SIST-TS ETSI/TS 102 232-5 V3.22.1:2026

TECHNICAL SPECIFICATION
Lawful Interception (LI);
Handover Interface and
Service-Specific Details (SSD) for IP delivery;
Part 5: Service-specific details for IP Multimedia services


2 ETSI TS 102 232-5 V3.22.1 (2025-11)

Reference
RTS/LI-00298-5
Keywords
IMS, IP, lawful interception, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871

Important notice
The present document can be downloaded from the
ETSI Search & Browse Standards application.
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format on ETSI deliver repository.
Users should be aware that the present document may be revised or have its status changed,
this information is available in the Milestones listing.
If you find errors in the present document, please send your comments to
the relevant service listed under Committee Support Staff.
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure (CVD) program.
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
and/or governmental rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.

Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2025.
All rights reserved.
ETSI
3 ETSI TS 102 232-5 V3.22.1 (2025-11)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
Introduction . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 7
3 Definition of terms, symbols and abbreviations . 8
3.1 Terms . 8
3.2 Symbols . 8
3.3 Abbreviations . 8
4 General . 10
4.1 Reference Model for Lawful Interception . 10
4.2 Reference system model . 11
4.2.0 Overview . 11
4.2.1 Network layer Interception . 12
4.2.2 Service layer Interception . 12
4.3 General Requirements . 13
5 Interception of IP Multimedia services . 13
5.1 Identification of target of interception . 13
5.1.1 SIP Target Identification . 13
5.1.2 H.323 Target Identification . 14
5.1.3 Other Target Identifiers . 14
5.2 Interception of signalling . 14
5.2.1 Provisioning of the SIP IRI IIF . 14
5.2.2 Provisioning of the H.323 IRI IIF . 14
5.2.3 Location information . 14
5.2.4 Supplementary Services . 14
5.2.5 Additional signalling information . 15
5.2.6 SIP Messages in IRI-only intercept . 15
5.2.6.1 General . 15
5.2.6.2 SMS Messages . 15
5.2.7 Signalling IP address information . 16
5.3 Assigning a value to the Communication Identity Number . 17
5.3.0 Introduction. 17
5.3.1 Assigning a CIN value to SIP related IRI . 17
5.3.2 Assigning a CIN value to H.323 related IRI . 17
5.3.3 Assigning a CIN value to XCAP related IRI . 17
5.4 Events and IRI record types . 17
5.5 Interception of Content of Communication . 18
5.6 Direction for IMS IRI for Signalling Messages . 19
5.7 Direction for IMS sessions . 19
5.7.1 Direction for SIP sessions . 19
5.7.2 Direction for H.323 sessions . 19
5.8 Correlation of signalling and media . 19
6 Handover Interface . 20
6.1 Intercept Related Information . 20
6.2 Correlation of IRI and CC . 20
7 ASN.1 specification for IRI and CC. 20
Annex A (informative): Interception using H.248 . 21
ETSI
4 ETSI TS 102 232-5 V3.22.1 (2025-11)
A.1 Purpose of this annex . 21
A.2 Notes on interception using H.248 . 21
A.2.1 Target identification (see also clause 5.1) . 21
A.2.2 Provisioning of the H.248 IRI IIF (see also clause 5.2) . 22
A.3 Problems in H.248 interception . 22
A.3.1 Missing information in H.248 signalling . 22
A.3.2 Missing call content. 23
Annex B (normative): Minimum set of functional attributes to be provided . 24
B.0 Overview . 24
B.1 General requirements . 24
B.2 Result of interception . 25
B.3 Location information . 25
B.4 Time constraints . 25
B.5 Technical handover interfaces and format requirements . 26
Annex C (informative): Change request history . 27
History . 30

ETSI
5 ETSI TS 102 232-5 V3.22.1 (2025-11)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The declarations
pertaining to these essential IPRs, if any, are publicly available for ETSI members and non-members, and can be
found in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to
ETSI in respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the
ETSI IPR online database.
