIP signalling related to the original call with the Session Initiation Protocol (SIP) signalling generated during the Single Radio Voice Call Continuity, SRVCC, service execution.
  • SIP Session Initiation Protocol
  • the method comprises the receiving of an intercepted Session Initiation Protocol (SIP) REGISTER message, identifying a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message, and storing the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table.
  • SIP Session Initiation Protocol
  • ST Session Transfer
  • STN Single Radio Voice Call Continuity
  • URIs Uniform Resource Identifiers
  • the method further comprises the receiving of an intercepted SIP INVITE message for a session comprising an URI stored in the table, generating a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table, receiving an intercepted SRVCC INVITE message for a session, and comparing received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted.
  • CI Communication Identity
  • CIN Communication Identity
  • the method further comprises correlating Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From” field of the intercepted SRVCC INVITE message:
  • IRI Intercept Related Information
  • CC Communication Content
  • the received URI in the "To" field is equal to the stored STN-SR; else Generating a CI Number.
  • a Mediation Device MD, and embodiments thereof.
  • the MD correlates lawful intercepted IMS signalling of a session involving a target UE registered in a first radio coverage area wherein the UE is supported by LTE Radio Access
  • Said MD comprises a processor in a processing circuitry being operative to receive an intercepted Session
  • SIP Session Transfer
  • STN Session Transfer
  • STN Session Transfer
  • SRVCC Single Radio Voice Call Continuity
  • URIs Uniform Resource Identifiers
  • the processor is further operative to receive an intercepted SIP INVITE message for a session comprising an URI stored in the table, to generate a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table, and to receive an intercepted SRVCC INVITE message for a session.
  • CI Communication Identity
  • CIN Communication Identity
  • the processor is further operative to compare received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted, and to correlate Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
  • IRI Intercept Related Information
  • CC Communication Content
  • the received URI in the "To" field is equal to the stored STN-SR; else to generate a new CI Number.
  • a computer program comprises computer program code which, when run in a processor of a processor circuitry of a mediation device, causes the mediation device to perform steps of the correlation method.
  • a computer program product which comprises a computer program and a computer readable means on which the computer program is stored.
  • Said computer program comprises computer program code which, when run in a processor of a processor circuitry of a mediation device, causes the mediation device to perform steps of the correlation method.
  • a carrier containing a computer program, wherein the carrier is one of an electronic signal, optical signal, radio signal or computer readable storage medium.
  • Said computer program comprising computer program code which, when run in a processor of a processor circuitry of a mediation device, causes the mediation device to perform steps of the correlation method.
  • LEAs will be able to correctly correlate the signalling flow before and after the SRVCC service execution.
  • Figure 1 is a block diagram of an exemplary system comprising networks in which devices and methods described herein may be implemented;
  • Figure 2 is a flowchart illustrating a method for correlating lawful intercepted IMS signalling of a wireless telecommunication session
  • Figure 3 is a signalling scheme of the SIP register flow
  • Figure 4 is a flow chart illustrating an updating process of the STN-SR number
  • Figure 5 is a signalling scheme illustrating the SIP INVITE signalling in the system
  • Figure 6 is a signalling scheme illustrating the SRVCC INVITE
  • Figure 7 is a signalling scheme illustrating the SIP BYE signalling in the system
  • Figure 8 is a flowchart illustrating the SIP BYE signalling in the system
  • Figure 9 is a block diagram illustrating a mediation device capable of performing the correlating method
  • Figure 10 is a block diagram illustrating an alternative embodiment of a mediation device capable of performing the correlating method.
  • the problem is to provide the same correlation number before and after the SRVCC procedure.
  • That correlation number will be the same used before UE leaves LTE radio coverage. This can be accomplished by Mediation Device by checking the whole SIP signalling, from the UE REGISTER to the SRVCC INVITE message.
  • FIG. 1 is a block diagram of an exemplary system for wireless telecommunications comprising networks in which devices and methods described herein may be implemented.
  • the wireless telecommunications system 100 may comprise several radio access systems (RASs). Two adjacent systems may support and operate according to different Radio Access Technologies (RATs).
  • RASs radio access systems
  • RATs Radio Access Technologies
  • a first RAS 1 12 is an LTE system comprising an Evolved UMTS
  • E-UTRAN Universal Mobile Telecommunications System Terrestrial Radio Access Network
  • EPC Evolved Packet Core
  • the EPC connects the E-UTRAN 1 14 to the Internet and IMS (IP multimedia Subsystem) System 140.
  • IMS IP multimedia Subsystem
  • RAS 1 12 is able to provide UEs 130 within a first coverage area comprising 1 10 one or more cells with wireless radio connection.
  • the wireless telecommunications system 100 further comprises a second RAS 120.
  • Said second RAS is operating according to the 3G standard.
  • the RAS 120 comprises an UTRAN access network 124 and an Mobile Softswitch Solution (MSS) core network 126.
  • the MSS core network 126 connects the UTRAN 124 to the Internet and IMS System 140.
  • the IMS system 140 comprises a P-CSCF & ATCF (Proxy Call Session
  • the Control Function and Access Transfer Control Function Function 142 for handling signalling traffic of UEs and RASs. Said signalling traffic is further handled by the Application Server (AS) 148 and the Serving Call Session Control Function.
  • the enhancements to the SRVCC system define two logical entities: the Access Transfer Control Function (ATCF) 142 is a signalling controller and the Access Transfer Gateway (ATGW) is a media anchor point 144.
  • the P-CSCF and ATCF 142, ATGW 144, S-CSCF 146 and AS 148 are all standard functions of the IMS system and they are not a part of the solution. Said functions are therefore not described in detail.
  • a Lawful Interception (LI) system is connected to the entities ATCF 142 and ATGW 144.
  • the ATCF is connected via an Interception Device (ID) (not shown) and an Interface X2 for intercepting signalling traffic of call sessions wherein a target or monitored UE, UE A, is involved.
  • ID monitors and intercepts the signalling traffic of interest through the entity 142 and sends a copy of the signalling traffic of a target to a Mediation Function (MD) 200 via an interface X2.
  • MD 200 receives and performs some processing of the received, intercepted signalling traffic and delivers the signalling traffic to a Law Enforcement Agency, LEA, 300 via am interface HI2.
  • SIP messages mentioned here in the description are all messages defined according to SIP or SRVCC standards.
  • the call content, e.g. voice, of a session is sent via an ATGW 144.
