Professional Documents
Culture Documents
Ares(2017)4775177 - 30/09/2017
30/09/2017
DOCUMENT CONTROL DATA:
Version: 1.0
Nature: Report
Dissemination level: PU
This project has received funding from the European Union’s Horizon 2020
research and innovation programme under grant agreement No 653337.
DISCLOSURE STATEMENT
No part of this document may be used, reproduced and/or disclosed in any form or by any
means without the prior written permission of the NEXES Consortium.
DISCLAIMER
The NEXES Research and Innovation Action aims to research, test and validate the
promising integration of IP-based communication technologies and interoperability into the
next generation emergency services, so that they attain increased effectiveness and
performance. Empowered by smartphones with cameras, messaging and internet-based
applications connecting to social media, citizens expect emergency services to use the
same technologies. However, this is not the case.
NEXES innovates the approach to the dynamics between emergency services and citizens,
allowing (i) the use of total conversation capabilities in emergencies, including social media,
to the benefit of citizens, including those with disability or special needs (ii) the exploitation
of improved location information to rapidly and effectively identify and locate the caller and
the incident site and (iii) the leverage of Internet-enabled connectivity to enhance
interoperability and shared awareness among emergency services, to the benefit of a more
secure society.
The NEXES Consortium gathers world-class European entities, well experienced in the
research and development of innovative solutions for communications and emergency
products and solutions. The NEXES Team presents extensive background knowledge and
in-house solutions to adapt, test and validate in NEXES’s open Testing Regime and
Validation Framework, ensuring solid results are achieved to produce relevant
Recommendations and contributions to Europe’s standardisation effort on emergency
services. To leverage related dissemination and market exploitation activities, the NEXES
System, Apps and its operational benefits are demonstrated in three realistic pilots to end-
users and stakeholders. In fact, end-users’ involvement, directly ensured by NEXES
Partners and indirectly by invited Advisors, is a key contributor to guarantee NEXES’s
operational validity as a reference implementation system for next generation emergency
services.
2 INTRODUCTION .............................................................................................................. 9
2.1 DELIVERABLE’S PURPOSE ............................................................................................ 10
2.2 DELIVERABLE’S CONTEXT ............................................................................................ 10
2.3 APPLIED METHODOLOGY ............................................................................................. 11
2.4 KEY CONCEPTS .......................................................................................................... 12
6 CONCLUSION................................................................................................................ 46
7 BIBLIOGRAPHICAL REFERENCES ............................................................................. 47
8 ACRONYMS AND DEFINITIONS .................................................................................. 49
9 ANNEX ........................................................................................................................... 54
9.1 MAPPING THE NEXES SYSTEM REQUIREMENTS TO THE IMS COMPONENTS ................... 54
LIST OF FIGURES
The NEXES IMS component is based on the IMS subcomponents defined under the 3GPP /
ETSI standards: 3GPP TS 24.229 [1], 3GPP TR 23.869 [2] and RFC 3261 [3]. The
implementation has then been adapted or particularised for the NEXES System, in order to
enable more advanced functionalities than the mere standard Voice-over-Long Term
Evolution (VoLTE) or Voice-over-WiFi (VoWiFi) emergency calling. Within NEXES, the IMS
becomes open to integration to known emergency applications that will be able to achieve
both Total Conversation and Enhanced Location capabilities. In this respect, the NEXES
IMS is adapted to support Session Initiation Protocol (SIP) messages manipulation,
authentication with third-party applications and zero rating for emergency messages over
the operator’s network who owns the IMS. In addition, the NEXES IMS allows integration
with smart devices (e.g. Machine to Machine or M2M SIP-enabled platforms) and eCall
platforms.
Although countries with deployed IMS implementations still fall back to circuit-switched
networks to handle emergency calls today, the NEXES IMS serves as a beacon of support
and guideline to ensure that emergency calls applying VoLTE, VoWiFi and Video-over-LTE
(ViLTE) do reach next generation Public Safety Answering Points (PSAPs) and enable
emergency services to benefit from the full advantages brought by next generation
networks.
As an integral part of the NEXES System, the IMS component allows for the adoption of
cutting edge technology to drive the advancement of communications between citizens
and emergency services. As a reference implementation of next generation emergency
services, NEXES brings about the conditions for the successful adoption of IMS as a key
enabler to next generation emergency services and the exploitation of the numerous
opportunities delivered by advanced IP-enabled information and communication
technologies.
As part of the NEXES Core, the IMS component is deployed within the Public
Communication Networks architectural domain, implementing full IP communication,
enabling the delivery of fast and reliable IP multimedia services and taking full advantage of
SIP technologies’ implementation for emergency calling. Adopting the IMS component,
NEXES embodies a new concept that envisions the interconnection between the IMS and
next generation PSAP systems to support next generation emergency services
enhancements.
A result of the NEXES RIA Task 3.4 – “The NEXES IMS”, this report presents the
development and integration process of the IMS core component within the NEXES
System, as it enables the enriched SIP communication for both native and OTT emergency
calls.
Task 3.4 – “The NEXES IMS” is a part of Work Package 3 – The NEXES Core, a work
package dedicated to the definition of the NEXES System requirements and architecture
specifications, including the design and development of the functional and logical
components and interfaces related with the telecommunications infrastructure and the
emergency network.
Presenting the main achievements and results of Task 3.4 activities, this deliverable
describes in detail the development and integration effort of the network adaptations
required to enable IMS functionality, namely the integration with OTT applications, the
support to enhanced location and the adoption of the Pan European Specifications for
Emergency Apps (PESEA) to achieve interwork with the Pan European Mobile Emergency
Applications (PEMEA) network.
The overall aim of the NEXES RIA is to attain a universal, democratic and inclusive
emergency service, improving the ability of emergency services to respond to emergencies,
Providing specific features and practical implementation guidelines associated with the
adoption of the IMS component by next generation communication networks to support
emergency calling, deliverable D3.4 – The NEXES IMS Architecture outlines the major
architectural adaptations required to achieve the key innovations envisaged in NEXES.
The work performed in Task 3.4 – The NEXES IMS is mostly of a technical nature: the
design and implementation of the NEXES IMS component based on the NEXES System
Requirements established in deliverable D3.1 – NEXES System Requirements and
Architecture Specification.
