Lawful Intercept - Cisco ASR 5000 series Product Overview

Packet Data Interworking Function Overview

Lawful Intercept

The PDIF supports the Lawful Interception (LI) of subscriber session information. This functionality provides
Telecommunication Service Providers (TSPs) with a mechanism to assist Law Enforcement Agencies (LEAs) in the
monitoring of suspicious individuals (referred to as targets) for potential criminal activity.
The following standards were referenced:
TR-45 Lawfully Authorized Electronic Surveillance TIA/EIA J-STD-025 PN4465 RV 1.7
3GPP TS 33.106 V6.1.0 (2004-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful Interception requirements (Release 6)
3GPP TS 33.107 V6.2.0 (2004-06): 3rd Generation Partnership Project; Technical Specification Group Services
and System Aspects; 3G security; Lawful interception architecture and functions (Release 6)
Technical Directive: Requirements for implementing statutory telecommunications interception measures (TR
TKÜ), Version 4.0
LEAs provide one or more TSPs with court orders or warrants requesting the monitoring of a particular target. The
target is identified by information such as their Mobile Station Integrated Services Digital Network (MSISDN) number,
or their International Mobile Subscriber Identification (IMSI) number.
Once the target has been identified, the system, functioning as either a GGSN or HA, serves as an Access Function (AF)
and performs monitoring for both new PDP contexts or PDP contexts that are already in progress. While monitoring, the
system intercepts and duplicates Content of Communication (CC) and/or Intercept Related Information (IRI) and
forwards it to a Delivery Function (DF) over an extensible, proprietary interface. Note that when a target establishes
multiple, simultaneous PDP contexts, the system intercepts CC and IRI for each of them. The DF, in turn, delivers the
intercepted content to one or more Collection Functions (CFs).
Diameter Authentication Failure Handling
Diameter EAP failure handling defines error handling for both Session Termination Requests and for EAP Requests.
Specific actions (continue, retry-and-terminate, or terminate) can be associated with each possible result-code. EAP
failure handling is flexible enough that wide ranges of result codes can be defined with the same action, or actions can
be bound on a per-result-code basis.
A failure does not necessarily mean a summary termination of a call.
The following configuration:
configures result codes 5001, 5002, 5004 and 5005 to mean the session could continue regardless of the error,
and
OL-22938-02
Features and Functionality - Licensed Enhanced Feature Support ▀
Cisco ASR 5000 Series Product Overview ▄