Search

EP-4740536-A1 - METHOD AND SYSTEM FOR PERFORMING A LAWFUL INTERCEPTION PROVISIONING

EP4740536A1EP 4740536 A1EP4740536 A1EP 4740536A1EP-4740536-A1

Abstract

The present disclosure relates to a method and system for performing a lawful interception provisioning The disclosure encompasses: receiving, by a transceiver unit [302] at a User Plane Function (UPF) [128], a set of UE traffic data packets associated with user equipment(s) in a network; receiving, by the transceiver unit [302] at UPF [128], a Lawful Interception (LIM) provisioning request comprising at least a target UE ID associated with a target UE; identifying, by identification unit [304] at UPF [128], target UE traffic data packet(s) from set of UE traffic data packets associated with target UE; identifying, by processing unit [306], a dedicated port associated with network based on the target UE traffic data packet; performing, by processing unit [306] at UPF [128] via the dedicated port, the lawful interception associated with the target user based on the target UE traffic data packet associated with the target user.

Inventors

  • SINGH, MUKESH
  • BHATNAGAR, AAYUSH
  • JANGID, Ramavatar
  • Doon, Abhishek
  • KASHYAP, Mandeep Singh
  • LAHAMODAK, Rachana
  • KUMAR, AVINASH
  • SAXENA, Arunima

Assignees

  • Jio Platforms Limited

Dates

Publication Date
20260513
Application Date
20240612

Claims (9)

  1. 1. A method for performing a lawful interception provisioning, the method comprising: receiving, by a transceiver unit [302] at a User Plane Function (UPF) [128], a set of user equipment (UE) traffic data packets associated with one or more user equipment in a network; receiving, by the transceiver unit [302] at the UPF [128], a Lawful Interception (EIM) provisioning request comprising at least a target user equipment identity (target UE ID) associated with a target user equipment; identifying, by an identification unit [304] at the UPF [128], at least one target UE traffic data packet from the set of UE traffic data packets associated with the target user equipment based on the LIM provisioning request; identifying, by a processing unit [306] at the UPF [128], a dedicated port associated with the network based on the target UE traffic data packet; and performing, by the processing unit [306] at the UPF [128] via the dedicated port, the lawful interception provisioning associated with the target user equipment based on at least the target UE traffic data packet.
  2. 2. The method as claimed in claim 1, wherein the lawful interception provisioning associated with the target user equipment is performed by the processing unit [306] via at least one of a N4 Interface associated with the dedicated port and an interface of the network over Internet Protocol Security (IPSEC)/Transport Layer Security 2.0 (TLSv2) protocol associated with the dedicated port.
  3. 3. The method as claimed in claim 1, wherein each UE traffic data packet from the set of UE traffic data packets comprises at least one of a user equipment identity (UE ID) associated with said each UE traffic data packet, a geographical location associated with said each UE traffic data packet, and a call detail record associated with said each UE traffic data packet, and wherein each UE ID is associated with at least a unique mobile identification number of a user equipment.
  4. 4. The method as claimed in claim 3, wherein the target UE traffic data packet from the set of UE traffic data packets associated with target user equipment is identified based on matching at least the target UE ID associated with the target user equipment and a UE ID associated with at least one UE traffic data packet from the set of UE traffic data packets.
  5. 5. A system [300] for performing a lawful interception provisioning, the system [300] comprises: a transceiver unit [302] configured to: • receive, at a User Plane Function (UPF) [128], a set of user equipment (UE) traffic data packets associated with one or more user equipment in a network, and • receive, at the UPF [128], a Lawful Interception (EIM) provisioning request comprising at least a target user equipment identity (target UE ID) associated with a target user equipment; an identification unit [304] connected to at least the transceiver unit [302], wherein the identification unit [304] is configured to identify, at the UPF [128], at least one target UE traffic data packet from the set of UE traffic data packets associated with the target user equipment based on the LIM provisioning request; and a processing unit [306] connected to at least the identification unit [304], wherein the processing unit is configured to: • identify, at the UPF [128], a dedicated port associated with the network based on the target UE traffic data packet, and • perform, at the UPF [128] via the dedicated port, the lawful interception provisioning associated with the target user equipment based on at least the target UE traffic data packet.
  6. 6. The system [300] as claimed in claim 5, wherein the lawful interception provisioning associated with the target user equipment is performed by the processing unit [306] via at least one of a N4 Interface associated with the dedicated port and an interface of the network over Internet Protocol Security (IPSEC)/Transport Layer Security 2.0 (TLSv2) protocol associated with the dedicated port.
  7. 7. The system [300] as claimed in claim 5, wherein each UE traffic data packet from the set of UE traffic data packets comprises at least one of a user equipment identity (UE ID) associated with said each UE traffic data packet, a geographical location associated with said each UE traffic data packet, and a call detail record associated with said each UE traffic data packet, and wherein each UE ID is associated with at least a unique mobile identification number of a user equipment.
  8. 8. The system [300] as claimed in claim 7, wherein the target UE traffic data packet from the set of UE traffic data packets associated with target user equipment is identified based on matching at least the target UE ID associated with the target user equipment and a UE ID associated with at least one UE traffic data packet from the set of UE traffic data packets.
  9. 9. A non-transitory computer readable storage medium for performing a lawful interception provisioning, the storage medium comprising executable code which, when executed by one or more units of a system [300], causes: a transceiver unit [302] to: • receive, at a User Plane Function (UPF) [128], a set of user equipment (UE) traffic data packets associated with one or more user equipment in a network, and • receive, at the UPF [128], a Lawful Interception (LIM) provisioning request comprising at least a target user equipment identity (target UE ID) associated with a target user equipment; an identification unit [304] connected to at least the transceiver unit [302], to identify, at the UPF [128], at least one target UE traffic data packet from the set of UE traffic data packets associated with the target user equipment based on the LIM provisioning request; and a processing unit [306] connected to at least the identification unit [304], to: • identify, at the UPF [128], a dedicated port associated with the network based on the target UE traffic data packet, and • perform, at the UPF [128] via the dedicated port, the lawful interception provisioning associated with the target user equipment based on at least the target UE traffic data packet.

