ETSI EN 301 040 V2.0.0 (1999-06)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Prizemni snopovni radio (TETRA) – Varnost – Vmesnik za zakonito prestrezanje (LI)Terrestrial Trunked Radio (TETRA); Security; Lawful Interception (LI) interface33.070.10Prizemni snopovni radio (TETRA)Terrestrial Trunked Radio (TETRA)ICS:Ta slovenski standard je istoveten z:EN 301 040 Version 2.0.0SIST EN 301 040 V2.0.0:2003en01-december-2003SIST EN 301 040 V2.0.0:2003SLOVENSKI
STANDARD
EN 301 040 V2.0.0 (1999-06)European Standard (Telecommunications series)Terrestrial Trunked Radio (TETRA);Security;Lawful Interception (LI) interfaceSIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)2ReferenceDEN/TETRA-06027-1 (9mo01000.PDF)KeywordsTETRA, security, voice, dataETSIPostal addressF-06921 Sophia Antipolis Cedex - FRANCEOffice address650 Route des Lucioles - Sophia AntipolisValbonne - FRANCETel.: +33 4 92 94 42 00
Fax: +33 4 93 65 47 16Siret N° 348 623 562 00017 - NAF 742 CAssociation à but non lucratif enregistrée à laSous-Préfecture de Grasse (06) N° 7803/88Internetsecretariat@etsi.frIndividual copies of this ETSI deliverablecan be downloaded fromhttp://www.etsi.orgIf you find errors in the present document, send yourcomment to: editor@etsi.frCopyright NotificationNo part may be reproduced except as authorized by written permission.The copyright and the foregoing restriction extend to reproduction in all media.© European Telecommunications Standards Institute 1999.All rights reserved.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)3ContentsIntellectual Property Rights.5Foreword.51Scope.62References.73Definitions and abbreviations.83.1Definitions.83.2Abbreviations.104User (LEA) requirements - the administrative interface.104.1Non-disclosure.114.2Identification of the identity to be intercepted.114.3Result of interception.124.3.1Network validity of result of interception.124.3.2Identification of result of interception.124.3.3Format of result of interception.124.3.4Content of result of interception.124.3.5Auditing of result of interception.134.4Location information.134.5Time constraints.134.6Service transparency.144.7LI interface instances.144.8LI interface events.145Description of internal TETRA LI interface.145.1Functional model.145.2Information flow sequences.155.2.1LEA control interactions and information flows.155.2.1.1LI_ACTIVATE_req.165.2.1.2LI_ACTIVATE_conf.165.2.1.3LI_MODIFY_req.165.2.1.4LI_MODIFY_conf.175.2.1.5LI_STATUS_ind.175.2.2Target traffic interactions and information flows.185.2.2.1TARGET_ACTIVITY_MONITOR_ind.185.2.2.2TARGET_COMMS_MONITOR_ind.185.2.2.3T_TRAFFIC_ind.195.2.2.4CT_TRAFFIC_ind.195.3Structural model.195.3.1Block interaction model.195.3.2Process interaction model.216Data provision and encoding.236.1Identification of result of interception.236.2Provision of identities.236.2.1Target.246.2.2Co-target.246.3Provision of details of services used and their associated parameters.246.3.1Circuit mode services (U-plane).246.3.2Data services (C-plane).256.3.2.1Short data (unacknowledged).256.3.2.2Short data (acknowledged).256.3.2.3Specific Connectionless Network Service (SCLNS).266.3.2.4Connection Oriented Network Service (CONS).266.3.2.5Internet Protocol.266.4Provision of those signals emitted by the target invoking additional or modified services.26SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)46.4.1Authentication.266.4.2OTAR.276.4.3Enable/Disable.276.4.4Registration.276.4.5Migration.286.4.6Roaming.286.4.7Supplementary services.286.5Provision of time-stamps for identifying the beginning, end and duration of the connection.286.6Provision of actual destination and intermediate directory numbers if call has been diverted.286.7Provision of the U-plane content of the communication from and to the target.296.8Provision of location information;.296.8.1Mobile users of TETRA.296.8.2Fixed line users of TETRA.306.9System status data.30Annex A (informative):Explanatory diagrams.31A.1General network arrangements.31A.2Service providers.32A.3Service across multiple SwMIs.33A.4Service across international borders.34Annex B (informative):Process behavioural model.35B.1Control process.36B.2Target_monitor process.38B.3Comms_provision process.39B.4SwMI_monitor process.40B.5Inter-Process Communication (IPC).41Annex C (informative):Example encoding of target behaviour.42C.1Call setup from target to TETRA co-target.42C.2Target registration.42Annex D (informative):Interim testing regime.44D.1Overview.44D.2Test Purposes.44Annex E (normative):ASN.1 Data definitions.45E.1Information flows.45E.2Information element definitions.46Bibliography.49History.51SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)5Intellectual Property RightsIPRs essential or potentially essential to the present document may have been declared to ETSI. The informationpertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be foundin SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respectof ETSI standards", which is available free of charge from the ETSI Secretariat. Latest updates are available on theETSI Web server (http://www.etsi.org/ipr).Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guaranteecan be given as to the existence of other IPRs not referenced in SR 000 314 (or the updates on the ETSI Web server)which are, or may be, or may become, essential to the present document.ForewordThis European Standard (Telecommunications series) has been produced by ETSI Project Terrestrial Trunked Radio(TETRA).National transposition datesDate of adoption of this EN:25 June 1999Date of latest announcement of this EN (doa):30 September 1999Date of latest publication of new National Standardor endorsement of this EN (dop/e):31 March 2000Date of withdrawal of any conflicting National Standard (dow):31 March 2000SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)61ScopeThe present document describes the implementation of a Lawful Interception interface in a TETRA system. It providesthe requirements and specification of the interface within a TETRA system for the purpose of providing data to LawEnforcement Agencies (LEAs) in the area of Lawful Interception (LI) of communications.The provision of a Lawful Interception interface for TETRA is a national option, however where it is provided it shallbe provided as described in the present document.The structure of lawful interception in telecommunications is in two parts: The internal interface of a network that isbuilt using a particular technology; and, the external interface (known as the Handover Interface) that links the LEA tothe network. Between these two parts may lie a mediation function to cater for national variances and delivery of theresult of interception.The Handover Interface may be the subject of national regulation and therefore the mediation function may be a matterof national regulation.The subject of the present document is the internal LI interface that lies between the TETRA infrastructure and themediation function.The present document describes the data content of information flows from the TETRA system to the mediationfunction. It does not describe a communications protocol stack but assumes the use of one with entry made at layer 7(application layer). The present document has been written with ROSE as a target layer 7 protocol and with the ASN.1Basic Encoding Rules (BER) as the target layer 6 (presentation) protocol. To facilitate this the data definitions are madewith ASN.1. This method allows configuration of either local or remote mediation functions. The EN does not specifyhow ROSE and BER are used.The present document is structured as follows:· clause 4 outlines the essential requirements for the TETRA LI interface;· clause 5 presents the structural and behavioural models of the LI interface;· clause 6 presents the data model and allocation behaviour in the LI interface.The present document applies to TETRA services where access to the communication of TETRA Subscriber Identities(TSIs) is available in a network (Switching and Management Infrastructure (SwMI) or Radio Packet Data Infrastructure(RPDI)). Whilst this does not prohibit lawful interception of TETRA Direct Mode Operation (DMO) it removes theliability of network operators and service providers to provide a result of interception when communication does notmake use of their networks.The present document describes the normal and exceptional operation in each of the three operational phases of T-LI:1Setup:The actions taken within the TETRA network to establish the monitoring of a target and the communicationspaths to the mediation function.2Monitoring:The monitoring of target activity and its delivery to the mediation function.3Cleardown:The removal of a monitor facility against a target and the cleardown of the communications paths to themediation function.The present document does not describe the means of transporting data from the TETRA network to the LEA, butdescribes only the means of capturing and encoding the activities of a target within the TETRA network and deliveringthis data to the mediation function.The present document does not define the operations or technical requirements of the Handover Interface that takes datafrom the mediation function to the LEMF.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)7The present document does not define the operations or technical requirements of the Law Enforcement MonitoringFacility (LEMF).NOTE 1:The present document presupposes some familiarity with the operation of TETRA systems and of lawfulinterception.NOTE 2:The present document suggests a barrier to external manipulation of the TETRA infrastructure by meansof a mediation function.NOTE 3:No testpoint is provided in the present document to ensure conformance. This is addressed nationalstandards pending the completion of a common handover interface being developed by ETSI TC SEC-LIin ES 201 671 [8] and to which the present document is provided as input.2ReferencesThe following documents contain provisions which, through reference in this text, constitute provisions of the presentdocument.