Aside the system requirements defined as a result of Task 3.1 – System Requirements and
High-Level Architecture, deliverable D3.4 – NEXES IMS Architecture also benefits from
valuable inputs from the deliverables that describe NEXES components interacting with the
NEXES IMS (the deliverables D3.2 – Adaptation of Public Communications Networks, D3.3
– NEXES Advanced Location Capabilities and D3.5 – NEXES Gateways) and also from the
deliverables correlated from a technology point of view, considering security (D3.6 – NEXES
Security Recommendations), Applications (D4.1 – Overview of NEXES App Framework for
Pan-European Next Generation Emergency Services and D4.2 – Emergency App API) and
PSAP connectivity (D5.1 – Next Generation PSAP Systems) aspects.
Moreover, the NEXES IMS component complies and is aligned with all the applicable
standards and protocols of the European Telecommunications Standards Institute (ETSI),
the International Telecommunication Union (ITU), the 3rd Generation Partnership Project
(3GPP) and the Internet Engineering Task Force (IETF).
The following figure depicts the process flow adopted in the applied methodology for
executing Task 3.4 activities.
Architectural Concepts
Scalability Scalability is the capability ensuring systems are able to withstand a very large
number of users.
Redundancy Redundancy is the capability to duplicate critical components or functions of a
system with the intention of increasing its reliability.
Resilience Resilience is the capability to provide and maintain the system’s acceptable level
of service in the face of faults and challenges to normal operation.
Extensibility Extensibility is the capability enabling future applications to use NEXES concepts,
extend and enhance them.
NEXES Components
PSAP Public Safety Answering Point is the call centre that takes emergency calls.
ERO Emergency Response Organisations are responsible for dispatching responders to
the incident area upon the reception of information from the PSAP or the caller.
FR First Responders are the first emergency service members (paramedics,
firefighters, police officers) at the incident scene.
The IMS is a modular and standardised subsystem allowing the addition of new protocols
and communications technologies to a system. The NEXES IMS is based on existing off-
the-shelf components owned by ORO, abiding to 3GPP standards (revision 11 or above),
extended to support the NEXES implementation of next generation emergency services
(e.g., PSAP routing and user data payload).
The IMS is usually deployed by mobile operators to allow the offering of multimedia
services over IP connectivity. Therefore, its primary use is to enable regular multimedia calls
to be charged according to the client’s subscription. However, the IMS also has the
capability to support dedicated functions for emergency services. In this context, the main
services enabled by the IMS component are the VoLTE and VoWiFi emergency call services
that are natively supported by smartphones. As illustrated in the image below, the
dedicated emergency calls handling is performed by the Emergency - Call Session Control
Function (E-CSCF) within the IMS.
PSAP2
P/S/E-CSCF
4G network Legacy
Native PGW PSAP1
calling LRF/
Wi-Fi network LPG
RDF
Legacy
HSS PSAP2
In the 3GPP standardisation, several high-level design proposals address the retrieval of
user location for advanced routing to the right PSAP but it is missing the specific actions to
enable such performance. In this deliverable, it is included the approach followed in NEXES
to support that next generation capability.
Both communication methods have been addressed in Task 3.4 as the work to integrate
the IMS core component in NEXES unfolded.
This section describes the integration of the IMS component in NEXES, considering the
interrelation with the specific components of the access part and of the NEXES core.
In native calling, the device’s operating system handles the registration and call generation
processes. Authentication is attained through the SIM credentials (to which only the
operating system has access) and the emergency call generation is performed by pressing
the native call button. The selection of the access to be used for the emergency call is
executed by the operating system based on a set of rules determined by the network’s
nature: legacy (circuit switched 2G/3G) or next generation (IP-based 4G/WiFi).
For VoLTE and VoWiFi interconnection, the device communicates with the IP address
received from the Packet Data Network Gateway (PGW) after the authentication done with
the HSS. The PGW is an anchoring gateway enabling mobility between accesses.
The IMS component uses the Policy and Charging Rules Function (PCRF) to trigger a
dedicated bearer when the emergency call is placed, so resources needed for the call are
guaranteed in an end-to-end LTE access network.
From the IMS perspective, the interconnection with the PSAP system can be accomplished
through two types of network technologies: either the IP network for SIP communication
with next generation PSAPs or a Signalling System No. 7 (SS7) network for communication
with legacy PSAPs. Both interconnection processes use standardised interfaces based on
ITU-T, 3GPP and IETF technical specifications. Within NEXES, namely within the NEXES
IMS component, there are no non-standard implementations or proprietary use of optional
parameters, including with respect to the interconnection with external PSAPs.
The following table depicts the two technologies used to interconnect ESINet and the PSAP
system in NEXES:
The following image represents the NEXES IMS architecture as implemented for the
Romanian emergency services, which uses a legacy PSAP.
The Call Session Control Function (CSCF) is the central network element of the IMS
component and provides the functionality of a multimedia session controller, supporting the
device’s registration (includes the authentication process; the primary authentication
method is the IMS Authentication and Key Agreement or IMS-AKA but is also supports
The CSCF is defined to play three different roles that may be co-located in the same node
or in separate nodes connected through the Mw interface, and all are involved in the UE-
related SIP signalling transactions. In the NEXES IMS solution, the CSCF element co-
locates logically the different IMS roles:
The CSCF supports the reference points and protocols listed in the following table:
The Proxy CSCF (P-CSCF) is the first contact point of the IMS component that the UE
interacts with, and it is responsible for all functions related to controlling the IP connectivity
layer. The P-CSCF performs the SIP signalling compression and decompression, the IMS
Authentication and Key Agreement (AKA) and the Transport Layer Security (TLS) integrity
and confidentiality protection. The P-CSCF also provides the Access Border Control
Function (A-BCF) for Network Address Translation (NAT), IP version conversion and pin
holing at the network border. In addition, the P-CSCF is responsible for the identification of
emergency calls.
The P-CSCF is typically located in the same network as the Evolved Packet System (EPS).
Nevertheless, a so-called Local Breakout concept may be set to allow the P-CSCF to
remain in the home network, while the Policy Charging and Rules Function (PCRF) remains
in the visited network and may be used.
The Interrogating CSCF (I-CSCF) is the network entry point in the IMS home network and
it is located at the border of the home network. It is responsible for finding out the UE’s
registration status, and either assigning a new S-CSCF or routing to the right existing S-
CSCF. The request may come from Proxy CSCF (P-CSCF), from other multimedia networks
or from Circuit Switched (CS) networks through the Media Gateway Control Function
(MGCF).
The I-CSCF interrogates the HSS for information that enables the call to be directed to the
Serving CSCF. The I-CSCF provides the call gateway and addresses call handling
functions, although it is not involved in mobile-originated communications.
