[go: up one dir, main page]

WO2008011819A1 - Procédé et dispositif permettant d'émettre des informations d'interception légales - Google Patents

Procédé et dispositif permettant d'émettre des informations d'interception légales Download PDF

Info

Publication number
WO2008011819A1
WO2008011819A1 PCT/CN2007/070216 CN2007070216W WO2008011819A1 WO 2008011819 A1 WO2008011819 A1 WO 2008011819A1 CN 2007070216 W CN2007070216 W CN 2007070216W WO 2008011819 A1 WO2008011819 A1 WO 2008011819A1
Authority
WO
WIPO (PCT)
Prior art keywords
interception
message
information
indication
function entity
Prior art date
Application number
PCT/CN2007/070216
Other languages
English (en)
Chinese (zh)
Inventor
Bo Zheng
Youzhu Shi
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008011819A1 publication Critical patent/WO2008011819A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Definitions

  • the present invention relates to the field of lawful interception, and in particular, to a method and apparatus for transmitting legal interception information. Background of the invention
  • Lawful interception is a law enforcement act that the law enforcement agencies approve the public communication business according to relevant national laws and public communication network industry specifications with the approval of relevant authorized authorities.
  • the 3GPP TS33.107 standard defines a lawful interception model for the IMS network.
  • the model includes: Judicial Execution Monitoring Equipment (LEMF, Law Enforcement Monitoring Facility ), the administrative function of ADMF (Administration Function) entity, the DF, Delivery Function entity, the Serving-Call Session Control Function (S-CSCF) entity and/or Proxy-Call Session Control Function (P-CSCF) entity.
  • LEMF, ADMF and DF are located on the law enforcement side
  • S-CSCF and P-CSCF are located in the IMS network as the interception control unit in the IMS network.
  • the ADMF when performing monitoring in the IMS network, the ADMF carries various interception data on the law enforcement agency side in the interception indication, and sends the S-CSCF and/or P- in the IMS network through the X1_1 interface.
  • CSCF when the call session signaling message related to the interception object passes through the S-CSCF and/or the P-CSCF, the S-CSCF and/or the P-CSCF listen to the interception object according to the interception data carried in the interception indication, and The acquired Intercept Related Information (IRI) is reported to the DF on the law enforcement side through the X2 interface.
  • the interception indication may include: a listener object activation indication, a listener object query The indication and the interception object attribute modification indication, etc.; the interception data may include the identifier of the interception object, and the like.
  • the functional entity that defines the reporting of the IRI may further include an AS connected to the ADMF and the DF.
  • the ADMF can carry the interception data in the interception indication and directly send it to the AS through the Xl_l interface.
  • the AS is responsible for processing supplementary services such as value-added services, the AS can report the IRI related to the supplementary service event according to the interception data.
  • the DF it can solve the problem that the law enforcement agency side cannot monitor the supplementary service event of the interception object in the IMS network.
  • ADMF sends the interception data to the network function entity that can report the IRI.
  • the network function entity monitors according to the network function entity.
  • the data listens to the interception object and reports the IRL to the DF.
  • these different services may be provided by different ASs.
  • ADMF In order for these ASs to obtain the interception data of the interception object through the 1_1 interface, ADMF
  • These ASs need to be managed, configured, and maintained with information about these ASs.
  • the ADMF needs to perform synchronous update processing to enable the corresponding AS to obtain or delete the corresponding monitoring data, which greatly increases the workload of the ADMF management and maintenance on the law enforcement agency side. Summary of the invention
  • the embodiment of the present invention provides a method for transmitting legal interception information, which can reduce the workload of the ADMF to manage and maintain the network functional entity.
  • the method includes the following steps: The network function entity participating in the interception object session receives a message related to the interception object carrying the interception information;
  • the network function entity monitors the interception object according to the received interception information, and reports the interception related information IRI and/or the communication content CC to the law enforcement agency side.
  • An embodiment of the present invention further provides an apparatus for transmitting legal interception information, where the apparatus is disposed in a network function entity participating in a listening object session, and includes the following modules:
  • a monitoring information parsing module configured to parse out the interception information from the message related to the interception object received by the network function entity, and send the interception information to the monitoring module;