· References are either specific (identified by date of publication, edition number, version number, etc.) ornon-specific.· For a specific reference, subsequent revisions do not apply.· For a non-specific reference, the latest version applies.· A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the samenumber.[1]Official Journal of the European Communities, 99/C329/01: "Council Resolution of 17 January1995 on the Lawful Interception of Telecommunications".[2]ETR 331: "Security Techniques Advisory Group (STAG); Definition of user requirements forlawful interception of telecommunications; Requirements of the law enforcement agencies".[3]ETS 300 392-1: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 1: Generalnetwork design".[4]ETS 300 392-2: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 2: AirInterface (AI)".[5]ETS 300 392-7: "Terrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security".[6]ISO/IEC 8348 (1996): "Information technology - Open Systems Interconnection - Network ServiceDefinition".[7]ISO/IEC 8878 (1992): "Information technology - Telecommunications and information exchangebetween systems - Use of X.25 to provide the OSI Connection-mode Network Service".[8]ES 201 671: "Telecommunications security; Lawful Interception (LI); Handover interface for thelawful interception of telecommunications traffic".SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)83Definitions and abbreviations3.1DefinitionsFor the purposes of the present document, the following terms and definitions apply:call: any connection (fixed or temporary) capable of transferring information between two or more users of atelecommunication system where at least one of the parties to the call(for the purposes of the present document) is a userof a TETRA system.content of communication: information exchanged between two or more users of a telecommunications service whereat least one of the users is accessing the service in a TETRA network whilst a call is established, excluding interceptrelated information. This includes information which may, as part of some TETRA service, be stored by one user forsubsequent retrieval by another.NOTE 1:The user in the above definition may be any addressable entity in the TETRA domain using either aTSI [3] or some other valid network address (undefined).Coordinated Universal Time (UTC): time scale maintained by the Bureau International de l'Heure (International TimeBureau) that forms the basis of a coordinated dissemination of standard frequencies and time signals.NOTE 2:The source of this definition is Recommendation 460-2 of the Consultative Committee on InternationalRadio (CCIR). CCIR has also defined the acronym for Coordinated Universal Time as UTC.co-target: correspondent of the target (i.e. the individual or group address with whom the target is communicating).identity: technical label which may represent the origin or destination of any TETRA traffic, as a rule clearly identifiedby a physical communication identity number (such as a telephone number) or the logical or virtual communicationidentity number (such as a personal number) which the subscriber can assign to a physical access on a case-by-casebasis.intercept related information: collection of information or data associated with TETRA services involving the target,specifically call associated information or data, service associated information or data (e.g. service profile managementby subscriber) and location information.Interception (OR Lawful Interception): action (based on the law), performed by a network operator/service provider,of making available certain information and providing that information to an LEMF.NOTE 3:In the present document the term interception is not used to describe the action of observingcommunications by an LEA.interception interface: physical and logical locations within the network operator’s/service provider’s TETRAfacilities where access to the content of communication and intercept related information is provided. The interceptioninterface is not necessarily a single, fixed point.interception measure: technical measure which facilitates the interception of TETRA traffic pursuant to the relevantnational laws and regulations.interception subject: person or persons, specified in a lawful authorization, whose communications are to beintercepted.Law Enforcement Agency (LEA): organization authorized by a lawful authorization based on a national law to receivethe results of communication interceptions.Law Enforcement Monitoring Facility (LEMF): law enforcement facility designated as the transmission destinationfor the results of interception relating to a particular interception subject.lawful authorization: permission granted to an LEA under certain conditions to intercept specified communication andrequiring co-operation from a network operator/service provider. Typically this refers to a warrant or order issued by alawfully authorized body.