Description

METHOD AND SYSTEM FOR PERFORMING A LAWFUL INTERCEPTION PROVISIONING FIELD OF THE DISCLOSURE [0001] The present disclosure relates generally to the field of wireless communication systems. More particularly, the present disclosure relates to methods and systems for performing a lawful interception provisioning. BACKGROUND [0002] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art. [0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second-generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. Third generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth-generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth-generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless communication technology has become more advanced, sophisticated, and capable of delivering more services to its users. [0004] There are situations wherein law enforcement requires telecom operators to intercept and share data such as location and call details of a UE associated with a person, and the telecom operators in such a scenario are legally bound to comply with such a request. Therefore, the telecom operators put these UEs on the intercept/surveillance and their signals and data records related to that UE are intercepted which is then shared with the law enforcement agencies. The direction to put a UE on intercept/surveillance within the system and the network is received from the SMF (Session Management Function) and therefore the system forwards all the data such as browser data, Call data record (CDR) through an interface which is not very secure. Hence there is dire need for this data to be encrypted and delivered swiftly on a secure interface, as this is highly confidential data. [0005] In the existing systems, there is only one interface provided between SMF and UPF (User Plane Function), that is N4 which uses Packet Forwarding Control Protocol (PFCP). Any message or direction, or data travelling between UPF and SMF on the N4 interface should be fully secure. But if we fully secure and encrypt the entire interface, troubleshooting for the engineers becomes tough as they will not be able to see the problem in the interface since it is fully secured. For example, SMF may be in Delhi and UPF may be in Mumbai, and if there is any issue in the interface which is completely encrypted, it would be cumbersome for the engineers to pinpoint the problem. Further, the operation of maintaining such large volume of encrypted message is a non- feasible task in terms of maintenance. [0006] Further, over the period of time various solutions have been developed to improve the security of these data such as to add proprietary Identity Element (IE), as this was not visible to anyone. However, there are certain challenges with existing solutions such as a whole message may be vulnerable and therefore anyone could hack and access the information. [0007] Thus, there exists an imperative need in the art to share the data with the law enforcement in a secure and swift way, which the present disclosure aims to address. OBJECTS OF THE INVENTION [0008] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below. [0009] It is an object of the present disclosure to provide a system and a method for secured transfer and sharing of data with the law enforcement. [0010] It is another object of the present disclosure to provide a solution that aims to provide a fast transfer and sharing of data with the law enforcement. [0011] It is yet another object of the present disclosure to provide a solution to perform a lawful interception provisioning. SUMMARY [0012] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter. [0013] A first aspect of the present disclosure relates to a method for