  • a monitoring module configured to monitor the monitoring object according to the monitoring information, to generate an IRI and/or CC
  • the reporting module is configured to report the IRI and/or CC generated by the monitoring module.
  • the method for transmitting legal interception information provided by the embodiment of the present invention, because the interception information is carried in the message related to the interception object, and the interception information is transmitted to the participating listener session by sending a message related to the interception object.
  • the network function entity is monitored by the network function entity according to the interception information, and reports the IRI and/or CC to the DF, so the workload of the ADMF management and maintenance of these network function entities can be reduced.
  • FIG. 1 is a schematic diagram of a lawful interception model of an IMS network in the prior art
  • FIG. 2 is a logical structure diagram of a lawful interception network related to a listening object signaling message according to an embodiment of the present invention
  • 3 is a flow chart of transmitting legal interception information according to an embodiment of the present invention
  • 4 is a logical structural diagram of a lawful interception network related to intercepting an object media stream according to an embodiment of the present invention. Mode for carrying out the invention
  • the interception information is extended in the message related to the interception object, and the message related to the interception object is sent to the network function entity participating in the interception object session, and the interception information is transmitted to the session of the participating listener object.
  • the network function entity, the network function entity monitors the interception object according to the received interception information, and reports the IRI and/or the content of the communication (CC, Content of Communication), which is transmitted in the message related to the interception object according to the embodiment of the present invention.
  • Monitoring information does not require ADMF to manage and maintain numerous network functional entities, so it can reduce the workload of ADMF.
  • FIG. 2 shows an IMS network as an example.
  • the network structure including the terminal, the network access unit, the S-CSCF, the AS, and the lawful interception service application server (LI-AS) is given.
  • LI-AS lawful interception service application server
  • the terminal is a listening object, which may be a Session Initiation Protocol (SIP) terminal; or a traditional Plain Telephone Service (POTS) terminal and an Integrated Services Digital Network (ISDN). terminal.
  • SIP Session Initiation Protocol
  • POTS Plain Telephone Service
  • ISDN Integrated Services Digital Network
  • the network access unit is connected to the terminal and the S-CSCF, and is used to connect the terminal to the IMS network, and provides functions such as registration, authentication, and authentication.
  • the E1 interface between the network access unit and the S-CSCF uses the SIP protocol.
  • the network access unit can be an application function entity (AF, Application Function ), for example: 3 ⁇ 4 port P-CSCF, the corresponding access terminal is a SIP terminal; the network access unit can also be an access gateway control function (AGCF, Access Gateway Control Function), and the corresponding access terminal is a POTS terminal. And ISDN terminals.
  • AF Application Function
  • AGCF Access Gateway Control Function
  • the network access unit may receive the interception indication that is sent by the law enforcement agency and carries the interception data. If the interception object is the calling party, the SIP message sent by the calling party arrives at the network access unit that can access the network, the network The access unit extends the interception information in the SIP message, so that subsequent network elements that the SIP message passes, such as an Interconnection Border Control Function (IBCF), and an inquiry call session control function (I-CSCF, Interrogation) -Call Session Control Function ), S-CSCF, AS, Exit Gateway Control Function (BGCF, Breakout Gateway Control Function), Media Gateway Control Function (MGCF, Media Gateway Control Function), etc. will be based on the interception information carried in the received message.
  • IBCF Interconnection Border Control Function
  • I-CSCF inquiry call session control function
  • BGCF Exit Gateway Control Function
  • MGCF Media Gateway Control Function
  • the corresponding monitoring process reports the IRI and/or CC to the DF.
  • the network access unit sends the SIP message to the untrusted domain network entity
  • the interception information carried in the SIP message is deleted.
  • the untrusted domain network entity is relative to the trust domain network entity, and the trust domain network entity refers to a system and server owned, and/or operable, and/or controllable by the service provider.
  • the untrusted domain network entity may be a consumer device or a third party device or the like.
  • the S-CSCF is connected to the AS. There is an E2 interface between the two.
  • the interface protocol is a SIP protocol.