  • the ATGW is connected via an ID (not shown) in the entity and an Interface X3 for intercepting call content, or communication content (CC), traffic of call sessions wherein a target or monitored UE, UE A, is involved.
  • the ID monitors and intercepts the CC traffic of interest through the entity 142 to a Remote End 150.
  • Said CC traffic is preferably sent via Real-Time Protocol (RTP) packets.
  • RTP Real-Time Protocol
  • the ID sends a copy of the RTP traffic of a target to the MD 200 via an interface X2.
  • the MD 200 receives and performs some processing of the received, intercepted RTP traffic and delivers the RTP traffic as CC to the LEA 300 via an interface HI2.
  • VoIP Voice over LTE
  • VoIP Voice over Internet Protocol
  • Said IMS VoIP comprises signalling traffic 1 18S, which is illustrated as a dashed line in figure 1 , and RTP traffic 1 18R, illustrated as dashed-dot-dot line 1 18R.
  • the Single Radio Voice Call Continuity (SRVCC) mechanism guarantees soft handover when the voice service continuity during a call in a mobility scenario where the UE A 130 moves out of the LTE coverage 1 10 going into a 3G coverage area 120.
  • SRVCC procedure starts when UE enters 3G (GSM and
  • the MSS sends an INVITE message to the ATCF in the P-CSCF 142.
  • the SRVCC is initiated with an initial INVITE from MSS.
  • Said IMS VoIP 128 is comprising signalling traffic 128S, which is illustrated as a continuous line in figure 1 , and a media path comprising RTP traffic 128R, illustrated as dashed-dotted line 128R.
  • the media path 128R remains anchored in the ATGW function in the IMS system in order to guarantee the voice service continuity in the call .
  • the herein suggested solution of the correlation problem is a technique for providing equal Communication Identity (CI) Number (CIN) for a session before and after SRVCC procedure.
  • CI Communication Identity
  • CIN Communication Identity Number
  • the CIN will be the same as used before UE leaves LTE radio coverage. This can be accomplished by the Mediation Device by checking the whole SIP signalling, from the UE REGISTER to the SRVCC INVITE message.
  • FIG. 2 is a flowchart illustrating a method for correlating lawful intercepted IMS signalling of a wireless telecommunication session. The following method will be described with reference numbers to features illustrated in the system 100 of figure 1 .
  • the target User Equipment, UE A, 130 resides momentary in a first radio coverage area 1 10 wherein the UE A is supported by LTE Radio Access Technology at a session set-up.
  • the method S100 is performed in the LI system, preferably in the MD 200, and the method comprises the following steps of:
  • S110 - Receiving an intercepted Session Initiation Protocol (SIP) REGISTER message
  • S120 - Identifying a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message;
  • S130 - Storing the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table;
  • S140 Receiving an intercepted SIP INVITE message for a session comprising an URI stored in the table;
  • S150 - Generating a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table;
  • S160 - Receiving an intercepted SRVCC INVITE message for a session;
  • S170 - Comparing received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted;
  • figure 3 is a signalling scheme comprising one UE (UE A 130 in Fig. 1 ) of a monitored user, i.e. target, a P-CSCF server (142 in Fig. 1 ) and a Mediation Device, MD (200 in figure 1 ).
  • Registration is the process in which the endpoint, i.e. one UE, sends a SIP REGISTER message to a SIP SERVER or VoIP provider to let it know where it is.
  • the message will pass a node comprising, e.g. P-CSCF server or Session Boarder Gateway (SBG).
  • SBG supports Single Radio Voice Call Continuity (SRVCC) for the 3G to LTE handover.
  • SRVCC Single Radio Voice Call Continuity
  • the node comprises an intercepting device enabling interception of signalling traffic of the monitored user.
  • an intercepted version, i.e. one copy, of the SIP REGISTER message is delivered to a MD via the X2 interface.
  • the MD receives in step S1 10 the intercepted SIP REGISTER message, and, in step S120, the MD identifies a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message.
  • ST Session Transfer
  • STN Session Transfer
  • STN Single Radio Voice Call Continuity
  • URIs Uniform Resource Identifiers
  • the Mediation Device subscribes to Notifications from Home Subscriber Server, HSS, on Sh interface, Sh-Subs-Notif, in case the STN-SR number for the monitored user is updated.
  • This mechanism is needed because although STN-SR number is usually exchanged during UE Registration and stored in HSS, however it could be changed after Registration without any notifications towards UE.
  • the MD may be registered to a HSS for notification of STN-SR changes.
  • the method S200 may involve following steps:
  • HSS Home Subscriber Server
  • the method S200 may be considered as a part of the method S100.
  • Figure 5 is a signalling scheme illustrating the SIP INVITE signalling in the system.
  • the monitored User starts a call and a SIP INVITE message is sent via the P-CSCF wherein the message is intercepted and a copy is sent via the X2 interface to the MD.
  • the MD is configured to generate a CI Number, i.e. step S150, generating a Communication Identity (CI) Number (CIN) to said session.
  • CI Communication Identity
  • CIN Communication Identity Number
  • the new CIN is also inserted as additional value into the table, which may be called CIN correlation table, generated in step S130, wherein a CIN correlation post or record for a CIN involves ["URI contained in the P-Associated_Uri", “STN-SR number”, “CIN”] if it doesn't already exist.
  • MD encloses the CI Number with the received copy of the SIP INVITE and forwards id to the LEA.
  • Figure 6 is a signalling scheme illustrating the SRVCC INVITE signalling in the system.
  • the intercepted SRVCC INVITE message is received as a result of the movement of the target User Equipment (UE) registered in the first radio coverage area wherein the UE is supported by LTE Radio Access Technology to a second coverage area wherein the UE is supported by 3G Radio Access Technology.
  • UE User Equipment
  • Said correlation is performed in steps S170, comparing STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted, and S180, correlating IRI and CC of a received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
  • step S150 a CI Number.
  • the stored identity pair in the table comprises an URI number of the "P- Associated-URI” field and a STN-SR number in the "Feature-Caps” field of the SIP REGISTER message, while the same number as the "P-Associated- URI” number may be found in the "From” field, in the "To” field and in the "P- Asserted-ldentity” field of the received SIP INVITE message, while the stored STN-SR number is found in the "To" field of the received intercepted SRVCC INVITE message.
  • the received URI is the Mobile Station International
  • MSISDN Subscriber Directory Number
  • the stored URI is the MSISDN number, i.e. monitored URI i.e. the target's URI of the received SIP INVITE message at session setup.
  • INVITE message equals to the stored STN-SR number.
  • Figure 7 is a signalling scheme illustrating the SIP BYE signalling in the system.
  • the monitored User terminates the ongoing call, it generates and sends a SIP BYE message towards the remote User.
  • the SP BYE message is intercepted as it passes the P-CSCF node, where it is intercepted.
  • the intercepted copy of the SIP BYE is sent over the X2 interface to the MD.
  • Figure 8 is a flowchart illustrating the SIP BYE signalling in the system.