Pursuant to the ETSI Directives including the ETSI IPR Policy, no investigation regarding the essentiality of IPRs,
including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not
referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its
Members. 3GPP™, LTE™ and 5G™ logo are trademarks of ETSI registered for the benefit of its Members and of the
3GPP Organizational Partners. oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and of ®
the oneM2M Partners. GSM and the GSM logo are trademarks registered and owned by the GSM Association.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Lawful Interception (LI).
The present document is part 5 of a multi-part deliverable. Full details of the entire series can be found in part 1 [2].
The ASN.1 module is available as an electronic attachment to the present document (see clause 7 for details).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
The present document focuses on Lawful Interception of IP Multimedia Services. It is to be used in conjunction with
ETSI TS 102 232-1 [2], in which the handling of the intercepted information is described.
ETSI
6 ETSI TS 102 232-5 V3.22.1 (2025-11)
1 Scope
The present document specifies interception of Internet Protocol (IP) Multimedia (MM) Services based on the Session
Initiation Protocol (SIP) and Realtime Transport Protocol (RTP) and Message Session Relay Protocol (MSRP) and IP
MM services as described by the Recommendations ITU-T H.323 [6] and H.248-1 [i.3].
The present document is consistent with the definition of the Handover Interface, as described in ETSI
TS 102 232-1 [2].
The present document does not override or supersede any specifications or requirements in 3GPP TS 33.108 [9] and
ETSI TS 101 671 [1].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found in the
ETSI docbox.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 101 671: "Telecommunications security; Lawful Interception (LI) Handover interface for
the lawful interception of telecommunications traffic".
NOTE: ETSI TS 101 671 is in status "historical" and is not maintained.
[2] ETSI TS 102 232-1: "Lawful Interception (LI); Handover Interface and Service-Specific Details
(SSD) for IP delivery; Part 1: Handover specification for IP delivery".
[3] Recommendation ITU-T X.680: "Information technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation".
[4] IETF RFC 3261: "SIP: Session Initiation Protocol".
[5] IETF RFC 3550: "RTP: A Transport Protocol for Real-Time Applications".
[6] Recommendation ITU-T H.323: "Packet-based multimedia communications systems".
[7] Void.
[8] Void.
[9] ETSI TS 133 108: " Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); LTE; 3G security; Handover interface for Lawful
Interception (LI) (3GPP TS 33.108)".
[10] ETSI TS 101 331: "Lawful Interception (LI); Requirements of Law Enforcement Agencies".
[11] ATIS-1000678.v4.2020: "Lawfully Authorized Electronic Surveillance (LAES) for Voice over
Internet Protocol and Rich Communications Services Messaging in Wireline and Broadband
Telecommunications Networks, Version 4".
[12] Recommendation ITU-T H.225.0: "Call signalling protocols and media stream packetization for
packet-based multimedia communication systems".
ETSI
7 ETSI TS 102 232-5 V3.22.1 (2025-11)
[13] Recommendation ITU-T H.245: "Control protocol for multimedia communication".
[14] Void.
[15] IETF RFC 4975: "The Message Session Relay Protocol (MSRP)".
[16] Recommendation ITU-T T.38: "Procedures for real-time Group 3 facsimile communication over
IP networks".
[17] IETF RFC 4825: "The Extensible Markup Language (XML) Configuration Access Protocol
(XCAP)".
[18] ETSI TS 124 623: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); LTE; 5G; Extensible Markup Language (XML)
Configuration Access Protocol (XCAP) over the Ut interface for Manipulating Supplementary
Services (3GPP TS 24.623)".
[19] IETF RFC 5322: "Internet Message Format".
[20] ISO 3166-1: "Codes for the representation of names of countries and their subdivisions -- Part 1:
Country codes".
[21] ETSI TS 123 038: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); LTE; 5G; Alphabets and language-specific
information (3GPP TS 23.038)".
[22] ETSI TS 123 040: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); LTE; 5G; Technical realization of the Short
Message Service (SMS) (3GPP TS 23.040)".