The I-CSCF queries Domain Name System (DNS) servers to obtain the HSS address. Then,
either a S-CSCF is selected from the S-CSCF list configured at the I-CSCF, according to
the capabilities required for the subscriber, or the S-CSCF name returned by the HSS is
used. A subsequent DNS query resolves the S-CSCF name(s) to IP address(es). Preferably,
the elected S-CSCF is located on the same node to avoid NE interconnection.
The Serving CSCF (S-CSCF) is located in the user’s home network and it maintains the
user’s registration and session. At registration, the S-CSCF interfaces with the HSS to
receive the subscription profile, including authentication information, and it authenticates
the UE. For the service sessions, the S-CSCF signals with the UE through the other CSCFs.
It also carries the main responsibility for controlling the interworking elements. The S-CSCF
may also need to interact with MGCF for interworking with CS networks, or with other
multimedia networks for UE requested services.
The S-CSCF queries DNS servers to obtain the HSS address. When a new subscriber is
registering, the S-CSCF loads the appropriate subscriber profile from the HSS and
searches for a suitable application server with the Fully Qualified Domain Name (FQDN) that
is translated using DNS.
The I-CSCF selects an S-CSCF based on its capability, priority and weight. To configure
the S-CSCF selection, in the parameter table “Table of S-CSCF SIP URIs and Capabilities”,
• The value of the parameter “S-CSCF URI” denotes the URI of the S-CSCF containing
either a dedicated name or an IP. Dedicated S-CSCF names require a DNS
configuration that directly resolves to IP-addresses;
• The value of the parameter “S-CSCF Capabilities” denotes a number that is assigned to
the different S-CSCFs. These numbers can, for example, represent specific capabilities
of the respective S-CSCF or the desired preference of usage;
• The value of the parameter “S-CSCF Priority” controls the S-CSCF selection within a
set of S-CSCFs having equal capabilities. It is a number ranging from 0 to 999 where 0
has the highest priority and 999 the lowest. Value 0 has a special meaning and is
reserved for migrating from an old S-CSCF to a new S-CSCF. An S-CSCF that has
priority 0 is preferred when the HSS returns capabilities but it is ignored during S-CSCF
re-selection;
• The value of the parameter “S-CSCF Weight” controls the S-CSCF selection within a
set of S-CSCFs having equal capabilities and equal priority. It is a number ranging from
1 to 65535. If all required mandatory capabilities, same number of required optional
capabilities and same priority of two or more S-CSCFs match, the I-CSCF considers the
value configured for the parameter “S-CSCF Weight” between the equivalent S-CSCFs
in the S-CSCF list.
The I-CSCF selects one best S-CSCF every time and tries it. If the selected S-CSCF is
unavailable, the I-CSCF tries the next best S-CSCF from the remaining list of S-CSCFs. The
parameter “S-CSCF Weight” is considered only if there are several S-CSCFs, which are
equally suitable according to the capabilities and priority of the S-CSCFs.
The Emergency CSCF (E-CSCF) is the server co-located with other CSCF functions (P/S/I)
and provides the emergency calling routing capability. The E-CSCF is responsible for all the
emergency calls the P-CSCF detects, based on a pre-configured list of emergency
numbers. The E-CSCF serves emergency sessions for both registered and unregistered
subscribers.
The E-CSCF function is enabled using a stateless Proxy SIP Server, which supports two
functions requiring location information and routing.
In the following scheme, it is depicted the emergency call flow that is routed by the E-CSCF
to the right PSAP.
Cell-ID
DB RDF
HSS
Sh querry
NPLI LRF
MME
PCRF
EATF
• The MI – interface between the LRF and the E-CSCF, based on the SIP IP multimedia
Service Control (ISC);
• The I4 – interface between the E-CSCF and the Emergency Access Transfer Function
(EATF) to allow hand-over for emergency calls;
• The I5 – interface between the I-CSCF and the EATF to allow the I-CSCF to connect to
the Single Radio Voice Call Continuity (SRVCC) - Mobile Softswitch (MSS) / Media
Gateway Control Function (MGCF).
The Border Gateway (BGW) or the Session Border Controller (SBC) has multiple roles in the
IMS component, for it provides security, quality of service, connectivity, media stream,
statistics and billing functionalities.
The SBC function consists of a Border Control Function (BCF) and a Border Gateway
Function (BGF). The BCF handles the SIP signalling and controls the BGF, whereas the
BGF is the enforcement point for the bearer traffic – it allows only accepted bearer flows to
pass and it ensures that the flows do not exceed its allowed bandwidth. The SBC is
typically applied in VoIP networks on the border between the VoIP access network and the
core network. In a decomposed SBC model, the BCF that is signalling is logically and
physically separated from the BGF that is handling the media traffic. The BCF and BGF
units are then connected by a standard based H.248 control interface. The BGW
implemented for the NEXES IMS incorporates a decomposed SBC:
• A-BCF
• IMS-ALG
• ATCF
P-CSCF/
BGCF
S-CSCF /
Gm Mw
I-CSCF
SIP SIP
Iq H.248
BGW
Mb Mb MGW/
(RTP/MSRP) MRFP
In the NEXES IMS solution, the BCF is implemented in the CSCF which controls the BGW
accomplishing the BGF. The BGF is a media traffic handling function responsible for media
(Real Time Protocol or RTP, Message Session Relay Protocol or MSRP) and transport
protocols (Transmission Control Protocol or TCP, User Datagram Protocol or UDP), media
payload (IR.92, IR.94, Rich Communication Suite or RCS) and IP address (IPv4, IPv6)
In the decomposed IMS border control solution, the CSCF and the BGW, connected
through the Iq/Ix H.248 interface, ensure the delivery of all IMS services to any device via
any IP access. In addition, the IMS Border Control solution protects both the IMS core
network and the users from a wide range of attacks; it enforces the Service Level
Agreement (SLA) and fulfils regulatory requirements such as lawful interception for all
services and media types.
In the IMS Border Control solution, the Access Transfer Control Function (ATCF), the BCF,
and also the P-CSCF are co-located in the CSCF element, while the Access Transfer
Gateway (ATGW), the Border Gateway Function (BGF), as well as the Transition Gateway
(TrGW) functions are implemented by the BGW. The ATCF and ATGW functional entities are
connected through the Iq H.248 interface and will be supported in the next IMS release.