  • the S-CSCF can also receive the interception indication that is sent by the law enforcement agency and carries the interception data.
  • the S-CSCF is extended to carry the interception information in the SIP message.
  • the subsequent network elements that the message passes such as the IBCF, the I-CSCF, the AS, the BGCF, the MGCF, and the network access unit, perform corresponding interception processing according to the interception information carried in the received message.
  • the S-CSCF sends a SIP message to another untrusted domain network entity such as an AS, the interception information carried in the SIP message is deleted.
  • LI-AS is a functional entity that performs lawful interception of business logic and provides lawful interception services.
  • the interception data can be obtained from the law enforcement agency side.
  • An E3 interface exists between the LI-AS and the S-CSCF, and the interface protocol is the SIP protocol.
  • the LI-AS receives the interception indication that is sent by the law enforcement agency and carries the interception data.
  • the SIP message related to the interception object arrives at the LI-AS that is the listener service, the SIP message is extended and carried in the SIP message.
  • Subsequent network elements, such as IBCF, I-CSCF, S-CSCF, AS, BGCF, MGCF, network access unit, etc. will perform corresponding interception processing according to the interception information carried in the received message.
  • the LI-AS may also not receive the interception indication sent by the law enforcement agency with the interception data, but the trigger of the S-CSCF to the LI-AS indicates that the current service user of the S-CSCF is the interception object, and the S-CSCF from the law enforcement The organization side obtains the interception data.
  • the S-CSCF determines whether the serviced user in the current session is monitored according to the interception data, and if it is intercepted, routes the SIP message to the LI-AS; or the S-CSCF receives
  • the intercepted data is a triggering filter rule, and the S-CSCF matches the received SIP message with the filtering rule.
  • the SIP message is routed to the LI-AS, and the LI-AS inserts the received SIP message. Monitor information.
  • the trigger filtering rules described herein may be obtained from the Home Subscriber Server (HSS) by the S-CSCF, as well as other initial filtering rules (iFC); or may be generated by the S-CSCF based on the interception data obtained from the law enforcement agency side.
  • the S-CSCF may delete the interception information carried in the SIP message sent to the untrusted domain network entity, and the IBCF, BGCF, I-CSCF, and MGCF as the network boundary network element may also be from the SIP.
  • the related interception information is deleted in the message, and the deletion may be unconditional, or the SIP message may be sent to the untrusted domain to trigger the deletion.
  • the media gateway and the Media Resource Function Processor are generally controlled based on the 248.248 protocol, but in some cases, they may also be controlled based on the SIP protocol. Therefore, the above SIP message carrying the interception information can also be sent to the media gateway and the MRFP, and the MRFP is sometimes called the media resource. Source server.
  • the interception object in the IMS network is the called party, and the called party may sign different services, and each service is processed by a different AS.
  • the called party signs the source identifier display (OIP, Originating Identification Presentation)
  • OIPAS the source identifier display
  • the network function entity participating in the interception object session is OIPAS
  • the message related to the interception object is the request message Invite in the SIP message.
  • the specific process of transmitting legal interception information includes:
  • Steps 301-303 the request message Invite sent to the interception object arrives at the S-CSCF serving the interception object, and the S-CSCF expands the interception information of the interception object in the request message Invite before executing the iFC in the interception target user configuration.
  • the S-CSCF then performs iFC to route the request message to the OIPAS;
  • the OIPAS provides the source identifier display service for the interception object. Therefore, when the request message is sent to the called party as the interception object, the S-CSCF serving the called party will route the request message to the OIP AS according to the iFC, in order to be able to listen.
  • the supplementary service event provided by the OIP AS is extended to carry the interception information in the request message before the S-CSCF routes the request message to the OIPAS, and then the S-CSCF performs the iFC to route the request message to the OIP AS, such that the OIPAS You can receive the monitoring information. Therefore, OIPAS does not need to obtain monitoring data from ADMF to perform monitoring to report IRI. In other words, ADMF does not need to manage and maintain OIP AS, thus reducing the workload of ADMF to manage and maintain OIPAS.
  • Steps 304-307 After receiving the request message routed by the S-CSCF, the OIP AS performs the OIP service processing, and parses the request message, and reports the supplementary service event of the OIP service to the DF according to the interception information carried in the request message. And then routing the request message back to the S-CSCF serving the listener object;
  • Steps 308-309 after receiving the request message returned by the OIP AS, the S-CSCF according to the request message
  • the priority of the iFC determines whether the request message needs to be routed to other ASs. It is assumed that the called party only subscribes to the OIP service. Then, the S-CSCF can determine that the request message does not need to be routed to other ASs, that is, the request message needs to be sent to the AS. Non-AS, then the S-CSCF deletes the interception information carried in the extension request message, and then routes the request message to other entities, for example, directly to the network access unit of the called party.
  • the AS sends the interception information to the AS in the SIP request message, and the AS reports the IRI according to the interception information carried in the SIP request message, and does not store the interception data sent by the ADMF, and the S-CSCF deletes the request message when it is sent to the non-AS.
  • the interception information in the request message so the possibility of data leakage can be reduced.
  • the process of reporting the supplementary service event by the OIP AS according to the interception information carried in the request message is described in the following example.
  • the S-CSCF can The request message carries the interception information, and sends the request message to the AS specified by the iFC in the user configuration of the interception object, and also transmits the interception information to the AS, when the S-CSCF sends the request message to other untrusted domain network entities.
  • the S-CSCF or the IBCF, the BGCF, the I-CSCF, and the MGCF as the network boundary network element delete the interception information carried in the request message.
  • the network access unit that receives the interception indication that carries the interception data sent by the law enforcement agency side can be in the SIP message when the SIP message sent by the calling party arrives at the network access unit.
  • the extension carries the monitoring information.
  • the embodiment shown in FIG. 3 is an example in which the request message carries the interception information.
  • the response message may also be used to carry the interception information.
  • the S-CSCF serving the interception object inserts and deletes the interception information in the SIP message.
  • the SIP related to the interception object may also be used.
  • the LI-AS extends the interception information in the SIP message.
  • FIG. 3 only shows the process in which the OIPAS receives the interception information carried in the SIP message and reports the IRI.
  • the message carrying the interception information is sent to the I-CSCF, S-CSCF, AS, BGCF, MGCF, and media gateway in the trust domain.
  • these network entities can report IRI to DF according to the interception information.
  • the interception information carried in the SIP message includes an identifier of the interception object, and the identifier may be a SIP Uniform Resource Identifier (URI) or a telephone (td) Uniform Resource Locator (URL), or may be one of the specified parties in the description message. Or the flag of whether multiple parties are being monitored.
  • URI SIP Uniform Resource Identifier
  • td telephone
  • URL Uniform Resource Locator
  • the interception information may further include address information of the law enforcement agency or the interception center, the address information giving an address of the currently received IRI and/or CC, may be a routable URI, or an IP address, when reporting the IRI and/or
  • the CC may be reported to the DF specified in the interception information according to the address information of the law enforcement agency or the interception center included in the interception information, and the address information may be a DF2 address, which is used to describe the address of the IRI receiving the interception object; or may be DF3 The address is used to describe the address of the receiving listening object CC; it can also be a combination of the DF2 address and the DF3 address.
  • the interception information may further include a key or a certificate, and the key or the certificate is a unique identifier for confirming and receiving the interception information carried in the SIP message, that is, the interception information is confirmed to be correct and legal only when the key or the certificate matches, and the interception is received.
  • the interception information may further include canceling the interception indication information.
  • the AS or other entity participating in the interception object session receives the interception information carried in the message, the interception information may be saved locally in each case to avoid the repeated transmission.
  • the AS or other entity participating in the interception object session deletes the interception information of the local monitor object according to the cancel monitor indication information in the interception information.
  • the listening message can be carried in any SIP message.
  • the CC can be reported in the visited domain, or cc can be reported in the home domain.
  • the CC reporting process is generally performed only once in a session, on the premise that the CC is reported to the same DF3.
  • the specific implementation can be as follows:
  • the first method is to carry only the indication for reporting the IRI in the above-mentioned monitoring information, and does not carry or delete the indication for reporting the CC, or set the indication for reporting the CC to "No".
  • the P-CSCF knows that the user has reported the CC in the visited domain, and only carries the indication of reporting the IRI in the SIP message sent by the P-CSCF, or sets the indication of reporting the CC to No, so that the home domain
  • the NE will not report the CC.
  • the home domain is not reported only after the domain is reported.
  • the domain is not reported after the home domain is reported, which is also within the protection scope of the present invention.
  • the DF2 address may be carried in the interception information without carrying the DF3 address, or the DF3 address may be deleted, or the DF3 address may be set to be invalid, etc., so that the subsequent network element does not know the DF3 address, or the received DF3. If the address is invalid, the CC cannot be reported.
  • the second method is to carry the CC report completion indication in the foregoing interception information, and indicate that the CC report has been completed in the current session.
  • the CC reporting completion indication may further include completing the network element reported by the CC and/or the corresponding DF3 address reported by the CC.
  • the P-CSCF knows that the user has reported the CC in the visited domain, and the SIP message sent in the sent SIP message carries the completion indication of the CC and the corresponding DF3 address, so that the network element of the home domain is received. After the SIP message, it is determined whether the DF3 address corresponding to the CC reported by the previous network element is consistent with the DF3 address corresponding to the CC reported by the local network element.
  • the CC report is not processed; if not, the local network element is not processed.
  • the corresponding DF3 address is reported to the CC. For example, when the DF3 address corresponding to the visited domain and the home domain is inconsistent, even if the CC has been reported in the visited domain, the home domain is processed. CC reported.
  • the interception information carried in the SIP message can be carried by the SIP header field or by the SIP message body.
  • the use of the SIP header field to carry the interception information includes carrying and extending the SIP header field carrying the existing header field, and using the existing header field to carry the interception message is as follows:
  • the SIP header field P-Charging-Function-Address is used to transmit the allocation of the charging function address.
  • the S-CSCF adds the message header to the request when the request message Invite arrives, and uses the extended parameter to carry the interception information in the message header. For example, use the extended parameter li-id to carry the identifier of the listener object tom@home.com, and use the extended parameter delivery-function to carry the DF address df2@lea.com,
  • the extended SIP message header field P-LI carries the identifier indicating the listening object as tom@home.com; the DF address is df2@lea.com;
  • the P-LI header field carries the interception object identifier orig, indicating that the message sending source, that is, the calling user is monitored, and the specific listening object is the identifier of the message sending source, which can be taken from the From header field or P-Asserted-Identity. Head field, etc.
  • the P-LI header field carries the interception object flag dest, indicating that the called party of the message is the listener, and the specific interception object is the message destination identifier, which can be taken from the Request-URI content, the To header field, and the P - Asserted-Identity header field or P-Called-Party-ID Header field, etc.
  • the above-mentioned P-LI header field carries the interception object flag dest and the cancel cancel indication flag cancel, indicating that the message destination is canceled.
  • the key in the P-LI header field is the key of the interception information or the key value of the certificate.
  • the key or certificate key value of the interception information carried in the message is The correctness and legality of the interception information carried in the message are confirmed according to a previously agreed algorithm or other manner, and the processing described in the present invention is further performed according to the interception information.
  • Using the SIP message body to carry the interception message usually carries the interception information by inserting a type of MIME (Multipurpose Internet Mail Extensions) type including a type name, a subtype name, a required parameter, and a decoding type in the SIP message body.
  • MIME Multipurpose Internet Mail Extensions
  • the interception information can be described in the Extended Markup Language (XML).
  • GGSN GPRS Gateway Support Node
  • BGF Border Gateway Function
  • the gateway of the residential gateway and the access gateway can obtain the interception information by transmitting the interception information in the non-SIP protocol message related to the interception object, and then report the IRI and/or CC, and the non-SIP protocol messages can be diameters ( Diameter) message or H.248 message or public open policy service protocol message (COPS, Common Open Policy Service protocol).
  • diameters Diameter
  • H.248 H.248 message
  • COPS Common Open Policy Service protocol
  • FIG. 4 illustrates a logical structure of a normal interception network involved in listening to an object media stream according to an embodiment of the present invention.
  • An application function entity such as a P-CSCF, or an Interconnection Border Control Function (IBCF), or an AGCF, determines the size of the terminal call media stream according to the signaling message, and sends a message to notify the service policy decision function ( SPDF (Service Policy Decision Function) or Policy Decision Function (PDF), which sends a message to the BGF, GGSN or gateway by SPDF or PDF to allocate the appropriate bandwidth to the terminal.
  • SPDF Service Policy Decision Function
  • PDF Policy Decision Function
  • BGF or other gateways are all types of media gateways (MGs, Media Gateways), BGFs, gateways, etc. are collectively referred to as media gateways.
  • the interface protocol between AF and SPDF or PDF is Diameter protocol, and the Diameter message is transmitted;
  • the interface protocol between SPDF and media gateway is H.248 protocol, and H.248 message is transmitted;
  • the interface protocol between PDF and GGSN is COPS protocol. , Pass the COPS message.
  • the AF extends the carrying information in the Diameter message sent to the SPDF or PDF to transmit the monitoring information to the SPDF or PDF, and further expands the carrying information in the H.248 message or the COPS message by the SPDF or the PDF.
  • the BGF, the GGSN, or the gateway, the BGF, the GGSN, or the gateway monitors the intercepted object. Since the media stream of the terminal call passes through the BGF, the GGSN, or the gateway, the BGF, the GGSN, or the gateway can not only report the IRI but also report the CC.
  • the AGCF can carry the interception information to the gateway in the H.248 message when interacting with the gateway, and the gateway reports the IRI and/or according to the interception information in the H.248 message.
  • the message related to the interception object includes a Diameter message, an H.248 message, and a COPS message
  • the network function entity participating in the interception object session is a BGF, a GGSN, or a gateway.
  • MRFP is also available
  • the interception information is obtained by extending the H.248 message carrying the interception information.
  • the media resource function controller MRFC transmits the interception information to the MRFP through the H.248 message, and the MRFP reports the IRI and/or CC according to the interception information in the H.248 message.
  • the media resource function controller MRFC transmits the interception information to the MRFP through the H.248 message, and the MRFP reports the IRI and/or CC according to the interception information in the H.248 message.
  • the interception information may further include an indication of reporting the IRI and/or the CC, indicating whether the current monitoring needs to report the IRI and/or the CC; and further including a DF address, the DF address including the DF2 address and the DF3 address, respectively Corresponding to the address of the reported IRI and the address of the CC, the DF2 address and the DF3 address can both be URIs or IP addresses.
  • an example of extending the interception information in the H.248 message is as follows:
  • the interception information packet defined here includes the interception information packet identifier (ID) and the attribute, and the attributes include: the interception object identifier, and may further include a DF2 address and/or a DF3 address, and report IRI and/or CC indication, key or certificate, canceled listening indication information, etc.
  • the listening object identifier is used to describe the user identity of the listening object, which may be a SIP URI or a td URL.
  • the DF2 address is used to describe the address of the IRI output of the listening object, which may be a URI or an IP address;
  • DF3 address The address used to describe the output of the listening object CC, which can be either a URI or an IP address.
  • the extension carrying the interception information in the Diameter message can be implemented by extending the Diameter attribute value pair (AVP) to carry the interception information during the session.
  • AVP includes the attribute name, attribute code, and attribute value type.
  • the specific AVP format can include the listener object identifier, the DF2 address, and/or the DF3 address.
  • the 3GPP can be extended to the Policy Information Base (PIB) defined by the Go interface between the PDF and the GGSN.
  • the interception information is defined as a COPS proprietary object, including the interception object identifier. , DF2 address and / or DF3 address, etc. Listening to information specific objects are sent to the GGSN in PDF Carry in the message.
  • the contents of the interception information transmitted in the SIP message, the Diameter message, the H.248 message, and the COPS message are the same, except that the format of the message is different.
  • the embodiment of the present invention sets an apparatus for transmitting a lawful interception message in a network function entity participating in a listening object session, and the apparatus includes the following modules:
  • a monitoring information parsing module configured to parse out the interception information from the message related to the interception object received by the network function entity, and send the interception information to the monitoring module;
  • a monitoring module configured to monitor the monitoring object according to the monitoring information, to generate an IRI and/or CC
  • the reporting module is configured to report the IRI and/or CC generated by the monitoring module.
  • the network function entity participating in the interception object session is an AS, an I-CSCF, an IBCF, a BGCF, an MGCF, a media gateway, or
  • the network function entity is SPDF or PDF
  • the network function entity is a media gateway or an MRFP
  • the network function entity is a GGSN.
  • the device may further comprise:
  • a monitoring information deleting module configured to: before the network function entity sends the message related to the intercepting object to the untrusted domain entity, if yes, delete the message related to the intercepting object Monitor information.
  • the apparatus further includes:
  • the CC reporting indication setting module is configured to delete the indication of reporting the CC in the monitoring information, set the indication of reporting the CC to No, delete the DF3 address in the monitoring information, or set the DF3 address to be invalid;
  • the CC reporting indication determining module is configured to determine, according to the interception information parsed by the interception information parsing module, whether the intercepted message meets any of the following conditions:
  • the indication of the CC is not reported, the indication of the CC is no, the DF3 address or the DF3 address is invalid. If yes, the indication is not sent to the reporting module.
  • the CC reporting indication setting module and the CC reporting indication determining module implement the following functions:
  • the CC report indication determining module is configured to determine, according to the interception information parsed by the interception information parsing module, whether the CC report completion indication is set to Yes in the snoop message, and if yes, send an indication that the CC is not reported to the reporting module. If not, notifying the CC reporting indication setting module to set the CC reporting completion indication to Yes;
  • the CC report indication setting module is configured to set the CC report completion indication in the interception message to Yes according to the notification of the CC report indication module.
  • the embodiment of the present invention extends the carrying of the interception information in the message related to the interception object, and transmits the interception while transmitting the message.
  • the message is sent to the network function entity participating in the listening object session, so that the network function entity can listen to the monitoring object according to the transmitted monitoring information, and report the IRI and/or CC to the law enforcement agency side. Therefore, this approach can reduce the likelihood of data breaches while reducing the burden on the law enforcement agency side.
  • the interception information carried in the message related to the interception object is deleted, so that the possibility that the interception information is leaked is reduced, and the security of the monitoring is improved. Sex.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Technology Law (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un procédé et un dispositif permettant d'émettre des informations d'interception légales. Ce procédé comprend les étapes suivantes : une entité fonctionnelle de réseau concernant la session d'objet d'interception reçoit les messages d'objet d'interception avec les informations d'interception, cette entité fonctionnelle du réseau intercepte l'objet intercepté conformément aux informations d'interception reçue et rapporte les informations liées à l'interception (IRI) et/ou le contenu de communication (CC) à un service de répression. Ce dispositif est agencé dans l'entité fonctionnelle de réseau relatif à la session d'objet d'interception et comprend les modules suivants : un module de parsage d'informations d'interception destiné à analyser les informations d'interception des messages d'objet d'interception associés reçus par l'entité fonctionnelle de réseau, et à envoyer les informations d'interception à un module d'interception, un module d'interception destiné à intercepter l'objet intercepté conformément aux informations d'interception afin d'acquérir les informations IRI et/ou le contenu CC, un module de rapport destiné un établir un rapport sur les informations IRI et/ou le contenu CC acquis par le module d'interception.
PCT/CN2007/070216 2006-07-18 2007-07-02 Procédé et dispositif permettant d'émettre des informations d'interception légales WO2008011819A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200610103317 2006-07-18
CN200610103317.3 2006-07-18
CN 200710084874 CN100512161C (zh) 2006-07-18 2007-02-16 一种传递合法监听信息的方法
CN200710084874.X 2007-02-16

Publications (1)

Publication Number Publication Date
WO2008011819A1 true WO2008011819A1 (fr) 2008-01-31

Family

ID=38981149

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070216 WO2008011819A1 (fr) 2006-07-18 2007-07-02 Procédé et dispositif permettant d'émettre des informations d'interception légales

Country Status (2)

Country Link
CN (1) CN100512161C (fr)
WO (1) WO2008011819A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024083038A1 (fr) * 2022-10-20 2024-04-25 维沃移动通信有限公司 Procédés et appareil d'interception, et dispositif associé

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222539B (zh) * 2008-01-30 2012-02-29 中兴通讯股份有限公司 一种ip多媒体子系统及其补充业务监听方法
CN101594340B (zh) * 2008-05-28 2012-07-04 上海贝尔阿尔卡特股份有限公司 一种实现互联网合法监听的方法及其装置
CN102057621B (zh) * 2008-06-05 2013-11-06 爱立信电话股份有限公司 在通信网络中对服务计费
CN101835132A (zh) * 2010-04-21 2010-09-15 中兴通讯股份有限公司 一种ip多媒体子系统域合法监听布控的方法及系统
CN102487520B (zh) * 2010-12-02 2015-08-12 中兴通讯股份有限公司 Ip多媒体子系统中媒体内容监听方法及装置
CN102487521B (zh) * 2010-12-03 2016-06-08 中兴通讯股份有限公司 Ip多媒体子系统中媒体内容监听方法及装置
CN102123367A (zh) * 2011-01-19 2011-07-13 华为技术有限公司 监控终端的方法和通信系统
CN102204235B (zh) * 2011-05-25 2015-03-11 华为技术有限公司 一种监听方法、监听系统及安全分流设备
CN102843337B (zh) * 2011-06-20 2017-07-14 中兴通讯股份有限公司 Ip多媒体子系统中媒体内容监听方法及装置
KR101418698B1 (ko) * 2014-02-03 2014-07-10 박상래 무선 비상벨 제어 시스템, 방법 및 컴퓨터 판독 가능한 기록 매체
CN109257330B (zh) * 2017-07-13 2020-12-08 华为技术有限公司 一种合法监听的方法及相关设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1361967A (zh) * 1999-09-07 2002-07-31 诺基亚公司 截获数据的有序传递
CN1549621A (zh) * 2003-05-22 2004-11-24 华为技术有限公司 一种实现合法监听的方法
US20050058161A1 (en) * 2003-09-17 2005-03-17 Gennady Sorokopud Packet transport over General Packet Radio Service (GPRS) networks
CN1773967A (zh) * 2004-11-08 2006-05-17 华为技术有限公司 通过分组域为电路域用户提供业务的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1361967A (zh) * 1999-09-07 2002-07-31 诺基亚公司 截获数据的有序传递
CN1549621A (zh) * 2003-05-22 2004-11-24 华为技术有限公司 一种实现合法监听的方法
US20050058161A1 (en) * 2003-09-17 2005-03-17 Gennady Sorokopud Packet transport over General Packet Radio Service (GPRS) networks
CN1773967A (zh) * 2004-11-08 2006-05-17 华为技术有限公司 通过分组域为电路域用户提供业务的方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024083038A1 (fr) * 2022-10-20 2024-04-25 维沃移动通信有限公司 Procédés et appareil d'interception, et dispositif associé

Also Published As

Publication number Publication date
CN100512161C (zh) 2009-07-08
CN101110715A (zh) 2008-01-23

Similar Documents

Publication Publication Date Title
WO2008011819A1 (fr) Procédé et dispositif permettant d'émettre des informations d'interception légales
US8959238B2 (en) Systems, methods and computer program products for providing access to web services via device authentication in an IMS network
EP2522122B1 (fr) Aide d'interception légale d'appels dans un reseau packetcable
US7822407B2 (en) Method for selecting the authentication manner at the network side
US9973541B2 (en) Lawful interception in an IP multimedia subsystem network
EP1976186B1 (fr) Procédé d'écoute légale dans un réseau de nouvelle génération et système associé
US20090271859A1 (en) Systems and methods for restricting event subscriptions through proxy-based filtering
JP2009531921A (ja) セッションイニシエーションプロトコルにおいて信頼性のあるネットワーク供給のアクセスネットワーク情報を搬送するためのシステム及び方法
Zhuang et al. Policy-based QoS architecture in the IP multimedia subsystem of UMTS
US9628938B2 (en) Determination of IMS application server instance based on network information
CN101742011A (zh) 一种跨网络电话域的合法监听方法和系统
US9237587B2 (en) Method and system for implementing group message service based on converged service system
WO2007112642A1 (fr) Procédé et dispositif de mise en place d'un service d'identificateur multimédia d'utilisateur
CN100571461C (zh) 通信系统
WO2006131072A1 (fr) Procédé et appareil de mise en oeuvre du service de barrage
KR101287588B1 (ko) 에스아이피 기반 인터넷 전화 서비스의 보안 시스템
CN101521930B (zh) 一种策略控制方法及系统
JP5069353B2 (ja) Ipマルチメディア・サブシステム通信ネットワークにおいて信用性を処理するための方法および装置
WO2007082435A1 (fr) Système, procédé et équipement réseau d'écoute légale dans un réseau de nouvelle génération
WO2007056925A1 (fr) Procede et materiel de controle de session dans un reseau ims
WO2011150869A1 (fr) Procédé de commande distribuée et système de surveillance légale dans un réseau de sous-système de réseau fédérateur multimédia ip (ims)
WO2008058472A1 (fr) Procédé permettant de mettre en œuvre un service de réseau basé sur l'envoi de paquets de données, système et base de données enregistrés par des utilisateurs
WO2008092358A1 (fr) Procédé de réalisation de stratégie, système et élément réseau
WO2008049362A1 (fr) Système, dispositif et procédé de gestion de données de service utilisateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764145

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07764145

Country of ref document: EP

Kind code of ref document: A1