LIPF

Lawful Interception Provisioning Function

Security
Introduced in Rel-16
The LIPF is a 5G core network function responsible for provisioning lawful interception (LI) configuration data to other Network Functions (NFs). It centralizes the management of LI-related parameters, such as target identities and event triggers, ensuring consistent enforcement across the network. It is a key component in standardizing and automating LI activation in 5G's service-based architecture.

Description

The Lawful Interception Provisioning Function (LIPF) is a standardized Network Function (NF) within the 5G Core (5GC) architecture, introduced as part of the enhanced lawful interception framework for 5G systems. Its primary role is to act as a centralized provisioning point for all lawful interception-related configuration data required by various intercepting Network Functions (I-NFs) and the Lawful Interception Function (LIF). The LIPF stores and manages interception warrants, which include details such as the target's identity (e.g., SUPI, MSISDN), the scope of interception (e.g., content of communications, intercept-related information), authorized agencies, and the duration of the interception order. It provides this information to other NFs upon request or via subscription/notification mechanisms.

Operationally, when a lawful interception request is authorized, the relevant administrative authority (e.g., the Law Enforcement Agency via the Lawful Interception Administration Function) provisions the interception warrant into the LIPF. The LIPF then distributes the necessary configuration to the appropriate network functions. For example, it may provision a target's identity to the Access and Mobility Management Function (AMF) to trigger interception when the target UE registers or establishes a session. It may also provision data to the Session Management Function (SMF), User Plane Function (UPF), or other NFs involved in monitoring content or collecting intercept-related information. The LIPF uses standardized service-based interfaces, likely based on HTTP/2, to communicate with consumer NFs, aligning with the 5GC's service-based architecture principles.

The LIPF plays a crucial role in separating the provisioning logic from the interception execution logic. This centralization simplifies management, improves auditability, and ensures consistency. It prevents the need for each individual NF to be configured separately for interception tasks, which is vital in a dynamic, cloud-native 5G environment where NFs can be instantiated and scaled elastically. The LIPF interacts with the Lawful Interception Function (LIF), which handles the secure delivery of intercepted data to the collection function. By managing the 'what' and 'who' of interception, the LIPF allows the I-NFs to focus on the 'how'—the actual technical implementation of intercepting the specified traffic or events for the provisioned targets.

Purpose & Motivation

The LIPF was created to address the challenges of implementing lawful interception in the 5G Core's service-based architecture (SBA). Previous 3GPP architectures had more monolithic network elements where LI configuration was often handled via proprietary or element-specific management interfaces. With 5G's decomposition into numerous, independently scalable Network Functions, manually provisioning interception parameters across dozens of potential NF instances became operationally complex, error-prone, and slow.

The motivation for standardizing the LIPF was to provide an automated, centralized, and standardized method for provisioning interception warrants. This solves the problem of consistency—ensuring all relevant NFs have the same, up-to-date information about interception targets. It also addresses the need for agility in cloud-native deployments, allowing new NF instances to automatically retrieve necessary LI configuration. The LIPF was driven by regulatory requirements that mandate efficient and reliable lawful interception capabilities, necessitating a modern architectural approach that matches the flexibility and distribution of 5G networks while maintaining strict compliance controls.

Key Features

  • Centralized repository and manager for lawful interception warrants
  • Provisions interception configuration to intercepting Network Functions (I-NFs)
  • Supports service-based interfaces for integration with 5G Core NFs
  • Manages target identities (SUPI, MSISDN), interception scope, and duration
  • Enables automated activation and deactivation of interception across the network
  • Enhances auditability and consistency of LI configuration

Evolution Across Releases

Rel-16 Initial

Introduced the LIPF as a new Network Function in the 5G system architecture. Defined its role in the lawful interception provisioning framework, specifying its interactions with the Lawful Interception Function (LIF) and other NFs. Established the initial service-based interfaces and procedures for distributing interception warrant data to consumer network functions.

TS 33.127TS 33.128

Defining Specifications

SpecificationTitle
TS 33.127 3GPP TR 33.127
TS 33.128 3GPP TR 33.128