The Electronic Number Mapping System (ENUM) server’s functionality is defined as the
mapping of “Telephone Numbers” to “Uniform Resource Identifiers” (URIs) using the
Domain Name System (DNS) in the domain e164.arpa. Defined by IETF in RFC3761 [7], the
ENUM is an application of DNS to map internet addresses (URIs) associated to E.164
numbers. Each E.164 number is mapped to a globally unique name. Its role is relevant for
the IMS component for it:
The ENUM cluster consists of one primary (Master) and three secondary (Slave) servers, as
shown in the next figure:
ENUM (2 units)
DNS
DNS
DN
S
DN
CSCF TAS
Redundancy ensures that, in emergency cases, either the ENUM server with the master
copy or the ENUM server with the slave copy of the zone compensates the outage of the
broken ENUM server. In case of an outage of a ENUM Server, there is the:
• Storing of provisioning requests to a zone on the ENUM server holding the slave copies
and the processing of these requests when the master copy of the zone is online again;
• Recovery of the ENUM server after the outage, updated according to changes during
the outage period.
A ENUM server entry is required for every IMS subscription to ensure that IMS routing
principles work correctly. It is also required that the provisioning solution, while inserting
appropriate data into the HSS, is also able to provision the ENUM database.
The ENUM converts an E.164 number to the so-called ARPA format that gives a globally
unique name to the Naming Authority Pointer Resource Record (NAPTR). NAPTR records
are used to store ENUM information. Based on this information, the E.164 telephone
number is mapped to a URI in the Internet. The following table provides a ENUM record
example created at the ENUM server.
The IMS HTTP-Enabled Location Delivery (HELD) interworking function has been developed
to solve the need to interface the NEXES IMS component with the NEXES Location Server.
The OTT SIP emergency call reaches the IMS and then is routed towards the IMS-HELD
interworking function based on the URI (domain included). The IMS-HELD interworking
function retrieves the information from the SIP INVITE and performs a HELD request
towards the Location Information Server (LIS). The interface between the IMS-HELD
interworking function and the LIS uses the HELD Protocol (RFC 5985) [8].
For the emergency call to be properly handled from a routing perspective, there is a need
for a Location Retrieval Function (LRF) within the network. The LRF is performed by a
server that retrieves the user’s location information from the operator’s network and inserts
it in a well-known/common format in order for the call to be routed according to the user’s
location. The location information retrieved is called Network Provided Location Information
(NPLI) and it is the most reliable location information to be used for routing an emergency
call to the right PSAP.
The network elements that can be queried by the LRF are the HSS through the Sh Diameter
interface and the Home Location Register (HLR) through the Message Application Part
(MAP) interface. In the current NEXES IMS implementation, the MAP interface is the one
used.
The dedicated field for the location information in SIP signalling is the P-Access-Network-
Info (PANI) header. The network-provided location information and the user-provided
location information may both be kept in the SIP signalling, with the NPLI also displaying a
“;np” parameter at the end of the PANI header, as shown below:
The LPG is composed of a Media Gateway Control Function (MGCF) and a Media Gateway
(MGW), entities that are responsible for the interconnection of the “IMS world” to outer
telecommunication worlds, including legacy PSAPs.
The MGCF maps the SIP signalling to the ISDN User Part (ISUP) or the Bearer-Independent
Call Control (BICC) signalling in order to connect to outer elements of telecommunication
networks. The MGCF performs controlling and routing (Control Plane) using SIP and ISUP
signalling while the MGW represents the User Plane part (the payload from the user
towards the network).
From an IMS perspective, the LPG Interworking Function represents a SIP endpoint that
performs call control and protocol conversion and controls the resources in a MGW
through an H.248 interface. Sometimes, the MGCF also plays the role of a Public Switched
Telephone Network (PSTN) Gateway, when it interfaces with the PSTN circuit-switched
core network where legacy PSAPs are connected.
The MGW is the equipment that handles the Real Time Protocol (RTP) stream (voice, video)
by converting it into Pulse Code Modulation (PCM). The MGW interfaces with CS networks
through the media plane.
The MGCF and the MGW are deployed in a redundant and geographical configuration so
that any emergency call can reach any PSAP, no matter the user’s location. Regarding the
user’s location, it is used in a dedicated field in the ISUP/BICC signalling and converted
from the location information retrieved from the network by the LRF. This field is interpreted
by the PSAP using the agreed mechanism: the location information is included in the called
party number and it contains the prefix, that is, the number designated for emergency to
enable the call’s routing to the PSAP, as well as some discriminators (to identify the service
The registration and authentication processes in the IMS for a VoLTE/VoWiFi subscriber is
accomplished by applying different mechanisms and algorithms. The servers used are the
P-CSCF, the S-CSCF, the I-CSCF, the E-CSCF and the HSS. In the NEXES IMS, the
standard authentication method uses the IMS-AKA/md5 digest, but other methods (HTTP
digest, TLS-based HTTP digest) may also be used. The IMS-AKA represents the standard
security protocol used in the IMS and it enables to establish both the encryption - the Triple
Data Encryption Algorithm (3DES) or the Advanced Encryption Standard Cipher Algorithm
in Cipher Block Chaining (AES-CBC) - and the integrity - (the keyed-Hash Message
Authentication Code MD5 (HMAC-MD5) or the HMAC-SHA-1) - keys.
All permanent or temporary subscriber-relevant data that corresponds to the individual IMS
subscription is centrally stored in the Home Subscriber Server (HSS). The HSS front-end
interacts with the subscriber repository (database) providing the IMS subscriber data to the
requesting network elements (S-CSCF).
To obtain access to the IMS platform, the user must first register successfully with one IMS
Public User Identity (IMPU) or a SIP URI, using the defined authentication mechanism. The
IMPU could be the phone number in a SIP format or the user’s International Mobile
Subscriber Identity (IMSI) in a SIP format. An example of the IMPU would be:
<IMSI>@ims.mnc010.mcc226.3gppnetwork.org
sip:+40744859865@ims.mnc010.mcc226.3gppnetwork.org
Or
sip: 466976789012345@ims.mnc010.mcc226.3gppnetwork.org
After the S-CSCF sends the SIP 401 Unauthorised message accompanied by four of the
five parameters making-up the AV to I-CSCF, which forwards the message to the P-CSCF.
Again, the P-CSCF forwards the message to the user with only two parameters, the RAND
and the AUTN. Since the terminal has the same secret key to the corresponding HSS, the
Then, the I-CSCF forwards the registration message with the RES to S-CSCF and the S-
CSCF sends a Server-Assignment-Request (SAR) Diameter message to the HSS that
replies with a Server-Assignment-Answer (SAA) message. If the RES parameter sent by the
user is equal to eXpected authentication RESult (XRES), calculated by the HSS during the
first registration attempt, then the HSS authenticates the user by means of the Diameter
SAA message. Finally, the S-CSCF sends a SIP 200 OK message to the P-CSCF, which
forwards it to the user.
