CN101159625B - System and method of implementing monitor for police for WiMAX - Google Patents

System and method of implementing monitor for police for WiMAX Download PDF

Info

Publication number
CN101159625B
CN101159625B CN2007101664442A CN200710166444A CN101159625B CN 101159625 B CN101159625 B CN 101159625B CN 2007101664442 A CN2007101664442 A CN 2007101664442A CN 200710166444 A CN200710166444 A CN 200710166444A CN 101159625 B CN101159625 B CN 101159625B
Authority
CN
China
Prior art keywords
aaa
agw
user
lic
mac address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2007101664442A
Other languages
Chinese (zh)
Other versions
CN101159625A (en
Inventor
罗来胜
朱戈
李智星
丁馥昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2007101664442A priority Critical patent/CN101159625B/en
Publication of CN101159625A publication Critical patent/CN101159625A/en
Application granted granted Critical
Publication of CN101159625B publication Critical patent/CN101159625B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention related to a lawful monitoring system for worldwide interoperability for microwave access (WiMAX) network based on the existing public telecommunication network. The functions of authentication authorization accounting (AAA) unit and access gateway (AGW) unit are improved, so that the lawful information center (LIC) can control AAA target according to real network access identifier (NAI) of user in advance, and control AGW target by the aid of MAC address of MIMAX terminal that is reported by the AAA and only related to the NAI; and the access event information and conversation state (conversation set up, release, and switch, etc.) during grouping operation to the target to be controlled and the copy of grouping operation upload and download data packet can be respectively reported to the LIC through the AAA and AGW, thereby realizing LIC monitoring to the grouping operation. The invention solves the problem that the monitor and control of the AGW can not be carried out because real NAI is not allowed to be transmitted in the network unit, and does not damage the safety of the extensible authentication protocol (EAP).

Description

The WiMAX network is realized the system and method for monitor for police
Technical field
The present invention relates in the communications field to realize wireless broadband network is carried out the technology of monitor for police, relate in particular to the system and method for realizing monitor for police in World Interoperability for Microwave Access, WiMax (WiMAX, the Worldwide Interoperability forMicrowave Access) network.
Background technology
In the present communications field, the extensive use of monitor for police function, for example core network device such as 3GPP, 3GPP2 all can provide the monitoring interface for Lawful Interception Center (LIC, Lawful Information Center).Usually, LIC is according to user ID, for example global mobile subscriber identification code (IMSI, International Mobile Subscriber Identity), network access Identifier sign indicating number (NAI, NetworkAccess Identifier), at (the MSC of mobile switching centre, Mobile Switching Center), (the GMSC of gateway exchange mobile switching centre, Gateway MSC), attaching position register (HLR, HomeLocation Register), sms center (SMC, Short Message Center), packet data serving node (PDSN, Packet Data Serving Node) and authentication-mandate-accounting server network element devices such as (AAA, Authentication Authorization Accounting) deploy to ensure effective monitoring and control of illegal activities.Deploy to ensure effective monitoring and control of illegal activities after the success, the network element device of deploying to ensure effective monitoring and control of illegal activities is sent to LIC to the comings and goings incident of controlled object (for example: start incident, shut down event, called incoming call traffic, position update event, short message incident, calling beginning incident, call release events, ring incident, packet sessions are set up incident, packet sessions release event, inserted incidents such as notification event, user's notification line, controlled object information change notice) by the monitor for police interface automatically, LIC receives the incident and the Content of Communication of the controlled object that reports, and the information of collecting is handled.
The WiMAX network will provide, and WiMAX fixing, mobile, portable forms connects, and finally can provide mobile wireless wide-band to connect under the situation that does not need direct sighting distance base station.Along with the extensive use of WiMAX network, the monitor for police function of WiMAX network also produces along with the market demand.
Monitor for police system in present CDMA2000 network packet (PS, Packet Switched) territory is that the IMSI according to the user deploys to ensure effective monitoring and control of illegal activities to the PDSN network element, according to user's IMSI or NAI the AAA network element is deployed to ensure effective monitoring and control of illegal activities.The basic procedure of deploying to ensure effective monitoring and control of illegal activities is as follows:
For deploying to ensure effective monitoring and control of illegal activities of known controlled object NAI, LIC can directly deploy to ensure effective monitoring and control of illegal activities to it by AAA; LIC inquires about the IMSI of NAI correspondence by means of the AAA internal interface, and then it is deployed to ensure effective monitoring and control of illegal activities by PDSN according to the IMSI that inquires.
