INTERCEPTION OF MULTIMEDIA SERVICES TECHNICAL FIELD OF THE INVENTION
The present invention relates to methods and arrangements for lawful interception of multimedia services in a telecommunication system comprising a service domain handling session control and a bearer domain handling media flow.
DESCRIPTION OF RELATED ART
IP Multimedia Subsystem lawful interception is disclosed in 3GPP TS 33.107 and TS 33.108. In the document, provision of Interception Related Information IRI for SIP messages handled by a Call Session Control Function CSCF is disclosed. Interception of Content of Communication CC hereby must be done at GPRS Support Node GSN under a separate LI activation and invocation. IRI for SIP signaling will be obtained by interception in the CSCF, while CC will be obtained by interception in the GSN, based on a standard protocol different from SIP. The solution for CC interception for multimedia services defined in the current specific standards has some drawbacks. The 3GPP standards propose to intercept the CC in the GSN, but it is still not fully specified how the correlation between the IRI and the CC shall be implemented. Correlation techniques between multi-media IRI and CC are under discussion in 3GPP SA3-LI. At the moment 3GPP is only defining possible container parameters to carry correlation information but still the complete solution is considered and all the real correlation between IRI and CC for multimedia services is left to postprocessing activities at the LEMF, which has some drawbacks from Law Enforcement Agencies point of view.
Moreover, in case of roaming, it can happen that the SGSN handling the CC is outside the domain of the operator running the multimedia service: in this case, LEA cannot
get any CC from the SGSN and it would be difficult or even impossible to get CC from the multi-media domain. This would have as result that LEA would not be able to get CC, neither from the SGSN operator nor from the multimedia service operator.
IMS is intended to be independent on the core network (PLNM, PSTN, IP) and on the access network (i.e. fixed narrow- and broad-band access, mobile UE, LAN, WLAN) ; nevertheless, given that there is no generic LI solution for CC interception in the multimedia domain and given the need to satisfy legal requirements to intercept the CC for multimedia, different solutions are under study by different standardization committees, all of them being based on the specific access technology used to bear the multimedia content. As example, ETSI-TISPAN is focusing for Next Generation Networks (NGN) on CC interception in a Gateway, depending on the specific access technology. This would be already a different solution than the one adopted in UMTS networks when the bearer is located in the Packet Switching domain. This seems against the access independent principle underlying the IMS concept and implies higher costs for the operators, being forced to spread LI functions in several nodes.
From Law Enforcement Agency perspective, the existing technology allows to provide the LEMF with SIP signaling and bearer streams intercepted on access level. This requires a complete post processing to recover the real service being used by the target subscriber, which is not always simple and will imply upgrades of the post- processing each time that a new multimedia service will be introduced.
In WO 2005/025133 monitoring of a media session between two subscribers is disclosed. The bi-directional media session hereby passes a gateway in the service domain. The
monitoring takes place by assigning an extra port to the gateway, from which port a copy of the media session is lead to a monitoring function. A prerequisite for the monitoring according to the international application is that the media session is intended to pass through the service domain even if no monitoring takes place. In WO 2005/025133 still the problem remains how to avoid post processing of Interception Related Information and Content of Communication, for correlation purposes.