  • the intercepted copy of the SIP BYE sent over the X2 interface is received by the MD, which performs the steps of a finishing method S300:
  • S302 Receiving an intercepted SIP BYE message for a session associated with a certain URI and CI Number;
  • the finishing method S300 should be considered as a final process of a session being processed in method S100.
  • the above described technique may be implemented in digital electronically circuitry, or in computer hardware, firmware, software, or in combinations of them.
  • Apparatus of the described solution may be implemented in a computer program product tangibly embodied in a machine readable storage device for execution by a programmable processor; and method steps of the solution may be performed by a programmable processor executing a program of instructions to perform functions of the technology by operating on input data and generating output.
  • the technology may advantageously be implemented in one or more computer programs that are executable on a programmable system including at least one programmable processor coupled to receive data and instructions from, and to transmit data and instructions to, a data storage system, at least one input device, and at least one output device.
  • Each computer program may be implemented in a high-level procedural or object- oriented programming language, or in assembly or machine language if desired; and in any case, the language may be a compiled or interpreted language.
  • a processor will receive instructions and data from a readonly memory and/or a random access memory.
  • Storage devices suitable for tangibly embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, such as EPROM (erasable programmable read only memory), EEPROM (electrically erasable programmable read only memory), and flash memory devices; magnetic disks such internal hard disks and removable disks; magneto-optical disks; and CD-ROM (Compact Disc Read-Only Memory) disks. Any of the foregoing may be supplemented by, or incorporated in, specially -designed ASICs (Application Specific Integrated Circuits).
  • ASICs Application Specific Integrated Circuits
  • Figure 9 is illustrating a mediation device MD capable of performing the correlating method S100.
  • the MD comprises a processing circuitry 250, which comprises a processor 252 and a memory storage 254 for storing computer program instructions as code and data for enabling the processing of the incoming data.
  • Said processing circuitry 425 may also be used for implementing a Delivery Function DF2 and DF3.
  • the processor 252 will receive instructions and data from the memory storage 254 implemented by a read-only memory and/or a random access memory.
  • Storage devices suitable for tangibly embodying computer program instructions and data include all forms of nonvolatile memory.
  • a memory storage 258, e.g. a Cache memory is connected to the processing circuitry 250 for storing each unique CIN values together with its correlation set for an intercepted communication session.
  • the processing circuitry 250 is capable of communicating with LEAs via interface 256, which is adapted to communicate with lAPs via interfaces X2 (and X3), and with the LEAs via interfaces HI2 (and HI3).
  • the processor 252 is preferably a programmable processor.
  • the Mediation Device, MD, 200 is adapted to correlate lawful intercepted IMS signalling of a session involving a target UE.
  • Said UE is registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up.
  • the SRVCC process starts a SRVCC INVITE message is generated.
  • Said SRVCC INVITE message is intercepted and received by the MD 200.
  • Said device comprising a processor 252 in a processing circuitry 250 being operative to perform the steps of:
  • ST Session Transfer
  • STN Session Transfer
  • STN Session Transfer
  • STN Session Transfer
  • STN Single Radio Voice Call Continuity
  • URIs Uniform Resource Identifiers
  • IRI Intercept Related Information
  • CC Communication Content
  • the processor 252 in the processing circuitry 250 of the MD 200 is operative to perform the steps of:
  • the processor 252 in the processing circuitry 250 of the MD 200 is operative to perform the steps of:
  • HSS Home Subscriber Server
  • a computer program 260 Said computer program comprises computer program code which, when run in a processor 252 of a processor circuitry 250 of a mediation device 200, causes the MD 200 to perform the steps of the correlation method S100.
  • a computer program product 258 is also provided.
  • the computer program product comprises a computer program 260 and a computer readable means 254, 258 on which the computer program is stored.
  • Said computer program comprises computer program code which, when run in the processor 252 of the processor circuitry 250 of a mediation device 200, causes the MD 200 to perform the steps of the correlation method S100.
  • a carrier containing a computer program 260, wherein the carrier is one of an electronic signal, optical signal, radio signal or computer readable storage medium.
  • Said computer program comprises computer program code which, when run in a processor circuitry of a mediation device, causes the mediation device to perform steps of the second method.
  • FIG. 10 is illustrating an alternative embodiment of a mediation device capable of performing the correlating method.
  • the Mediation Device, MD, 200 is provided.
  • Said MD 200 is adapted to correlate lawful intercepted IMS signalling of a session involving a target UE.
  • Said UE is registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up.
  • the SRVCC process starts a SRVCC INVITE message is generated.
  • Said SRVCC INVITE message is intercepted and received by the MD 200.
  • Said device comprises a receiver interface having a receiving means 510 adapted to receive an intercepted Session Initiation Protocol (SIP) REGISTER message, and an identifier 520 or an identifying means adapted to identify a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message.
  • SIP Session Initiation Protocol
  • Said device 200 further comprises a storage 530 or storage means adapted to store the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table, and wherein the receiving interface also comprises a receiver module 540 adapted to receive an intercepted SIP INVITE message for a session comprising an URI stored in the table.
  • the device 200 comprises a generating module 550 adapted to generate a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table.
  • Said receiving interface comprises a receiver module 560 adapted to intercepted SRVCC INVITE message for a session.
  • Said device 200 further comprises a comparator or comparing device 570 adapted to compare received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted, and a correlator 580 adapted to correlate Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
  • IRI Intercept Related Information
  • CC Communication Content
  • the receiver interface of the MD 200 may further be capable of receiving an intercepted SIP BYE message for a session associated with a certain URI and CI Number.
  • the MD 200 may further comprise processor circuitry for inserting the CI Number of the session in the intercepted SIP BYE message, and a sender adapted to send SIP BYE message to the LEA, wherein said processor circuitry is capable of deleting the CI Number in the table.
  • the receiving interface of the MD 200 may further be adapted to receive for a user an updated STN-SNR number from Home Subscriber Server, HSS.
  • Said processor circuitry is capable of updating the table with updated STN-SNR number.