The similar packet domain with CDMA2000 of WiMAX network configuration.But in the WiMAX network, user's unique identification is the real NAI of user that stores among the AAA, is not similar to the information of IMSI.That the authentication protocol of access authentication of user uses is extended authentication agreement (EAP, ExtensibleAuthentication Protocol), the EAP agreement is considered from security standpoint, require the real NAI of user that uses in the access authentication of user process all to be encapsulation and encryption in the EAP message, all invisible for other network elements except that AAA network element and WiMAX terminal; And that adopt in message packet all is pseudorandom NAI, and this pseudorandom NAI produces when being inserted by the WiMAX terminal at every turn at random.Therefore, for IAD in the WiMAX network (AGW, Access GateWay), it can't learn user's real NAI, so also just can't be by real NAI to user's monitoring of deploying to ensure effective monitoring and control of illegal activities in AGW.
Through patent retrieval, do not find as yet at present to realize the interface related patent of monitor for police in the WiMAX network, and do not have known solution at present yet.
Summary of the invention
Technical problem to be solved by this invention provides the system and method that a kind of WiMAX network is realized monitor for police, to solve existing WiMAX network owing to adopting the EAP method for authenticating, cause AGW can't know the real NAI of user, thereby can't monitor the problem of deploying to ensure effective monitoring and control of illegal activities the user.
In order to solve the problems of the technologies described above, the invention provides the system that a kind of WiMAX network is realized monitor for police, comprise WiMAX terminal, WiMAX base station BS, access gateway AG W, authentication-mandate-accounting server AAA and Lawful Interception Center LIC; Wherein, the user holds the WiMAX terminal and sends the extended authentication agreement EAP request message that inserts the WiMAX network through BS to AGW, and after the message of receiving the aaa authorization permission access that AGW transmits, uses the WiMAX network to carry out Business Processing; It is characterized in that:
AGW, be connected by IP network with AAA, and be connected by the first monitor for police interface with LIC, be used for the EAP request message of receiving is transmitted to AAA, after cooperating described LIC that target is deployed to ensure effective monitoring and control of illegal activities, when terminal carrying out service is handled, if judge that the user is a controlled object, then its session state information and Packet Service up-downgoing packet thereof are reported LIC according to the MAC Address of terminal;
AAA, be connected by the second monitor for police interface with LIC, be used for after cooperating LIC that target is deployed to ensure effective monitoring and control of illegal activities, when the access request of receiving the user that AGW transmits, the user data authentication is carried out in this request to be handled, and according to the real network access Identifier sign indicating number of user NAI if judging this user is controlled object, then its access events information is reported LIC;
LIC is used for target being deployed to ensure effective monitoring and control of illegal activities to AAA according to NAI; And the MAC Address of the terminal that provides according to AAA, to AGW target is deployed to ensure effective monitoring and control of illegal activities; Thereby realize monitor for police to Packet Service by AGW and AAA.
Further, AGW when receiving user's access request first, storage and the unique related mac address information of the real NAI of user, and this user is set is the state of not deploying to ensure effective monitoring and control of illegal activities.
Further, AGW is by the unique locating terminal of MAC Address, and AGW supports according to MAC Address target to be deployed to ensure effective monitoring and control of illegal activities; AAA supports according to the real NAI of user target to be deployed to ensure effective monitoring and control of illegal activities.
Further, the session state information that AGW reports comprises session foundation, session release, session switching and user's notification line; The access events information that AAA reports comprises user account number, user cipher, authentication mode, successfully sign, access failure reason, the IP address of AGW and the sign of BS at least.
Further, IP network adopts remote authentication dial-up access customer service radius protocol interface communication, and AGW transmits to AAA after when receiving the EAP request message it being packaged into the RADIUS message again; The first monitor for police interface and the second monitor for police interface all adopt ICP/IP protocol communication.
Further, the MAC Address of terminal is transmitted described user by AGW to AAA and is inserted request and the time carry to AAA, and reports LIC by AAA when reporting access events information.