For the registration and authentication of OTT calls, the user profile located in the HSS
must contain all information related to the OTT subscriber: the SIP URI, the domain, the
specific profile (language, user type, application server identity).
The registration flow is similar to the one provided in the previous section and the SIP
message flow is also the same (REGISTER, 401 Unauthorised, second REGISTER and 200
OK). However, since the device does not have a SIM card (providing the ISIM or the
Universal Subscriber Identity Module or USIM capability), another type of authentication is
required. There are multiple methods to authenticate OTT Applications. According to the
NEXES Security Recommendations, the NEXES IMS implements the digest access
authentication, specified by RFC 2069, later replaced by RFC 2617 [9], an agreed-upon
method that a web server may use to negotiate credentials, such as username or
password, with a user's web browser or Application.
The digest access authentication method confirms the identity of a user before sending
sensitive information, such as personal information, performing sensitive functions (online
banking transactions). The method applies a hash function to the username and password
before sending them over the IP network. Technically, the digest authentication is an
application of MD5 cryptographic hashing with usage of nonce values to prevent replay
attacks and it uses the HTTP protocol. The authentication response is formed as follows:
For VoLTE/VoWiFi emergency calls, the IMS emergency call was introduced in the 3GPP
Rel 9. Emergency Call Handling for native calling allows the P-CSCF to detect emergency
calls identified via pre-configured emergency numbers and to route such requests to a E-
CSCF. The P-CSCF supports the e2 interface towards the Connectivity Location Function
(CLF) and the Mw interface towards an E-CSCF. Since emergency call handling is required
by regulatory authorities, the CSCF enables the operator’s network to comply with the legal
requirements and to serve the VoLTE and VoWiFi subscribers in an efficient manner in case
of an emergency.
The Emergency Registration and the Emergency Call Handling service is provided,
including the support of the location information in the Cell_ID or Segment_ID parameters
carried in the SIP PANI header. The PANI header may include one of two types of location
information:
When initiating an emergency call, after the successful emergency registration, the user
sends a SIP INVITE towards the P-CSCF. The P-CSCF detects that the INVITE corresponds
to an emergency request, either by using the dedicated emergency numbers database
(e.g., 112, 999) or by parsing the SIP INVITE with the SIP service Uniform Resource Name
(URN) urn:service:sos in the request URI. The SIP INVITE is then forwarded to the E-CSCF
that is sending the SIP INVITE to the LRF server. After successfully receiving this SIP
message, the LRF uses first the Diameter Sh message and then the MAP interface to
retrieve the user location from the HSS or the Home Location Register (HLR).
The DIAMETER messages used are the User Data Request/User Data Answer (UDR/UDA)
and the LRF supports the data reference avp as “Location information”, according to the
3GPP standard.
INVITE tel:112;p...
INVITE tel:112;p...
PAI: tel:+MSISDN
PAI: tel:+MSISDN
PANI: PLMN+TAC+ECI LRF
PANI: PLMN+TAC+ECI
or IEEE-802.11
LRF
a) b)
Figure 11 – The Location Retrieval Message Flow via a) the Sh Interface and via b) the MAP Interface
For each emergency call, the LRF retrieves the last known 2G/3G/4G location (LAC, CI,
DISTRICT - county) by using either the Sh or MAP interfaces and processes it:
After, the service enriches the INVITE with location information, adds the prefix to the called
party and routes the INVITE to the MGCF.
The scenario for native WiFi emergency calling while the user is abroad has been
addressed by NEXES and two solutions were considered.
Mid-term Solution
In the mid-term, enabling native WiFi emergency calling by a user that is abroad is possible
through a mechanism that detects and allows or disallows emergency calls to be routed to
the home network.
This mechanism either uses Mobile Network Code (MNC) / Mobile Country Code (MCC)
information when the user registers to the IMS network or benefits from national
agreements that allow emergency calls.
There are two distinct cases: in the case VoWiFi (and VoLTE) roaming is allowed, the user
must be able to connect to the abroad network’s P-CSCF that will treat the emergency call
like a regular local IMS emergency call; it performs an emergency registration and, based
on the subscriber’s NPLI, routes the call to the emergency centre. In the case emergency
calls over IMS are not permitted in the abroad network, the device performs a Circuit
Switched Fall Back (CSFB)-based on the error received from the IMS network (either a 5xx
error case or a specific error case with a SIP reason).
Long-term Solution
This scenario is applicable only when sufficient operator networks support native WiFi
calling. If abroad, the device would use the local network’s Evolved Packet Data Gateway
(ePDG) to gain access to native WiFi calling through the "epdg.epc.mnc<MNC>
.mcc<MCC>.pub.3gppnetwork.org" FQDN as per 3GPP TS 23.003 [16] § 19.4.2.9, but
using the MNC and MCC from the visited network, instead of the MNC and MCC from the
SIM card. In this case, the visited ePDG authenticates the user with the home
Authentication, Authorisation and Accounting (AAA) and gives access to the local IMS
services for emergency calling. As a result, the emergency call does not reach the home
IMS and is routed by the visited network to the local PSAP with more accurate location
information. However, if there is no ePDG in the visited network, the UE would fall back to
the mid-term solution to ensure a successful emergency call set-up.
For OTT emergency calling, the location retrieval and call routing flow is similar with the one
described in the previous section (on native calling), where the main component is also the
LRF, triggered via SIP.
5.2.3 Location Retrieval and Call Routing Using the PEMEA Network
When using the PEMEA network, the IMS will follow the network’s indication of the right
PSAP and route the emergency call to the PSAP indicated in the SIP INVITE. The flow
would be:
1. The user makes a call using the NEXES App that sends the location and user data to
the Application Provider (AP), along with the request for a SIP URI capability;
2. The AP creates an Emergency Data Send (EDS) message that includes an
apMoreInformation element request for a SIP URI; the message is forwarded through
the PEMEA network to a terminating PSAP Service Provider (PSP). The terminating PSP
sends the EDS message to the PSAP;
3. The PSAP indicates the capabilities it supports back to the AP;
4. The PSAP invokes the SIP URI capability and hands to the AP the SIP URI for the
PSAP;
