A mechanism is provided that enables hiding identities of a target subscriber that is to be subject of lawful interception, LI, when the intercept access point, IAP, is outside the network operator part of the LI domain. Monitoring of data traffic such as over-the-top, OTT, services is enabled while at the same time hiding LI target identities to a network element, NE, containing the IAP. A secure memory area in the NE is dedicated to the LI functionality necessary to intercept and report interception data to the operator part of the LI domain. The interface between the NE and the operator part of the LI domain is the use of a secure injection channel via which the necessary LI software and target information are conveyed between the NE and the operator part of the LI domain.

The present disclosure relates to the field of communication technology, and provides a UPF configuration method, a UPF configuration apparatus and a device. The UPF configuration method for a network device includes calling a policy control service of a UPF. The policy control service is used to configure a network policy for the UPF, or configure the network policy and network policy triggering information for the UPF.

The present disclosure relates to the field of communication technology, and provides a UPF configuration method, a UPF configuration apparatus and a device. The UPF configuration method for a network device includes calling a policy control service of a UPF. The policy control service is used to configure a network policy for the UPF, or configure the network policy and network policy triggering information for the UPF.

Method and system comprising a remote UE being connected to a relay UE, the system moreover comprising a HSS of the remote UE, an ADMF, a MME serving the relay UE and a GW. The relay UE is transmitting in a message (12) an identity of the remote UE (IMSI_1) and an IP address of the remote UE to the MME serving the remote UE. The MME transmitting in an update record message (14) for the remote UE (IM-SI_1); the identity of a relay UE and the identity of the MME serving the relay UE, to the HSS of the remote UE.

Method and system comprising a remote UE being connected to a relay UE, the system moreover comprising a HSS of the remote UE, an ADMF, a MME serving the relay UE and a GW. The relay UE is transmitting in a message (12) an identity of the remote UE (IMSI_1) and an IP address of the remote UE to the MME serving the remote UE. The MME transmitting in an update record message (14) for the remote UE (IM-SI_1); the identity of a relay UE and the identity of the MME serving the relay UE, to the HSS of the remote UE.

A lawful interception, LI, intercept access point, IAP, function (135) in a mobile connect, MC, identity gateway, ID GW, function (107) receives, from a LI administrative function, ADMF (108), a request for activation of LI for a target identity, A, during a specified LI time interval. A detection is made, during the LI time interval, that the ID GW function (107) has at least started an authentication and authorization procedure for a service that the target identity, A, has requested and as a consequence of the detection obtaining, from the ID GW function (107), personal data pertaining to the target identity, A, and providing the obtained personal data pertaining to the target identity, A, to a LI mediation and delivery 10 function MF/DF (132), for example via an X2 interface.

A lawful interception, LI, intercept access point, IAP, function (135) in a mobile connect, MC, identity gateway, ID GW, function (107) receives, from a LI administrative function, ADMF (108), a request for activation of LI for a target identity, A, during a specified LI time interval. A detection is made, during the LI time interval, that the ID GW function (107) has at least started an authentication and authorization procedure for a service that the target identity, A, has requested and as a consequence of the detection obtaining, from the ID GW function (107), personal data pertaining to the target identity, A, and providing the obtained personal data pertaining to the target identity, A, to a LI mediation and delivery 10 function MF/DF (132), for example via an X2 interface.

A switch is provided. The switch is connected to a control apparatus for controlling Lawful Interception, and relays packets transmitted and received between a user apparatus and an IMS apparatus in the home network of the user apparatus. The switch includes a determination unit configured to determine whether the user apparatus is a Lawful Interception target or whether the user apparatus is a roaming user; and a transmission unit configured to, in the case where the user apparatus is a Lawful Interception target or in the case where the user apparatus is a roaming user, transmit to a mobile management switch information indicating to the user apparatus that the user apparatus should transmit and receive the packets to and from the IMS apparatus without encryption.

A switch is provided. The switch is connected to a control apparatus for controlling Lawful Interception, and relays packets transmitted and received between a user apparatus and an IMS apparatus in the home network of the user apparatus. The switch includes a determination unit configured to determine whether the user apparatus is a Lawful Interception target or whether the user apparatus is a roaming user; and a transmission unit configured to, in the case where the user apparatus is a Lawful Interception target or in the case where the user apparatus is a roaming user, transmit to a mobile management switch information indicating to the user apparatus that the user apparatus should transmit and receive the packets to and from the IMS apparatus without encryption.

Automatic preparation of data related to session initiation protocol (SIP) based traffic flows in a lawful interception (LI) scenario is disclosed. The dataset that is obtained may, e.g., be used for machine learning-based (ML) and artificial intelligence (AI) tools that can identify lawfully intercepted SIP-based traffic cases. Such preparation of data reduces the 5 risk of misunderstandings between a communications service provider (CSP) and a law enforcement agency (LEA), which reduces the time dedicated by both parties in understanding the correctness of LI data provided by the CSP to the LEA.