[23] ETSI TS 133 128: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); LTE; 5G; Security; Protocol and procedures for
Lawful Interception (LI); Stage 3 (3GPP TS 33.128)".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long-term validity.
The following referenced documents may be useful in implementing an ETSI deliverable or add to the reader's
understanding, but are not required for conformance to the present document.
[i.1] ETSI TR 102 528: "Lawful Interception (LI); Interception domain Architecture for IP networks".
[i.2] ETSI TR 102 503: "Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and
Retained data handling Specifications".
[i.3] Recommendation ITU-T H.248-1: "Gateway control protocol: Version 3".
NOTE: H.248 was renumbered when revised on 2002-03-29. H.248 main body, Annexes A to E and Appendix I
were included in H.248.1. Subsequent annexes were sequentially numbered in the series, e.g. H.248
Annex F became H.248.2.
ETSI
8 ETSI TS 102 232-5 V3.22.1 (2025-11)
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the terms given in ETSI TS 101 671 [1], ETSI TS 102 232-1 [2] and the
following apply:
context: logical collection of H.248 terminations
IP MultiMedia service: multimedia service that utilizes the Internet Protocol (IP) for the transport of data
MultiMedia (MM): use of computers to present text, graphics, video, animation and sound in an integrated way
MultiMedia service: communication service that offers Multimedia communication to end-users
termination: entity in H.248 that acts as a source or sink of media
NOTE: Terminations may be physical, such as a given channel on a TDM line, or ephemeral, such as an IP
endpoint.
TSAP identifier: piece of information used to multiplex several transport connections of the same type on a single
H.323 entity with all transport connections sharing the same Network Address (e.g. the port number in a TCP/UDP/IP
environment)
NOTE: Transport layer Service Access Point (TSAP) identifiers may be (pre)assigned statically by some
international authority or may be allocated dynamically during the setup of a call. Dynamically assigned
TSAP identifiers are of transient nature, i.e. their values are only valid for the duration of a single call.
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AF Administration Function
ASN.1 Abstract Syntax Notation One
CC Content of Communication
CCCI Content of Communication Control Interface
CC IIF CC Internal Interception Function
CCTF Content of Communication Trigger Function
CCTI Content of Communication Trigger Interface
CID Communication IDentifier
CIN Communication Identity Number
CLI Calling Line Identity
CSP Communications Service Provider
NOTE: Covers all AP/NWO/SvP.
DTMF Dual Tone Multi Frequency
FFS For Further Study
GSM Global System for Mobile
GW GateWay
HI1 Handover Interface 1 (for Administrative Information)
HI2 Handover Interface 2 (for Intercept Related Information)
HI3 Handover Interface 3 (for Content of Communication)
HTTP Hyper Text Transfer Protocol
ID IDentity
IF Interception Function
ETSI
9 ETSI TS 102 232-5 V3.22.1 (2025-11)
IIF Internal Interception Function
IMEI International Mobile Equipment Identity
IMPI IMS Private Identity
IMPU IMS PUblic identity
IMS IP Multimedia Subsystem
IMSI International Mobile Station Identity
INI Internal Network Interface
IP Internet Protocol
IRI Intercept Related Information
IRI IIF IRI Internal Interception Function
LEA Law Enforcement Agency
LEMF Law Enforcement Monitoring Facility
LI Lawful Interception
LIAF Lawful Interception Administration Function
LIID Lawful Interception IDentifier
MF Mediation Function
MG Media Gateway
MGC Media Gateway Controller
MM MultiMedia
MSRP Message Session Relay Protocol
NNI Network-to-Network Interface
OID Object IDentifier
PDU Protocol Data Unit
RAS Registration, Administration and Status
RP Relay Protocol
RTCP RTP Control Protocol
RTP Realtime Transport Protocol
SDP Session Description Protocol
SIP Session Initiation Protocol
SMS Short Message Service
SSD Service-Specific Details
SvP Service Provider
TCP Transmission Control Protocol
TDM Time Division Multiplex
TP Transfer Protocol
TPDU Transaction Protocol Data Unit
TSAP Transport layer Service Access Point
UDP User Datagram Protocol
UDPTL Facsimile UDP Transport Layer (protocol)
UE User Equipment
UNI User-Network Interface
URI Uniform Resource Identifier
URL Uniform Resource Locator
VoIP Voice over IP
XCAP eXtensible Markup Language (XML) Configuration Access Protocol
ETSI
10 ETSI TS 102 232-5 V3.22.1 (2025-11)
4 General
4.1 Reference Model for Lawful Interception
The present document adopts the generic reference model for the interception domain from ETSI TR 102 528 [i.1], its
internal intercept functions, Intercept Related Information Internal Interception Function (IRI IIF), Content of
Communication Trigger Function (CCTF), and Content of Communication Internal Interception Function (CC IIF), and
the Internal Network Interfaces INI1, INI2, INI3, Content of Communication Trigger Interface (CCTI) and Content of
Communication Control Interface (CCCI) as shown in Figure 1.