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)9LI interface: physical and logical interface across which the results of interception are delivered from a networkoperator/service provider to a LEMF.NOTE 4:In ETR 331 [2] this interface is termed the handover interface. The term handover is used in TETRAsystems to describe the maintenance of a call when the mobile party moves between cells.location information: information relating to the geographic, physical or logical location of an identity relating to aninterception subject.mediation function: function that lies between the LEA and the TETRA SwMI that translates data from the SwMI foruse by the collection function of the LEA. The mediation function may be resident in the TETRA SwMI and is specifiedby the protocols and data on the interface to the TETRA SwMI (as defined in the present document) and to thecollection function (as defined by the LEA).multi-user gateway: reserved address given to a gateway port that is used only for intermediate call support, e.g. ISDNgateway.Private Mobile Radio (PMR): radio system designed for a closed user group.Public Access Mobile Radio (PAMR): radio system available to members of the general public generally bysubscription. The owner and operator are unlikely to be the same as the user.Public Network Operator (PNO): operator of a public infrastructure which permits the conveyance of signals betweendefined network termination points by wire, by microwave, by optical means or by other electromagnetic means.Quality of Service (QoS): quality specification of a TETRA channel, system, virtual channel, computer-TETRAsession, etc. Quality of service may be measured, for example, in terms of signal-to-noise ratio, bit error rate, messagethroughput rate or call blocking probability.reliability: probability that a system or service will perform in a satisfactory manner for a given period of time whenused under specific operating conditions.result of interception: information relating to a target service, including the content of communication and interceptrelated information, which is passed by a network operator or service provider to an LEA. Intercept related informationmay be provided whether or not call activity is taking place.served user: user receiving the intercepted traffic.service provider: natural or legal person providing one or more public communication services whose provisionconsists wholly or partly in the transmission and routing of signals on a network. A service provider need not necessarilyrun his own network.NOTE 5:To avoid confusion the term TETRA service provider may be used to distinguish the operator of aTETRA system from the service provider in traditional public networks.target: identity associated with a target service (see below) used by the interception subject.Target Group TETRA Subscriber Identity (GTSI): identity associated with a target service (see below) used by theinterception subject where the interception subject is a group.target service: communication service associated with an interception subject and usually specified in a lawfulauthorization for interception.NOTE 6:There may be more than one target service associated with a single interception subject.Target Terminal Equipment Identity (TEI): identity associated with a target service (see above) used by theinterception subject where the interception target is an equipment.telecommunication: any transfer of signs, signals, writing, images, sounds, data or intelligence of any naturetransmitted in whole or in part by a wire, radio, electromagnetic, photo-electronic or photo-optical system.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)103.2AbbreviationsFor the purposes of the present document, the following abbreviations apply:ASSIAssigned Short Subscriber IdentityBERBasic Encoding RulesCCIRConsultative Committee on International RadioCGICell Global IdentificationCONSConnection Oriented Network ServiceDMODirect Mode OperationDSS1Digital Subscriber Signalling System No. oneGTSIGroup TETRA Subscriber IdentityIPInternet ProtocolISDNIntegrated Services Digital NetworkITSIIndividual TETRA Subscriber IdentityLALocation AreaLEALaw Enforcement AgencyLEMFLaw Enforcement Monitoring FacilityLILawful InterceptionLIILawful Interception InterfaceMFMediation FunctionMNIMobile Network IdentityMSMobile StationPAMRPublic Access Mobile RadioPISNPublic Integrated Services NetworkPMRPrivate Mobile RadioPNOPublic Network OperatorPSS1Private Signalling System number onePSTNPublic Switched Telephone NetworkQoSQuality of ServiceRPDIRadio Packet Data