Figure 1 discloses an existing solution for monitoring of Interception Related information IRI and Content of Communication CC for the same target according to prior art. The different parts used for interception belong to prior art and are disclosed in current Lawful Interception standards (see 3GPP TS 33.108 and 3GPP TS 33.107 - Release 6 and Release 7) . A Law Enforcement Monitoring Facility LEMF is connected to three Mediation Functions respectively for ADMF, DF2 , DF3 i.e. an Administration Function ADMF and two Delivery Functions DF2 and DF3. The Administration Function and the Delivery Functions are each one connected to the LEMF via standardized handover interfaces HI1-HI3, and connected to a telecommunication system via the interfaces X1-X3. The ADMF is connected via the interfaces HIl/Xl while DF2 is connected via HI2/X2 and DF3 is connected via HI3/X3. The messages sent from LEMF to ADMF via HIl and from the ADMF to the network via the Xl interface comprise identities of a target that is to be monitored. The Delivery Function DF2 receives Intercept Related Information IRI from the network via the X2 interface, and DF2 is used to distribute the IRI to relevant Law Enforcement Agencies via the HI2 interface. The Delivery Function DF3 receives Content of Communication CC, i.e. speech and data. In Circuit Switching, DF3 is responsible for call control signaling and bearer transport for an intercepted product. Intercept Related Information
IRI, received by DF2 is triggered by Events that in Circuit Switching domain are either call related or non-call related. In Packet Switching domain the events are session related or session unrelated. Two Universal Mobile Telecommunications System networks, UMTS NWl and UMTS NW2 , are disclosed in a Bearer Domain. UMTS NWl comprises a Gateway GPRS Support Node GGSN via which node a mobile subscriber A communicates . UMTS NW2 comprises a second mobile subscriber B. In this example subscriber A, having a SIP capable terminal, will ask to setup a SIP call to B. According to known technique the GGSN will hereby contact a CSCF located in a Service Domain. The CSCF extracts the SIP related information, detects that there is a request to setup a SIP call to B and acts accordingly. The two subscribers A and B then communicate through a media flow connection via an IP Network in Bearer Domain and Content of Communication CC is sent between A and B. The ADMF is connected to the Call Session Control Function CSCF. A first activation signal Activation 1 is sent from the ADMF to the CSCF. The first activation signal requests monitoring of
Interception Related Information IRI related to subscriber A. A separate second activation signal Activation 2 is sent from the ADMF to the GGSN. The second activation signal requests monitoring of Content of Communication related to the subscriber A. In this prior art example, upon receiving specified activities related to the monitored subscriber, IRI will be sent from CSCF to LEMF by sending a copy of the SIP message to DF2 and CC will be sent from GGSN to LEMF by sending a copy of packets, with an additional standard LI header, to DF3/MF. A complete post processing is required to recover the real service being used by the target subscriber, which is not always simple and will imply upgrades of the post-processing each time that a new multimedia service will be introduced.
SUMMARY OF THE INVENTION
The present invention relates to a problem how to find a generic solution to intercept media flow i.e. Content of Communication in the service domain independently of which access network that provides the media flow from the bearer domain .
A further problem is how to implement correlation . between Interception Related Information and Content of Communication without the need of post processing to recover the real service being used by a target subscriber from which monitored media flow arrives .
The problems are solved by the invention by activating interception of Content of Communication in the service domain for a specific target. Upon detection of a SIP session related to the target, a new specific SIP session is established between the IMS nodes and the LEMF, which acts as a SIP client, and used for transportation of media flow to a Monitoring Facility.
The solution more in detail is a method for monitoring in a telecommunication system, which system comprises a service domain that handles session control and a bearer domain used for transportation of media flow. A request for monitoring of a first party A is received by a Call Session Control
Function CSCF in the service domain. The method comprises the following further steps:
- A SIP session event is detected by the Call Session Control Function CSCF due to a set-up of a media-flow connection between the monitored party A and a second party B .
- A resource set-up message SIPl is sent via an interface Mr from the Call Session Control Function CSCF to a Multimedia Resource Function MRF in the service domain.
A SIP transaction is established between the Multimedia Resource Function MRF arid a third Delivery Function DF3.
A SIP session is established between the third Delivery Function DF3 and a Law Enforcement Monitoring Facility LEMF.
A purpose with the invention is to introduce a solution for the CC interception that is general for any kind of access and core networks.
An advantage of the invention is that the invention proposes a new generic Lawful Interception LI solution for Content of Communication CC interception in case of multimedia services based on a new IMS based LI reference model that can be used independently on the core network (i.e. PLMN, PSTN, IP) and on the access network (i.e. fixed narrow- and broad-band access, mobile UE, LAN, WLAN) .
Another advantage of the invention is that operators running multimedia service would satisfy their LI obligations in a very simple way, covering all roaming scenarios, in a way completely independent by the access network used as bearer.
