MDF3

Mediation and Delivery Function 3

Security
Introduced in Rel-16
A security function for lawful interception and data retention. It mediates and delivers event-based data and records for retained data to law enforcement or other authorized entities, supporting post-event forensic analysis.

Description

The Mediation and Delivery Function 3 (MDF3) is a specialized security function within the 3GPP framework, defined alongside MDF2 for Lawful Interception (LI) and Data Retention (DR). While MDF2 handles real-time or near-real-time communication content and intercept-related information, MDF3 is specifically tasked with the mediation and delivery of retained data and event records. This includes data that network operators are legally required to retain for a certain period, such as call detail records (CDRs), location information, and other subscriber-related events, which are then provided to authorized entities like law enforcement agencies for investigative purposes. It operates on the HI4 interface.

Architecturally, MDF3 receives retained data or event records from network functions that generate this information, such as charging functions, policy control, or mobility management. In a 5G context, this could involve interactions with the Charging Function (CHF), Network Repository Function (NRF), or other NFs that log significant events. The MDF3 function collects, correlates, and formats these records into a standardized structure suitable for transmission and analysis. It then delivers this data to a designated entity, often called the Requesting Authority or a specific Data Retention system, via the standardized Handover Interface HI4. The process is typically triggered by a lawful request rather than being a continuous real-time stream.

How MDF3 works involves several key stages. First, it must be provisioned with the parameters for data retention, such as what data types to collect, retention periods, and target identities. Upon receiving a valid request (often via a separate administrative or legal interface), MDF3 queries or receives pushed data from the relevant source network functions. It performs mediation tasks including data validation, filtering based on the request criteria, aggregation of records related to a single subscriber or event, and conversion into a delivery format (e.g., a standardized XML schema). Finally, it securely transmits the data bundle to the requesting entity, ensuring integrity, confidentiality, and providing delivery receipts. MDF3 is crucial for enabling compliance with data retention laws, which require operators to store non-content data for potential future access by authorities, balancing investigative needs with data protection regulations.

Purpose & Motivation

MDF3 was created to formalize and standardize the delivery mechanism for retained data within the 3GPP lawful interception and data retention framework. Prior to its specification, the processes for providing retained data (like historical call records) to law enforcement were often operator-specific, proprietary, or lacked a clear standardized interface. This created inefficiencies for authorities investigating crimes that required historical data and complexities for operators interfacing with multiple agencies. MDF3 solves this by defining a clear, standardized function and interface (HI4) dedicated to this purpose.

The motivation stems from legal mandates in many jurisdictions that require telecommunications service providers to retain specific non-content data (e.g., who called whom, when, and from where) for a legislated period. As networks evolved to 5G with its Service-Based Architecture and network slicing, the sources and formats of this data became more diverse and complex. MDF3 provides a consistent mediation point that can collect data from new 5G network functions, handle the scale of data generated, and deliver it in a predictable format. It addresses the limitations of ad-hoc solutions by integrating data retention delivery into the overall 3GPP security architecture.

Furthermore, MDF3's separation from the real-time interception functions (MDF2) allows for optimized system design. Retained data delivery is typically less latency-sensitive but may involve querying large databases and processing bulk data. By having a dedicated function, network operators can scale and manage resources appropriately. Its introduction in Release 16 alongside MDF2 provided a comprehensive suite of mediation functions for all aspects of lawful access, ensuring 5G networks could meet both real-time interception and historical data retention obligations from day one.

Key Features

  • Mediates delivery of retained data and event records over the HI4 interface
  • Handles historical, non-content data like call detail records (CDRs) and location history
  • Interacts with network functions like CHF for collecting billing and event data
  • Formats data into standardized structures for authorized requesting entities
  • Supports query-based delivery triggered by lawful requests
  • Ensures secure and auditable transmission of retained subscriber information

Evolution Across Releases

Rel-16 Initial

Introduced as the dedicated function for mediating and delivering retained data. Defined its role, the HI4 interface, and its interactions within the 5G data retention architecture. Specified alongside MDF2 in TS 33.127 and TS 33.128 to complete the mediation framework for both interception and retention.

TS 33.127TS 33.128

Defining Specifications

SpecificationTitle
TS 33.127 3GPP TR 33.127
TS 33.128 3GPP TR 33.128