Further, the MAC Address of terminal be that LIC inquires from AAA according to the real NAI of user, and MAC Address is unique related with NAI; LIC or to AAA target is deployed to ensure effective monitoring and control of illegal activities by the MAC Address of terminal, AAA or according to MAC Address if judge that the user is a controlled object, then its access events information is reported LIC.
Further, the increase of AAA, deletion, modification and query function guarantee in AAA internal mac address corresponding one by one with NAI; AAA also supports according to the MAC Address of terminal target to be deployed to ensure effective monitoring and control of illegal activities.
In order to solve the problems of the technologies described above, the invention provides the method that a kind of WiMAX network is realized monitor for police, may further comprise the steps:
LIC deploys to ensure effective monitoring and control of illegal activities to target to AAA according to the real NAI of user; And the MAC Address of the terminal that provides according to AAA is deployed to ensure effective monitoring and control of illegal activities to target to AGW;
Terminal sends the EAP request message that inserts the WiMAX network via BS to AGW, and the described EAP request message that AGW will receive is transmitted to AAA; AAA carries out the user data authentication to this request to be handled, and according to the real NAI of user if judge that this user be a controlled object, then its access events information is reported LIC, return EAP access response message to AGW then;
AGW allows terminal to insert the WiMAX network, and is its distribute links resource according to AAA entrained authorization message in response message; Terminal uses the WiMAX network to carry out Business Processing; AGW is controlled object according to the MAC Address of terminal as if the judgement user, then its session state information and duplicating of Packet Service up-downgoing packet thereof is reported LIC.
Further, AGW when receiving user's EAP request message first, storage and the unique related mac address information of the real NAI of user, and this user is set is the state of not deploying to ensure effective monitoring and control of illegal activities.
Further, AGW is by the unique locating terminal of MAC Address, and AGW supports according to MAC Address target to be deployed to ensure effective monitoring and control of illegal activities.
Further, the session state information that AGW reports comprises session foundation, session release, session switching and user's notification line; The access events information that AAA reports comprises user account number, user cipher, authentication mode, successfully sign, access failure reason, the IP address of AGW and the sign of BS at least.
Further, before described method step, also comprise step:
LIC sends the target information inquiry request message according to the real network access Identifier sign indicating number of user NAI to AAA; AAA is according to the NAI that carries in the request message, inquires the mac address information with its unique related terminal, and returns to LIC.
Further, LIC or according to MAC Address deploys to ensure effective monitoring and control of illegal activities to target to AAA.
In order to solve the problems of the technologies described above, the invention provides the method that a kind of WiMAX network is realized the monitor for police interface, may further comprise the steps:
(a) LIC deploys to ensure effective monitoring and control of illegal activities to target to AAA according to the real NAI of user;
(b) terminal sends the EAP request message that inserts the WiMAX network via BS to AGW; AGW transmits the EAP request message of receiving to AAA, and carries the MAC Address of terminal when transmitting; AAA carries out the user data authentication to request to be handled, and according to the real NAI of user if judge when this user be controlled object, the MAC Address of its terminal and the information of access events are reported LIC, return EAP access response message to AGW then;
(c) LIC deploys to ensure effective monitoring and control of illegal activities to target to AGW according to the MAC Address of terminal; AGW transmits AAA entrained authorization messages in response message to terminal, allows terminal to insert the WiMAX network, and is the terminal distribution link circuit resource;
(d) terminal uses the WiMAX network to carry out Business Processing, and if AGW when judging that described user is controlled object, reports LIC with its session status and duplicating of Packet Service up-downgoing packet according to the MAC Address of terminal.
Further, step (b) AGW when receiving user's EAP request message first, storage and the unique related mac address information of the real NAI of user, and this user is set is the state of not deploying to ensure effective monitoring and control of illegal activities.
Further, step (b) AAA supports the MAC Address of terminal is reported LIC; Step (c) and step (d) AGW are by the unique locating terminal of MAC Address, and AGW supports according to MAC Address target to be deployed to ensure effective monitoring and control of illegal activities.
Further, the access events information that step (b) AAA reports comprises user account number, user cipher, authentication mode, successfully sign, access failure reason, the IP address of AGW and the sign of BS at least; The session state information that step (d) AGW reports comprises session foundation, session release, session switching and user's notification line.
