US20160127420A1 - Lawful Interception for Proximity Service - Google Patents

Lawful Interception for Proximity Service Download PDF

Info

Publication number
US20160127420A1
US20160127420A1 US14/897,800 US201314897800A US2016127420A1 US 20160127420 A1 US20160127420 A1 US 20160127420A1 US 201314897800 A US201314897800 A US 201314897800A US 2016127420 A1 US2016127420 A1 US 2016127420A1
Authority
US
United States
Prior art keywords
connection
proximity service
radio access
access network
devices
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/897,800
Inventor
Ling Yu
Yixue Lei
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks Oy
Original Assignee
Nokia Solutions and Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Solutions and Networks Oy filed Critical Nokia Solutions and Networks Oy
Assigned to NOKIA SOLUTIONS AND NETWORKS OY reassignment NOKIA SOLUTIONS AND NETWORKS OY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Lei, Yixue, YU, LING
Publication of US20160127420A1 publication Critical patent/US20160127420A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/304Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting circuit switched data communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/155Ground-based stations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • H04L41/048Network management architectures or arrangements comprising network management agents or mobile agents therefor mobile agents
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/023Services making use of location information using mutual or relative location information between multiple location based services [LBS] targets or of distance thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/34Modification of an existing route
    • H04W76/043
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/20Manipulation of established connections
    • H04W76/23Manipulation of direct-mode connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/005Discovery of network devices, e.g. terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2207/00Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place
    • H04M2207/18Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place wireless networks

