In this section:

Related articles:

Overview

The Lawful Interception solution has three discrete interfaces between the network element and mediation server to provide provisioning, call data (signaling) and call content (media) information. These interfaces are created after the connection is established between the XCIPIO mediation server Delivery Function (DF) and the network element Access Function (AF). The interface from the mediation server to the lawful interception agency is standardized. The interfaces between AF and DF are defined as:

  • X1 or INI-1 interface for provisioning targets,
  • X2 or INI-2 interface for providing signaling information for the target,
  • X3 or INI-3 interface for providing media or call content for the target

where the X interface is defined by the 3GPP standard while INI is defined by the ETSI standard.

An interconnect SBC provides peering between IMS network and other peering networks (CDMA, business, and other service providers). The SBC interfaces with two XCIPIO mediation servers. The Network elements expose provisioning, call data and/or call content interface towards these mediation servers for legal interception.

The Mediation Function (MF) provides the required interworking by interfacing to the Law Enforcement Agency (LEA) through Handover Interfaces (HI1, HI2, HI3) on one side and to the VoIP packet network elements(s) through X3 (for collection of media).

Ribbon Lawful Intercept (LI) Solution

The RibbonApplication Management Platform (RAMP) acts as a AF (Administrative Function) from an SS8 mediation function perspective to terminate provisioning of the targets.

The SBC Core acts as CC IAPs (call content IAPs) for bearer interception.

The Ribbon LI solution supports the interfaces with the SS8 mediation function to facilitate X1 provisioning and X3 media information for the target.

  • X1 or INI-1 interface is supported by RAMP for provisioning targets, and the target data is stored in the PSX database. This functionality is based on SS8 provisioning interface.
  • X3 or INI-3 interface is supported by the SBC for intercepting call content over TCP/IPsec.

The Ribbon LI solution supports X1 and X3 interfaces only. X2 interface is not supported for this feature.


Note

The D-SBC is supports interception of all supported media streams, such as:

  • Audio
  • Video
  • T.140
  • MSRP
  • BFCP
  • FECC

 

Note

Legacy/Default LI and IMS LI on D-SBC supports interception of Audio streams only; lawful Intercept of other media streams (only Audio, Video, and T.140) are supported by PSCI LI.

 

Steps in Setting up the LI Solution

Creating X1 Interface

The X1 interface enables LI Intercept Access Points (IAP) to support multiple (two instances) regionally deployed SS8 Delivery Function systems to provision intercept targets. RAMP supports X1 interface over Transport Layer Security (TLS) connection towards the mediation server.  

Configure the intercept server X1 transport address and TLS certificate from RAMP to initiate a transport connection over the X1 interface. The transport address and TLS certificate are individually specified for each of the mediation servers in the network.

Note

The TLS configuration on the X1 interface is optional.


Provision Intercept Targets over X1

The SS8 Intercept server provisions the target URIs (SIP/SIPS or TEL URI) over the X1 interface on RAMP, which sends the target information to the Master PSX over the PIPE interface established over a SSH connection. The PSX Master and Slave store the targets in a LI Target table.  

Creating X3 Interface

The Ribbon SBC supports X3 interface to intercept call content towards the mediation servers over TCP/IPsec.

Note

IPsec for X3 interface is optional.


The X3 interface is configured on the SBC under call data channel.

Call Data Channel (CDC) is required to be configured on both S-SBC and M-SBC. 

PCSI Intercept Call Flow

The PCSI intercept call flow is listed below:

  1. The IMS network sends a SIP INVITE/18x/200 OK or re-INVITE/200 OK, that contains a P-Com-Session-Info header. This header contains a correlation ID and one or more prospective target URI, which is looked into the target table maintained in the PSX Slave.

  2. The S-SBC on receiving a P-Com-Session-Info header in any of the above listed SIP messages sends a policy request with the list. The PSX Slave uses this to perform a lookup in the target table created using the X1 provisioning interface. Assuming that a target URI matches, the PSX provides the X3 transport address that is stored along with the target URI. This information is received by the S-SBC in the policy response. This interface uses Diameter+ over UDP.

  3. The S-SBC finds the LI information in the policy response and understands that the call has to be intercepted. It uses the correlation ID received in SIP messages as well as X3 transport address received from the PSX Slave to pass this information over the SBC Media control API over TCP to M-SBC. 

  4. The M-SBC validates X3 transport address against the mediation servers configured under CDC and intercepts the call content to the corresponding mediation server using the X3 interface.