ETSI TS 103 462 V1.1.1 (2018-07)

ETSI TS 103 462 V1.1.1 (2018-07)






TECHNICAL SPECIFICATION
Lawful Interception (LI);
Inter LEMF Handover Interface



---------------------- Page: 1 ----------------------
2 ETSI TS 103 462 V1.1.1 (2018-07)



Reference
DTS/LI-00134
Keywords
handover, IP, lawful interception, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2018.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM TM
3GPP and LTE are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 103 462 V1.1.1 (2018-07)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
Introduction . 4
1 Scope . 5
2 References . 5
2.1 Normative references . 5
2.2 Informative references . 6
3 Definitions and abbreviations . 6
3.1 Definitions . 6
3.2 Abbreviations . 7
4 General aspects . 7
5 Architecture overview and functional description . 8
6 Delivery Handling . 9
6.1 General . 9
6.2 Description and purpose of the header fields . 9
6.2.1 Inter LEMF LIID . 9
6.2.2 Communication Identifier . 10
6.2.3 Sequence Number . 10
6.2.4 Timestamp . 10
6.3 Integrity . 10
6.4 Payload encryption . 10
6.5 Reliability . 10
6.6 Error Handling . 10
6.7 Keep alive . 10
7 Responding Interworking Function (resIWF) . 11
7.1 General . 11
7.2 Encapsulation function . 11
7.3 Mapping function . 11
7.3.1 General . 11
7.3.2 Timestamp . 11
7.3.3 Location information . 11
7.4 Interoperability function . 12
8 Encapsulation Handling . 12
8.1 General . 12
9 Transport layer . 12
Annex A (informative): Operational roles. 14
A.1 Introduction . 14
A.2 Requesting party (reqLEA/reqAA) . 15
A.3 Responding party (resLEA/resAA) . . 15
A.4 Executing Communication Service Provider . 15
Annex B (normative): Inter LEMF Handover (ILHI) ASN.1 . 16
Annex C (informative): Change History . 18
History . 19

ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 103 462 V1.1.1 (2018-07)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
The objective of the present document is to form the basis for a standardized handover interface, that will deliver the LI
and/or RD information via IP-based networks between Law Enforcement Authorities under various European treaties
and local regulations in case of:
• legal assistance;
• legal assistance regarding the European Investigation Order in criminal matters [i.1];
• (bilateral) administrative assistance.
The present document is intended to cover the following:
• transmission of intercepted Content of Communication (CC) and Intercept Related Information (IRI);
NOTE: This includes data that is already processed or stored on the LI system.
• transmission of traffic and location data (RD), administrative data according to ETSI TS 102 657 [3] and error
codes according to ETSI TS 102 232-1 [6] are for further study.
Besides the EIO Directive, there is also a need in some countries to exchange stored or LI data in real time between
different LEMFs or between a primary LEMF and a secondary analysis framework (this forms another use case for the
interface).
ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 103 462 V1.1.1 (2018-07)
1 Scope
The present document specifies the LEMF to LEMF interface to support (as a minimum) European Investigation Orders
(EIOs) related to LI and/or RD. The present document aims to be capable of securely handling real-time and stored data
transfer between LEMFs in accordance with ETSI TS 102 232 parts 1 [6] to 7 [12] and the related ETSI TS 133 108 [5]
for LI.
In the present document RD is for further study.
Local LI handover interfaces frequently use dedicated networks for delivery with local specific security features. With
the EIO Directive in place, there is a need to have a common Handover Interface to allow real-time exchange between
LEMFs that can be located in different countries, under different jurisdictions.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 101 671: "Lawful Interception (LI); Handover interface for the lawful interception of
telecommunications traffic".
[2] ETSI TS 103 280: "Lawful Interception (LI); Dictionary for common parameters".
[3] ETSI TS 102 657: "Lawful Interception (LI); Retained data handling; Handover interface for the
request and delivery of retained data".
[4] ETSI TS 103 307: "CYBER; Security aspects for LI and RD Interfaces".
[5] ETSI TS 133 108: "Universal Mobile Telecommunications System (UMTS); LTE; 3G security;
Handover interface for Lawful Interception (LI) (3GPP TS 33.108)".
[6] ETSI TS 102 232-1: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 1: Handover specification for IP delivery".
[7] ETSI TS 102 232-2: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 2: Service-specific details for messaging services".
[8] ETSI TS 102 232-3: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 3: Service-specific details for internet access services".
[9] ETSI TS 102 232-4: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 4: Service-specific details for Layer 2 services".
[10] ETSI TS 102 232-5: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services".
[11] ETSI TS 102 232-6: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 6: Service-specific details for PSTN/ISDN services".
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 103 462 V1.1.1 (2018-07)
[12] ETSI TS 102 232-7: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 7: Service-specific details for Mobile Services".
[13] ISO 3166-1: "Codes for the representation of names of countries and their subdivisions; Part 1:
Country codes".
[14] Recommendation ITU-T X.680: "Information Technology - Abstract Syntax Notation One
(ASN.1) & ASN.1 encoding rules".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding
the European Investigation Order in criminal matters.
[i.2] ETSI TR 102 503: "Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and
Retained data handling Specifications".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in ETSI TS 101 671 [1], ETSI
TS 102 232-1 [6] and the following apply:
NOTE: This may contain additional information.
mapping: function that maps every element of a given set to a distinct element of another set
mappingInfo: output of the mapping function
originalPayload: optional output part of the interoperability function containing the unmodified received data
real time: information and communication technologies that are able to generate and deliver information in a time-
frame similar to the real-life process that it is assisting
requesting AA (reqAA): Authorized Authority from the country that takes the initiative for the LI request
requesting IWF (reqIWF): function to format data from ILHI format into local format
requesting LEA (reqLEA): Law Enforcement Agency from the country that takes the initiative for the LI request
requesting LEMF (reqLEMF): Law Enforcement Monitoring Facility from the country that takes the initiative for the
LI request
resPayload: mandatory output part of the interoperability function
responding AA (resAA): Authorized Authority from the country that verifies the requesting party and translates the
received warrant into a national warrant
responding IWF (resIWF): function to format data into ILHI format
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 103 462 V1.1.1 (2018-07)
responding LEA (resLEA): Law Enforcement Agency from the country that verifies the requesting party and
translates the received warrant into a national warrant
responding LEMF (resLEMF): Law Enforcement Monitoring Facility from the country that verifies the requesting
party and translates the received warrant into a national warrant
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
3GPP Third Generation Partnership Project
AA Authorized Authority
ADMF Administration Function (at CSP)
ASCII American Standard Code for Information Interchange
ASN.1 Abstract Syntax Notation One
CC IW Content of Communication Interworking
CC Content of Communication
CIN Communications Identity Number
CS Circuit Switched
CSP Communications Service Provider
EcsF EncapsulationFunction
EIO European Investigation Order
ID IDentifier
ILHI Inter LEMF Handover Interface
IMS IM Subsystem
IopF Interoperability Function
IP Internet Protocol
IRI IW Intercept Related Information Interworking
IRI Intercept Related Information
LEA Law Enforcement Agency
LEMF Law Enforcement Monitoring Facility
LI Lawful Interception
LIID Lawful Interception IDentifier
MapF Mapping Function
MF Mediation Function (at CSP)
NID Network IDentifier
OID Object Identifier
PDU Protocol Data Unit
PS-PDU Packet Switched - Protocol Data Unit
RD IW Retained Data InterWorking
RD Retained Data
reqAA requesting Authorized Authority
reqIWF rrequesting InterWorking Function
reqLEMF requesting LEMF
resAA responding Authorized Authority
resIWF responding InterWorking Function
resLEMF responding LEMF
TCP Transmission Control Protocol
TLS Transport Layer Security
VPN Virtual Private Network
WGS84 World Geodetic System 1984
4 General aspects
The Inter LEMF Handover I
...