NWO/AP/SP DOMAIN LEA DOMAIN
HI
LEA
HI1
Administration Function (AF)
Administration
Function
INI1b INI1a
INI1c
IRI Internal Intercept
Function
INI2
(IRI IIF)
HI2
Law
Mediation
Enforcement
CCTI Function
Monitoring
CC Trigger
(MF)
Facility
Function
(LEMF)
(CCTF)
CCCI
CC Internal Intercept
Function
HI3
INI3
(CC IIF)
Figure 1: Reference Model for Lawful Interception
The reference model depicts the following functions and interfaces:
• INI1a provisions Intercept Related Information Internal Interception Function (IRI IIF).
• INI1b may (statically) provision Content of Communications Trigger Function (CCTF).
• INI1c provisions the Mediation Function (MF).
• Intercept Related Information Internal Intercept Function (IRI IIF) generates IRI.
• Content of Communication Internal Interception Function (CC IIF) generates CC.
• Content of Communication Trigger Function (CCTF) controls CC IIF.
• Content of Communication Control Interface (CCCI) provisions CC IIF.
• Content of Communication Trigger Interface (CCTI) may trigger CCTF for provisioning of the CC IIF.
• Content of Communication Control Interface (CCCI) may dynamically provision the CC IIF.
• Internal interface INI1 carries provisioning information from LIAF to the Internal Intercept Functions (IIF).
• Internal interface INI2 carries Intercept Related Information (IRI) from IRI IIF to the MF.
• Internal interface INI3 carries Content of Communication (CC) information from CC IIF to the MF.
ETSI
11 ETSI TS 102 232-5 V3.22.1 (2025-11)
For an in-depth explanation of the functions and interface, refer to clause 4 of ETSI TR 102 528 [i.1].
4.2 Reference system model
4.2.0 Overview
The reference system model applied in the present document, as depicted in Figure 2, provides a simplified model of a
technology independent, IP MultiMedia (MM) service platform, accessed by multiple different access networks. The
access networks may provide different forms of network access, using different technologies; they all have in common
that they provide IP connectivity among end-users and between end-users and the IP MM services provided by the IP
MM service platform.
Communication Signalling server

services
SvP IP Core network
GW GW GW
IP MM SvP
IAP / NWO
Access Access Access
network network network
Figure 2: Reference System Model
Access from the access networks into the IP Core network of the IP MM service provider is assumed to be protected by
some gateway device (e.g. a session border controller, border gateway controller or a firewall/router combination).
The IP MM Service platform contains a signalling server that provides session initiation functionality (e.g. a SIP call
manager or an H.323 gatekeeper) among end-users and between end-users and communication services (e.g. unified
messaging, audio or video conference servers).
ETSI
12 ETSI TS 102 232-5 V3.22.1 (2025-11)
4.2.1 Network layer Interception
Network Layer interception requires a copy of all signalling information as well as call content exchanged in the
platform to be available at a central point in the infrastructure.

