DiLIMS is a Lawful Interception Management System. It provides services to Network Operators, Law Enforcement Agencies (LEA) and Authorization Authorities (AA). Due to flexible architecture of DiLIMS, any vendor network element can be adapted easily.

Lawful interception (LI) is obtaining network communication data in accordance with the rules of lawful authority for the purpose of analysis. Such data generally contains interception related information (calls, locations and network attachments etc...) and content of communication (SMS messages, voice, video and Internet browsing etc...).

General Network Arrangements for Interception (ETSI)

In general, operators of public network infrastructure can undertake LI activities for national security and crime prevention purposes. Operators of network infrastructures has obligation to maintain LI capabilities within their own networks unless otherwise prohibited.

The foundation of LI is the interception of telecommunications by law enforcement agencies, regulatory agencies, administrative agencies, and intelligence services, in accordance with local law. Under some legal systems, implementations may require due process and receiving proper authorization from authorities, an activity that was formerly known as "wiretapping" and has existed since the inception of electronic communications.

Many countries have LI capability requirements and follow standards developed by the European Telecommunications Standards Institute (ETSI) and 3rd Generation Partnership Project (3GPP). To ensure systematic procedures for carrying out interception, while also lowering costs of interception solutions, industry groups and government agencies worldwide have attempted to standardize the technical processes behind lawful interception. ETSI, has been a major driver in lawful interception standards not only for Europe, but worldwide.

The commonly used LI architecture is divided into three stages:

  • Collection where target related content is extracted from network
  • Mediation where data is formatted to conform to specific standards and needs
  • Delivery of data and content to the law enforcement agency in required formats

Functional units in LI system

Lawfull Interception may target two types of data:

Contents of communications (CC)

Voice, video or text message contents. Information exchanged between two or more users of a telecommunications service, excluding Intercept Related Information. This includes information which may, as part of some telecommunications service, be stored by one user for subsequent retrieval by another. For CS network, CC is delivered over standard PCM links. On the other hand, for PS network it can be delivered either as a stream of IP packets with a special correlation header, or as files over FTP.

Intercept Related Information (IRI)

IRI consists of information about the targeted communication itself. It contains signaling information, source and destination (telephone numbers, IP or MAC addresses, etc.), frequency, duration, time and date of communications. On mobile networks, it may also be possible to trace the geographical origin of the call or location of the targeted subscriber.

Lawful Interception

Lawful Interception is required in most countries by local authorities to meet regulatory compliance and to prevent and investigate serious crimes. Lawful Interception feature provides the authority via an operator a mechanism for monitoring connection contents and/or connection-related information of network subscribers' calls (voice, video), events (SMS, location update, and etc…) and sessions (GPRS, IMS, and etc...) to fulfill these requirements. Reports containing connection-related information, called IRI(Interception Related Information) are generated and/or connection contents, called CC (Content of Communication) are produced on different recording channels.


DiLIMS provides Lawful Interception management, delivery and mediation functions for Circuit Switch Networks, IMS Networks and Mobile Packet Core Networks. It is a fully functional Lawful Interception Management System that satisfies ETSI handover requirements.

DiLIMS Solution is enhanced from multiple deployments and has matured over time. It is an excellent fit for telecommunication providers operating with any type of vendors’ core network elements (Soft Switches, LIGs, HLRs, Media Gateways, Session Border Controllers and etc...).

DiLIMS supports a large number of Circuit Switch, Packet Switch, Voice and Mobile data use cases, such as strong authentication, alarms, business intelligence and management.

The solution has proven to be easy to adapt to new networks and use cases with a full match rate of IRI and CC combination. DiLIMS Architecture is depicted below.

DiLIMS Architecture

DiLIMS Administrator function has a SOAP Interface to access from North Bound. SOAP interface is used for main interception tasks, such as activation, deactivation and search. For the South Bound interface, DiLIMS supports Telnet/SSH, HTTP/HTTPS interfaces, depending on network element capabilities.

DiLIMS Interface Diagram

DiLIMS is fully compliant with 3GPP and ETSI Lawful Interception standards.


HI1 is the management and control interface. It encompasses web interface between LEMF and DiLIMS Administration Function.

HI2 is the ETSI specified handover interface for IRI transfer. IRI is sent from the Lawful Interception System to LEA. DiLIMS supports both TCP and FTP as transport protocol.

HI3 is the ETSI specified handover interface for CC transfer. DiLIMS supports TCP, UDP and FTP as transport protocol.

For X1, DiLIMS supports CLI(MML), SOAP, TCP, and GRPC protocols.

For X2 and X3, DiLIMS supports TCP, UDP and FTP protocols.

DiLIMS also supports IPSEC for IP Layer security and TLS-1.3 for Transport Layer security.

Key Features

  • Reliable and Scalable Architecture
  • Web based User Interface
  • SOAP based HI1 Interface
  • Management of Interception, Lemf, Network Element in single menu
  • Network Element Grouping
  • Scheduled Synchronization
  • X2-X3 Data Delivery Distribution by Network Element or by Target
  • Alarm Display
  • Sensitive Data Encryption at DB and disk
  • Automatic and Manual Failover