Definitions

  • the present invention relates to an apparatus, a method and a computer program product for enabling law interception for proximity service.
  • Embodiments of the present invention relate to proximity services and lawful interception (LI) for 3GPP Rel-12 and beyond.
  • L lawful interception
  • one of ProSe requirements is to support regional or national regulatory requirements (e.g. lawful interception, PWS).
  • the LI functionality is located in the core network.
  • ProSe is promoting the network controlled discovery and communication between UEs that are in proximity to be able to use a “direct mode” or “locally-routed” path, which may not involve the core network (CN).
  • the direct mode path is a direct connection between the two UEs without involving further network elements such as an eNB.
  • the locally-routed path is an indirect connection between the two UEs via an eNB without involving CN.
  • the connection of UEs by proximity service does note involve the core network. Therefore, the intercepted information may not be available to the core network LI entities.
  • Embodiments of the present invention address this situation and to enable lawful interception also for devices using a direct connection such a proximity service connection.
  • an apparatus comprising a processor and a memory for storing instructions to be executed by the processor, wherein the processor is configured to provide control in a radio access network, to perform control in relation to a connection for proximity service between at least two devices, to receive configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and to report interception information with respect to the at least one device to be intercepted.
  • a method comprising providing control in a radio access network, performing control in relation to a connection for proximity service between at least two devices, receiving configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and reporting interception information with respect to the at least one device to be intercepted.
  • an apparatus comprising a processor and a memory for storing instructions to be executed by the processor, wherein the processor is configured to provide a connection to a radio access network, to receive interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • a method comprising providing a connection to a radio access network, and receiving interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • a system comprising a device-to-device registration server function and at least one radio access network control element, wherein the device-to-device registration server function is configured to perform control in relation to a connection for proximity service between at least two devices, to perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and to configure the at least one radio access network control element to perform the lawful interception in relation to the proximity service; and the at least one radio access network control element is configured to perform control in relation to a connection for proximity service between the at least two devices, to receive configuration information from the device-to-device registration server function, and to report interception information with respect to the at least one device to be intercepted.
  • a computer program product for a computer comprising software code portions for performing the above defined methods, when said product is run on the computer.
  • the computer program product may comprise a computer-readable medium on which said software code portions are stored.
  • the computer program product may be directly loadable into the internal memory of the computer and/or transmittable via a network by means of at least one of upload, download and push procedures.
  • FIG. 1 shows an example of simplified structures of network elements involved according to an embodiment of the present invention
  • FIGS. 2, 3 and 4 show examples of reference configurations for a ProSe lawful interception according to embodiments of the present invention.
  • UMTS universal mobile telecommunications system
  • UTRAN long term evolution
  • LTE long term evolution
  • WLAN wireless local area network
  • WiFi worldwide interoperability for microwave access
  • Bluetooth® personal communications services
  • PCS personal communications services
  • WCDMA wideband code division multiple access
  • UWB ultra-wideband
  • sensor networks sensor networks
  • MANETs mobile ad-hoc networks
  • IMS Internet Protocol multimedia subsystems
  • B4G 4 th generation
  • a network element may be a computing equivalent device that gathers programmable resources based on virtualization technologies.
  • FIG. 1 shows several elements involved in the procedures according to embodiments of the present invention.
  • Examples are for an apparatuses in which procedures according to embodiments of the invention can be applied are a DRSF 1 and an eNB 2 .
  • the DRSF 1 is responsible for registration, authentication and identifying of D2D users and management of D2D sessions including the mobility management and radio resource management, which may be a standalone element (unit, module) or may be implemented in another network element (unit, module) such as a MME or eNB, for example.
  • the apparatuses may also only be parts of the corresponding network elements (e.g., DRSF and eNB).
  • the DRSF may be located in a server, host or corresponding unit or element.
  • the DRSF is located in the MME.
  • an S-GW/PDN-GW 5 as an example for an apparatus providing a gateway function for the radio access network is connected to the eNB 2 and the DRSF 1 .
  • the DRSF 1 comprises a processor 11 and a memory 12 for storing instructions to be executed by the processor, and may also comprise a connection unit 13 , which is configured to provide connection to a network.
  • the eNB 2 or the corresponding apparatus, comprises a processor 21 and a memory 22 for storing instructions to be executed by the processor, and may also comprise a connection unit 23 , which is configured to provide connection to a network, for example to a radio access network (RAN), via which devices such as UEs 3 and 4 may be connected.
  • the S-GW/PDN-GW 5 comprises a processor 51 and a memory 52 for storing instructions to be executed by the processor, and may also comprise a connection unit 53 , which is configured to provide connection to other network elements.
  • the memories as described above may be internal or external or it may be provided as a service via network. Further, the memory may include volatile and/or non-volatile memory.
  • the memory may store computer program code and/or operating systems, information, data, content or the like for the processor to perform operations according to embodiments.
  • the memory may comprise one or more memory units, each of them may be a random access memory, hard drive, etc.
  • the memory (units) may be at least partly removable and/or detachably operationally coupled to the apparatus.
  • the memory may be of any type suitable for the current technical environment and it may be implemented using any suitable data storage technology, such as semiconductor-based technology, flash memory, magnetic and/or optical memory devices.
  • connection for proximity service which may either be an indirect connection via the eNB 2 without involving the core network or a direct connection without involving the eNB 2 .
  • the processor (one or more units, modules, entities, microprocessors, such as single-chip computer element(s), or chipset(s)) 11 of the DRSF 1 is configured to perform control in relation to a connection for proximity service between at least two devices (e.g., the UEs 3 and 4 ), to perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted (e.g., the UE 3 or 4 ) of the at least two devices, and to configure at least one radio access network control element (e.g., eNB 2 ) to perform the lawful interception in relation to the proximity service.
  • a radio access network control element e.g., eNB 2
  • the processor (one or more units, modules, entities, microprocessors, such as single-chip computer element(s), or chipset(s)) 21 of the eNB 2 is configured to provide control in a radio access network, perform control in relation to a connection for proximity service between at least two devices (e.g., the UEs 3 and 4 ), to receive configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and to report interception information with respect to the at least one device to be intercepted.
  • the processor (one or more units, modules, entities, microprocessors, such as single-chip computer element(s), or chipset(s)) 51 of the S-GW/PDN-GW 5 is configured to provide a connection to a radio access network, to receive interception information intercepted by lawful interception with respect to at least one device (e.g., UE 3 or UE 4 ) to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • the processor 11 of the DRSF 1 may instruct the eNB 2 to carry out lawful interception with respect to one or both of the UEs 3 and 4 , and the DRSF may report the interception information to a corresponding entity such as a LEMF.
  • the DRSF may only be involved in configuring eNB for LI, so that the report from the eNB 2 goes to MME (for IRI) and S/PDN-GW 5 (for CC) directly without involving of DRSF.
  • the eNB 2 may change the direct connection between the two UEs 3 and 4 to an indirect connection, so that the connection extends via the eNB 2 .
  • lawful interception is enabled also in the RAN, and therefore also possible for proximity service connections.
  • LI functionalities are extended from CN to RAN so that proximity services (including D2D discovery and D2D communication either directly between at least two devices or locally routed through eNB) can be kept for LI targeted UE.
  • LI functional architecture is extended to cover ProSe related key EPS nodes (i.e. DRSF and eNB) in order to allow the intercept related information (IRI)/events and as well the content of communication (CC) for ProSe to be available.
  • IRI intercept related information
  • CC content of communication
  • the DRSF Upon LI configuration (e.g. activation, deactivation and interrogation of LI) received by MME or S-/PDN-GW, the DRSF is informed for the LI configuration of the targeted UE in which the information of target identifier and LI related information (e.g. whether CC should be provided) is included.
  • the target identifier may be indicated explicitly in the form e.g. S-TMSI or D2D_ID or implicitly by the signalling transport bearer identifier.
  • ProSe related events may be introduced: UE requested proximity services including D2D discovery and D2D communication, D2D bearer activation/modification/deactivation, successful D2D discovery etc. They may be introduced by the new events which may be applicable to DRSF/eNB or be extended from current available events. For instance, for UEs in connected state, D2D bearer activation/modification/deactivation events may be provided by enhancing the current bearer activation/modification/deactivation events with additional D2D bearer related information. To achieve successful D2D discovery information, DRSF/eNB may be an applicable LI entity if D2D discovery procedure requires the network involvement for e.g. identifying the UE. However, if D2D discovery is fully based on pre-configured parameters without network involvement, UE may be configured to report such event in background manner so that each discovery behaviour of the targeted UE can be intercepted.
  • the activation of LI CC may trigger the mode switching from direct D2D mode to the locally routed data path mode so that the eNB may be able to duplicate the data packets transmitted between D2D UEs. That is, in this case the eNB is configured to change the direct connection of the DSD UEs to an indirect connection via the eNB.
  • the activation of LI CC may also trigger the change of user plane security keys which are adopted in direct D2D mode (i.e., the direct connection between the D2D UEs) and locally routed data path mode (i.e., the indirect connection between the D2D UEs via the eNB) respectively in case security keys for direct mode and locally routed optimized path mode are different.
  • direct D2D mode i.e., the direct connection between the D2D UEs
  • locally routed data path mode i.e., the indirect connection between the D2D UEs via the eNB
  • the activation/deactivation of LI CC may also trigger the establishment/release of the user plane transport bearer from eNB to S-/PDN-GW for provision of CC, which can be regarded as a new trigger for user plane transport bearer management over S1-U interface.
  • the establishment/release of the user plane transport bearer from eNB to S-/PDN-GW may be triggered when ProSe communication starts/ends.
  • the established transport bearer may be used by the eNB to transmit the duplicated data packets to S-/PDN-GW for providing the intercepted CC.
  • FIGS. 2 and 3 One possible reference configuration for ProSe interception is shown in FIGS. 2 and 3 , in which DRSF is assumed to be located in MME.
  • a LEMF which receives intercepted information, such as IRI and CC, and which instruct network elements to perform Lawful Interception.
  • a ADMF is connected, by means of a mediation function, via an interface HI 1 to the LEMF.
  • a delivery function 2 is connected, by means of a mediation function, via an interface HI2 to the LEMF.
  • the delivery function 2 may be connected with the ADMF via an interface X1_2.
  • the MME which includes the DRSF (e.g., DRSF 1 shown in FIG. 1 ) is connected to the ADMF and the delivery function 2 via interfaces X1_1 and X2, respectively. Since the DRSF is assumed to be located in the MME, the interface between DRSF and eNB (e.g., eNB 2 shown in FIG. 1 ) is S1 control plane (S1-C) interface.
  • S1-C S1 control plane
  • FIG. 2 shows the case in which Lawful Interception is only performed by providing IRI, so that the eNB is involved for reporting IRI, which in this case may include the ProSe related events described above.
  • reporting is performed in this case via the S1-C interface to the MME which also accommodate the DRSF functions.
  • a further delivery function namely delivery function 3 is connected by means of a mediation function, via interface HI3 to the LEMF.
  • the delivery function 3 may be connected to the ADMF via interface X1_3.
  • the S-GW/PDN-GW (e.g., S-GW/PDN-GW 5 shown in FIG. 1 ) is connected to the ADMF, the delivery function 2 and the delivery function via interfaces X1_1, X2 and X3, respectively.
  • the S-GW/PDN-GW is connected to the DRSF (which is included in the MME) via interface S11, and with an eNB (e.g. eNB 2 shown in FIG. 2 ) via interface S1-U.
  • FIG. 3 shows an example of the case in which Lawful Interception is also carried out by reporting CC.
  • the eNB reports IRI to the MME with DRSF co-located via the S1-C interface similar as shown in FIG. 2 , but also via the S1-U interface to the core network, i.e., to the S-GW/PDN-GW.
  • the proposed enhancement according to embodiments of the present invention may be implemented by introducing new procedures or information elements over S1 and S11 interfaces.
  • An advantage of the solution according to embodiments of the present invention is that LI can be supported for both discovery and communication, without switching back to infrastructure path mode which may lose the benefits of ProSe communication. Meanwhile, with such proposal, it is possible to make the user unaware of the LI happening for the ProSe.
  • the DRSF is located in the MME.
  • the DRSF may be a standalone network element and the proposed enhancement may be an implementation over the interface between MME and DRSF and the interface between DRSF and eNB.
  • FIG. 4 is similar to FIG. 2 except that the DRSF is a standalone network element (or is located in another suitable network element other than the MME or eNB).
  • the DRSF configures the eNB to report IRI, for example, and the eNB reports IRI via the interface S1-C directly to the MME, without involving the DRSF.
  • a general example for the MME may be an apparatus which may have a similar structure as the DRSF 1 or the S-GW/PDN-GW 5 shown in in FIG. 1 . That is, such an apparatus comprises a processor and a memory for storing instructions to be executed by the processor.
  • the processor is configured to provide a connection to a radio access network, to perform a mobility management function, to receive interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • the processor may further be configured to receive interception information (e.g., IRI) from a device-to-device registration server function (e.g., the DRSF 1 shown in FIG. 1 ), wherein the interception information may comprise events related to the connection for proximity service.
  • interception information e.g., IRI
  • a device-to-device registration server function e.g., the DRSF 1 shown in FIG. 1
  • the interception information may comprise events related to the connection for proximity service.
  • the eNB reports IRI via the DRSF, i.e., not directly to the MME.
  • DRSF co-located with MME and IRI reported to MME&DRSF by eNB ii) DRSF is standalone element, IRI reported to MME via DRSF iii) DRSF is standalone element, IRI reported to MME without involving of DRSF.
  • a further alternative is that the DRSF is co-located in eNB. In this case, reporting of IRI to MME via eNB or DRSF is possible.
  • D2D device-to-device
  • M2M machine-to-machine
  • T2T terminal-to-terminal
  • P2P peer-to-peer
  • an apparatus which comprises
  • an apparatus which comprises
  • an apparatus which comprises

