What is MDF3? Mediation and Delivery Function 3

Description

The Mediation and Delivery Function 3 (MDF3) is a specialized security function within the 3GPP framework, defined alongside MDF2 for Lawful Interception (LI) and Data Retention (DR). While MDF2 handles real-time or near-real-time communication content and intercept-related information, MDF3 is specifically tasked with the mediation and delivery of retained data and event records. This includes data that network operators are legally required to retain for a certain period, such as call detail records (CDRs), location information, and other subscriber-related events, which are then provided to authorized entities like law enforcement agencies for investigative purposes. It operates on the HI4 interface.

Architecturally, MDF3 receives retained data or event records from network functions that generate this information, such as charging functions, policy control, or mobility management. In a 5G context, this could involve interactions with the Charging Function (CHF), Network Repository Function (NRF), or other NFs that log significant events. The MDF3 function collects, correlates, and formats these records into a standardized structure suitable for transmission and analysis. It then delivers this data to a designated entity, often called the Requesting Authority or a specific Data Retention system, via the standardized Handover Interface HI4. The process is typically triggered by a lawful request rather than being a continuous real-time stream.

How MDF3 works involves several key stages. First, it must be provisioned with the parameters for data retention, such as what data types to collect, retention periods, and target identities. Upon receiving a valid request (often via a separate administrative or legal interface), MDF3 queries or receives pushed data from the relevant source network functions. It performs mediation tasks including data validation, filtering based on the request criteria, aggregation of records related to a single subscriber or event, and conversion into a delivery format (e.g., a standardized XML schema). Finally, it securely transmits the data bundle to the requesting entity, ensuring integrity, confidentiality, and providing delivery receipts. MDF3 is crucial for enabling compliance with data retention laws, which require operators to store non-content data for potential future access by authorities, balancing investigative needs with data protection regulations.

Purpose & Motivation

MDF3 was created to formalize and standardize the delivery mechanism for retained data within the 3GPP lawful interception and data retention framework. Prior to its specification, the processes for providing retained data (like historical call records) to law enforcement were often operator-specific, proprietary, or lacked a clear standardized interface. This created inefficiencies for authorities investigating crimes that required historical data and complexities for operators interfacing with multiple agencies. MDF3 solves this by defining a clear, standardized function and interface (HI4) dedicated to this purpose.

The motivation stems from legal mandates in many jurisdictions that require telecommunications service providers to retain specific non-content data (e.g., who called whom, when, and from where) for a legislated period. As networks evolved to 5G with its Service-Based Architecture and network slicing, the sources and formats of this data became more diverse and complex. MDF3 provides a consistent mediation point that can collect data from new 5G network functions, handle the scale of data generated, and deliver it in a predictable format. It addresses the limitations of ad-hoc solutions by integrating data retention delivery into the overall 3GPP security architecture.

Furthermore, MDF3's separation from the real-time interception functions (MDF2) allows for optimized system design. Retained data delivery is typically less latency-sensitive but may involve querying large databases and processing bulk data. By having a dedicated function, network operators can scale and manage resources appropriately. Its introduction in Release 16 alongside MDF2 provided a comprehensive suite of mediation functions for all aspects of lawful access, ensuring 5G networks could meet both real-time interception and historical data retention obligations from day one.

Classification

Related approaches

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (10 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Rel-15 3 changes

In Release 15, the MDF3 function was enhanced with specific procedures for initiating the interception of Content of Communication (CC). This included the introduction of detailed Stage 3 text for starting interception with a registered UE and with an established PDU session from MDF2. Furthermore, clarifications were provided on the derivation and delivery of location information via the MDF3.

Missing Stage 3 text - Start of Interception with registered UE from MDF2 TS 33.128CR0006
Missing stage 3 text - Start of Interception with established PDU session from MDF2 TS 33.128CR0007
Clarifications on the Location information derivation and delivery TS 33.128CR0020

Rel-16 1 change

In Release 16, the specification for the Mediation and Delivery Function 3 (MDF3) was updated to provide a clarification to the trigger for the delivery of Packet Data Session Reports (PDSR). This refinement specifically addressed the procedures governing how the MDF3 generates and forwards Content of Communication (CC) from the xCC received over the LI_X3 interface to the Law Enforcement Monitoring Facility via the LI_HI3 interface.

Clarification to trigger for PDSR Delivery TS 33.128CR0145

Rel-17 2 changes

In Release 17, the MDF3 function was enhanced with the addition of HeaderReporting options to the MediationDetails for Content of Communication (CC) delivery. Furthermore, the release provided clarification on procedures for ID Mapping Location Delivery, which involves the exchange of target identifiers and correlation information between MDF2 and MDF3 over the LI_MDF interface.

Clarification on ID Mapping Location Delivery TS 33.127CR0107
Addition of HeaderReporting options to MediationDetails TS 33.128CR0235

Rel-18 4 changes

In Release 18, the MDF3 function was updated with a clarified solution for the delivery of Rich Communication Services (RCS) Content of Communication from the CC-POI. The release also provided clarifications on the delivery of different services and the applicability of messaging service scoping for the MDF3. Furthermore, it included a correction for the LI_XQR interface, confirming that the delivery of an NCGI (Network Cell Global Identity) can be requested.

Solution for the delivery of RCS CC from the CC-POI in the RCS Server TS 33.128CR0608
Clarification on the delivery of different services and the applicability of messaging service scoping TS 33.128CR0606
LI_XQR Ongoing Association: Correction that delivery of NCGI can be requested TS 33.128CR0615
STIR/SHAKEN: Missing details in the MDF2 clause TS 33.128CR0392

Explore further

Broader topics and technologies where MDF3 plays a role.

Topics

Authentication (5G-AKA, EAP)MEC (Edge Computing)LTE / LTE-Advanced Policy & Charging 5G NR (New Radio)Lawful Intercept

Technologies

LTE 5G

Defining Specifications

3GPP specifications that define or reference MDF3, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

Specification	Title	Release
TS 33.127 vj50	Lawful Interception Architecture and Functions	Rel-19
TS 33.128 vj50	3GPP TS 33.128: Lawful Interception Protocols	Rel-19