The present invention is under the prerequisite of the fail safe of harmless EAP authentication, solved in the WiMAX network owing to adopt the EAP method for authenticating in network element, to forbid transmitting true NAI, and can't monitor the problem of deploying to ensure effective monitoring and control of illegal activities to the AGW network element, also defined simultaneously in the WiMAX network LIC to the incident and the data of AAA and AGW network element monitoring.And enforcement of the present invention only relates to the change to the AAA in the network and two network elements of AGW, so its cost and difficulty are all very low.The present invention provides a kind of comparatively perfect solution satisfying under " the monitor for police interface can not be warned with movable and intercepted user or associated user are awared because of the difference of telecommunications service " principle of monitor for police.
Description of drawings
Fig. 1 is the system construction drawing that WiMAX network of the present invention is realized monitor for police;
Fig. 2 is the flow chart that WiMAX network of the present invention is realized monitor for police method one embodiment;
Fig. 3 is the flow chart that WiMAX network of the present invention is realized another embodiment of monitor for police method.
Embodiment
WiMAX network of the present invention is realized the system of monitor for police, mainly comprises WiMAX terminal, WiMAX base station (BS, Base Station), AGW, AAA, five parts of LIC of connecting by each network successively; Wherein, the WiMAX terminal is connected by wireless network with BS; AGW and AAA connect by IP network, and use remote authentication dial-up access customer service (RADIUS, RemoteAuthentication Dial In User Service) protocol interface communication; By separate monitor for police interface communication, monitor for police interface link layer protocol should adopt ICP/IP protocol respectively for LIC and AGW, AAA.The present invention is based on the monitor for police network architecture of existing public telecom network, only AAA network element and AGW network element are carried out the function improvement; With this, LIC can deploy to ensure effective monitoring and control of illegal activities to target to AAA earlier according to the real NAI of user, relend that help that AAA reports to it and medium access control (MAC, Media Access Control) the address unique related WIMAX terminal of NAI, target is deployed to ensure effective monitoring and control of illegal activities to AGW; Make controlled object in carrying out the Packet Service process, its access events information can report LIC by AAA, and its session status (session foundation, release, switching and user's notification line etc.) and duplicating of Packet Service up-downgoing packet can report LIC by AGW, thereby realize the monitoring of LIC to Packet Service.
Be described in further detail below in conjunction with the enforcement of specific embodiments and the drawings technique scheme of the present invention.
As shown in Figure 1, be the system construction drawing that WiMAX network of the present invention is realized monitor for police, this system 100 comprises WiMAX terminal 110 and related network elements: WiMAX base station BS 120, Access Service Network Gateway AGW 130, authentication-mandate-accounting server AAA 140 and Lawful Interception Center LIC150; Wherein:
WiMAX terminal 110 sends the EAP request message that inserts the WiMAX network via BS 120 to AGW 130, and after the message of receiving the aaa authorization permission access that AGW 130 transmits, uses the WiMAX network to carry out Business Processing;
AGW 130, are connected by IP network with AAA 140, and are connected by a monitor for police interface with LIC 150; Being used for after receiving the EAP request message it being packaged into the RADIUS message transmits to AAA140, and when receiving that WiMAX terminal 110 inserts request first, storage and the unique related information such as MAC Address of the real NAI of terminal 110 users, and this user is set is the state of not deploying to ensure effective monitoring and control of illegal activities; After cooperating LIC that target is deployed to ensure effective monitoring and control of illegal activities, when WiMAX terminal 110 is carried out Business Processing, if judge that it be a controlled object, then its session state information is reached and duplicating of Packet Service up-downgoing packet reports LIC 150 according to its MAC Address;
AAA 140, be connected by another monitor for police interface with LIC 150, be used for after cooperating LIC that target is deployed to ensure effective monitoring and control of illegal activities, when receiving that the user that AGW 130 transmits inserts request, data authentication, mandate and charging are carried out in this request to be handled, and according to its real NAI if judging this user is controlled object, then the information with its access events reports LIC 150;
LIC 150, are used for deploying to ensure effective monitoring and control of illegal activities to 140 pairs of targets of AAA according to the real NAI of user, and according to the MAC Address of WiMAX terminal 110, deploy to ensure effective monitoring and control of illegal activities to 130 pairs of targets of AGW; Thereby pass through the monitor for police that AGW 130 and AAA 140 realize Packet Service.