Abstract

Apparatuses and methods are described, which perform control in relation to a connection for proximity service between at least two devices, perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and configure at least one radio access network control element to perform the lawful interception in relation to the proximity service.

Description

    FIELD
  • The present invention relates to an apparatus, a method and a computer program product for enabling law interception for proximity service.
    • RELATED BACKGROUND ART
  • The following meanings for the abbreviations used in this specification apply:
  • ADMF Administration Function
  • CC Content of Communication
  • CN Core Network
  • D2D device-to-device
  • DRSF D2D Registration Server Function
  • eNB Enhanced NodeB
  • EPS Evolved Packet System
  • IRI Interception Related Information
  • LEMF Law Enforcement Monitoring Facility
  • LI Lawful Interception
  • M2M machine-to-machine
  • MME Mobility Management Entity
  • P2P peer-to-peer
  • PDN-GW Packet Data Network Gateway
  • ProSe Proximity Service
  • PWS Public Warning System
  • RAN Radio Access Network
  • S-GW Serving Gateway
  • T2T terminal-to-terminal
  • UE user equipment
  • Embodiments of the present invention relate to proximity services and lawful interception (LI) for 3GPP Rel-12 and beyond. According to 3GPP TR 22.803, one of ProSe requirements is to support regional or national regulatory requirements (e.g. lawful interception, PWS).
  • Presently, the LI functionality is located in the core network. However, ProSe is promoting the network controlled discovery and communication between UEs that are in proximity to be able to use a “direct mode” or “locally-routed” path, which may not involve the core network (CN). Namely, the direct mode path is a direct connection between the two UEs without involving further network elements such as an eNB. The locally-routed path is an indirect connection between the two UEs via an eNB without involving CN.
  • Thus, the connection of UEs by proximity service does note involve the core network. Therefore, the intercepted information may not be available to the core network LI entities.
  • One option was discussed in document “LS on Proximity Services and Lawful Interception from SA3-LI to SA1,2,3” (SA3LI13 _033r1, 3GPP TSG-SA3-LI Meeting #48, Dublin, Ireland, 5-7 Feb. 2013) and document “Solution for direct discovery and communication using E-UTRAN” (S2-130308, SA WG2 Meeting #95, Prague, Czech Republic, 28 Jan.-1 Feb. 2013) to disable ProSe capabilities for UEs under surveillance or move the communication for the UE under surveillance from ProSe communication mode to infrastructure mode. That is, the ProSe communication is disabled for these UEs, so that the communication is performed via the core network, so that LI in the core network is possible. However, as indicated in the document “LS on Proximity Services and Lawful Interception from SA3-LI to SA1,2,3” mentioned above, detectability issues need to be considered for this option as LI should be done in non-detectable manner. In addition, moving ProSe communication to infrastructure mode may degrade the communication performance (e.g. delay and perhaps also throughput), which may not be favorable by the end user and this also means the benefits of ProSe communication may not be achieved as EPC, e.g., P-GW or S-GW is involved in the ProSe communication user plane data transportation.
  • Thus, there is a need to improve lawful interception in a case in which UEs use proximity service connections.
    • SUMMARY
  • Embodiments of the present invention address this situation and to enable lawful interception also for devices using a direct connection such a proximity service connection.
  • According to a first aspect of the present invention.
  • According to an example of an embodiment, there is provided an apparatus comprising a processor and a memory for storing instructions to be executed by the processor, wherein the processor is configured to perform control in relation to a connection for proximity service between at least two devices, to perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and to configure at least one radio access network control element to perform the lawful interception in relation to the proximity service.
  • Furthermore, according to an example of an embodiment, there is provided a method comprising: performing control in relation to a connection for proximity service between at least two devices, performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and configuring at least one radio access network control element to perform the lawful interception in relation to the proximity service.
  • In addition, according to an example of an embodiment, there is provided an apparatus comprising a processor and a memory for storing instructions to be executed by the processor, wherein the processor is configured to provide control in a radio access network, to perform control in relation to a connection for proximity service between at least two devices, to receive configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and to report interception information with respect to the at least one device to be intercepted.
  • Furthermore, according to an example of an embodiment, there is provided a method comprising providing control in a radio access network, performing control in relation to a connection for proximity service between at least two devices, receiving configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and reporting interception information with respect to the at least one device to be intercepted.
  • In addition, according to an example of an embodiment, there is provided an apparatus comprising a processor and a memory for storing instructions to be executed by the processor, wherein the processor is configured to provide a connection to a radio access network, to receive interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • Moreover, according to an example of an embodiment, there is provided a method comprising providing a connection to a radio access network, and receiving interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • In addition, according to an example of an embodiment, there is provided a system comprising a device-to-device registration server function and at least one radio access network control element, wherein the device-to-device registration server function is configured to perform control in relation to a connection for proximity service between at least two devices, to perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and to configure the at least one radio access network control element to perform the lawful interception in relation to the proximity service; and the at least one radio access network control element is configured to perform control in relation to a connection for proximity service between the at least two devices, to receive configuration information from the device-to-device registration server function, and to report interception information with respect to the at least one device to be intercepted.
  • The above described examples of embodiments may be modified as defined in the dependent claims.
  • In addition, according to embodiments, there is provided, for example, a computer program product for a computer, comprising software code portions for performing the above defined methods, when said product is run on the computer. The computer program product may comprise a computer-readable medium on which said software code portions are stored. Furthermore, the computer program product may be directly loadable into the internal memory of the computer and/or transmittable via a network by means of at least one of upload, download and push procedures.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • These and other objects, features, details and advantages will become more fully apparent from the following detailed description of embodiments of the present invention which is to be taken in conjunction with the appended drawings, in which:
  • FIG. 1 shows an example of simplified structures of network elements involved according to an embodiment of the present invention,
  • FIGS. 2, 3 and 4 show examples of reference configurations for a ProSe lawful interception according to embodiments of the present invention.
    •  DETAILED DESCRIPTION OF EMBODIMENTS
  • In the following, description will be made to embodiments of the present invention. It is to be understood, however, that the description is given by way of example only, and that the described embodiments are by no means to be understood as limiting the present invention thereto.
  • Furthermore, words “comprising” and “including” should be understood as not limiting the described embodiments to consist of only those features that have been mentioned and such embodiments may also contain also features, structures, units, modules etc. that have not been specifically mentioned.
  • In the following, different exemplifying embodiments will be described using, as an example of an access architecture to which the embodiments may be applied, a radio access architecture based on long term evolution advanced (LTE Advanced, LTE-A), without restricting the embodiments to such an architecture, however. It is obvious for a person skilled in the art that the embodiments may also be applied to other kinds of communications networks having suitable means by adjusting parameters and procedures appropriately. Some examples of other options for suitable systems are the universal mobile telecommunications system (UMTS) radio access network (UTRAN or E-UTRAN), long term evolution (LTE, the same as E-UTRA), wireless local area network (WLAN or WiFi), worldwide interoperability for microwave access (WiMAX), Bluetooth®, personal communications services (PCS), ZigBee®, wideband code division multiple access (WCDMA), systems using ultra-wideband (UWB) technology, sensor networks, mobile ad-hoc networks (MANETs) and Internet Protocol multimedia subsystems (IMS) and beyond 4th generation (B4G) or 5G.