Landscapes

  • Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present technique relates to a Mediation Device (200) and a method for correlating lawful intercepted IMS signalling of a session involving a target UE registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up. One object is to offer a technique and technology to overcome the problem for a LEA to correlate SIP signalling related to the original call with the SIP signalling generated during the Single Radio Voice Call Continuity, SRVCC, service execution. The object is achieved by providing the same correlation number CIN before and after SRVCC procedure. This can be accomplished by the Mediation Device and a method therein by checking the whole SIP signaling, from the UE REGISTER to the SRVCC INVITE message.

Description

IMS signalling correlation in SRVCC service interception
TECHNICAL FIELD
The present technology relates to a method and a mediation device in a LI system. In more detail, it is provided a correlation method and mediation device, in which the correlation method correlates lawful intercepted IMS signalling of a session involving a target User Equipment.
BACKGROUND
The evolution of telecommunication has leaded changes both in the access network and in the core/services network. The standardizations of Long Term Evolution (LTE) and IP Multimedia Subsystem (IMS) are respectively the main examples of this evolution.
LTE is the natural upgrade path for carriers with both Global System for Mobile Communications / Universal Mobile Telecommunications System (GSM/UMTS) networks and Code Division Multiple Access 2000 (CDMA2000) networks. IMS core network is the evolution of Mobile Softswitch Solution (MSS) core network where the telephony services are provided through AS (Application Server).
IMS network is able to provide telephony services regardless of access technology (e.g. 3G, LTE, WiFi) although when LTE access technology is used high quality of service can be guaranteed especially for real-time services.
A Voice over LTE (VoLTE) call can be seen as an IMS Voice over Internet Protocol (VoIP) call using the LTE access network. In order to guarantee the voice service continuity during a call in a mobility scenario where the user equipment (UE) moves out of the LTE coverage going into a 3G one, a mechanism called Single Radio Voice Call Continuity (SRVCC) has been standardized and implemented by the network vendors and is currently used by the majority of operator that have already launched the VoLTE services. The enhancements to the SRVCC mechanism define two logical entities: the Access Transfer Control Function (ATCF) is a signalling controller and the Access Transfer Gateway (ATGW) is a media anchor point. They facilitate rapid and predictable handover from LTE to circuit 2G/3G networks and update the application server (AS) after the access transfer. The combination of these new functions and improved call flow reduces the signalling hops required to handover the active voice call to the new access network.
In details SRVCC procedure starts when UE move from 4G radio coverage to 3G (GSM and Wide-CDMA (WCDMA)) radio coverage, the MSS sends an INVITE message to the Access Transfer Control Function (ATCF) in the Proxy Call Session Control Function (P-CSCF). When an UE has an ongoing voice call over LTE and Packet Switched (PS) access and the UE moves under the 3G coverage the SRVCC is initiated with an initial INVITE from MSS. As showed illustrated in figure 1 , also after the SRVCC the media path remains anchored in the ATGW function in the IMS system in order to guarantee the voice service continuity in the call .
The Single Radio Voice Call Continuity mechanism allows the voice call service to continue when the UE leaves LTE radio coverage and enters GSM/WCDMA radio coverage. As result there is no out of service for the end user since the call doesn't end.
From Lawful Interception point of view, however, an issue exists in the current solution since the SIP signalling intercepted before SRVCC handover isn't correlated with the SIP signalling intercepted during the SRVCC phases.
As consequence a Law Enforcement Agency (LEA) is unable to correlate the Session Initiation Protocol (SIP) signalling related to the original call with the SIP signalling generated during SRVCC service execution. This issue leads to a wrong identification of the two SIP flows as related to 2 different calls. SUMMARY
One object of this disclosure is to offer a technique and technology to overcome the problem for a LEA to correlate SIP signalling related to the original call with the Session Initiation Protocol (SIP) signalling generated during the Single Radio Voice Call Continuity, SRVCC, service execution.
According to one aspect, it is provided a correlation method and embodiments thereof. Said method correlates lawful intercepted IP
Multimedia Subsystem (IMS) signalling of a session involving a target User Equipment (UE), which is registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up. The method comprises the receiving of an intercepted Session Initiation Protocol (SIP) REGISTER message, identifying a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message, and storing the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table. The method further comprises the receiving of an intercepted SIP INVITE message for a session comprising an URI stored in the table, generating a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table, receiving an intercepted SRVCC INVITE message for a session, and comparing received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted. The method further comprises correlating Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR; else Generating a CI Number. According to further one aspect, it is provided a Mediation Device, MD, and embodiments thereof. The MD correlates lawful intercepted IMS signalling of a session involving a target UE registered in a first radio coverage area wherein the UE is supported by LTE Radio Access
Technology at a session set-up. Said MD comprises a processor in a processing circuitry being operative to receive an intercepted Session
Initiation Protocol (SIP) REGISTER message, to identify a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message, and to store the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table. The processor is further operative to receive an intercepted SIP INVITE message for a session comprising an URI stored in the table, to generate a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table, and to receive an intercepted SRVCC INVITE message for a session. In addition, the processor is further operative to compare received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted, and to correlate Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR; else to generate a new CI Number.
According to further one aspect, a computer program is provided. Said computer program comprises computer program code which, when run in a processor of a processor circuitry of a mediation device, causes the mediation device to perform steps of the correlation method.
According to further one aspect, a computer program product, which comprises a computer program and a computer readable means on which the computer program is stored. Said computer program comprises computer program code which, when run in a processor of a processor circuitry of a mediation device, causes the mediation device to perform steps of the correlation method.
According to further one aspect, a carrier containing a computer program, wherein the carrier is one of an electronic signal, optical signal, radio signal or computer readable storage medium. Said computer program comprising computer program code which, when run in a processor of a processor circuitry of a mediation device, causes the mediation device to perform steps of the correlation method.
One advantage of the above technique is that LEAs will be able to correctly correlate the signalling flow before and after the SRVCC service execution.
Another valuable advantage of this solution is that no impacts are foreseen on existing nodes of both MSS and IMS domains
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing, and other, objects, features and advantages of the present solution will be more readily understood upon reading the following detailed description in conjunction with the drawings in which:
Figure 1 is a block diagram of an exemplary system comprising networks in which devices and methods described herein may be implemented;
Figure 2 is a flowchart illustrating a method for correlating lawful intercepted IMS signalling of a wireless telecommunication session;
Figure 3 is a signalling scheme of the SIP register flow;
Figure 4 is a flow chart illustrating an updating process of the STN-SR number;
Figure 5 is a signalling scheme illustrating the SIP INVITE signalling in the system;
Figure 6 is a signalling scheme illustrating the SRVCC INVITE
signalling in the system; Figure 7 is a signalling scheme illustrating the SIP BYE signalling in the system;
Figure 8 is a flowchart illustrating the SIP BYE signalling in the system; Figure 9 is a block diagram illustrating a mediation device capable of performing the correlating method;
Figure 10 is a block diagram illustrating an alternative embodiment of a mediation device capable of performing the correlating method.
DETAILED DESCRIPTION
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular circuits, circuit components, techniques, etc. in order to provide a thorough understanding of the present solution. However, it will be apparent to one skilled in the art that the present solution may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known methods, devices, and circuits are omitted so as not to obscure the description of the present solution with unnecessary detail.
The problem is to provide the same correlation number before and after the SRVCC procedure.
That correlation number will be the same used before UE leaves LTE radio coverage. This can be accomplished by Mediation Device by checking the whole SIP signalling, from the UE REGISTER to the SRVCC INVITE message.
Figure 1 is a block diagram of an exemplary system for wireless telecommunications comprising networks in which devices and methods described herein may be implemented. The wireless telecommunications system 100 may comprise several radio access systems (RASs). Two adjacent systems may support and operate according to different Radio Access Technologies (RATs).
A first RAS 1 12 is an LTE system comprising an Evolved UMTS
(Universal Mobile Telecommunications System) Terrestrial Radio Access Network (E-UTRAN) 1 14 and an Evolved Packet Core (EPC) network 1 16. The EPC connects the E-UTRAN 1 14 to the Internet and IMS (IP multimedia Subsystem) System 140. By means of radio base stations eNBs (not illustrated), said RAS 1 12 is able to provide UEs 130 within a first coverage area comprising 1 10 one or more cells with wireless radio connection.
The wireless telecommunications system 100 further comprises a second RAS 120. Said second RAS is operating according to the 3G standard. The RAS 120 comprises an UTRAN access network 124 and an Mobile Softswitch Solution (MSS) core network 126. The MSS core network 126 connects the UTRAN 124 to the Internet and IMS System 140.
The IMS system 140 comprises a P-CSCF & ATCF (Proxy Call Session
Control Function and Access Transfer Control Function) Function 142 for handling signalling traffic of UEs and RASs. Said signalling traffic is further handled by the Application Server (AS) 148 and the Serving Call Session Control Function. The enhancements to the SRVCC system define two logical entities: the Access Transfer Control Function (ATCF) 142 is a signalling controller and the Access Transfer Gateway (ATGW) is a media anchor point 144. The P-CSCF and ATCF 142, ATGW 144, S-CSCF 146 and AS 148 are all standard functions of the IMS system and they are not a part of the solution. Said functions are therefore not described in detail.
A Lawful Interception (LI) system is connected to the entities ATCF 142 and ATGW 144. The ATCF is connected via an Interception Device (ID) (not shown) and an Interface X2 for intercepting signalling traffic of call sessions wherein a target or monitored UE, UE A, is involved. The ID monitors and intercepts the signalling traffic of interest through the entity 142 and sends a copy of the signalling traffic of a target to a Mediation Function (MD) 200 via an interface X2. The MD 200 receives and performs some processing of the received, intercepted signalling traffic and delivers the signalling traffic to a Law Enforcement Agency, LEA, 300 via am interface HI2.
The different kind of SIP messages mentioned here in the description, e.g. SIP REGISTER, SIP INVITE, SRVCC INVITE, SIP BYE, etc., are all messages defined according to SIP or SRVCC standards. The call content, e.g. voice, of a session is sent via an ATGW 144. The ATGW is connected via an ID (not shown) in the entity and an Interface X3 for intercepting call content, or communication content (CC), traffic of call sessions wherein a target or monitored UE, UE A, is involved. The ID monitors and intercepts the CC traffic of interest through the entity 142 to a Remote End 150. Said CC traffic is preferably sent via Real-Time Protocol (RTP) packets. The ID sends a copy of the RTP traffic of a target to the MD 200 via an interface X2. The MD 200 receives and performs some processing of the received, intercepted RTP traffic and delivers the RTP traffic as CC to the LEA 300 via an interface HI2.
As described in the background, Voice over LTE (VoLTE) call can be seen as an IMS Voice over Internet Protocol (VoIP) call using the LTE access network. Said IMS VoIP comprises signalling traffic 1 18S, which is illustrated as a dashed line in figure 1 , and RTP traffic 1 18R, illustrated as dashed-dot-dot line 1 18R.
The Single Radio Voice Call Continuity (SRVCC) mechanism guarantees soft handover when the voice service continuity during a call in a mobility scenario where the UE A 130 moves out of the LTE coverage 1 10 going into a 3G coverage area 120.
In details SRVCC procedure starts when UE enters 3G (GSM and
Wide-CDMA (WCDMA)) radio coverage, the MSS sends an INVITE message to the ATCF in the P-CSCF 142. When the UE A has an ongoing voice call over LTE and Packet Switched (PS) access and the UE moves under the 3G coverage the SRVCC is initiated with an initial INVITE from MSS. Said IMS VoIP 128 is comprising signalling traffic 128S, which is illustrated as a continuous line in figure 1 , and a media path comprising RTP traffic 128R, illustrated as dashed-dotted line 128R. The media path 128R remains anchored in the ATGW function in the IMS system in order to guarantee the voice service continuity in the call .
From Lawful Interception point of view, however, an issue exists in the current solution since the SIP signalling intercepted before SRVCC handover isn't correlated with the SIP signalling intercepted during the SRVCC phases. As consequence a Law Enforcement Agency (LEA) is unable to correlate the Session Initiation Protocol (SIP) signalling related to the original call with the SIP signalling generated during SRVCC service execution. This issue leads to a wrong identification of the two SIP flows as related to 2 different calls.
The herein suggested solution of the correlation problem is a technique for providing equal Communication Identity (CI) Number (CIN) for a session before and after SRVCC procedure.
The CIN will be the same as used before UE leaves LTE radio coverage. This can be accomplished by the Mediation Device by checking the whole SIP signalling, from the UE REGISTER to the SRVCC INVITE message.
Figure 2 is a flowchart illustrating a method for correlating lawful intercepted IMS signalling of a wireless telecommunication session. The following method will be described with reference numbers to features illustrated in the system 100 of figure 1 .
The target User Equipment, UE A, 130 resides momentary in a first radio coverage area 1 10 wherein the UE A is supported by LTE Radio Access Technology at a session set-up. The method S100 is performed in the LI system, preferably in the MD 200, and the method comprises the following steps of:
S110: - Receiving an intercepted Session Initiation Protocol (SIP) REGISTER message;
S120:- Identifying a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message;
S130: - Storing the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table;
S140: - Receiving an intercepted SIP INVITE message for a session comprising an URI stored in the table;
S150: - Generating a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table; S160: - Receiving an intercepted SRVCC INVITE message for a session; S170: - Comparing received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted;
S180: - Correlating Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted
SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR;
else:
- Generating (S150) a CI Number.
The steps of the method S100 will hereafter be described in more detail with reference to the signalling schemes in figures 3 - 7.
Thus, figure 3 is a signalling scheme comprising one UE (UE A 130 in Fig. 1 ) of a monitored user, i.e. target, a P-CSCF server (142 in Fig. 1 ) and a Mediation Device, MD (200 in figure 1 ). Registration is the process in which the endpoint, i.e. one UE, sends a SIP REGISTER message to a SIP SERVER or VoIP provider to let it know where it is. The message will pass a node comprising, e.g. P-CSCF server or Session Boarder Gateway (SBG). SBG supports Single Radio Voice Call Continuity (SRVCC) for the 3G to LTE handover. The node comprises an intercepting device enabling interception of signalling traffic of the monitored user. Thus, an intercepted version, i.e. one copy, of the SIP REGISTER message is delivered to a MD via the X2 interface. The MD receives in step S1 10 the intercepted SIP REGISTER message, and, in step S120, the MD identifies a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message. The MD then stores in step S130 the STN-SR in the REGISTER message and the URIs, constituting identifier pairs in a table. Figure 4 is a flowchart illustrating an updating method S200 of the STN- SR number.
The Mediation Device subscribes to Notifications from Home Subscriber Server, HSS, on Sh interface, Sh-Subs-Notif, in case the STN-SR number for the monitored user is updated. This mechanism is needed because although STN-SR number is usually exchanged during UE Registration and stored in HSS, however it could be changed after Registration without any notifications towards UE. Thus, the MD may be registered to a HSS for notification of STN-SR changes.
The method S200 may involve following steps:
S202: - receiving for a user an updated STN-SNR number from Home
Subscriber Server, HSS;
S204: - updating the table with updated STN-SNR number.
The method S200 may be considered as a part of the method S100. Figure 5 is a signalling scheme illustrating the SIP INVITE signalling in the system.
The monitored User starts a call and a SIP INVITE message is sent via the P-CSCF wherein the message is intercepted and a copy is sent via the X2 interface to the MD. The MD is configured to generate a CI Number, i.e. step S150, generating a Communication Identity (CI) Number (CIN) to said session.
When a new INVITE is intercepted, the "monitored URI" is detected and a new Communication Identity Number (CIN) is generated in order to correlate the entire session events. The new CIN is also inserted as additional value into the table, which may be called CIN correlation table, generated in step S130, wherein a CIN correlation post or record for a CIN involves ["URI contained in the P-Associated_Uri", "STN-SR number", "CIN"] if it doesn't already exist. MD encloses the CI Number with the received copy of the SIP INVITE and forwards id to the LEA.
Figure 6 is a signalling scheme illustrating the SRVCC INVITE signalling in the system. When a subsequent SRVCC INVITE is intercepted, and received by the MD, step S160, it can be correlated to the existing session and sent towards the LEA agency.
The intercepted SRVCC INVITE message is received as a result of the movement of the target User Equipment (UE) registered in the first radio coverage area wherein the UE is supported by LTE Radio Access Technology to a second coverage area wherein the UE is supported by 3G Radio Access Technology.
Said correlation is performed in steps S170, comparing STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted, and S180, correlating IRI and CC of a received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR;
else:
- Generating, in step S150, a CI Number.
Thus, if one or both conditions is/are not fulfilled a new CIN is generated and IRI and CC of the received session is possible to correlate. A new CI number is not generated if both conditions are fulfilled. Said conditions a) and b) guarantees that a session started in a 4G/LTE radio access environment is correlated by the MD 200 after an handover to and continuation in a 3G radio access environment. The stored identity pair in the table comprises an URI number of the "P- Associated-URI" field and a STN-SR number in the "Feature-Caps" field of the SIP REGISTER message, while the same number as the "P-Associated- URI" number may be found in the "From" field, in the "To" field and in the "P- Asserted-ldentity" field of the received SIP INVITE message, while the stored STN-SR number is found in the "To" field of the received intercepted SRVCC INVITE message.
All the subsequent events e.g. communication of messages 200 OK,
ACK, etc., will be correlated as well with same CIN.
For condition a), the received URI is the Mobile Station International
Subscriber Directory Number (MSISDN) part of the IP Multimedia Private
Identity (IMPI) captured in the "From"-field of the SIP SRVCC INVITE message. The stored URI is the MSISDN number, i.e. monitored URI i.e. the target's URI of the received SIP INVITE message at session setup.
For condition b), the URI in the "To"-field of the received SRVCC
INVITE message equals to the stored STN-SR number.
Figure 7 is a signalling scheme illustrating the SIP BYE signalling in the system. When the monitored User terminates the ongoing call, it generates and sends a SIP BYE message towards the remote User. The SP BYE message is intercepted as it passes the P-CSCF node, where it is intercepted. The intercepted copy of the SIP BYE is sent over the X2 interface to the MD.
Figure 8 is a flowchart illustrating the SIP BYE signalling in the system.
The intercepted copy of the SIP BYE sent over the X2 interface is received by the MD, which performs the steps of a finishing method S300:
S302: - Receiving an intercepted SIP BYE message for a session associated with a certain URI and CI Number;
S304: - Inserting the CI Number of the session in the intercepted SIP BYE message, and sending it to the LEA; and
S306: - Deleting the CI Number in the table.
The finishing method S300 should be considered as a final process of a session being processed in method S100. The above described technique may be implemented in digital electronically circuitry, or in computer hardware, firmware, software, or in combinations of them. Apparatus of the described solution may be implemented in a computer program product tangibly embodied in a machine readable storage device for execution by a programmable processor; and method steps of the solution may be performed by a programmable processor executing a program of instructions to perform functions of the technology by operating on input data and generating output.
The technology may advantageously be implemented in one or more computer programs that are executable on a programmable system including at least one programmable processor coupled to receive data and instructions from, and to transmit data and instructions to, a data storage system, at least one input device, and at least one output device. Each computer program may be implemented in a high-level procedural or object- oriented programming language, or in assembly or machine language if desired; and in any case, the language may be a compiled or interpreted language.
Generally, a processor will receive instructions and data from a readonly memory and/or a random access memory. Storage devices suitable for tangibly embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, such as EPROM (erasable programmable read only memory), EEPROM (electrically erasable programmable read only memory), and flash memory devices; magnetic disks such internal hard disks and removable disks; magneto-optical disks; and CD-ROM (Compact Disc Read-Only Memory) disks. Any of the foregoing may be supplemented by, or incorporated in, specially -designed ASICs (Application Specific Integrated Circuits).
Figure 9 is illustrating a mediation device MD capable of performing the correlating method S100.
The MD comprises a processing circuitry 250, which comprises a processor 252 and a memory storage 254 for storing computer program instructions as code and data for enabling the processing of the incoming data. Said processing circuitry 425 may also be used for implementing a Delivery Function DF2 and DF3. The processor 252 will receive instructions and data from the memory storage 254 implemented by a read-only memory and/or a random access memory. Storage devices suitable for tangibly embodying computer program instructions and data include all forms of nonvolatile memory. Further, a memory storage 258, e.g. a Cache memory, is connected to the processing circuitry 250 for storing each unique CIN values together with its correlation set for an intercepted communication session.
The processing circuitry 250 is capable of communicating with LEAs via interface 256, which is adapted to communicate with lAPs via interfaces X2 (and X3), and with the LEAs via interfaces HI2 (and HI3). The processor 252 is preferably a programmable processor.
The Mediation Device, MD, 200 is adapted to correlate lawful intercepted IMS signalling of a session involving a target UE. Said UE is registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up. When the UE being supported by LTE Radio Access Technology moves to a second coverage area 120 (figure 1 ) wherein the UE is supported by 3G Radio Access Technology, the SRVCC process starts a SRVCC INVITE message is generated. Said SRVCC INVITE message is intercepted and received by the MD 200. Said device comprising a processor 252 in a processing circuitry 250 being operative to perform the steps of:
- Receiving an intercepted Session Initiation Protocol (SIP) REGISTER message;
- Identifying a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message;
- Storing the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table;
- Receiving an intercepted SIP INVITE message for a session comprising an URI stored in the table; - Generating a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table;
- Receiving an intercepted SRVCC INVITE message for a session;
- Comparing received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted;
- Correlating Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR; else:
- Generating a CI Number.
The processor 252 in the processing circuitry 250 of the MD 200 is operative to perform the steps of:
- Receiving an intercepted SIP BYE message for a session associated with a certain URI and CI Number;
- Inserting the CI Number of the session in the intercepted SIP BYE message, and sending it to the LEA; and
- Deleting the CI Number in the table.
The processor 252 in the processing circuitry 250 of the MD 200 is operative to perform the steps of:
- receiving for a user an updated STN-SNR number from Home Subscriber Server (HSS);
- updating the table with updated STN-SNR number.
It is further herein provided a computer program 260. Said computer program comprises computer program code which, when run in a processor 252 of a processor circuitry 250 of a mediation device 200, causes the MD 200 to perform the steps of the correlation method S100. A computer program product 258 is also provided. The computer program product comprises a computer program 260 and a computer readable means 254, 258 on which the computer program is stored. Said computer program comprises computer program code which, when run in the processor 252 of the processor circuitry 250 of a mediation device 200, causes the MD 200 to perform the steps of the correlation method S100.
According to further one aspect, a carrier containing a computer program 260, wherein the carrier is one of an electronic signal, optical signal, radio signal or computer readable storage medium. Said computer program comprises computer program code which, when run in a processor circuitry of a mediation device, causes the mediation device to perform steps of the second method.
Figure 10 is illustrating an alternative embodiment of a mediation device capable of performing the correlating method. According to further one aspect, yet another embodiment of the Mediation Device, MD, 200 is provided. Said MD 200 is adapted to correlate lawful intercepted IMS signalling of a session involving a target UE. Said UE is registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up. When the UE being supported by LTE Radio Access Technology moves to a second coverage area 120 (figure 1 ) wherein the UE is supported by 3G Radio Access Technology, the SRVCC process starts a SRVCC INVITE message is generated. Said SRVCC INVITE message is intercepted and received by the MD 200. Said device comprises a receiver interface having a receiving means 510 adapted to receive an intercepted Session Initiation Protocol (SIP) REGISTER message, and an identifier 520 or an identifying means adapted to identify a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message. Said device 200 further comprises a storage 530 or storage means adapted to store the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table, and wherein the receiving interface also comprises a receiver module 540 adapted to receive an intercepted SIP INVITE message for a session comprising an URI stored in the table. The device 200 comprises a generating module 550 adapted to generate a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table. Said receiving interface comprises a receiver module 560 adapted to intercepted SRVCC INVITE message for a session. Said device 200 further comprises a comparator or comparing device 570 adapted to compare received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted, and a correlator 580 adapted to correlate Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR;
else:
- Generating a CI Number.
The receiver interface of the MD 200 may further be capable of receiving an intercepted SIP BYE message for a session associated with a certain URI and CI Number. The MD 200 may further comprise processor circuitry for inserting the CI Number of the session in the intercepted SIP BYE message, and a sender adapted to send SIP BYE message to the LEA, wherein said processor circuitry is capable of deleting the CI Number in the table.
The receiving interface of the MD 200 may further be adapted to receive for a user an updated STN-SNR number from Home Subscriber Server, HSS. Said processor circuitry is capable of updating the table with updated STN-SNR number.
A number of embodiments of the present technique have been described. It will be understood that various modifications may be made without departing from the scope of the following claims.

Claims

1 . Method (S100) for correlating lawful intercepted IP Multimedia Subsystem signalling of a session involving a target User Equipment (UE) registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up, involving:
- Receiving (S1 10) an intercepted Session Initiation Protocol (SIP)
REGISTER message;
- Identifying (S120) a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers
(URIs) of said SIP REGISTER message;
- Storing (S130) the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table;
- Receiving (S140) an intercepted SIP INVITE message for a session comprising an URI stored in the table;
- Generating (S150) a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table;
- Receiving (S160) an intercepted SRVCC INVITE message for a session;
- Comparing (S170) received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted;
- Correlating (S180) Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and "From" field of the intercepted SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR; else:
- Generating (S150) a CI Number.
2. The method according to claim 1 , wherein the method further comprises:
- Receiving (S302) an intercepted SIP BYE message for a session
associated with a certain URI and CI Number;
- Inserting (S304) the CI Number of the session in the intercepted SIP BYE message, and sending it to the LEA; and
- Deleting (S306) the CI Number in the table.
3. The method according to claim 1 or 2, wherein the method further comprises:
- receiving (S202) for a user an updated STN-SNR number from Home Subscriber Server (HSS);
- updating (S204) the table with updated STN-SNR number.
4. The method according to any of claims 1 - 3, wherein condition a) the received URI is the Mobile Station International Subscriber Directory Number (MSISDN) part of the IP Multimedia Private Identity (IMPI) captured in the "From"-field of the SIP SRVCC INVITE message, and the stored URI is the MSISDN number of the monitored URI of the received SIP INVITE message at session setup.
5. The method according to claim any of claims 1 - 4, wherein condition b) the URI in the "To"-field of the received SRVCC INVITE message equals to the stored STN-SR number.
6. The method according to any of the preceding claims, wherein the stored identity pair comprises an URI number of the P-associated-URI field and a STN-SR number in the "Feature-Caps" field of the SIP REGISTER message, while the same number as the P-associated-URI number may be found in the "From"-field and P-Asserted-ldentity field of the received SIP INVITE message, while the stored STN-SR number is found in the "To"-field of the received intercepted SRVCC INVITE message.
7. The method according to any of the preceding claims, wherein the intercepted SRVCC INVITE message is received as a result of the movement of the target User Equipment (UE) registered in the first radio coverage area wherein the UE is supported by LTE Radio Access Technology to a second coverage area wherein the UE is supported by 3G Radio Access
Technology.
8. A Mediation Device, MD, (200) for correlating lawful intercepted IP
Multimedia Subsystem signalling of a session involving a target UE
registered in a first radio coverage area wherein the UE is supported by LTE Radio Access Technology at a session set-up, said device comprising a processor (252) in a processing circuitry (250) being operative to perform the steps of:
- Receiving an intercepted Session Initiation Protocol (SIP) REGISTER message;
- Identifying a Session Transfer (ST) Number (STN) for Single Radio Voice Call Continuity (SRVCC) and a list of Uniform Resource Identifiers (URIs) of said SIP REGISTER message;
- Storing the STN-SR of the SIP REGISTER message and the URIs, constituting identifier pairs in a table;
- Receiving an intercepted SIP INVITE message for a session comprising an URI stored in the table;
- Generating a Communication Identity (CI) Number (CIN) to session comprising the URI stored in the table;
- Receiving an intercepted SRVCC INVITE message for a session;
- Comparing received STN-SR and URI of the intercepted SRVCC INVITE message with stored identifier pairs of existing sessions being intercepted;
- Correlating Intercept Related Information (IRI) and Communication Content (CC) of the received session to IRI and CC of an existing session by allocating the CI number of the existing session, if the following conditions are fulfilled for the URIs in the "To" and ""From" field of the intercepted SRVCC INVITE message:
a) the received URI in the "From" field is equal to a stored URI in the table; and
b) the received URI in the "To" field is equal to the stored STN-SR; else:
- Generating a CI Number.
9. The mediation device according to claim 8, wherein the processor in the processing circuitry of said device is operative to perform the steps of:
- Receiving an intercepted SIP BYE message for a session associated with a certain URI and CI Number;
- Inserting the CI Number of the session in the intercepted SIP BYE message, and sending it to the LEA; and
- Deleting the CI Number in the table.
10. The mediation device according to claim 8 or 9, wherein the processor in the processing circuitry of said device is operative to perform the steps of:
- receiving for a user an updated STN-SNR number from Home Subscriber Server (HSS);
- updating the table with updated STN-SNR number.
1 1 . The mediation device according to claim any of claims 8 - 10,
wherein condition a) the received URI is the Mobile Station International Subscriber Directory Number (MSISDN) part of the IP Multimedia Private Identity (IMPI) captured in the "From"-field of the SIP SRVCC INVITE message, and the stored URI is the MSISDN number of the monitored URI of the received SIP INVITE message at session setup.
12. The mediation device according to claim any of claims 8 - 1 1 , wherein condition b) the URI in the "To"-field of the received INVITE message equals to the stored STN-SR number.
13. The mediation device according to any of the preceding claims 8 - 12, wherein the stored identity pair comprises an URI number of the P- associated-URI field and a STN-SR number in the "Feature-Caps" field of the SIP REGISTER message, while the same number as the P-associated-URI number may be found in the "From"-field and P-Asserted-ldentity field of the received INVITE message at session start-up, while the stored STN-SR number is found in the in the "To"-field of the received SRVCC INVITE message.
14. The mediation device according to any of the preceding claims 8 - 13, wherein the intercepted SRVCC INVITE message is received as a result of the movement of the target User Equipment (UE) registered in the first radio coverage area wherein the UE is supported by LTE Radio Access
Technology to a second coverage area wherein the UE is supported by 3G Radio Access Technology.
15. A computer program (260) comprising computer program code which, when run in a processor (252) of a processor circuitry (250) of a mediation device (200), causes the mediation device to perform steps of the method according to any of claims 1 - 7.
16. A computer program product (254, 258) comprising a computer program (260) according to claim 15 and a computer readable means (254, 258) on which the computer program is stored.
17. A carrier (254, 258) containing the computer program (260) of claim 15, wherein the carrier is one of an electronic signal, optical signal, radio signal or computer readable storage medium (254, 258).
PCT/EP2015/080386 2015-12-18 2015-12-18 Ims signalling correlation in srvcc service interception WO2017102019A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/080386 WO2017102019A1 (en) 2015-12-18 2015-12-18 Ims signalling correlation in srvcc service interception

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/080386 WO2017102019A1 (en) 2015-12-18 2015-12-18 Ims signalling correlation in srvcc service interception

Publications (1)

Publication Number Publication Date
WO2017102019A1 true WO2017102019A1 (en) 2017-06-22

Family

ID=54850318

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/080386 WO2017102019A1 (en) 2015-12-18 2015-12-18 Ims signalling correlation in srvcc service interception

Country Status (1)

Country Link
WO (1) WO2017102019A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020251429A1 (en) * 2019-06-10 2020-12-17 Telefonaktiebolaget Lm Ericsson (Publ) Handling of lawfully intercepted sip messages

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110141947A1 (en) * 2009-12-11 2011-06-16 Verizon Patent And Licensing, Inc. Integrated lawful intercept for internet protocol multimedia subsystem (ims) over evolved packet core (epc)
US20120155333A1 (en) * 2010-12-17 2012-06-21 Electronics And Telecommunications Research Institute Of Daejeon Appratus and method for lawful interception
US20140010228A1 (en) * 2012-07-09 2014-01-09 Telefonaktiebolaget L M Ericsson (Publ) Lawful interception in a communications network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110141947A1 (en) * 2009-12-11 2011-06-16 Verizon Patent And Licensing, Inc. Integrated lawful intercept for internet protocol multimedia subsystem (ims) over evolved packet core (epc)
US20120155333A1 (en) * 2010-12-17 2012-06-21 Electronics And Telecommunications Research Institute Of Daejeon Appratus and method for lawful interception
US20140010228A1 (en) * 2012-07-09 2014-01-09 Telefonaktiebolaget L M Ericsson (Publ) Lawful interception in a communications network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; IP Multimedia Subsystem (IMS) Service Continuity; Stage 2 (3GPP TS 23.237 version 12.9.0 Release 12)", TECHNICAL SPECIFICATION, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI), 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS ; FRANCE, vol. 3GPP SA 2, no. V12.9.0, 1 July 2015 (2015-07-01), XP014262136 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020251429A1 (en) * 2019-06-10 2020-12-17 Telefonaktiebolaget Lm Ericsson (Publ) Handling of lawfully intercepted sip messages
CN113966589A (en) * 2019-06-10 2022-01-21 瑞典爱立信有限公司 Processing of legally intercepted SIP messages
US11870820B2 (en) 2019-06-10 2024-01-09 Telefonaktiebolaget Lm Ericsson (Publ) Handling of lawfully intercepted SIP messages

Similar Documents

Publication Publication Date Title
CN107113294B (en) Apparatus and method for implementing call control in a telecommunications network
US10827392B2 (en) Handover delay optimization
US9819701B2 (en) Low latency IMS-based media handoff between a cellular network and a WLAN
US8155084B2 (en) User equipment, call continuity application server, and network handover method
US20100014508A1 (en) Method And System For Emergency Call
US8989177B2 (en) Lawful interception in a communications network
US10320851B2 (en) Methods and devices for detecting and correlating data packet flows in a lawful interception system
WO2017157441A1 (en) Radio handover indication in ims domain
EP3323231B1 (en) Method and system for removing redundant received data flows of interception in ims domains
US10630834B2 (en) Interception for encrypted, transcoded media
WO2017102019A1 (en) Ims signalling correlation in srvcc service interception
Ko et al. SIP amplification attack analysis and detection in VoLTE service network
Kim et al. Tracking location information of volte phones
EP2634980A1 (en) Method and apparatus for intercepting media contents in ip multimedia subsystem
CN110537353B (en) Method and node in lawful interception system
KR102094206B1 (en) Vioce call service swiching system, gateway apparatus and service swiching apparatus and control method each of them
KR20160084516A (en) VoLTE SYSTEM, CONTROL METHOD THEREOF, PGW AND CSCF COMPRISED IN THE SYSTEM, CONTROL METHOD THEREOF
KR20200049715A (en) Vioce call service swiching system, gateway apparatus and service swiching apparatus and control method each of them
WO2017213565A1 (en) Identity handling in ip multimedia subsystem

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15810746

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15810746

Country of ref document: EP

Kind code of ref document: A1