LIPF

Lawful Interception Provisioning Function

Security →
Introduced in Rel-16

LIPF is the 5G core network function that provisions lawful interception configuration data to other Network Functions, centralizing the management of parameters like target identities for consistent enforcement.

Category
Security
Introduced
Rel-16
Where
Core Network › 5G Core
Specifications
2 specs
LIPF Description Purpose Detected Changes Specifications

Description

The Lawful Interception Provisioning Function (LIPF) is a standardized Network Function (NF) within the 5G Core (5GC) architecture, introduced as part of the enhanced lawful interception framework for 5G systems. Its primary role is to act as a centralized provisioning point for all lawful interception-related configuration data required by various intercepting Network Functions (I-NFs) and the Lawful Interception Function (LIF). The LIPF stores and manages interception warrants, which include details such as the target's identity (e.g., SUPI, MSISDN), the scope of interception (e.g., content of communications, intercept-related information), authorized agencies, and the duration of the interception order. It provides this information to other NFs upon request or via subscription/notification mechanisms.

Operationally, when a lawful interception request is authorized, the relevant administrative authority (e.g., the Law Enforcement Agency via the Lawful Interception Administration Function) provisions the interception warrant into the LIPF. The LIPF then distributes the necessary configuration to the appropriate network functions. For example, it may provision a target's identity to the Access and Mobility Management Function (AMF) to trigger interception when the target UE registers or establishes a session. It may also provision data to the Session Management Function (SMF), User Plane Function (UPF), or other NFs involved in monitoring content or collecting intercept-related information. The LIPF uses standardized service-based interfaces, likely based on HTTP/2, to communicate with consumer NFs, aligning with the 5GC's service-based architecture principles.

The LIPF plays a crucial role in separating the provisioning logic from the interception execution logic. This centralization simplifies management, improves auditability, and ensures consistency. It prevents the need for each individual NF to be configured separately for interception tasks, which is vital in a dynamic, cloud-native 5G environment where NFs can be instantiated and scaled elastically. The LIPF interacts with the Lawful Interception Function (LIF), which handles the secure delivery of intercepted data to the collection function. By managing the 'what' and 'who' of interception, the LIPF allows the I-NFs to focus on the 'how'—the actual technical implementation of intercepting the specified traffic or events for the provisioned targets.

Purpose & Motivation

The LIPF was created to address the challenges of implementing lawful interception in the 5G Core's service-based architecture (SBA). Previous 3GPP architectures had more monolithic network elements where LI configuration was often handled via proprietary or element-specific management interfaces. With 5G's decomposition into numerous, independently scalable Network Functions, manually provisioning interception parameters across dozens of potential NF instances became operationally complex, error-prone, and slow.

The motivation for standardizing the LIPF was to provide an automated, centralized, and standardized method for provisioning interception warrants. This solves the problem of consistency—ensuring all relevant NFs have the same, up-to-date information about interception targets. It also addresses the need for agility in cloud-native deployments, allowing new NF instances to automatically retrieve necessary LI configuration. The LIPF was driven by regulatory requirements that mandate efficient and reliable lawful interception capabilities, necessitating a modern architectural approach that matches the flexibility and distribution of 5G networks while maintaining strict compliance controls.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (41 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 7 changes

In Release 15, the LIPF's provisioning was extended to support triggering the start of interception for a target with an established PDU session and for a registered UE, addressing previously missing procedures. Furthermore, it introduced and clarified provisioning for interception scenarios involving in-bound roaming and specific UPF roles, namely anchor and branching UPFs. The release also added provisioning support for interception to begin based on the reporting of a SUCI (Subscription Concealed Identifier).

  • Missing trigger for the start of interception with established PDU session TS 33.128CR0004
  • Missing Stage 3 text - Start of Interception with registered UE from MDF2 TS 33.128CR0006
  • Missing stage 3 text - Start of Interception with established PDU session from MDF2 TS 33.128CR0007
  • In-bound roaming interception at anchor UPFs TS 33.128CR0010
  • Anchor UPF interception clarification TS 33.128CR0014
  • Branching UPF interception correction TS 33.128CR0015

+ 1 more changes

Rel-16 4 changes

In Release 16, the enhancements to the Lawful Interception Provisioning Function (LIPF) specifically addressed provisioning corrections and expansions for 5G network functions. This included corrections for provisioning the SMF over the LI_X interface and updates for provisioning interception at both the SMF and UPF. The release also introduced coverage for subscriber de-provisioning while under a warrant and made provisioning and deployment corrections for the CC-PAG function.