InfrastructureSCLNSSpecific ConnectionLess Network ServiceSDLService and Description LanguageSDSShort Data ServiceSSSupplementary ServiceSSIShort Subscriber IdentitySwMISwitching and Management InfrastructureTEITETRA Equipment IdentityTSITETRA Subscriber IdentityTETRATerrestrial Trunked RadioUTCCoordinated Universal TimeVCVirtual Circuit4User (LEA) requirements - the administrativeinterfaceThis clause presents the user requirements derived from [1] and specifically related to the lawful interception of TETRAwith the LEA being the user.The network operator/service provider shall use best endeavours at all times to comply with the requirements of theLEA. The specific information to be made available shall be made clear by the LEA.The present document describes the internal LI interface of a TETRA network, and does not specify the means by whichdata is delivered to the LEA or to its designated Law Enforcement Monitoring Facility (LEMF). However the internalLI interface is defined in such a way that data may be carried transparently on most networks.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)11NOTE:In this context "internal" means within the boundary of the TETRA infrastructure. The boundary mayextend in such a manner that the TETRA LI function is remote from other components of the SwMI, or itmay be co-located with other SwMI components.Handover Interface L aw E nforcement M onitoring F acility TETRA Infrastructure Internal LI interface (T-LI) Mediation function Figure 1: General reference model of lawful interception from user perspectiveThe general reference model of figure 1 shows that the overall LI interface lies between the LEMF and the TETRAinfrastructure. The subject of the present document is the internal LI interface that lies between the TETRAinfrastructure and the mediation function.4.1Non-disclosureThe network operator/service provider and the LEA should jointly agree confidentiality on the manner in whichinterception measures are implemented in a given TETRA installation with the manufacturers of the technicalinstallations for the implementation of interception measures.Information relating to target identities and target services to which interception is being applied at any time in the lifeof the TETRA installation and as defined thereafter by the LEA should not be made available to unauthorized persons.4.2Identification of the identity to be interceptedThe target may be any valid TETRA Subscriber Address (TSI). If the TSI is used for group communication it shall bereferred to as a Group TSI (GTSI), if used for an individual it shall be referred to as an Individual TSI (ITSI). Theaddress space of TETRA is "flat" so there is no reserved address space for either GTSIs or ITSIs. A multi-user gatewayshould not be allowed to be a target.If the target is an individual (ITSI) it is possible that the target may belong to one or more groups. Groups of which thetarget is a member shall be identified as those groups to which the target’s ITSI has made a group attachment. Theattachment that identifies these groups may be requested by the MS with the target’s ITSI, enforced by the SwMI or apermanent attachment; and provision shall be made for interception of communications within groups to which thetarget’s ITSI is attached by any of these means. The group communications should cease being intercepted after suchtime that the SwMI deems the MS to no longer be attached to the group, e.g. by specific detachment, de-registration etc.In some instances network addresses (TSIs) may be provided in blocks to user groups (e.g. to fleet operators). Thenetwork operator/service provider shall make every effort to identify an unique target identity based upon data present inthe original warrant. If the network operator/service provider is unable to map an unique address to the characteristics ofthe target defined in the interception warrant the LI interface shall not be invoked.In some instances the target may be a particular equipment identified by its Terminal Equipment Identity (TEI). Thenetwork operator/service provider shall use best endeavours to identify a target TSI. This may require the networkoperator/service provider to invoke the Mobility Management (MM) service and to use the TEI PROVIDE protocolexchange to identify the ITSI using the target equipment. The present document does not impose a mandate for thesupport in TETRA systems of this protocol. The use of such a service should not break the rules of service transparencygiven in subclause 4.6.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)124.3Result of interception4.3.1Network validity of result of interceptionA network operator/service provider shall only provide a result of interception for targets operating in their networkirrespective of the target belonging to that network. If an interception target migrates to a second TETRA network thereshall be no requirement for the home network operator/service provider to provide a result of interception from thevisited network.4.3.2Identification of result of interceptionThe result of interception provided at the LEMF side of the LI interface shall be given a unique identification that shallallow identification of the LEA, the target, network operator/service provider and the warrant reference.The internal interface shall in addition provide a unique identification to correlate the data to be submitted to the LEMFwith the internal interception provision.4.3.3Format of result of interceptionThe network operator/service provider shall, prior to delivery of the result of interception:1)