5. The AP sends the PSAP SIP URI to the NEXES App;
6. The NEXES App sends a SIP INVITE for an emergency call to the PSAP URI;
7. The INVITE is routed via the IMS and through the ESInet to the PSAP.
VSP ESInet
SIP INVITE (PSAP-URI)
7
6
3
onCapSupportPost
1
Data + SIP-URI Req
For any SIP call, the media negotiation takes place in the initial INVITE and OK messages
exchanged between the caller and the callee. In the body of each INVITE and OK message,
there is a Session Description Protocol (SDP) body indicating which media types and
formats they intend to use. Below is a very minimal example of an SDP body with audio,
video and real-time text:
v=0
o=anonymous 1434443509 1434443508 IN IP4 10.0.0.2
s=-
i=SIPClient
c=IN IP4 10.0.0.2
t=0 0
m=audio 6000 RTP/AVP 8
a=rtpmap:8 PCMA/8000
m=video 6002 RTP/AVP 96
a=rtpmap:96 H264/90000
m=text 6006 RTP/AVP 99 98
a=rtpmap:99 RED/1000
a=rtpmap:98 T140/1000
a=fmtp:99 98/98/98
The caller’s device sends a SIP INVITE containing a SDP body resembling the above
example, and the callee’s device responds in accordance, with the current preferences. For
instance, the callee may not want an audio stream and the response would then indicate
that in the SDP body. Note that the example above is simplistic, stripped of options such as
bandwidth preferences and additional connection information. Real-world SDP bodies are
often larger.
One means of modifying the emergency call in progress relates to changes caused by the
user’s mobility. One such function supported by the NEXES IMS platform is the Emergency
Access Transfer Function (EATF), which plays the role of the media anchor for voice call
continuity when the user is moving from a 4G coverage area to a 3G coverage area or is
moving from a packet-switched (PS) core access (3GPP access) to a CS core access
(traditional 2G/3G voice) network. The EATF is only available for native emergency calling,
when the user is located in WiFi or a 4G (VoLTE or VoWiFi).
There are also situations where the user wants to add or remove a specific media type
during an active emergency call. It is possible for the user to terminate the call and re-
establish it with the new media parameters, but this method is quite disruptive.
Alternatively, the SIP specification allows the use of re-INVITEs, which is simply the
capability to send another INVITE during the call, presenting updated parameters. Both the
original caller and the callee may send a re-INVITE during an ongoing emergency call and it
may modify almost every aspect of an ongoing call (the most common change is the call’s
media characteristics). It may also be used to place a call on hold, by sending a re-INVITE
with media streams that are disabled, and to add new media streams to an ongoing call
(e.g., to add a video stream to an audio-only call: the re-INVITE suggests a video stream
and the receiver’s device replies based on its capabilities; if the receiver is capable and
willing, that is, it has been configured to allow video calls, it responds with a matching SDP
body and the new media stream can be started.
Although the emergency service (voice, video, text) is offered as a free service, the
requirements involved also accounts for the overall traffic split by category/type of traffic or
by user traffic.
In the NEXES IMS solution, there is a need to provide charging/reporting for the emergency
calls that are served by the network. For such purpose, multiple interfaces/protocols can be
used: retrieve the Call Data Reports (CDRs) using ftp/sftp, use the Diameter interfaces to
trigger charging events and store them in a common format as csv or xls files. The servers
that can issue reports/charging information are the S-CSCF, the E-CSCF, the LRF/RDF and
The CDRs may be retrieved from the MGCF. An example for such a CDR is presented
below:
The design and implementation of Quality of Service (QoS) mechanisms assure the
prioritisation for emergency calls: firstly, voice calls; secondly, video and real-time text, in
case of high traffic (namely during a large-scale emergency). QoS is therefore a must for the
NEXES IMS platform.
In emergency calling, QoS relates directly to the principles guiding the emergency concept:
availability, continuity and reliability. The emergency call should be initiated with special
handling capabilities in order to guarantee the resources for the total duration of the call. In
this context, QoS is ensured differently, depending on the network level (access, core and
border). In NEXES, to allow traffic prioritisation and QoS, mechanisms were implemented to
deal with different flows, both within NEXES IMS network elements and at the edge of
NEXES (access and PSAPs).
The first level of QoS may be achieved at access levels by using dedicated access links for
native calls (VoLTE/VoWiFi). Using a dedicated emergency Access Point Name (APN), the
service provider may enhance and prioritise the different types of traffic (normal call vs.
emergency call, emergency call vs. data).
The emergency APN provides the user a dedicated bearer and a local P-CSCF address and
thus enables the relevant network elements to prioritise bearers when performing
admission control for a specific emergency call.
Another important QoS level relates with prioritisation. The prioritization mechanism allows
the network to statically or dynamically allocate and maintain resources in order for the
emergency call to have an end-to-end priority. For traffic prioritisation related to signalling,
the QoS Class Identifier (QCI) 5 is used; for voice calls, the QCI 1 is used and it
The NEXES IMS solution also implements specific traffic classes of QoS for emergency
services, considering the requirements established for voice traffic prioritisation:
• Emergency services for call signalling prioritisation in IP networks must be the same
applied to emergency calls in legacy voice networks;
• Radio prioritisation;
• PCRF is involved for Policy and Charging Enforcement Function (PCEF) rules;
• No quota reporting is required;
• Video emergency services must have lower priority than voice calls with bandwidth
reservation (for emergency services).
Rich Communication Suite (RCS) represents a standard defined by the GSM Association
(GSMA) that combines different services defined by the 3GPP and the Open Mobile Alliance
(OMA). The RCS is therefore a communication protocol between mobile phones and the
carrier, aiming at replacing Short Message Service (SMS) messages with a text message
system that is richer, providing phone-book polling for service discovery and transmitting
in-call multimedia. In this context, RCS is a potential evolution of the NEXES IMS solution. It
allows transmission of voice, video and text via any IP access (2G/3G/4G/WiFi) and the
1
Proposal of the European Emergency Number Association (EENA) on NG112 [17].
The introduction of RCS/RCSe capabilities is causing changes in the call registration and
set-up design. The solution applied is to use non-prioritised traffic (RCS/RCSe is available
on standard and compatible applications registered and certified by GSMA) and establish a
dedicated PSAP for this type of traffic.
The NEXES IMS solution is fully GSMA RCS initiative-compliant, delivering a rich end-to-
communication platform that uses mobile end-user devices. It supports instant messaging
(IM) as specified in 3GPP TS 23.228, message sessions using SIP/SDP and the transport of
Message Session Relay Protocol (MSRP) media streams over TCP between end-user
devices. The MSRP is a connection-oriented protocol for exchanging arbitrary (binary)
content and the MSRP sessions are typically arranged using SIP with SDP content (same
set-up used for a session of audio or video media). MSRP can be used within a SIP session
to do Instant Messaging (IM), to transfer files, to share images or video.
