PCO

Processing Cross-check Organization

Other →
Introduced in Rel-5 Also in: Radio Access Network, Services

PCO is the framework for verifying the correctness of network processing functions, particularly for lawful interception, to ensure accurate and reliable data handling for compliance and auditability.

Category
Other
Introduced
Rel-5
Where
Core Network › Evolved Packet Core
Also touches
2 segments
Specifications
18 specs
PCO Description Purpose Related Detected Changes Specifications

Description

The Processing Cross-check Organization (PCO) is a conceptual and architectural framework defined within 3GPP specifications to ensure the integrity and correctness of processing functions, with a primary application in Lawful Interception (LI) systems. It operates by establishing mechanisms to verify that the processing of intercepted communication content and associated interception-related information (IRI) is performed accurately and without corruption or unauthorized modification. This involves cross-checking the output of processing functions against expected results or through redundant processing paths to detect errors or inconsistencies.

Architecturally, the PCO framework interfaces with key LI functional entities such as the Intercepting Control Element (ICE), which performs the actual interception within the network, and the Delivery Functions (DF2 and DF3), which handle the transport of intercepted data to the Law Enforcement Monitoring Facility (LEMF). The PCO may employ techniques like checksums, sequence numbers, cryptographic integrity protection, or comparison with duplicate processing streams to validate that data has been processed correctly from the point of interception through to delivery.

Its role in the network is primarily one of assurance and compliance. By providing a verifiable trail and validation of processing steps, the PCO helps network operators and authorities demonstrate that intercepted data is a true and accurate representation of the target's communications, which is a fundamental legal requirement for lawful interception. It addresses risks related to software bugs, hardware faults, or malicious tampering within the interception infrastructure.

Purpose & Motivation

The PCO was introduced to address the critical need for verifiable accuracy and reliability in lawful interception systems. As telecommunications networks became more complex and digital, ensuring that intercepted data remained intact and unaltered during processing became a significant technical and legal challenge. Legal frameworks worldwide mandate that intercepted evidence must be authentic and reliable to be admissible in court, necessitating technical mechanisms to prove the integrity of the interception process.

Prior to formalized concepts like PCO, reliance was placed on less systematic methods of ensuring processing integrity, which could be insufficient for rigorous legal scrutiny. The creation of the PCO framework within 3GPP standards provided a structured, standardized approach to this problem. It defines specific requirements and potential methods for cross-verification, enabling equipment vendors and network operators to implement solutions that meet stringent compliance demands. Its development was motivated by the evolving regulatory landscape and the need for international technical standards to support lawful interception across different jurisdictions and network technologies.

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (58 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-5, normative work from Rel-15.

Rel-15 8 changes

In Release 15, the PCO function was enhanced to support P-CSCF failure detection and restoration procedures, including a mechanism for the network to provide a new list of P-CSCF addresses or a P-CSCF failure indicator to UEs via bearer modification. This introduced a specific UE capability indication (P-CSCF Re-selection support) within the PCO and defined the propagation of restoration indications via interfaces like S6b for WLAN access.

  • TFT checking and error handling in WLCP bearer setup and modify procedures TS 24.244CR0051
  • Checking emergency for stopping the back-off timer TS 24.301CR3077
  • Setting and checking 5GS update status TS 24.501CR0007
  • Corrections for MTU PCO parameters handling TS 24.501CR0374
  • Excluding mobility procedures from ODAC access control checks TS 24.501CR0467
  • UAC - providing access identities for barring checks of AS triggered access attempts TS 24.501CR0577

+ 2 more changes

Rel-16 15 changes

In Release 16, the PCO function was enhanced to support a new P-CSCF restoration mechanism, allowing the network to update UEs with a new list of P-CSCF addresses upon a failure. This introduced a specific UE capability indication for "P-CSCF Re-selection support" within the PCO parameter and defined the procedures for PGW-initiated bearer modification to convey a P-CSCF failure Indicator. Additionally, the mechanisms were extended to handle PCO-based updates for UEs connected over WLAN access via the TWAN.

  • Usage of ACS information PCO parameter TS 24.501CR0938
  • Correction to TFT check TS 24.301CR3149
  • Correction to TFT check TS 24.501CR0787
  • Correction to the checks on QoS rule operations - R16 TS 24.501CR0968
  • Handling of multiple QoS rule/flow parameters included in one PCO/ePCO TS 24.501CR1239
  • Clarification on error check for QoS rules TS 24.501CR1295

+ 9 more changes

Rel-17 22 changes

In Release 17, key enhancements to the PCO function included the introduction of a P-CSCF failure indicator within the PCO IE to notify UEs of a P-CSCF failure, alongside mechanisms for providing an updated list of P-CSCF addresses. The release also defined the UE's capability to indicate support for the "Update PDP context/bearer at P-CSCF failure" mechanism via a specific PCO parameter during IMS PDN connection activation. Furthermore, procedures were specified for P-CSCF restoration indications to be sent to the PGW/GGSN over interfaces like S6b to trigger bearer updates.