Wherein, the IP network between AGW 130 and the AAA 140 adopts remote authentication dial-up access customer service radius protocol interface communication; Between AAA 140 and the LIC 150 and AGW 130 all adopt ICP/IP protocol to communicate by letter with monitor for police interface between the LIC150.
AGW must support LIC according to the MAC Address of WiMAX terminal target to be deployed to ensure effective monitoring and control of illegal activities.
The session state information that AGW reports comprises session foundation, session release, session switching and user's notification line; The access events information that AAA reports comprises user account number, user cipher, authentication mode, successfully sign, access failure reason, the IP address of AGW and the sign of BS at least.
The WiMAX network that the present invention is based on said system is realized comprising the steps: the method for monitor for police
LIC deploys to ensure effective monitoring and control of illegal activities to target to AAA according to the real NAI of user; And target is deployed to ensure effective monitoring and control of illegal activities to AGW to the MAC Address of its WiMAX terminal that provides according to AAA;
The WiMAX terminal sends the EAP request message that inserts the WiMAX network via BS to AGW, and AGW is packaged into the RADIUS message with it and transmits to AAA after receiving the EAP request message; AAA carries out the user data authentication to this request to be handled, and according to the real NAI of user if judge when it be controlled object, the information of its access events is reported LIC, return EAP access response message to AGW then;
AGW transmits AAA entrained authorization message in response message to the WiMAX terminal, allows this terminal to insert the WiMAX network, and is its distribute links resource; This terminal uses the WiMAX network to carry out Business Processing, and AGW if judge that this user is a controlled object, reports LIC with its session status and duplicating of Packet Service up-downgoing packet according to its MAC Address.
Wherein, AGW must support LIC according to the MAC Address of WiMAX terminal target to be deployed to ensure effective monitoring and control of illegal activities.
Because the present invention is based on the monitor for police network architecture of existing public telecom network, carried out improving formed respectively to the function of the AAA in the WiMAX network, AGW network element, and the improvement different to the AAA network element, the implementation system and the method for two kinds of different WiMAX networks realization monitor for police interfaces of the present invention have been formed again respectively, although the network element in these two kinds of systems all as shown in Figure 1.
Below just these two kinds of different system and methods are illustrated by two embodiment.
Embodiment 1
The function that present embodiment carries out AGW 130 network elements is improved and is: can store, search for and inquire about the MAC Address of WiMAX terminal, and can locate unique WiMAX terminal, and also support the function that LIC deploys to ensure effective monitoring and control of illegal activities to target according to WiMAX terminal MAC Address by this MAC Address.The function that AAA 140 network elements are carried out is improved: when the user inserts to the MAC Address of the real NAI correspondence of LIC report of user.
Above-mentioned network element AGW 130, AAA 140 are carried out under the improved prerequisite of function, the system that forms present embodiment is as follows:
WiMAX terminal 110 sends the EAP request message that inserts the WiMAX network via BS 120 to AGW 130, and after the AAA 140 that receives AGW 130 transmission authorizes the message that allows to insert, uses the WiMAX network to carry out Business Processing;
AGW 130, are connected by IP network with AAA 140, and are connected by a monitor for police interface with LIC 150, are used for after receiving the EAP request message it being packaged into the RADIUS message and transmit to AAA140, carry the MAC Address of terminal in the message; When receiving the access request of terminal 110 first, the information such as MAC Address of storage and the unique related terminal 110 of the real NAI of user, and this user is set is the state of not deploying to ensure effective monitoring and control of illegal activities; After cooperating LIC that target is deployed to ensure effective monitoring and control of illegal activities, when terminal 110 is carried out Business Processing,, then its session state information (session foundation, release, switching and user's notification line etc.) and Packet Service up-downgoing packet thereof are duplicated and report LIC 150 if judging it is controlled object according to its MAC Address;
AAA 140, be connected by another monitor for police interface with LIC 150, be used for after cooperating LIC real NAI deploys to ensure effective monitoring and control of illegal activities to target according to the user, when receiving that the user that AGW 130 transmits inserts request, the user data authentication is carried out in this request to be handled, and according to the real NAI of user if judge when this user is controlled object, the information of its MAC Address and access events is reported LIC150;
LIC 150, are used for the real NAI according to the user, deploy to ensure effective monitoring and control of illegal activities to 140 pairs of targets of AAA; And the MAC Address of the terminal that reports according to AAA 140, deploy to ensure effective monitoring and control of illegal activities to 130 pairs of targets of AGW, thus the monitor for police of realizing Packet Service by AGW 130 and AAA 140.