An advantage for agencies would be that the new proposed CC delivery mechanism easily can be deployed to the lawful interception monitoring facility LEMF, as they should act as SIP client and the application SW providing SIP capability is widely diffused.
Yet another advantage for the agencies is that by using the invention, the law enforcement agency having a law enforcement monitoring facility LEMF with SIP capability would be able to have interception of multimedia services without any need to post-process CC coming from a GPRS
support node, which in certain roaming scenarios could be not available at LEMF. Moreover, LEMF would get the exact copy of the service being provided to the LI target.
The invention will now be described more in detail with the aid of preferred embodiments in connection with the enclosed drawings .
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 discloses a block schematic illustration of an IMS network active in service domain and access networks active in bearer domain. Interception related information and content of communication related to a target is intercepted according to prior art .
Figure 2 discloses a block schematic illustration of an IMS network active in service domain and access networks active in bearer domain. Interception related information and content of communication related to a target is intercepted according to the invention.
Figure 3 discloses a flow chart illustrating some essential method steps of the invention.
Figure 4 discloses a block schematic illustration of an IMS network active in service domain and access networks active in bearer domain. Interception related information and content of communication related to a target is intercepted according to the invention. The Content of Communication is VoIP based and passes the service domain prior to the activation of interception.
Figure 5 discloses in a block schematic illustration, delivering of Content of Communication.
DETAILED DESCRIPTION OF EMBODIMENTS
Figure 2 discloses a telecommunication system comprising a service domain and a bearer domain. An IP Multimedia Subsystem IMS composes the service domain. An IP network and two access networks, UMTS NWl and UMTS NW2 , compose the bearer domain. Entities related to IMS are Call Session Control Function CSCF, Multimedia Resource Function MRF, etc . as defined in the stage 2 of the IM subsystem 3GPP TS 23.228 "IP multimedia subsystem; Stage 2, rel-6". Among other things the CSCF handles the session states in the network and is the contact point within an operator's network for all IMS connections destined to a subscriber of that network operator, or a roaming subscriber currently located within that network operator's service area. Further definitions of the CSCF can be found in TS 23.228. The MRF may be used for services such as multiparty sessions. Among other things the MRF controls media stream resources and mix incoming media streams. Further definitions of the MRF can be found in TS 23.228 (see e.g. 5.16.2.2.2). The CSCF communicates with the MRF via an interface Mr to set up resources for services such as announcements, conference calling and transcoding. The protocol used in IMS is the Session Initiated Protocol SIP. SIP is an application layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences. Further definitions of the SIP can be found in IETF RFC 3261: "SIP: Session Initiated Protocol".
The GGSN supports the edge routing functions of a GPRS network. The GGSN provides IP connectivity between mobile users and multimedia messaging. UMTS NWl comprises a mobile subscriber A, also called a first party, and UMTS NW2
comprises a mobile subscriber B, also called a second party.
A Law Enforcement Monitoring Facility LEMF is connected to three Mediation Functions respectively for ADMF, DF2 , DF3 i.e. an Administration Function ADMF and two Delivery Functions, a so-called second Delivery Function DF2 and a third Delivery Function DF3. The Administration Function and the Delivery Functions are each one connected to the LEMF via standardized handover interfaces HI1-HI3, so- called first HIl, second HI2 and third HI3 handover interfaces, and connected to IMS via the interfaces X1-X3. The ADMF is connected via the interfaces HIl/Xl while DF2 is connected via HI2/X2 and DF3 is connected via HI3/X3. The messages sent from LEMF to ADMF via HIl and from the ADMF to the IMS via the Xl interface comprise identities of a target that is to be monitored. The Delivery Function DF2 receives Intercept Related Information IRI from the IMS via the X2 interface, and DF2 is used to distribute the IRI to relevant Law Enforcement Agencies via the HI2 interface. The Delivery Function DF3 receives Content of Communication CC, i.e. the payload.