  • It should be appreciated that communication systems and apparatuses thereof will be integrated towards an infrastructure (more and more) based on undedicated and programmable hardware providing needed functionalities. A network element may be a computing equivalent device that gathers programmable resources based on virtualization technologies.
  • In the following, a general embodiment of the present invention is described by referring to FIG. 1. In particular, FIG. 1 shows several elements involved in the procedures according to embodiments of the present invention. Examples are for an apparatuses in which procedures according to embodiments of the invention can be applied are a DRSF 1 and an eNB 2. The DRSF 1 is responsible for registration, authentication and identifying of D2D users and management of D2D sessions including the mobility management and radio resource management, which may be a standalone element (unit, module) or may be implemented in another network element (unit, module) such as a MME or eNB, for example. The apparatuses may also only be parts of the corresponding network elements (e.g., DRSF and eNB). The DRSF may be located in a server, host or corresponding unit or element.
  • In the example of FIG. 1, it is assumed that the DRSF is located in the MME. Moreover, an S-GW/PDN-GW 5 as an example for an apparatus providing a gateway function for the radio access network is connected to the eNB 2 and the DRSF 1.
  • The DRSF 1, or the corresponding apparatus, comprises a processor 11 and a memory 12 for storing instructions to be executed by the processor, and may also comprise a connection unit 13, which is configured to provide connection to a network. Likewise, the eNB 2, or the corresponding apparatus, comprises a processor 21 and a memory 22 for storing instructions to be executed by the processor, and may also comprise a connection unit 23, which is configured to provide connection to a network, for example to a radio access network (RAN), via which devices such as UEs 3 and 4 may be connected. The S-GW/PDN-GW 5, or the corresponding apparatus, comprises a processor 51 and a memory 52 for storing instructions to be executed by the processor, and may also comprise a connection unit 53, which is configured to provide connection to other network elements.
  • It should be understood that the memories as described above may be internal or external or it may be provided as a service via network. Further, the memory may include volatile and/or non-volatile memory. The memory may store computer program code and/or operating systems, information, data, content or the like for the processor to perform operations according to embodiments. The memory may comprise one or more memory units, each of them may be a random access memory, hard drive, etc. The memory (units) may be at least partly removable and/or detachably operationally coupled to the apparatus. The memory may be of any type suitable for the current technical environment and it may be implemented using any suitable data storage technology, such as semiconductor-based technology, flash memory, magnetic and/or optical memory devices.
  • In the example of FIG. 1 it is assumed that the UEs 3 and 4 have a connection for proximity service, which may either be an indirect connection via the eNB 2 without involving the core network or a direct connection without involving the eNB 2.
  • The processor (one or more units, modules, entities, microprocessors, such as single-chip computer element(s), or chipset(s)) 11 of the DRSF 1 is configured to perform control in relation to a connection for proximity service between at least two devices (e.g., the UEs 3 and 4), to perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted (e.g., the UE 3 or 4) of the at least two devices, and to configure at least one radio access network control element (e.g., eNB 2) to perform the lawful interception in relation to the proximity service.
  • The processor (one or more units, modules, entities, microprocessors, such as single-chip computer element(s), or chipset(s)) 21 of the eNB 2 is configured to provide control in a radio access network, perform control in relation to a connection for proximity service between at least two devices (e.g., the UEs 3 and 4), to receive configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and to report interception information with respect to the at least one device to be intercepted.
  • The processor (one or more units, modules, entities, microprocessors, such as single-chip computer element(s), or chipset(s)) 51 of the S-GW/PDN-GW 5 is configured to provide a connection to a radio access network, to receive interception information intercepted by lawful interception with respect to at least one device (e.g., UE 3 or UE 4) to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • Thus, in case of the DRSF, the processor 11 of the DRSF 1 may instruct the eNB 2 to carry out lawful interception with respect to one or both of the UEs 3 and 4, and the DRSF may report the interception information to a corresponding entity such as a LEMF.
  • Alternatively, the DRSF may only be involved in configuring eNB for LI, so that the report from the eNB 2 goes to MME (for IRI) and S/PDN-GW 5 (for CC) directly without involving of DRSF.
  • In case of an indirect connection of the two UEs 3 and 4, the interception information can easily be obtained by the eNB 2. However, in case of a direct connection, it would at least be difficult to obtain communication content information. Therefore, according to an embodiment, the eNB 2 may change the direct connection between the two UEs 3 and 4 to an indirect connection, so that the connection extends via the eNB 2.
  • Hence, according to embodiments of the present invention, lawful interception is enabled also in the RAN, and therefore also possible for proximity service connections.
  • In the following, a more detailed embodiment of the present invention is described as a clarifying example.
  • As mentioned above, according to embodiments of the invention, LI functionalities are extended from CN to RAN so that proximity services (including D2D discovery and D2D communication either directly between at least two devices or locally routed through eNB) can be kept for LI targeted UE. In particular, LI functional architecture is extended to cover ProSe related key EPS nodes (i.e. DRSF and eNB) in order to allow the intercept related information (IRI)/events and as well the content of communication (CC) for ProSe to be available. The possible reference configuration for ProSe interception is illustrated in FIGS. 2 and 3 as an implementation example, which are described later. To support ProSe interception, the following enhancements are proposed:
  • Upon LI configuration (e.g. activation, deactivation and interrogation of LI) received by MME or S-/PDN-GW, the DRSF is informed for the LI configuration of the targeted UE in which the information of target identifier and LI related information (e.g. whether CC should be provided) is included. The target identifier may be indicated explicitly in the form e.g. S-TMSI or D2D_ID or implicitly by the signalling transport bearer identifier.
  • For provision of IRI for ProSe, the following ProSe related events may be introduced: UE requested proximity services including D2D discovery and D2D communication, D2D bearer activation/modification/deactivation, successful D2D discovery etc. They may be introduced by the new events which may be applicable to DRSF/eNB or be extended from current available events. For instance, for UEs in connected state, D2D bearer activation/modification/deactivation events may be provided by enhancing the current bearer activation/modification/deactivation events with additional D2D bearer related information. To achieve successful D2D discovery information, DRSF/eNB may be an applicable LI entity if D2D discovery procedure requires the network involvement for e.g. identifying the UE. However, if D2D discovery is fully based on pre-configured parameters without network involvement, UE may be configured to report such event in background manner so that each discovery behaviour of the targeted UE can be intercepted.
  • For provision of CC for ProSe, the activation of LI CC may trigger the mode switching from direct D2D mode to the locally routed data path mode so that the eNB may be able to duplicate the data packets transmitted between D2D UEs. That is, in this case the eNB is configured to change the direct connection of the DSD UEs to an indirect connection via the eNB.
  • The activation of LI CC may also trigger the change of user plane security keys which are adopted in direct D2D mode (i.e., the direct connection between the D2D UEs) and locally routed data path mode (i.e., the indirect connection between the D2D UEs via the eNB) respectively in case security keys for direct mode and locally routed optimized path mode are different.
  • In addition, the activation/deactivation of LI CC may also trigger the establishment/release of the user plane transport bearer from eNB to S-/PDN-GW for provision of CC, which can be regarded as a new trigger for user plane transport bearer management over S1-U interface.
  • Alternatively, as another option, the establishment/release of the user plane transport bearer from eNB to S-/PDN-GW may be triggered when ProSe communication starts/ends. Thus the established transport bearer may be used by the eNB to transmit the duplicated data packets to S-/PDN-GW for providing the intercepted CC.
  • One possible reference configuration for ProSe interception is shown in FIGS. 2 and 3, in which DRSF is assumed to be located in MME.
  • As shown in FIGS. 2 and 3, a LEMF is provided which receives intercepted information, such as IRI and CC, and which instruct network elements to perform Lawful Interception. A ADMF is connected, by means of a mediation function, via an interface HI1 to the LEMF. A delivery function 2 is connected, by means of a mediation function, via an interface HI2 to the LEMF. The delivery function 2 may be connected with the ADMF via an interface X1_2.
  • In the example according to FIG. 2, the MME, which includes the DRSF (e.g., DRSF 1 shown in FIG. 1) is connected to the ADMF and the delivery function 2 via interfaces X1_1 and X2, respectively. Since the DRSF is assumed to be located in the MME, the interface between DRSF and eNB (e.g., eNB 2 shown in FIG. 1) is S1 control plane (S1-C) interface.