Secure MSRP is implemented by applying Transport Layer Security (TLS) between the user
equipment and the Border Gateway (end-to-access-edge). The successor to the Secure
Sockets Layer (SSL), TLS is a protocol that ensures privacy between communicating
applications and their users on the Internet: when a server and client communicate, TLS
ensures that no third-party may eavesdrop or tamper with any message. The TLS
authentication is enabled by exchanging fingerprints of self-signed certificates of the UE
and the BGW on the (SIP) control layer. Also the MSRP over TLS may be implemented in a
future development of the NEXES IMS solution.
Web-based Real Time Communication (WebRTC) is a free, open project that provides
browsers and mobile Applications real-time communication capabilities via simple APIs.
The scope of the protocol is to enable rich, high-quality RTC applications to be developed
for the browser, mobile platforms and Internet of Things (IoT) devices, allowing them to
communicate via a common set of protocols.
NEXES has developed its own implementation of a WebRTC-based App and PSAP system.
eCall [4] is an European initiative with the purpose to bring rapid assistance to drivers
involved in car accidents/collisions anywhere in the European Union. In case of a crash, an
eCall-equipped car automatically calls the nearest PSAP emergency centre. Even if no
passenger is able to speak, e.g. due to injuries, a 'Minimum Set of Data' is sent to the
PSAP centre, which includes the exact location of the crash site. Shortly after the accident,
emergency services are made aware that there has been an accident and its exact location.
The following image illustrates the basic routing of the eCall mechanism 2.
NEXES implements a prototype for a next generation eCall system, adding to the traditional
eCall mechanism the total conversation capability (audio call, video and chat) and the
exchange of relevant data.
5.5 Security
This section is dedicated to the presentation of the main findings of Task 3.4 with respect
to the implementation of different levels and mechanisms of security in the context of the
NEXES IMS solution, including but not limited, to the prevention and mitigation of the most
predominant threats or risks:
• Network snooping;
• Session hijacking;
• Denial of Service;
• P-CSCF discovery;
• Service abuse;
• Toll fraud.
2
https://ec.europa.eu/digital-single-market/sites/digital-agenda/files/ecall_process.png.
The affected assets by this predominant attack would be the user data and the user
communication (SIP calls).
Implemented mitigation techniques within NEXES are the use of a Secure Sockets Layer/
Transactions per Second (SSL/TPS) or the Internet Protocol Security (IPSec) for securing IP
sessions and the use of SIP over TLS 1.2 (SIPS) and Secure RTP (SRTP) for securing the
SIP and RTP sessions (signalling and media).
Session hijacking is a mechanism in which an attacker can get a SIP users’ subscription
and, consequently, that user’s communication. There are multiple ways of performing such
attacks, the most common of which is related to de-registering a user, generating a race
condition for a registration and even modifying the IP addresses in SIP fields in the Contact
header. All these methods ensure that subsequent registrations and incoming calls are
diverted to the attacker’s device.
The affected assets by this predominant attack would be the user registration and the
user’s future sessions.
Implemented mitigation techniques within NEXES are the implementation of the SIPS and
the authentication of SIP requests and responses.
A Denial of Service (DoS) attack represents a flooding of a SIP server with a high volume of
SIP messages (SIP Register of SIP INVITE). The attack can be performed even if the SIP
endpoints accept the requests as a first step of an authentication process. The DoS attack
hence attains the exhaustion of the SIP server’s bandwidth and allocated resources,
resulting in the excessive load of the systems’ processors and a decrease of the QoS
Moreover, specific DoS attacks are indirect: they may be performed against servers that are
using the Dynamic Host Configuration Protocol (DHCP), DNS or the Bootstrap Protocol
(BootP). These DoS attacks aim to inhibit and block not only voice-related applications but
also data applications.
There are multiple methods to prevent and mitigate DoS attacks. In NEXES, it is privileged
the use of firewalls and rules to block potentially malicious SIP packets (malformed packets
and protocol errors that flood the access interfaces).
The P-CSCF is the entry point in a standard IMS system. As a consequence, it is one of the
key elements envisaged in a dedicated attack. The mechanism used for P-CSCF discovery
comprises cache poisoning and DNS spoofing, aiming to disrupt the registration process of
an IMS user. The attacker hence may alter the process of P-CSCF discovery by changing
the DNS for a domain name or an IP address to a specific User Equipment, thus preventing
the subscriber from registering to the legit SIP server or enabling its registry to a fake
server.
Implemented mitigation techniques within NEXES involve the inclusion of the P-CSCF
discovery mechanism as part of the establishment of connectivity towards the IP-
Connectivity Access Network (a default in the NEXES IMS).
Service abuse attacks impact the use of a service. It encompasses attackers acquiring
access to a different service than the one initially granted initially: for example, an attacker
enabling a video service on top of a voice service by using a potential security breach in the
SIP signalling.
Implemented mitigation techniques within NEXES are the requirement for a SIP user to
perform a codec re-negotiation after a specific period of time, as well as the prohibition to
access specific services.
Toll fraud refers to the possibility of an attacker being able to continue using an already
established media stream, after the SIP server closed the accounting information due to a
received BYE message. This type of attack is possible in IMS networks that do not exert an
effective control of media streams.
1. The subscriber accesses the IMS network with strong authentication (access security);
2. The flow exchanged between clients and application servers is secured via a Virtual
Private Network (VPN) tunnel or an IPsec mechanism (network security);
3. Systems and applications are secured, with the software being regularly updated and
maintained and periodic security assessments being performed. The RFCs
implemented for IMS security are the RFC 6280 [11], the RFC 5069 [12] and the TS
33.203 [15]. Optionally, it is possible to implement a security mechanism related to SIP
over TLS and SRTP, according to the RFC 3711 [13] and the RFC 6188 [14].
Standardised interfaces allow the emergency signalling to pass the NEXES IMS core
elements, abiding to the IMS specification with Total Conversation capabilities (audio, real-
time text, video, images) included in SIP.
Following the IMS architectural framework, the NEXES IMS also allows the routing of legacy
VoLTE and VoWiFi emergency calls to the right next generation NEXES PSAP over an IP
interconnection, enabling NEXES gateways’ functionalities for interoperability between
legacy systems and next generation networks.