A first embodiment of the invention will now be explained more in detail. The embodiment will show a method of interception of IRI and CC for the target to be monitored, i.e. a subscriber A, without need of post-processing capabilities in the LEMF. The method comprises the following steps:
The Law Enforcement Monitoring Facility LEMF sends via the HIl interface, a request to the Administration Function ADMF to activate interception for both IRI and CC of the first mobile subscriber A in case a SIP session event involving the subscriber A is detected by the CSCF.
- The ADMF forwards a target identity of the mobile subscriber A to the Call Session Control Function CSCF. This corresponds to the reference "Activation" in figure 1.
- The Call Session Control Function CSCF detects a SIP session event for the target subscriber. The event in this case is the set-up of a media-flow connection between the subscriber A and the second subscriber B .
- The CSCF sends IRI to the DF2/MF over the X2 interface. SIP signaling is hereby reported as IRI to the LEMF according to existing mechanisms, i.e. when the CSCF detects a SIP message involving a target subscriber, a copy of the message is created and sent by the CSCF to DF2, which in turn sent it on the HI2 as IRI-REPORT.
- A media-flow, i.e. Content of Communication CC, connection is set-up between the subscriber A and the second subscriber B via the IP network according to the existing mechanism specified for the bearer domain.
A resource set-up message SIPl is sent via the Mr interface from the Call Session Control Function CSCF to a Multimedia Resource Function MRF. For the lawful intercept purposes, with Mr the CSCF communicates with the MRF to invite the Delivery Function DF3 in a group session, by using the MRF capability to establish a proper conference, which involves the target user i.e. subscriber A, the other party he is communicating with, i.e. subscriber B and the DF3 party, i.e. the LEMF.
The media-flow CC is re-routed from bearer domain, to pass also the Multimedia Resource Function MRF. This re-routing is well described in 3GPP TS 23.228, section
5.16.2.2.2.
- A SIP transaction is established between the Multimedia Resource Function MRF and the third Delivery function DF3. A SIP session is established between the third Delivery Function DF3 and the Law Enforcement Monitoring Facility LEMF. The parties A and B and DF3 are involved in the same session and only a new "call leg" is established towards the DF3 while a new session is established towards the LEMF. The signals of both parties A and B of the configuration to be intercepted are delivered separately to the LEMF. The delivery function DF3 has no impact on the connection between the subscribers. Information that needs to be transferred from MRF to DF3 in order to perform its functionality is: Target identity (URI), correlation number (IRI<->CC) and Possible other information available in the nodes and required by the standards, as in already existing technology.
- A copy of the media-flow CC between the subscriber A and the second subscriber B is delivered from the Multimedia Resource Function MRF to the Law Enforcement
Monitoring Facility LEMF via the SIP transaction/session.
When both IRI and CC have been received by the LEMF, correlation of HI3 information to HI2 information takes place. In SIP, a generic protocol header field shall be used to carry correlation information. The principle is very similar to the one used for circuit switch call interception, for which it is used the supplementary service user-to-user signaling 1 (UUSl) to carry correlation of HI3 information. Similarly to the UUSl, that is a generic service and not specific for lawful intercept, SIP shall provide a generic protocol mean to carry this information. In the prior art, different nodes in different domains handle IRI and CC and it might be difficult to
define a correlation number common to both domains . By the invention, IRI and CC are handled by entities in the same domain and correlation number can be based on session id or whatever identity used inside the domain itself. A correlation number common to both domains will be sent as a parameter on both the handover interfaces HI2 and HI3. The LEMF will hereby by able to implement correlation between the IRI and the CC without any need to have post-processing capabilities
The bearer capability and Quality of Service used to provide the CC to the LEMF shall be the same capability offered by the core network when providing IMS services; this type guarantees that the information is passed transparently to the LEMF.
The CC communication channel shall be a one-way connection, from the operator's (NO/AN/SP) HF to LEMF, the opposite direction is not switched through in the switching node of the target .