  • In more detail, the example of FIG. 2 shows the case in which Lawful Interception is only performed by providing IRI, so that the eNB is involved for reporting IRI, which in this case may include the ProSe related events described above. Hence, reporting is performed in this case via the S1-C interface to the MME which also accommodate the DRSF functions.
  • In the example of FIG. 3, a further delivery function, namely delivery function 3 is connected by means of a mediation function, via interface HI3 to the LEMF. The delivery function 3 may be connected to the ADMF via interface X1_3.
  • In the example of FIG. 3, the S-GW/PDN-GW (e.g., S-GW/PDN-GW 5 shown in FIG. 1) is connected to the ADMF, the delivery function 2 and the delivery function via interfaces X1_1, X2 and X3, respectively. The S-GW/PDN-GW is connected to the DRSF (which is included in the MME) via interface S11, and with an eNB (e.g. eNB 2 shown in FIG. 2) via interface S1-U.
  • Thus, FIG. 3 shows an example of the case in which Lawful Interception is also carried out by reporting CC. In this case, the eNB reports IRI to the MME with DRSF co-located via the S1-C interface similar as shown in FIG. 2, but also via the S1-U interface to the core network, i.e., to the S-GW/PDN-GW.
  • Hence, the proposed enhancement according to embodiments of the present invention may be implemented by introducing new procedures or information elements over S1 and S11 interfaces.
  • An advantage of the solution according to embodiments of the present invention is that LI can be supported for both discovery and communication, without switching back to infrastructure path mode which may lose the benefits of ProSe communication. Meanwhile, with such proposal, it is possible to make the user unaware of the LI happening for the ProSe.
  • It is noted that the embodiments and the present invention in general is not limited to the specific examples given above.
  • For example, with respect to FIGS. 2 and 3 it was described that the DRSF is located in the MME. However, the invention is not limited to such network architecture. The DRSF may be a standalone network element and the proposed enhancement may be an implementation over the interface between MME and DRSF and the interface between DRSF and eNB.
  • Such an example is shown in FIG. 4, which is similar to FIG. 2 except that the DRSF is a standalone network element (or is located in another suitable network element other than the MME or eNB). In this case, the DRSF configures the eNB to report IRI, for example, and the eNB reports IRI via the interface S1-C directly to the MME, without involving the DRSF.
  • In this case, a general example for the MME may be an apparatus which may have a similar structure as the DRSF 1 or the S-GW/PDN-GW 5 shown in in FIG. 1. That is, such an apparatus comprises a processor and a memory for storing instructions to be executed by the processor. The processor is configured to provide a connection to a radio access network, to perform a mobility management function, to receive interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network. The processor may further be configured to receive interception information (e.g., IRI) from a device-to-device registration server function (e.g., the DRSF 1 shown in FIG. 1), wherein the interception information may comprise events related to the connection for proximity service.
  • Further alternatively, it is also possible that, when the DRSF is a standalone network element, the eNB reports IRI via the DRSF, i.e., not directly to the MME.
  • Thus, there are three alternatives: i) DRSF co-located with MME and IRI reported to MME&DRSF by eNB, ii) DRSF is standalone element, IRI reported to MME via DRSF iii) DRSF is standalone element, IRI reported to MME without involving of DRSF.
  • A further alternative is that the DRSF is co-located in eNB. In this case, reporting of IRI to MME via eNB or DRSF is possible.
  • Moreover, the embodiments described above were described by referring to device-to-device (D2D) communications. However, the invention is not limited to this concept, and can equally be applied to machine-to-machine (M2M) communications, terminal-to-terminal (T2T) communications, peer-to-peer (P2P) communications, or the like.
  • According to another example of an embodiment, an apparatus is provided which comprises
      • means for performing control in relation to a connection for proximity service between at least two devices,
      • means for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and
      • means for configuring at least one radio access network control element to perform the lawful interception in relation to the proximity service.
  • In addition, according to a further example of an embodiment, an apparatus is provided which comprises
      • means for providing control in a radio access network,
      • means for performing control in relation to a connection for proximity service between at least two devices,
      • means for receiving configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and
      • means for reporting interception information with respect to the at least one device to be intercepted.
  • According to still further example of an embodiment, an apparatus is provided which comprises
      • means for providing a connection to a radio access network, and
      • means for receiving interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
  • It is to be understood that any of the above modifications can be applied singly or in combination to the respective aspects and/or embodiments to which they refer, unless they are explicitly stated as excluding alternatives.
  • It should be appreciated that
      • an access technology via which signaling is transferred to and from a network element may be any suitable present or future technology, such as WLAN (Wireless Local Access Network), WiMAX (Worldwide Interoperability for Microwave Access), LTE, LTE-A, Bluetooth, Infrared, and the like may be used; Additionally, embodiments may also apply wired technologies, e.g. IP based access technologies like cable networks or fixed lines.—a user device (also called UE, user equipment, user terminal, terminal device, etc.) illustrates one type of an apparatus to which resources on the air interface may be allocated and assigned, and thus any feature described herein with a user device may be implemented with a corresponding apparatus, such as a relay node. An example of such a relay node is a layer 3 relay (self-backhauling relay) towards the base station or eNB. The user device typically refers to a portable computing device that includes wireless mobile communication devices operating with or without a subscriber identification module (SIM), including, but not limited to, the following types of devices: a mobile station (mobile phone), smartphone, personal digital assistant (PDA), handset, device using a wireless modem (alarm or measurement device, etc.), laptop and/or touch screen computer, tablet, game console, notebook, and multimedia device. It should be appreciated that a user device may also be a nearly exclusive uplink only device, of which an example is a camera or video camera loading images or video clips to a network. It should be appreciated that a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally independently of each other but in a same device housing.
      • embodiments suitable to be implemented as software code or portions of it and being run using a processor are software code independent and can be specified using any known or future developed programming language, such as a high-level programming language, such as objective-C, C, C++, C#, Java, etc., or a low-level programming language, such as a machine language, or an assembler, -implementation of embodiments, is hardware independent and may be implemented using any known or future developed hardware technology or any hybrids of these, such as a microprocessor or CPU (Central Processing Unit), MOS (Metal Oxide Semiconductor), CMOS (Complementary MOS), BiMOS (Bipolar MOS), BiCMOS (Bipolar CMOS), ECL (Emitter Coupled Logic), and/or TTL (Transistor-Transistor Logic).
      • embodiments may be implemented as individual devices, apparatuses, units or means or in a distributed fashion, for example, one or more processors may be used or shared in the processing, or one or more processing sections or processing portions may be used and shared in the processing, wherein one physical processor or more than one physical processor may be used for implementing one or more processing portions dedicated to specific processing as described,
      • an apparatus may be implemented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset;
      • embodiments may also be implemented as any combination of hardware and software, such as ASIC (Application Specific IC (Integrated Circuit)) components, FPGA (Field-programmable Gate Arrays) or CPLD (Complex Programmable Logic Device) components or DSP (Digital Signal Processor) components.
      • embodiments may also be implemented as computer program products, comprising a computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to execute a process as described in embodiments, wherein the computer usable medium may be a non-transitory medium. Computer program products, also called programs or computer programs, including software routines, applets and macros, may be stored in any apparatus-readable data storage medium and they comprise program instructions to perform one or more particular tasks. A computer program product may comprise one or more computer-executable components which, when the program is run, are configured to carry out embodiments. The one or more computer-executable components may be at least one software code or portions of it.
  • It is noted that the embodiments and examples described above are provided for illustrative purposes only and are in no way intended that the present invention is restricted thereto. Rather, it is the intention that all variations and modifications be included which fall within the spirit and scope of the appended claims.