Communication Signalling server

services
IRI
IIF
MF
CC
SvP IP Core network
IIF
GW GW GW
IP MM SvP
IAP / NWO
Access Access Access
network network network
Figure 3: Network layer Interception Model
This can be achieved by means of span-ports in the layer 2 switching backbone or by means of passive splitters (either
copper or fibre) at strategic points in the SvP's core network. Either way, due to the bandwidth of copied network
traffic, some form of filtering will most likely be required (e.g. by means of a layer 3 switch).
4.2.2 Service layer Interception
Service Layer interception requires LI interfaces and functionality to be available in both the signalling server and the
gateways.
Communication Signalling
IRI
services server
IIF
MF
SvP IP Core network
CC CC CC
GW  GW  GW
IP MM SvP
IIF IIF IIF
IAP / NWO
Access Access Access
network network network
Figure 4: Service layer Interception Model
Typically, the IRI IIF in the signalling server is provisioned with the target ID. At detection of a session setup for a
target, the IRI IIF will provide the IRI for the intercepted session and may provide session information to be used for
ad-hoc provisioning of the gateway devices. In some implementations, the gateway devices are also provisioned with
the target ID beforehand and are capable of detecting sessions independent from the signalling server.
ETSI
13 ETSI TS 102 232-5 V3.22.1 (2025-11)
4.3 General Requirements
The following requirements regarding the interception of signalling shall apply:
1) Annex B provides the functional description of the minimal set of information that is to be provided to Law
Enforcement for each intercepted communication.
2) The present document supports the interception of communication services defined in the following
IETF/ITU-T standards and recommendations:
- IETF RFC 3261 [4] (SIP);
- IETF RFC 3550 [5] (RTP);
- IETF RFC 4975 [15] (MSRP);
- Recommendation ITU-T H.323 [6];
- Recommendation ITU-T H.225.0 [12];
- Recommendation ITU-T H.245 [13];
- Recommendation ITU-T T.38 [16].
3) Any deviation from the supported IETF and ITU-T specifications identified in item 2, e.g. vendor specific
parameters, shall be agreed in advance between the Communications Service Provider (CSP) and Law
Enforcement Agency (LEA).
4) The present document specifies the handover of intercepted signalling containing all information required in
ETSI TS 101 331 [10] by encapsulating that intercepted signalling.
5) IRI that is not part of intercepted signalling shall also be delivered. The format of such information on the
handover interface shall be agreed in advance between the CSP and LEA.
6) As a national option, mapping of the IRI information onto specific messages at the handover interface may be
mandated, e.g. according to the ATIS-1000678 [11] specification.
5 Interception of IP Multimedia services
5.1 Identification of target of interception
5.1.1 SIP Target Identification
The target identity is not a network layer or transport layer address. The target identity shall be a public or private
address type that uniquely identifies the target in the CSP's network and by means of which sessions among users can
be established, such as:
• TEL URI;
• SIP URI;
• E.164 Number.
NOTE: IMPU and IMPI are examples of public/private identifiers.
ETSI
14 ETSI TS 102 232-5 V3.22.1 (2025-11)
5.1.2 H.323 Target Identification
The target identity is not a network layer or transport layer address. The target identity shall be an address type that
uniquely identifies the target in the CSP's network and by means of which sessions among users can be established,
such as:
• H.323 URL;
• H.323 ID;
• E.164 Number.
5.1.3 Other Target Identifiers
Depending on the CSP network configuration and technical/mapping capabilities, other target identifiers might be used.
This includes access network identifiers such as IMEI or IMSI.
5.2 Interception of signalling
5.2.1 Provisioning of the SIP IRI IIF
SIP messaging IETF RFC 3261 [4] is reported as Intercept Related Information (IRI) for the interception of multi-media
service. All SIP messages executed on behalf of a target subscriber are subject to interception at the IRI Internal
Interception Function (IIF). Based upon network configuration, the Administration Function (AF) shall provision IRI
IIF with SIP Uniform Resource Identifier (URI) or TEL Uniform Resource Locator (URL) target identifiers. These
resulting intercepted SIP messages shall be sent to the Mediation Function (MF) over the INI2 interface for mediation
prior to transmittal across the HI2 interface.
5.2.2 Provisioning of the H.323 IRI IIF
H.323 call signalling, call control and subscriber controlled input messages are reported as Intercept Related
Information (IRI) for the interception of multi-media services. H.323 call signalling and control messages refer to the
basic call signalling (H.225.0), call control (H.245) and those messages required for the signalling of supplementary
services (i.e. H.450.x). Subscriber controlled input messages refer to those messages generated as a result of user
procedures for the control of Supplementary Services (activation/deactivation/interrogation).
All H.323 call signalling, call control and subscriber controlled input messages that are transmitted on behalf of the
target subscriber are subject to intercept at the IRI IIF. Based upon the network configuration, the AF shall provision
IRI IIF with either a H.323 Unique Resource Locator (H.323-URL), or a H.323 Identity (H.323-ID), or a public E.164
telephone number.
If available events related to the Registration, Administration and Status (i.e. H.323 RAS) of the target subscriber's
terminal equipment are also subject to intercept at the IRI IIF.
5.2.3 Location information
The IRI Internal Interception Function (IIF) may report location information to satisfy the requirement in clause B.3.
The availability and format of location information in the IRI IIF may depend on the network access technology. The
present document uses the common parameter from ETSI TS 102 232-1 [2] to signal this information. Use of this
parameter is subject to national agreement.
5.2.4 Supplementary Services
A target subscriber may make use of supplementary services offered by the IP MultiMedia platform. Typical
supplementary services are the maintenance of presence information and the manipulation of call forwarding and barred
numbers.
ETSI
15 ETSI TS 102 232-5 V3.22.1 (2025-11)
The IP MultiMedia platform may offer an IETF RFC 4825 [17] XCAP interface, which can be used by the target's UE
to modify supplementary services settings. A common interface making use of XCAP is the 3GPP Ut interface as
described in 3GPP TS 24.623 [18].
Intercepted XCAP messages that are sent or received on behalf of the target subscriber will be handed over as IRI using
the XCAPMessage ASN.1 structure. The XCAPMessage structure contains the complete HTTP application layer
contents (including all headers), without any underlying TCP/IP protocol messages.
5.2.5 Additional signalling information
The IRI Internal Interception Function (IIF) may report additional signalling information without affecting the
intercepted signalling messages. The additional signalling information could be provided by the network via different
means than the information contained in the intercepted signalling messages.
The present document supports the handover of additional information, separately to any intercepted signalling
messages, using SIP header format as defined in IETF RFC 3261 [4] and IETF RFC 5322 [19]. These SIP headers shall
be formatted per the requirements as stated in other specifications, such as an IETF RFC or a 3GPP TS. National
agreement may define which specifications apply.
5.2.6 SIP Messages in IRI-only intercept
5.2.6.1 General
In networks which use IP Multimedia Subsystem (IMS), messages such as SMS are carried in the body of the
MESSAGE method of the Session Initiation Protocol (SIP).
If national legislation requires that the content of a message is removed for an IRI-only intercept (see clause B.1), the
content of the message that resides in the SIP body shall be modified or removed, depending on the messaging protocol
in use.
In order to signal that the original message body has been modified, either the iRIOnlyOriginalIPMMMessage or the
iRIOnlySIPMessage choice in IPIRIContents shall be used to transport the modified SIP message.
NOTE 1: When the iRIOnlyOriginalIPMMMessage is used the transport layer checksums may not validate after the
message body has been modified.
NOTE 2: The content modifications required for messaging protocols other than SMS are FFS.
5.2.6.2 SMS Messages
The RP and TP layer data for SMS messages are carried in a SIP body with content-type of application/vnd.3gpp.sms.
When the removal of the short message (SM) portion of an SMS message is required for IRI-only interception each
content element in the "TP-User-Data" field inside a GSM SMS TPDU (see 3GPP TS 23.040 [22]) shall be replaced by
the equivalent of "Space" in the original encoding for the total length of the SM portion as determined by the TP-User-
Data-Length field (3GPP TS 23.040 [22], clause 9.2.3.16), and accounting for the Length of the User Data Header
(UDHL) field (3GPP TS 23.040 [22], clause 9.2.3.24) if the latter is present as indicated by the TP-User-Data-Header-
Indicator field (3GPP TS 23.040 [22], clause 9.2.3.23). While replacing the data the Data Coding Scheme (see 3GPP
TS 23.038 [21]) shall be taken into account.
