When a user equipment (UE) provides a new request to a serving gateway (S GW), the S GW augments domain name system (DNS) requests and provides them to a public DNS, with the augmentation providing indications of the requested function. The public DNS responds by providing the IP address of a simplified packet data network (PDN) gateway (P GW) close to the UE location. The P GW forwards communications to the nearest instance of an endpoint providing the requested service or function. In embodiments, some of the functions of the P GW are shifted to other devices in the mobile core, devices that are already local. The simplification of the P GW allows the P GW to be virtualized and moved to a general-purpose server location. Existing information present in the data path is used to provide encryption of portions of the General Packet Radio Services (GPRS) Tunneling Protocol (GTP) connection, allowing the location of the P GW to be optimized in a virtual server data center, as the data path is now secure.

Systems and methods are disclosed herein that relate to secure monitoring or interception of traffic in a wireless communications system. In some embodiments, a method of operation of a network node comprises receiving a list of one or more obfuscated target identifiers from a monitoring node, where each obfuscated target identifier is a user identifier of a target user that is encrypted using a first encryption key that is unknown to the network node. The method further comprises receiving an encrypted packet from another network node and determining whether an encrypted user identifier of the encrypted packet matches one of the obfuscated target identifiers. The method further comprises, if the encrypted user identifier matches one of the obfuscated target identifiers, further encrypting the encrypted packet using a second encryption key negotiated between the network node and the monitoring node and transmitting the further encrypted packet to the monitoring node.

Systems and methods are disclosed herein that relate to secure monitoring or interception of traffic in a wireless communications system. In some embodiments, a method of operation of a network node comprises receiving a list of one or more obfuscated target identifiers from a monitoring node, where each obfuscated target identifier is a user identifier of a target user that is encrypted using a first encryption key that is unknown to the network node. The method further comprises receiving an encrypted packet from another network node and determining whether an encrypted user identifier of the encrypted packet matches one of the obfuscated target identifiers. The method further comprises, if the encrypted user identifier matches one of the obfuscated target identifiers, further encrypting the encrypted packet using a second encryption key negotiated between the network node and the monitoring node and transmitting the further encrypted packet to the monitoring node.

Methods and devices overcome the issue caused when target’s location is not known at the beginning of a location dependent interception thereby being not possible to determine whether the target is in a law enforcement’s agency jurisdiction. The network operator delivers lawful interception data encrypted to the law enforcement agency and provides the decryption information when jurisdiction is confirmed.

Methods and devices overcome the issue caused when target’s location is not known at the beginning of a location dependent interception thereby being not possible to determine whether the target is in a law enforcement’s agency jurisdiction. The network operator delivers lawful interception data encrypted to the law enforcement agency and provides the decryption information when jurisdiction is confirmed.

A method for locating of a wireless device, performed by a third party, comprising: communicating with the wireless device in a silent call, to compel the wireless device to continuously emit signals; activating a monitoring apparatus to monitor the signals emitted from the wireless device; resetting an idling timer means of the wireless device, such that the silent call is not ended by the wireless device; identifying a relative location from which the signals become stronger and locating the wireless device; and terminating the silent call.

A method for locating of a wireless device, performed by a third party, comprising: communicating with the wireless device in a silent call, to compel the wireless device to continuously emit signals; activating a monitoring apparatus to monitor the signals emitted from the wireless device; resetting an idling timer means of the wireless device, such that the silent call is not ended by the wireless device; identifying a relative location from which the signals become stronger and locating the wireless device; and terminating the silent call.

In some example embodiments, there may be provided an apparatus including at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: obtain information to enable selection of an access node for a non-GPP access; query a server to determine whether the country at which the access node is located requires lawful interception of communications; and select, based at least on the obtained information and/or a response to the query, the access node for the non-3GPP access. Related systems, methods, and articles of manufacture are also described.

In some example embodiments, there may be provided an apparatus including at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: obtain information to enable selection of an access node for a non-GPP access; query a server to determine whether the country at which the access node is located requires lawful interception of communications; and select, based at least on the obtained information and/or a response to the query, the access node for the non-3GPP access. Related systems, methods, and articles of manufacture are also described.

In a service provider network of a given communication system configured to support lawful interception functionality, one or more service-based interfaces are provisioned to enable interaction between one or more lawful interception-specific elements and one or more intercepting control elements. In one or more further implementations, methods provide for provisioning an interworking function specific for lawful interception functionality. The interworking function can be configured to support both service-based interfaces and point-to-point interfaces across a control plane and/or a user plane of the service provider network, as needed.