Claims (43)

1. An apparatus comprising
a processor and
a memory for storing instructions to be executed by the processor, wherein the processor is configured
to perform control in relation to a connection for proximity service between at least two devices,
to perform lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and
to configure at least one radio access network control element to perform the lawful interception in relation to the proximity service.
2.-5. (canceled)
6. The apparatus according to claim 1, wherein
the interception information to be reported comprises communication content information, and the connection for proximity service between the at least two devices is an indirect connection via the at least one radio access network control element, and
the processor is configured to instruct the at least one radio access network control element to provide the communication content information.
7. The apparatus according to any claim 1, wherein the interception information to be reported comprise connection content information and the connection for proximity service between the at least two devices is a direct connection between the at least two devices, and
the processor is configured to instruct the at least one radio access network control element to change the connection for proximity service to an indirect connection via the at least one radio access network control element and to provide the communication content information.
8. The apparatus according to claim 7, wherein the processor is configured to trigger a change of user plane security keys which are adopted in the direct connection and indirect connection respectively, in case security keys for direct connection and indirect connection are different.
9. An apparatus comprising
a processor and
a memory for storing instructions to be executed by the processor, wherein the processor is configured
to provide control in a radio access network,
to perform control in relation to a connection for proximity service between at least two devices,
to receive configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and
to report interception information with respect to the at least one device to be intercepted.
10.-12. (canceled)
13. The apparatus according to claim 9, wherein
the interception information to be reported comprises communication content information, and the connection for proximity service between the at least two devices is an indirect connection via the apparatus, and
the processor is configured to report the communication content information.
14. The apparatus according to claim 9, wherein the interception information to be reported comprise connection content information and the connection for proximity service between the at least two devices is a direct connection between the at least two devices, and
the processor is configured to change the connection for proximity service to an indirect connection via the apparatus and to report the communication content information.
15. The apparatus according to claim 14, wherein the processor is configured to trigger a change of user plane security keys which are adopted in the direct connection and indirect connection respectively, in case security keys for direct connection and indirect connection are different.
16. The apparatus according to claim 9, wherein the processor is configured to
receive a trigger for establishing a user plane transport bearer from the apparatus to a core network for providing communication content information upon starting providing of the communication content information, and/or deactivating the user plane transport bearer from the apparatus to the core network upon ending providing of the communication content information.
17. The apparatus according to claim 9, wherein the processor is configured to
receive a trigger for establishing a user plane transport bearer from the apparatus to a core network for providing communication content information when a communication via the connection for proximity service between the at least two devices starts, and/or deactivating the user plane transport bearer from the apparatus to the core network when the communication via the connection for proximity service between the at least two devices ends.
18. (canceled)
19. An apparatus comprising
a processor and
a memory for storing instructions to be executed by the processor, wherein the processor is configured
to provide a connection to a radio access network, and
to receive interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
20. (canceled)
21. (canceled)
22. The apparatus according to claim 19, wherein the processor is configured to
trigger establishing a user plane transport bearer from a radio access network control element intercepting the at least one device for providing communication content information upon starting providing of the communication content information, and/or deactivating the user plane transport bearer from the radio access network control element upon ending providing of the communication content information.
23. The apparatus according to claim 19, wherein the processor is configured to
trigger establishing a user plane transport bearer from a radio access network control element intercepting the at least one device for providing communication content information when a communication via the connection for proximity service between the at least two devices starts, and/or deactivating the user plane transport bearer from the radio access network control element when the communication via the connection for proximity service between the at least two devices ends.
24. (canceled)
25. (canceled)
26. A method comprising
performing control in relation to a connection for proximity service between at least two devices,
performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and
configuring at least one radio access network control element to perform the lawful interception in relation to the proximity service.
27.-30. (canceled)
31. The method according to any one of the claim 26, wherein
the interception information to be reported comprises communication content information, and the connection for proximity service between the at least two devices is an indirect connection via the at least one radio access network control element, and the method further comprises
instructing the at least one radio access network control element to provide the communication content information.
32. The method according to claim 26, wherein the interception information to be reported comprise connection content information and the connection for proximity service between the at least two devices is a direct connection between the at least two devices, and
the method further comprises
instructing the at least one radio access network control element to change the connection for proximity service to an indirect connection via the at least one radio access network control element and to provide the communication content information.
33. The method according to claim 32, further comprising triggering a change of user plane security keys which are adopted in the direct connection and indirect connection respectively, in case security keys for direct connection and indirect connection are different.
34. The method according to claim 26, wherein the method is implemented in a device-to-device registration server function or a mobility management entity or in the radio access network control element.
35. A method comprising
providing control in a radio access network,
performing control in relation to a connection for proximity service between at least two devices,
receiving configuration information for performing lawful interception in relation to the proximity service with respect to at least one device to be intercepted of the at least two devices, and
reporting interception information with respect to the at least one device to be intercepted.
36.-38. (canceled)
39. The method according to claim 35, wherein
the interception information to be reported comprises communication content information, and the connection for proximity service between the at least two devices is an indirect connection via a radio access network control element carrying out the method, and
the method further comprises
reporting the communication content information.
40. The method according to claim 35, wherein the interception information to be reported comprise connection content information and the connection for proximity service between the at least two devices is a direct connection between the at least two devices, and
the method further comprises
changing the connection for proximity service to an indirect connection via a radio access network control element carrying out the method and to report the communication content information.
41. The method according to claim 40, further comprising triggering a change of user plane security keys which are adopted in the direct connection and indirect connection respectively, in case security keys for direct connection and indirect connection are different.
42. The method according to claim 35, further comprising
receiving a trigger for establishing a user plane transport bearer from a radio access network control element carrying out the method to a core network for providing communication content information upon starting providing of the communication content information, and/or deactivating the user plane transport bearer from the radio access network control element to the core network upon ending providing of the communication content information.
43. The method according to claim 35, further comprising
receiving a trigger for establishing a user plane transport bearer from a radio access network control element carrying out the method to a core network for providing communication content information when a communication via the connection for proximity service between the at least two devices starts, and/or deactivating the user plane transport bearer from the radio access network control element to the core network when the communication via the connection for proximity service between the at least two devices ends.
44. (canceled)
45. (canceled)
46. A method comprising
providing a connection to a radio access network, and
receiving interception information intercepted by lawful interception with respect to at least one device to be intercepted, wherein the at least one device is one of at least two devices connected by a connection for proximity service in the radio access network.
47. (canceled)
48. (canceled)
49. The method according to claim 46, further comprising
triggering establishing a user plane transport bearer from a radio access network control element intercepting the at least one device to a gateway element performing the method for providing communication content information upon starting providing of the communication content information, and/or deactivating the user plane transport bearer from the radio access network control element to the gateway element upon ending providing of the communication content information.
50. The method according to claim 46, further comprising
triggering establishing a user plane transport bearer from a radio access network control element intercepting the at least one device to a gateway element performing the method for providing communication content information when a communication via the connection for proximity service between the at least two devices starts, and/or deactivating the user plane transport bearer from the radio access network control element to the gateway element when the communication via the connection for proximity service between the at least two devices ends.
51. (canceled)
52. A computer program product comprising code means for performing a method according to claim 26 when run on a processing means or module.
53. (canceled)
US14/897,800 2013-06-14 2013-06-14 Lawful Interception for Proximity Service Abandoned US20160127420A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/077258 WO2014198063A1 (en) 2013-06-14 2013-06-14 Lawful interception for proximity service

