IAP

Interception Access Point

Security
Introduced in Rel-8
A functional entity within a 3GPP network that provides lawfully authorized interception (LI) capabilities. It is the point where intercepted communication content (CC) and interception-related information (IRI) are duplicated and delivered to a Law Enforcement Monitoring Facility (LEMF). It is a critical component for regulatory compliance.

Description

The Interception Access Point (IAP) is a standardized network function defined by 3GPP for the purpose of Lawful Interception (LI). It serves as the technical interface within the operator's network where the actual interception of telecommunications occurs. The IAP is responsible for duplicating both the Communication Content (CC) – the voice call, SMS, or packet data session payload – and the Interception Related Information (IRI) – the call-associated data like numbers, time, location – of a targeted subscriber. This duplicated information is then formatted and securely transmitted to the Law Enforcement Monitoring Facility (LEMF) via standardized interfaces (HI2 for IRI, HI3 for CC).

Architecturally, the IAP is not a single physical node but a functional role that can be implemented within various network elements depending on the service being intercepted. For example, in a 5G network, the IAP function for packet data interception might reside in the User Plane Function (UPF), where it can duplicate user plane packets. For voice calls over IMS, the IAP function could be within the Media Gateway or a specific Media Resource Function. The IAP receives activation commands from an internal administrative function (the ADMF), which is triggered by a lawful warrant. Once activated, the IAP silently begins duplicating the targeted traffic without impacting the subscriber's service.

The IAP works in conjunction with other LI entities: the Administration Function (ADMF), which manages interception warrants and hides the existence of multiple simultaneous interceptions from the network; the Delivery Function (DF), which handles the secure delivery to the LEMF; and the Collection Function (CF) at the LEMF. The IAP's operation is defined in detail in 3GPP TS 33.108, which specifies the handover interfaces (HI1, HI2, HI3), the data formats, and the security requirements. The IAP must ensure the integrity, confidentiality, and reliability of the intercepted data, providing strong guarantees that only authorized interceptions take place and that the data is delivered accurately to the correct authority.

Purpose & Motivation

The IAP exists to fulfill legal obligations placed upon telecommunications service providers by national laws, which require operators to assist law enforcement and security agencies with lawful interception of communications. Its creation was motivated by the need for a standardized, secure, and reliable technical mechanism that works across different vendor equipment and network generations (2G to 5G). Without a standardized IAP, each operator and vendor would implement proprietary interception solutions, making it difficult and costly for law enforcement to access intercepted data consistently, potentially hindering investigations.

The problem it solves is twofold: technical implementation and regulatory compliance. Technically, it provides a well-defined point and procedure for accessing real-time network traffic without degrading service for other users. From a compliance perspective, it ensures that interception is performed according to strict legal and procedural safeguards, maintaining a clear audit trail. The historical context involves the evolution of telecommunications from simple circuit-switched voice to complex IP-based multimedia services, which required interception capabilities to evolve accordingly. The 3GPP LI standards, including the IAP concept, address the limitations of earlier, non-standardized interception methods by providing a future-proof, technology-agnostic framework that protects user privacy outside of lawful mandates and ensures interoperability between network operators and law enforcement agencies.

Key Features

  • Duplicates Communication Content (CC) and Interception Related Information (IRI)
  • Interfaces with internal Administrative Function (ADMF) for activation
  • Utilizes standardized Handover Interfaces (HI2, HI3) for delivery to LEMF
  • Can be implemented in various network functions (e.g., UPF, MSC, IMS nodes)
  • Operates covertly without alerting the intercepted subscriber
  • Supports security features for data integrity and confidentiality

Evolution Across Releases

Rel-8 Initial

Formally defined as a core functional entity within the 3GPP Lawful Interception architecture, particularly for EPS (LTE). It established the generic IAP model separating the interception trigger/activation (ADMF) from the actual access point, providing a clear framework for intercepting IP-based packet data services in addition to traditional voice.

TS 33.108

Defining Specifications

SpecificationTitle
TS 33.108 3GPP TR 33.108