My 102 232-3 notes
My notes on ETSI TS 102 232-3
Version 3.13.1 (2024-01) was used as basis.
Internet Access Service (IAS) § 4.1
Figure 1 Internet access diagram
Lawful Interception Requirements § 4.3
Result of interceptions § 4.3.2
The network operator, access provider or service provider shall provide Intercept Related Information (IRI), in relation to each target service:
- When an attempt is made to access the access network.
- When an access to the access network is permitted.
- When an access to the access network is not permitted.
- On change of status (e.g. in the access network).
- On change of location (this can be related or unrelated to the communication or at all times when the apparatus is switched on).
The IRI shall contain:
- Identities used by or associated with the target identity (e.g. dial-in calling line number and called line number, access server identity, Ethernet addresses, access device identifier).
- Details of services used and their associated parameters.
- Information relating to status.
- Timestamps.
Content of Communication (CC) shall be provided for every IP datagram sent through the IAP's network that:
- Has the target's IP address as the IP source address.
- Has the target's IP address as the IP destination address.
The CC Content of communication shall contain:
- A stream of octets for every captured datagram, containing a copy of the datagram from layer 3 upwards.
- NOTE: Due to the possibility of IP source address spoofing, the fact that an intercepted packet has the target's IP address as the IP source address does not guarantee that the packet was transmitted by the target; i.e. an intercept in place at the interface connected to the target may not include packets originating from other users spoofing the target's IP address and will not include packets from the actual target that contain a spoofed IP address.
Intercept Related Information (IRI) shall be conveyed to the LEMF in messages, or IRI data records, respectively. Four types of IRI records are defined:
- IRI-BEGIN record at the first event of a communication attempt, opening the IRI transaction.
- IRI-END record at the end of a communication attempt, closing the IRI transaction.
- IRI-CONTINUE record at any time during a communication attempt within the IRI transaction.
- IRI-REPORT record used in general for non-communication related events.
For a description of the use and purpose of the various IRI records refer to ETSI TS 102 232-1.
IRI events § 6.1
TODO: Insert Figure 6 state diagram for an Internet session and events depicted.