An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over a packet forwarding control protocol (PFCP) interface, extract a permanent ID and a first user plane tunnel endpoint identifier (TEID) from the first message, store the permanent ID and the first user plane TEID in a PFCP protocol data unit (PDU) session record, store the permanent ID in a session details record, capture a second message transmitted over a user plane interface after the first message is transmitted, extract a second user plane TEID from the second message, wherein the second user plane TEID matches the first user plane TEID, and retrieve the session details record using the second user plane TEID.

In some example embodiments, there may be provided an apparatus including at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: obtain information to enable selection of an access node for a non-GPP access; query a server to determine whether the country at which the access node is located requires lawful interception of communications; and select, based at least on the obtained information and/or a response to the query, the access node for the non-3GPP access. Related systems, methods, and articles of manufacture are also described.

In some example embodiments, there may be provided an apparatus including at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least: obtain information to enable selection of an access node for a non-GPP access; query a server to determine whether the country at which the access node is located requires lawful interception of communications; and select, based at least on the obtained information and/or a response to the query, the access node for the non-3GPP access. Related systems, methods, and articles of manufacture are also described.

A wireless communication system serves user functions to a wireless user device. The wireless communication system serves selects the user functions for the wireless user device. The wireless communication system selects User Plane Functions (UPFs) to serve the selected user functions. The wireless communication system selects data routes between the selected UPFs. At least one of the selected UPFs receives user data for the wireless user device. At least some of the selected UPFs route the user data among the selected UPFs based on the selected data routes. The selected UPFs serve the selected user functions to the user data for the wireless user device. At least one of the selected UPFs transfers at least some of user data to one or more external data systems. The user functions may comprise deep packet inspection, network border security, low-latency data transfer, high-throughput data transfer, data cryptography, and/or another data service.

A wireless communication system serves user functions to a wireless user device. The wireless communication system serves selects the user functions for the wireless user device. The wireless communication system selects User Plane Functions (UPFs) to serve the selected user functions. The wireless communication system selects data routes between the selected UPFs. At least one of the selected UPFs receives user data for the wireless user device. At least some of the selected UPFs route the user data among the selected UPFs based on the selected data routes. The selected UPFs serve the selected user functions to the user data for the wireless user device. At least one of the selected UPFs transfers at least some of user data to one or more external data systems. The user functions may comprise deep packet inspection, network border security, low-latency data transfer, high-throughput data transfer, data cryptography, and/or another data service.

An improved lawful intercept (LI) infrastructure is described. In response to a valid LI provisioning request, a subscriber management component statically allocates a user equipment (UE) subject to the LI provisioning request to an edge location comprising a high-speed gateway and a Mediation and Delivery Function (MDF), which coordinates the delivery of intercepted communications. The subscriber management component maintains this allocation for the life of the LI provisioning request and reverses the UE to a dynamic gateway allocation scheme when the LI provisioning request ends. As a result, only a subset of edge locations must be equipped with MDFs, and the handover is transparent to the UE.

An improved lawful intercept (LI) infrastructure is described. In response to a valid LI provisioning request, a subscriber management component statically allocates a user equipment (UE) subject to the LI provisioning request to an edge location comprising a high-speed gateway and a Mediation and Delivery Function (MDF), which coordinates the delivery of intercepted communications. The subscriber management component maintains this allocation for the life of the LI provisioning request and reverses the UE to a dynamic gateway allocation scheme when the LI provisioning request ends. As a result, only a subset of edge locations must be equipped with MDFs, and the handover is transparent to the UE.

Systems and methods for obtaining authentication vectors issued, for use by a mobile communication terminal, by a Home Location Register (HLR) that serves a cellular communication network independently of any cooperation with the cellular network. Further to obtaining the authentication vectors, a terminal is caused to communicate over a WiFi WLAN using an encryption key derived from the obtained authentication vectors, e.g., per the EAP-SIM or EAP-AKA protocol. Since the encryption key is known, communication from the terminal is decrypted. The authentication vectors may be obtained by (i) an “impersonating” Visitor Location Register (VLR) server that does not serve the cellular network; (ii) an interrogation device which, by imitating a legitimate base station serving the cellular network, solicits the mobile communication terminal to associate with the interrogation device; or (iii) an SS7 probe, which obtains authentication vectors communicated from the HLR server to other entities on the SS7 network.

This invention is related to S8 Home Routing (S8HR), under specification by the Global System for Mobile Communications (GSM) Association (GSMA) and 3.sup.rd Generation Partnership Project (3GPP). In a first aspect of the invention, a method is provided for enabling Lawful Interception (LI) when a wireless communication terminal performs S8HR roaming. The method comprises receiving, at a first LMISF from a first SGW serving the wireless communication terminal, IMS-related information of the wireless communication terminal required for performing LI, and providing, from the first LMISF upon the wireless communication terminal relocating to a second SGW serving the wireless communication terminal, the received IMS-related information of the wireless communication terminal required for performing LI, to a second LMISF associated with the second SGW.

This invention is related to S8 Home Routing (S8HR), under specification by the Global System for Mobile Communications (GSM) Association (GSMA) and 3.sup.rd Generation Partnership Project (3GPP). In a first aspect of the invention, a method is provided for enabling Lawful Interception (LI) when a wireless communication terminal performs S8HR roaming. The method comprises receiving, at a first LMISF from a first SGW serving the wireless communication terminal, IMS-related information of the wireless communication terminal required for performing LI, and providing, from the first LMISF upon the wireless communication terminal relocating to a second SGW serving the wireless communication terminal, the received IMS-related information of the wireless communication terminal required for performing LI, to a second LMISF associated with the second SGW.