Publications (1)

Publication Number Publication Date
US20160127420A1 true US20160127420A1 (en) 2016-05-05

Family

ID=49111169

Family Applications (3)

Application Number Title Priority Date Filing Date
US14/897,800 Abandoned US20160127420A1 (en) 2013-06-14 2013-06-14 Lawful Interception for Proximity Service
US14/897,928 Active 2033-08-30 US10182079B2 (en) 2013-06-14 2013-08-28 Lawful interception and security based admission control for proximity service
US14/907,594 Abandoned US20160182571A1 (en) 2013-06-14 2013-08-28 Lawful Interception and Security for Proximity Service

Family Applications After (2)

Application Number Title Priority Date Filing Date
US14/897,928 Active 2033-08-30 US10182079B2 (en) 2013-06-14 2013-08-28 Lawful interception and security based admission control for proximity service
US14/907,594 Abandoned US20160182571A1 (en) 2013-06-14 2013-08-28 Lawful Interception and Security for Proximity Service

Country Status (3)

Country Link
US (3) US20160127420A1 (en)
EP (3) EP3008934A4 (en)
WO (3) WO2014198063A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140010167A1 (en) * 2011-01-19 2014-01-09 Philip Hodges Local Data Bi-Casting Between Core Network and Radio Access
US20150009864A1 (en) * 2013-07-08 2015-01-08 Samsung Electronics Co., Ltd. Lawful interception method and apparatus of d2d communication-capable terminal
US20160182571A1 (en) * 2013-06-14 2016-06-23 Nokia Solutions And Networks Oy Lawful Interception and Security for Proximity Service
US20170086065A1 (en) * 2014-03-17 2017-03-23 Telefonaktiebolaget Lm Ericsson (Publ) Control of User Equipment Identity Dependent Service