Present embodiment comprises the steps: based on the method for the WiMAX network realization monitor for police of said system
(a) LIC deploys to ensure effective monitoring and control of illegal activities to target to AAA according to the real NAI of user;
(b) the WiMAX terminal sends the EAP request message that inserts the WiMAX network via BS to AGW; AGW is packaged into the RADIUS message with it and transmits to AAA 140 after receiving the EAP request message, carry the MAC Address of WiMAX terminal in the message; AAA carries out the user data authentication to this request to be handled, and according to the real NAI of user if judge when this user be controlled object, the information of its MAC Address and access events is reported LIC, return EAP access response message to AGW then;
(c) LIC deploys to ensure effective monitoring and control of illegal activities to target to AGW according to the MAC Address of terminal; AGW allows it to insert the WiMAX network, and is its distribute links resource to the authorization messages of terminal transmission AAA;
(d) terminal uses the WiMAX network to carry out Business Processing, when AGW judges that according to the MAC Address of terminal it is controlled object, its session status and duplicating of Packet Service up-downgoing packet is reported LIC.
Wherein, AGW must support LIC according to the MAC Address of WiMAX terminal target to be deployed to ensure effective monitoring and control of illegal activities, AAA when the user inserts to the MAC Address of the real NAI correspondence of LIC report of user.
Fig. 2 is the concrete flow chart of using of the foregoing description, comprises the steps:
201:LIC deploys to ensure effective monitoring and control of illegal activities to target to AAA according to the real NAI of user;
The 202:WiMAX terminal sends the EAP request message that inserts the WiMAX network via BS to AGW;
203:AGW is packaged into the RADIUS message with it and sends to AAA after receiving the EAP request message, carry the MAC Address of WiMAX terminal in the message; AAA to its authenticate, authorisation process, and judge according to the real NAI of user whether this user is controlled object;
204: if AAA judges this user is controlled object, and then the access events message with controlled object reports LIC together in company with its MAC Address;
205:AAA returns EAP to AGW and inserts response message;
206:AGW transmits authentication, the authentication of AAA to be passed through and authorization messages, and allows the WiMAX terminal to insert the WiMAX network;
207:LIC deploys to ensure effective monitoring and control of illegal activities to target to AGW according to the MAC Address of WiMAX terminal;
The 208:WiMAX terminal uses the WiMAX network to carry out Business Processing, and AGW judges if it is a controlled object according to its MAC Address, then its communication activity incident and duplicating of Packet Service uplink and downlink packet reported LIC.
Embodiment 2
The function that present embodiment carries out AGW 130 network elements is improved and is: can store and search for the MAC Address of WiMAX terminal, and can be by this unique WiMAX terminal in MAC Address location; And, can also support the function that LIC deploys to ensure effective monitoring and control of illegal activities to target according to WiMAX terminal MAC Address.
The function improvement that AAA 140 network elements are carried out is: can (be by device fabrication manufacturer Unified coding to the MAC Address of real NAI of user and WIMAX terminal, guarantee that this whole world, address is unique) binding relationship safeguard that promptly AAA can be by the true NAI of mode maintenance customer of signatory binding and unique association of MAC Address thereof; And the functions such as increasing, delete, change, look into of AAA 140 should be able to the true NAI of maintenance customer and the corresponding relation of MAC Address, guarantees that inner this MAC Address of AAA is corresponding one by one with this NAI.AAA also supports the function that LIC deploys to ensure effective monitoring and control of illegal activities to target according to the MAC Address of terminal.