  • Adding the SOR security check criterion to the SOR-CMCI TS 24.501CR3702
  • EDC related PCO parameters usage TS 24.501CR3848
  • Processing Authentication Reject only if timer T3416 or T3418 or T3420 is running TS 24.301CR3576
  • QoS error checks for unstructured PDU session type TS 24.501CR2448
  • Uplink data status IE in CPSR after integrity check failure TS 24.501CR2662
  • Correction in the AUSF operation in terms of checking the presence of the AT_RESULT_IND attribute in the EAP-response/AKA'-challenge message TS 24.501CR2735

+ 16 more changes

Rel-18 9 changes

In Release 18, the PCO function was enhanced with new procedures for P-CSCF restoration and failure handling, including the introduction of a P-CSCF failure indicator within the PCO and a mechanism for the network to send updated P-CSCF address lists to UEs. The release also specified UE capability signaling for this restoration feature via a specific PCO parameter and defined error handling for syntactical errors in PCO during QoS operations. Furthermore, clarifications and cleanup were made regarding parameter naming and the inclusion of specific support indicators within the PCO information element.

  • Resolving the EN related to the inclusion of SDNAEPC support indicator in the PCO or the ePCO TS 24.301CR3871
  • Remove description on inclusion of ATSSS response in (e)PCO TS 24.301CR3890
  • Cleanup of PCO parameters naming TS 24.301CR3889
  • Check the match-all packet filter in QoS rule TS 24.501CR4460
  • QoS error checks for unstructured PDU session type in PCO TS 24.501CR4462
  • Correction to QoS rule error checking operation. TS 24.501CR4489

+ 3 more changes

Rel-19 4 changes

In Release 19, the PCO function was enhanced to enable the P-CSCF to trigger network function failure checking and recovery procedures in the EPC/5GC, such as upon an SMF/PGW-C restart. Furthermore, mechanisms for EPC/5GC health checks and recovery were introduced specifically for IMS terminating call scenarios. These updates build upon the existing PCO-based P-CSCF restoration and address list update procedures.

  • P-CSCF triggering SMF/PGW-C failure checking TS 23.380CR0129
  • EPC/5GC health check and recovery upon IMS Terminating Call TS 23.380CR0134
  • Correction to ATSSS request PCO parameter TS 24.193CR0233
  • Alternative-2 for avoiding two unified access control checks for non-emergency communication with IMS over NG-RAN connected to 5GCN - 24.501 TS 24.501CR6560

Explore further

Broader topics and technologies where PCO plays a role.

Topics
SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)Encryption & IntegrityMEC (Edge Computing)LTE / LTE-AdvancedLawful Intercept
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference PCO, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.380 vj10 IMS Restoration Procedures Rel-19
TR 23.979 vj00 PoC over 3GPP Systems Architectural Requirements Rel-19
TR 23.981 vj00 IPv4 IMS Interworking and Migration Study Rel-19
TS 24.193 vj50 ATSSS Procedures Specification Rel-19
TS 24.229 vj50 IMS call control protocol based on SIP and SDP Rel-19
TS 24.244 vj00 Wireless LAN Control Plane Protocol Rel-19
TS 24.301 vj60 NAS protocol for Evolved Packet System Rel-19
TS 24.302 vj00 Access to EPC via non-3GPP networks; Stage 3 Rel-19
TS 24.501 vj50 5G NAS Protocols Specification Rel-19
TR 26.996 vj00 ISAR Split Rendering Audio Characterization Rel-19
TS 29.061 vj00 Packet Domain Interworking for PLMN Rel-19
TS 29.274 vj50 GTPv2-C Control Plane Protocol Specification Rel-19
TS 29.806 vc10 P-CSCF Restoration Analysis & Solutions Rel-12
TS 29.826 vd10 P-CSCF Restoration Enhancements for WLAN Rel-13
TR 33.739 vi10 Study on security enhancement of support for Rel-18
TS 36.305 vj00 UE Positioning in E-UTRAN Stage 2 Rel-19
TS 38.305 vj00 NG-RAN UE Positioning Stage 2 Rel-19
TR 38.859 vi10 Technical Report Rel-18