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150264552A1 (en) * 2014-03-14 2015-09-17 Gang Xiong Systems, methods, and devices for device-to-device discovery and communication
EP3172926B1 (en) * 2014-07-25 2020-04-08 Telefonaktiebolaget LM Ericsson (publ) Method and entity in a li system for positioning of a target connected to a wi-fi network
CN107925662B (en) * 2015-08-26 2021-09-21 瑞典爱立信有限公司 Method and apparatus for lawful interception of proximity services
EP3282671B1 (en) * 2016-07-29 2021-07-21 Rohde & Schwarz GmbH & Co. KG A method and apparatus for testing a security of communication of a device under test

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6963739B2 (en) * 2002-10-21 2005-11-08 Motorola, Inc. Method and apparatus for providing information intercept in an ad-hoc wireless network
US7424738B2 (en) * 2003-07-23 2008-09-09 Combasis Technology, Inc. RF firewall for a wireless network
CN101102223A (en) * 2007-06-14 2008-01-09 中兴通讯股份有限公司 Network management system and method for legal detection
US8502642B2 (en) * 2007-11-20 2013-08-06 Voxx International Corporation System for controlling the use of electronic devices within an automobile
CN101953138A (en) * 2008-02-21 2011-01-19 爱立信电话股份有限公司 Data retention and lawful intercept for IP services
US8041346B2 (en) * 2008-05-29 2011-10-18 Research In Motion Limited Method and system for establishing a service relationship between a mobile communication device and a mobile data server for connecting to a wireless network
US7865573B2 (en) * 2008-05-29 2011-01-04 Research In Motion Limited Method, system and devices for communicating between an internet browser and an electronic device
US9106603B2 (en) * 2009-12-23 2015-08-11 Synchronics plc Apparatus, method and computer-readable storage mediums for determining application protocol elements as different types of lawful interception content
EP2403288B1 (en) * 2010-04-28 2018-05-23 Verint Systems Ltd. System and method for determining commonly used communication terminals and for identifying noisy entities in large-scale link analysis
US8990671B2 (en) * 2011-10-31 2015-03-24 Buckyball Mobile Inc. Method and system of jamming specified media content by age category
CN103152748B (en) * 2011-12-07 2015-11-25 华为技术有限公司 communication monitoring method, base station and terminal
US20130183967A1 (en) * 2012-01-13 2013-07-18 Tim J. Olker Lawful Intercept Of Mobile Units In Proximity To A Target Mobile Unit
US20130203380A1 (en) * 2012-02-05 2013-08-08 Institute For Information Industry Network device, core network, direct mode communication system and lawful interception method thereof
US9226211B2 (en) * 2013-01-17 2015-12-29 Intel IP Corporation Centralized partitioning of user devices in a heterogeneous wireless network
US9532400B2 (en) * 2013-02-28 2016-12-27 Intel Deutschland Gmbh Radio communication devices and cellular wide area radio base station
US20160127420A1 (en) * 2013-06-14 2016-05-05 Nokia Solutions And Networks Oy Lawful Interception for Proximity Service

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140010167A1 (en) * 2011-01-19 2014-01-09 Philip Hodges Local Data Bi-Casting Between Core Network and Radio Access
US9674876B2 (en) * 2011-01-19 2017-06-06 Telefonaktiebolaget Lm Ericsson (Publ) Local data bi-casting between core network and radio access
US20160182571A1 (en) * 2013-06-14 2016-06-23 Nokia Solutions And Networks Oy Lawful Interception and Security for Proximity Service
US10182079B2 (en) * 2013-06-14 2019-01-15 Nokia Solutions And Networks Oy Lawful interception and security based admission control for proximity service
US20150009864A1 (en) * 2013-07-08 2015-01-08 Samsung Electronics Co., Ltd. Lawful interception method and apparatus of d2d communication-capable terminal
US9813550B2 (en) * 2013-07-08 2017-11-07 Samsung Electronics Co., Ltd. Lawful interception method and apparatus of D2D communication-capable terminal
US20170086065A1 (en) * 2014-03-17 2017-03-23 Telefonaktiebolaget Lm Ericsson (Publ) Control of User Equipment Identity Dependent Service
US10117093B2 (en) * 2014-03-17 2018-10-30 Telefonaktiebolaget Lm Ericsson (Publ) Control of user equipment identity dependent service

Also Published As

Publication number Publication date
US10182079B2 (en) 2019-01-15
EP3008934A1 (en) 2016-04-20
EP3008883A1 (en) 2016-04-20
US20160134662A1 (en) 2016-05-12
WO2014198350A1 (en) 2014-12-18
EP3008934A4 (en) 2017-02-22
WO2014198349A1 (en) 2014-12-18
US20160182571A1 (en) 2016-06-23
WO2014198063A1 (en) 2014-12-18
EP3008884A1 (en) 2016-04-20

Similar Documents

Publication Publication Date Title
US20160127420A1 (en) Lawful Interception for Proximity Service
US11284310B2 (en) Single radio voice call continuity handover
KR102162732B1 (en) Method and apparatus for indicating that a connection enables routing of data between a PDN gateway and a local gateway
US9532213B2 (en) Lawful interception for device-to-device (D2D) communication
JP2022071196A (en) Connecting to virtualized mobile core networks
US20230135699A1 (en) Service function chaining services in edge data network and 5g networks
CN105284166B (en) Network assisted device-to-device discovery for peer-to-peer applications
US9344887B2 (en) Direct communication among devices
US20230189380A1 (en) Small data exchange handling by a user equipment in inactive state
WO2020076630A1 (en) Device discovery and connectivity in a cellular network
US9414421B2 (en) Direct communication among devices
EP4255092A1 (en) Personal internet of things network element communication with 5g system and other personal internet of things network elements
JP2024513733A (en) Improved preconfiguration, activation, and concurrency of wireless device measurement gaps
WO2022235962A1 (en) Msg3 physical uplink shared channel (pusch) repetition requests
WO2014045151A2 (en) Apparatus and method for communication
US9788174B2 (en) Centralized short message service center server for messaging
US11128672B2 (en) Lawful intercept in future core interworking with evolved packet system
WO2022069794A1 (en) Network function service improvements
WO2022039835A1 (en) Ue identification using its source ip address
US20240147288A1 (en) Enhanced wireless device measurement gap pre-configuration, activation, and concurrency
EP4271042A1 (en) Release-17 (rel-17) secondary node (sn)-initiated inter-sn conditional pscell change
US20240022616A1 (en) Webrtc signaling and data channel in fifth generation (5g) media streaming
EP4236439A1 (en) User equipment behavior when pre-configured measurement gap is changed
JP2024516488A (en) Enhanced Service Feature Chaining in Next Generation Cellular Networks
JP2024513699A (en) Improved prioritization within user equipment for uplink transmissions

Legal Events

Date Code Title Description
AS Assignment

Owner name: NOKIA SOLUTIONS AND NETWORKS OY, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YU, LING;LEI, YIXUE;SIGNING DATES FROM 20151210 TO 20160202;REEL/FRAME:037930/0366

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION