Methods and apparatuses start lawful interception of an ongoing communication process in an after-handover network environment prior to completing an international handover of a user device. The user device is party of the ongoing communication process and an LI target. The user device being an LI target is determined based on the user device's identity, which is retrieved if the international handover is initiated.

A data anonymization pipeline system for managing holding and pooling data is disclosed. The data anonymization pipeline system transforms personal data at a source and then stores the transformed data in a safe environment. Furthermore, a re-identification risk assessment is performed before providing access to a user to fetch the de-identified data for secondary purposes.

A determination is made that an identity of a non-target communicating entity (102) with which a target communicating entity (101) is communicating, is to be obfuscated in any report of lawful interception of the target communicating entity (101) to a law enforcement agency (131). Lawful interception is performed of the target communicating entity (101) and information pertaining to the lawful interception of the target communicating entity (101) is reported to the law enforcement agency (131). The reported information comprises non-obfuscated identity information of the target communicating entity (101) and obfuscated identity information of the non-target communicating entity (102).

A determination is made that an identity of a non-target communicating entity (102) with which a target communicating entity (101) is communicating, is to be obfuscated in any report of lawful interception of the target communicating entity (101) to a law enforcement agency (131). Lawful interception is performed of the target communicating entity (101) and information pertaining to the lawful interception of the target communicating entity (101) is reported to the law enforcement agency (131). The reported information comprises non-obfuscated identity information of the target communicating entity (101) and obfuscated identity information of the non-target communicating entity (102).

Methods and devices provide service-specific information besides LI data extracted from communications of LI targets, which receive services via the network and interact with a core function of the network. LI data includes at least one of IRI and CC. This approach is particularly useful if LI at application/service level is unavailable.

An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over a packet forwarding control protocol (PFCP) interface, extract a permanent ID and a first user plane tunnel endpoint identifier (TEID) from the first message, store the permanent ID and the first user plane TEID in a PFCP protocol data unit (PDU) session record, store the permanent ID in a session details record, capture a second message transmitted over a user plane interface after the first message is transmitted, extract a second user plane TEID from the second message, wherein the second user plane TEID matches the first user plane TEID, and retrieve the session details record using the second user plane TEID.

Methods performed in a core network (110) for dynamically handling access and mobility service areas with different capabilities in a communication system (100) are disclosed. The methods are carried out in an AMF node (111), a UDM node (112), a PCF node (113) and a SMF node (115). The UDM node (112) configures Service Area Restriction (SAR) data in a subscription data for a UE (120). The SAR data includes a number of service areas allowed or restricted for the UE and, for each service area, a service area identifier, a service area type and a service area definition. The PCF node configures a Service Area Definition (SAD) rule for a UE. The SAD rule comprises a service area definition and an indication of a set of service area characteristics enabled in the service area. During a registration procedure, the SAR data and SAD rule may be provided to the AMF node upon request for a UE communication. The AMF node then takes actions for the UE communication based on anyone of the SAR data, the SAD rule and local policies at the AMF node. During a session management procedure, the SMF node (115) receives service area related information with a service area identifier and a service area type from the AMF node, and receives the SAD rule from the PCF node. The SMF node (115) then take actions for the UE communication based on the SAD rule, the information received from the AMF node (111) and/or local policies at the SMF node.

An emergency event system may allow for the capture of emergency event data in real time. Users may be able to initiate capture when they believe they are in an emergency event, such as an assault, a robbery, a shooting, an automobile accident, or other threatening situation. In some aspects, when an emergency event is initiated, notifications may be sent out to third parties, such as emergency contact list or emergency response teams. Captured emergency event data may be transmitted and stored in an emergency event database, which may be accessible to third parties and third-party systems, such as for law enforcement. An emergency event capture device may comprise multiple cameras that may concurrently capture media.

The invention relates to methods, communication devices, computer programs and computer program products related to Lawful Interception, LI. An LI, Administration Function, ADMF, sends a request over an X1 interface to a Network Element, NE, that is configured to perform an action associated with an LI, to add information associated with a destination or modify information of an existing destination for a message to be sent from the NE to the LI ADMF over the X1 interface. The NE receives the request, adds information associated with a destination or modifies information of an existing destination, and sends a response to the LI ADMF over the X1 interface, wherein the response comprises a result associated with the request.

A service interruption manager function, SIMF, receives information that indicates that lawful interception, LI, service interruption associated with an LI task has occurred. Based on the received information, a determination is made of a status regarding the LI service interruption associated with the LI task, for example a determination whether the LI service interruption associated with the LI task has a current status that is any of: terminated, ongoing or initiated. A message is then transmitted, to a delivery function, DF, via an HI2 interface, the message comprising at least the determined status regarding the LI service interruption.