As the NEXES adopts its implementation of the IMS it also considers the evolution of this
component to accommodate future technological developments, new IMS services (RCSe,
WebRTC and NG eCall) with valuable insight to create a strong base for future
standardisation efforts.
rd
[2] 3 Generation Partnership Project, 3GPP TR 23.869 V9, “IMS Emergency calls over General
Packet Radio Service (GPRS) and Evolved Packet Service (EPS) Release 9”, March 2009,
http://www.qtc.jp/3GPP/Specs/23869-900.pdf.
[3] J. Rosenberg et al., RFC 3261, “SIP: Session Initiation Protocol”, Internet Engineering Task
Force, Standards Track, June 2002, https://www.ietf.org/rfc/rfc3261.txt.
[5] R. Gellens et al., RFC7852, “Additional Data Related to an Emergency Call”, Internet
Engineering Task Force, Standards Track, July 2016, https://tools.ietf.org/html/rfc7852.
rd
[6] 3 Generation Partnership Project, 3GPP TS 23.167, “IP Multimedia Subsystem (IMS)
Emergency Sessions”, Technical Specification, January 2015,
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationI
d=799.
rd
[7] 3 Generation Partnership Project, 3GPP RFC 3761, “The E.164 to Uniform Resource
Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)”,
Standards Track, April 2004, https://www.ietf.org/rfc/rfc3761.txt.
rd
[8] 3 Generation Partnership Project, 3GPP RFC 5985, “HTTP-Enabled Location Delivery
(HELD)”, Standards Track, September 2010, https://tools.ietf.org/html/rfc5985.
rd
[9] 3 Generation Partnership Project, 3GPP RFC 2617, “HTTP Authentication: Basic and Digest
Access Authentication”, Standards Track, June 1999, https://www.ietf.org/rfc/rfc2617.txt.
rd
[10] 3 Generation Partnership Project, 3GPP RFC 3966, “The tel URI for Telephone Numbers”,
Standards Track, December 2004, https://www.ietf.org/rfc/rfc3966.txt.
rd
[11] 3 Generation Partnership Project, 3GPP RFC 6280, “An Architecture for Location and
Location Privacy in Internet Applications”, Best Current Practice, July 2011,
https://tools.ietf.org/html/rfc6280.
rd
[12] 3 Generation Partnership Project, 3GPP RFC 5069, “Security Threats and Requirements for
Emergency Call Marking and Mapping”, Information, January 2008,
https://www.ietf.org/rfc/rfc5069.txt.
rd
[13] 3 Generation Partnership Project, 3GPP RFC 3711, “The Secure Real-time Transport
Protocol (SRTP)”, Standards Track, March 2004, https://www.rfc-editor.org/rfc/rfc3711.txt.
rd
[15] 3 Generation Partnership Project, 3GPP TS 33.203 Version 11.2.0 Release 11, “3G
Security: Access security for IP-based services, Technical Specification, November 2012,
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationI
d=2277.
rd
[16] 3 Generation Partnership Project, 3GPP TS 23.003, “UMTS; Numbering, Addressing and
Identification”, Technical Specification, Release 5, June 2006,
https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationI
d=729.
[17] European Emergency Number Association, Next Generation 112 Long Term Definition, April
2012, http://www.eena.org/ressource/static/files/eena_ng112_ltd_v1-0_final.pdf.
2G 2nd Generation
3DES Triple Data Encryption Standard
3G 3rd Generation
3GPP 3rd Generation Partnership Project
4G 4th Generation
AAA Authentication, Authorisation, Accounting
A-BCF Access Border Control Function
AES Advanced Encryption Standard
AP Application Provider
APN Access Point Name
App Application
ATCF Access Transfer Control Function
ATGW Access Transfer Gateway
ARPU Average Revenue Per User
AUTN AUthentication TokeN
AV Authentication Vector
BCF Border Control Function
BGCF Breakout Gateway Control Function
BGF Border Gateway Function
BGW Border Gateway
BICC Bearer-Independent Call Control
BootP Bootstrap Protocol
CBC Cipher Block Chaining
CDR Call Data Report
CI Cell ID
CLF Connectivity Location Function
CS Circuit Switched
CSCF Call Session Control Function
CSFB Circuit Switched Fall Back
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
DoS Denial of Service
DSCP EF Differentiated Services Code Point Expedited Forwarding
EATF Emergency Access Transfer Function
ECRF Emergency Call Routing Function
NEXES IMS
NEXES System Requirements Fulfilment
Components
[O-010] The NEXES system shall support an end-to-end
P-CSCF, E-CSCF Yes
emergency communication call over any IP access network.
[O-020] The NEXES system shall not disrupt legacy calls from E-CSCF, BGW,
Yes
being delivered to the correct PSAPs. MGCF
[O-030] NEXES shall offer a new set of communication methods P-CSCF, E-CSCF,
Yes
to initiate an emergency call. BGW, MGCF
[O-040] NEXES shall support Total Conversation during an P-CSCF, E-CSCF,
Yes
emergency call. BGW
[O-050] The NEXES system shall be designed to operate at a
All components Yes
Pan-European level.
[O-060] The NEXES system should provide multiple
SBC, P-CSCF Yes
communication channels with emergency services.
[O-070] The NEXES system should allow citizens to choose
from different communications channels the one to use when SBC, P-CSCF Yes
calling an emergency service.
[O-080] The NEXES system must be inclusive of all users, trying
All components Yes
to accommodate all citizens’ needs.
[O-090] The NEXES system shall be designed to allow the P-CSCF, E-CSCF,
Yes
interoperability of PSAPs, EROs and FRs. SBC
[O-100] The NEXES system shall be designed use a variety of E-CSCF, HSS,
Yes
mechanisms to accurately retrieve the calling citizen’s location. HLR, LRF
[O-110] The NEXES system shall be designed to provide the
E-CSCF, MGCF,
calling citizens’ location with a higher accuracy location than Yes
LRF, HLR
legacy systems.
[O-120] The NEXES system shall provide a free service to Yes
All components
citizens when calling the emergency number.
[O-130] The citizens’ access to the NEXES system shall not
P-CSCF Yes
require pre-registration.
[O-140] The NEXES system should only receive personal
information with consent of the owner and there must be a good N/A
reason for collecting that information.
[O-150] The NEXES should adopt widely used and open
All components Yes
standards.
[C-010] The NEXES system shall support various types of UE,
including legacy phones (traditional analog landline), mobile
P-CSCF Yes
phones (any generation) and other IP-enabled equipment
(including soft phones supporting NEXES functionalities).
[C-200] RTP implementation shall include an RTP Control
BGW, MGCF Yes
Protocol (RTCP) implementation according to IETF RFC 3550.