To conceal the fact that monitoring is going on, which monitoring might be detected by e.g. unauthorized persons due to the re-routing of the media flow in connection with the monitoring, also non-monitored calls may always be rerouted. This re-routing via the Multimedia Resource Function MRF will be done according to 3GPP TS 23.228 for all Media flow transportation multimedia services, requiring MRF capabilities .
Figure 3 discloses a flowchart in which some essential steps are shown. The flowchart is to be read together , with figure 2. The flowchart comprises the following steps:
The Law Enforcement Monitoring Facility LEMF sends a request to the Call Session Control Function CSCF to
activate interception of the first mobile subscriber A. This step is disclosed in figure 3 by a block 101.
The Call Session Control Function detects a SIP session event. The event is set-up of a media-flow connection between the subscribers A and B. This step is disclosed in figure 3 by a block 102.
- A resource set-up message SIPl is sent via the Mr interface from the Call Session Control Function CSCF to a Multimedia Resource Function MRF. This step is disclosed in figure 3 by a block 103.
A SIP transaction/session is established between the Multimedia Resource Function MRF and the Law Enforcement Monitoring Facility LEMF via DF3 over the hand-over interface HI3. This step is disclosed in figure 3 by a block 104.
Figure 4 discloses a second embodiment of the invention. The second embodiment relates to Voice over IP VoIP. Like in the first embodiment an IP Multimedia Subsystem IMS composes the service domain. A media gateway MGW is shown in the service domain. A GSM network, an IP network and a PSTN network compose the bearer domain in this example. A mobile subscriber A in the GSM network is communicating with a fixed subscriber B in the PSTN network. The B subscriber hereby communicates through a Local Exchange LE via an Asymmetrical Digital Subscriber Line ADSL. In VoIP the Content of Communication CC passes an IP network and the media gateway in the service domain. Unlike in the first embodiment, in this embodiment the media-flow CC is re- routed from service domain, from the MGW, to pass also the
Multimedia Resource Function MRF when interception is
requested. The method according to the second embodiment comprises the following steps:
- The Law Enforcement Monitoring Facility LEMP sends via the HIl interface, a request to the Administration Function ADMF to activate interception of the first mobile subscriber C in case of a SIP session event involving the subscriber C is detected by the CSCF.
- The ADMF forwards a target identity of the mobile subscriber C to the Call Session Control Function CSCF. This corresponds to the reference "Activation" in figure 4.
- The Call Session Control Function detects a SIP session event .
- A resource set-up message SIPl is sent via the Mr interface from the Call Session Control Function CSCF to a Multimedia Resource Function MRF in order to establish a proper conference, which involves the target user subscriber C, the other party he is communicating with, i.e. subscriber D and the DF3 party, i.e. the LEMF.
- The media-flow CC is re-routed from the media gateway MGW in service domain to pass also the Multimedia Resource Function MRF.
A SIP transaction/session is established between the Multimedia Resource Function MRF and the Law
Enforcement Monitoring Facility LEMF via DF3 over the hand-over interface HI3.
A copy of the media-flow CC between subscriber C and the subscriber D is delivered from the Multimedia Resource Function MRF to the Law Enforcement Monitoring Facility LEMF via the SIP transaction/session.
Figure 5 shows the method for the delivering of Content of Communication CC. The method shall be a bridged/T- connection. SIP core in the figure consist of P- I- and S- CSCF nodes as defined in the standards . The figure illustrates the case of a multimedia session involving two parties UEl and UE2. The signals of both parties of the configuration to be intercepted are delivered separately to the Law Enforcement Monitoring Facility LEMF. The delivery function has no impact on the connection between the parties .
The Multimedia Resource Function Processor MRFP handles the mixing of incoming media streams . The following information needs to be transferred from a Multimedia Resource Function Controller MRFC to the third Delivery Function DF3 in order to allow the DF3 to perform its functionality:
- target identity (URI)
correlation number (IRK->CC)
Possible other information available in the nodes and required by the standards, as in already existing technology.
The media flow could involve also a different entity than "B" subscriber, e.g. a media server. The invention is in other words not limited to the above described and in the drawings shown embodiments but can be modified within the scope of the enclosed claims .