remove any air interface encryption, scrambling and channel coding;2)
provide the LEA with decrypted material for applications where relevant keys and algorithms are available.The content of real time communication shall be provided as a verbatim bit stream. In particular no speech transcodingshall be applied (in the TETRA SwMI), and where appropriate TETRA encoded speech shall be provided to the MF.4.3.4Content of result of interceptionThe result of interception shall contain:· the content of all calls originated by the target;· the content of all calls addressed to the target;· the content of multi-party calls in which to the best knowledge of the network operator/service provider the targetis participating;· the content of broadcast calls to a user population of which to the best knowledge of the network operator/serviceprovider the target is a member.In addition the result of interception shall contain:1)
the identities that have attempted communication with the target, successful or not;2)
the identities that the target has attempted communication with, successful or not;3)
identities used by or associated with the target;4)
details of services used and their associated parameters;5)
those signals emitted by the target invoking additional or modified services;6)
time-stamps for identifying the beginning, end and duration of the connection;7)
actual destination and intermediate directory numbers if call has been diverted;8)
location information;9)
advice of charge for provision of result of interception.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)13The result of interception shall apply to all call types if, and as long as, to the best knowledge of the networkoperator/service provider, the target is a participant.For group calls, the GTSI shall be identified as being used by the ITSI where to the best knowledge of the networkoperator/service provider the target is a participant in the group. This may be achieved by recording theATTACH/DETACH GROUP IDENTITY messages that dynamically associate an ITSI to a GTSI, or by defining anITSI as always attached to a group. If a group requires dynamic attachment and the target has not explicitly attachedthen there is no association of ITSI to GTSI for that group.NOTE:For further explanation of this topic see ETS 300 392-2 [4], subclauses 14.5.2 and 16.8.4.3.5Auditing of result of interceptionIn order to prevent, and to trace, misuse of the technical functions integrated in the TETRA installation enablinginterception, any activation or application of these functions in relation to a given identity shall be fully recorded,including any activation or application caused by faulty or unauthorized input. The records should cover some or all ofthe following items:1)
the identity of target;2)
the target service(s) concerned;3)
the LEMF to which the result of interception is routed;4)
an authenticator suitable to identify the operating personnel (including date and time of input);5)
a reference to the lawful authorization.The network operator/service provider should ensure that the records are tamper-proof and only accessible byauthorized individuals in accordance with local laws relating to data privacy.4.4Location informationA network operator shall provide to the best of their knowledge any location information that may be requested by theLEA and addressed within the initiating warrant. Such data should be within the normal operating parameters of theTETRA network and may take one or more of the following forms:1)
the current location area (or base station if available) at which the target is registered;2)
the current line identity associated with a registered target;3)
the line or service identity to which the target is currently registered and to which calls are redirected.The location information should be delivered at one or more of the following times:1)
with registration;2)
with result of interception;3)