  • Coverage of subscriber de-provisioning while under a warrant TS 33.127CR0011
  • CC-PAG provisioning and deployment corrections TS 33.127CR0065
  • Correction on provisioning of SMF over LI_X TS 33.128CR0084
  • Update to Provisioning for LI at the SMF/UPF TS 33.128CR0140
Rel-17 9 changes

In Release 17, the LIPF saw enhancements including clarified provisioning for ID Association at the MME and updates for the start of interception with a registered UE record at the AMF. It also introduced provisioning logic for RCS Stage 3 and refined procedures for interception at the SMF+PGW-C, while ensuring only one Activate Task is sent to the BBIFF-C in HR LI scenarios.

  • IMS: Addressing the interception due to the application of special media TS 33.127CR0119
  • LIPF logic: new informative annex TS 33.128CR0199
  • RCS Stage 3 Provisioning TS 33.128CR0274
  • Clarification of ID Association Provisioning at the MME TS 33.128CR0164
  • Update to start of interception with registered UE record at the AMF TS 33.128CR0253
  • HR LI: Only one Activate Task to the BBIFF-C from LIPF TS 33.128CR0270

+ 3 more changes

Rel-18 10 changes

In Release 18, the LIPF received enhancements to its provisioning logic and scope, including updates to accommodate the STIR/SHAKEN framework within its diagrams and stage 3 descriptions. The release also introduced provisioning details for location-only reporting and clarified the provisioning of equivalent 4G and 5G target identifiers to the IRI-POI and CC-TF. Furthermore, it added capabilities for provisioning the start of interception records for RCS reporting and allowed provisioning limitations for specific APN/DNN in certain roaming interfaces.

  • Location Only Reporting Provisioning Details TS 33.128CR0422
  • Accommodate File Transfer Localization Function in the stage 3 provisioning clauses TS 33.128CR0547
  • Correction to the provisioning for location acquisition TS 33.128CR0560
  • Addition of Start of Interception Records for RCS reporting TS 33.128CR0610
  • STIR/SHAKEN: Enhancements to stage 3 LI descriptions (LI_X1 provisioning TS 33.128CR0385
  • LIPF logic diagram updates to include STIR/SHAKEN aspects TS 33.128CR0394

+ 4 more changes

Rel-19 11 changes

In Release 19, the Lawful Interception Provisioning Function (LIPF) was enhanced to support the provisioning of parameters for new services like 5G LAN (including VN Group) and to enable the LIPF to proxy information from the Lawful Interception Control Function (LICF). The release also included modifications for error handling when provisioning IRI Points of Interception in 5G, along with clarifications and alignment of provisioning details for functions like the MDF, IMS, and SMSF.

  • LI for 5G LAN parameter provisioning (VN Group) TS 33.127CR0253
  • LI for 5G LAN parameter provisioning (VN Group)(Stage 3) TS 33.128CR0681
  • Proxying Information from LICF via LIPF TS 33.127CR0260
  • Modifications on errors related to provisioning of IRI-POI in 5G DDNMF TS 33.128CR0724
  • Refactoring of MDF provisioning tables and X1 Extensions TS 33.128CR0747
  • Clarifications and consolidation of provisioning details TS 33.128CR0754

+ 5 more changes

Explore further

Broader topics and technologies where LIPF plays a role.

Topics
Authentication (5G-AKA, EAP)Service Based ArchitectureMEC (Edge Computing)Lawful InterceptSMS & Messaging5G Core (5GC)
Technologies
5G

Defining Specifications

3GPP specifications that define or reference LIPF, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 33.127 vj50 Lawful Interception Architecture and Functions Rel-19
TS 33.128 vj50 3GPP TS 33.128: Lawful Interception Protocols Rel-19