If the TP-User-Data-Header-Indicator indicates the TP-User-Data Header is present, the Header shall be rewritten so
that each of the Information Elements that are not classified as "SMS Control" in 3GPP TS 23.040 [22], clause 9.2.3.24
shall be converted to a Filler Information Element per 3GPP TS 23.040 [22], clause 9.2.3.24.17.
In any case, the overall length of the TP-User-Data, and if present, the overall length of the TP-User-Data Header, shall
not be changed.
NOTE 1: The procedure in this clause is defined to ensure backwards compatibility in SMS decoding
implementations if the SMS content has been removed.
NOTE 2: This procedure aligns with 3GPP TS 33.108 [9], annex P and with 3GPP TS 33.128 [23], clause 7.4.5.2.
ETSI
16 ETSI TS 102 232-5 V3.22.1 (2025-11)
5.2.7 Signalling IP address information
The IIF shall provide the source and destination IP address of the intercepted SIP or H.323 message as it was
transmitted on the network layer in the respective iPSourceAddress and iPDestinationAddress fields in the IRI message.
The source or destination IP addresses shall not be substituted with other IP addresses of the Signalling Server or any
other element.
EXAMPLE: For instance, the UE (with IP address 192.0.2.23) sends a SIP or H.323 message from the access
network towards a node in the IP MM SvP core network towards a Signalling server (with
signalling IP address 198.51.100.10). When the interception takes place on the Signalling server
IRI IIF this IRI IIF should provide the iPSourceAddress with value 192.0.2.23 and the
iPDestinationAddress of 198.51.100.10.
5.2.8 Post Dialled Digits in IRI-only Intercept
5.2.8.1 General
In networks which use IP Multimedia Subsystem (IMS), a target may utilize calling services (e.g. toll-free based calling
card services) provided by an intermediary service provider (downstream from the CSP providing IMS services to the
target). In this case, the target initially sends a called party identity in the SIP Invite message identifying the
intermediary service provider rather than the true called party. The target then sends the true called party address via
SIP based signalling or via SIP media path-based signalling. The true called party address is transmitted as post dialled
digits (i.e. digits sent after the initial called party address is sent).
If national legislation requires that the post dialled digits be reported, the following requirements apply.
The CSP shall be able to provision the reporting of Post Dial Digits (PDD) on a per-intercept basis. If the true called
party address is signalled via SIP-based signalling (i.e. SIP Information messages), the CSP shall be able to intercept
and report the SIP messages carrying this information. If the called party address information is sent as RTP telephony
events via the media path (e.g. as DTMF digits), the CSP shall be able to intercept and report this information. To
accomplish this, the CSP may need to enable transfer of CC to the MF for extraction of the RTP telephony packets.
For reporting of post dialled digits conveyed as RTP telephony events over the media-path based signalling, the CSP
shall report the RTP packets carrying the post-dialled digits via one or more iRIOnlyRTPPacket messages. Each
iRIOnlyRTPPacket message shall contain an IP/UDP/RTP telephony packet and shall be reported using the same CIN
as used for the associated communications session.
5.2.9 Called Party Address Translation
5.2.9.1 General
In networks which use IP Multimedia Subsystem (IMS), called party address translation may occur where, for example,
a telephony application server translates a called party address to another address for routing purposes (e.g. toll free
number translation).
In this case, the IRI reported shall include information regarding the translated called party address, i.e. the pre-
translation called party address as well as the post translation called party address along with information for correlation
to the associated call/session, where such called party address translation information is available to the CSP.
For example when reporting SIP signalling, this can be accomplished by reporting both the SIP message sent to the
server performing called party address translation (containing the pre-translation called party address) and the resultant
SIP message containing the post translation called party address using the same CIN for the call/session
...