as specified by the LEMF.4.5Time constraintsThe result of interception shall be made available during the period specified by the interception warrant, at the LEMFside of the LI interface.A network operator shall provide data for new calls from the time commencing no earlier than the time at which theinterception request is received.The instance of the LI interface and communication shall be established to the LEMF as quickly as possible after issueof an interception warrant. Thereafter the result of interception shall be delivered to the LI interface on a real-time ornear real-time basis.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)144.6Service transparencyThe LI interface shall be implemented and operated with due consideration for the following:1)
unauthorized persons should not be able to detect any change from the un-intercepted state;2)
communicating parties should not be able to detect any change from the un-intercepted state;3)
the perceived operating facilities of any network service should not be altered as a result of any interceptionmeasure;4)
the perceived quality of service of any network service should not be altered as a result of any interceptionmeasure.4.7LI interface instancesEach instance of the LI interface shall support the transmission of result of interception related to a single target. If anLEA requires a TETRA network to provide multiple result of interceptions to one or more LEMFs these shall bedelivered from separate instances of the LI interface. The preceding may be achieved by using separate physicalcommunication channels for each product or by multiplexing many result of interceptions onto a single physicalcommunication channel. The correlation between the content of communication and intercept related information shallbe unique.4.8LI interface eventsThe LEMF shall be informed by the TETRA network through the LI interface of the following events:1)
the activation of an intercept measure;2)
the deactivation of the intercept measure;3)
any change of the intercept measure;4)
the temporary unavailability of the intercept measure.The LI interface shall be active for the period of the warrant. At the expiry of the warrant the LI interface shall remainactive until all result of interception relating to the target has been delivered. Such data may include an advice of chargefrom the network operator/service provider indicating the sum of resources used in providing the result of interception.5Description of internal TETRA LI interfaceThe TETRA LI interface does not describe a communications protocol or interface, rather it defines a means ofinterpreting data and actions within a TETRA SwMI/RPDI for supply to the mediation function.The functional and behavioural model is described using SDL and is shown in this clause. The detail data definitionsand assignments are given in clause 6.5.1Functional modelThe functional model is developed from the reference model provided in clause 4 of the present document.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)15Handover Interface L aw E nforcement M onitoring F acility TETRA Infrastructure Internal LI interface (T-LI) Mediation function Figure 2: Reference model of interceptionThe present document only considers the roles of the TETRA Infrastructure and the TETRA side of the mediationfunction.In order to better describe the behaviour of the internal LI function subclause 5.2 describes the sequence of informationflows across the internal LI interface.5.2Information flow sequences5.2.1LEA control interactions and information flowsFigure 3 shows the stimuli from the LEA and the responses from the SwMI that are translated by the mediation function.LEA MF SwMI Target Warrant LI_ACTIVATE_req Activation LI_ACTIVATE_conf (Setup) Warrant-ack WarrantModify LI_MODIFY_req Modification LI_MODIFY_conf (Monitoring) WarrantModify-ack WarrantStop LI_MODIFY_req (stop) Closure LI_MODIFY_conf (Cleardown) Warrant status notice Figure 3: External stimuli and information flow sequences for TETRA LIThe LI_ACTIVATE_req information flow shall contain sufficient data to allow the SwMI to validate the request and tomake the required target activity data available to the MF. The returned information flow (LI_ACTIVATE_conf) shallcontain an unique identifier for the interception applied within the network. Any subsequent information flows(LI_MODIFY_req/conf) shall refer to this unique identifier. No protocol timers are defined in the present document forthe req/conf exchanges but the requirements stated in subclause 4.5 shall apply.The information flows that initiate or modify the interception are described as ASN.1 data structures as shown insubclauses 5.2.1.1 through to 5.2.1.5. The ASN.1 definitions given below are collated in annex E.SIST EN 301 040 V2.0.0:2003

ETSIETSI EN 301 040 V2.0.0 (1999-06)16NOTE:The information flows assume the use of a signalling protocol for an automatic T1 interface. The relatedexternal interface (HI1 from ES 201 671 [8]) may be manual.5.2.1.1LI_ACTIVATE_reqThis information flow is sent from the MF to the SwMI to request redirection of traffic (in T_TRAFFIC_ind andCT_TRAFFIC_ind information flows) and signalling (in TARGET_ACT
...