Above-mentioned network element AGW 130, AAA 140 are carried out under the improved prerequisite of function, the system that forms present embodiment is as follows:
WiMAX terminal 110 sends the EAP request message that inserts the WiMAX network via BS 120 to AGW 130, and after the message that the mandate of receiving the AAA 140 that AGW 130 transmits allows to insert, uses the WiMAX network to carry out Business Processing;
AGW 130, be connected by IP network with AAA 140, and be connected by a monitor for police interface with LIC 150, being used for after receiving the EAP request message it being packaged into the RADIUS message transmits to AAA140, when receiving that WiMAX terminal 110 inserts request first, the information such as MAC Address of storage and the unique related terminal 110 of the real NAI of user, and this user is set is the state of not deploying to ensure effective monitoring and control of illegal activities; After cooperating LIC that target is deployed to ensure effective monitoring and control of illegal activities, when WiMAX terminal 110 is carried out Business Processing, MAC Address according to terminal is a controlled object as if this user of judgement, then its session state information (session foundation, release, switching and user's notification line etc.) and duplicating of Packet Service up-downgoing packet thereof is reported LIC 150;
AAA 140, be connected by another monitor for police interface with LIC 150, be used for after cooperating LIC that target is deployed to ensure effective monitoring and control of illegal activities, when receiving that the user that AGW 130 transmits inserts request, the user data authentication is carried out in this request to be handled, and according to the real NAI of user if judging this user is controlled object, then the information with its access events reports LIC 150;
LIC 150, be used for the IP address to the current AGW of AAA 140 inquiry controlled objects according to the real NAI of user, inquire about the information such as incidence relation of this NAI and WIMAX terminal MAC Address,, deploy to ensure effective monitoring and control of illegal activities to 140 pairs of targets of AAA by WIMAX terminal MAC Address or the real NAI of user; And, deploy to ensure effective monitoring and control of illegal activities to 130 pairs of targets of AGW by the terminal MAC Address; Thereby the monitoring that realizes Packet Service by AGW130 and AAA 140.
Embodiment 2 is that with the difference of embodiment 1 AAA 140 reports the acquiring way difference of the WIMAX terminal MAC Address of LIC 150.To be AGW 130 carry to AAA 140 when the access request that AAA 140 transmits WIMAX terminals 110 embodiment 1; 2 of embodiment are the real NAI of user that AAA 140 provides according to LIC 150, and inquire with the unique related MAC Address of this NAI.Also have, AAA 140 also supports the function that LIC deploys to ensure effective monitoring and control of illegal activities to target according to MAC Address.
Present embodiment may further comprise the steps based on the method for the WiMAX network realization monitor for police interface of said system:
(a) LIC sends target information query requests (no matter whether this user is deployed to ensure effective monitoring and control of illegal activities) by the real NAI of user to AAA, and the information such as MAC Address with its unique related WIMAX terminal that AAA will inquire about according to this NAI send to LIC;
(b) LIC deploys to ensure effective monitoring and control of illegal activities to target to AAA according to MAC Address or the real NAI of user; And to AGW target is deployed to ensure effective monitoring and control of illegal activities according to MAC Address; If this user is a connecting system for the first time, information such as AGW storage and real NAI corresponding M AC address then, and this user is set is the state of not deploying to ensure effective monitoring and control of illegal activities;
At this, the increase of AAA, deletion, modification and query function must guarantee in AAA internal mac address correspondingly one by one with NAI, and AAA supports the function of deploying to ensure effective monitoring and control of illegal activities according to real NAI of user or WIMAX terminal MAC Address dual mode.AGW can unique location WiMAX terminal use by MAC Address, and AGW must be able to support the function of deploying to ensure effective monitoring and control of illegal activities according to WIMAX terminal MAC Address.
(c) the WiMAX terminal sends EAP via BS to AGW and inserts request message, and AGW is packaged into the RADIUS message with it and transmits to AAA after receiving the EAP request message; AAA butt joint access customer authenticates, authorisation process, judges that then then the access events information with controlled object reports LIC if this user is a controlled object, and sends the response message that acceptance inserts to AGW;
At this, the information that AAA reports LIC comprises user account number, user cipher, authentication mode, successfully the IP address, Base Station Identification (BS-ID) etc. of sign, access failure reason, AGW at least.
(d) authorization message returned in response message according to AAA of AGW allows the user access network line data business of going forward side by side; Be controlled object according to WIMAX terminal MAC Address as if this user of judgement then, then communication activity dependent event and the duplicating of grouping busihess data bag thereof with controlled object reports LIC.
At this, AGW can carry out controlled object session foundation, session release, session switching and user's notification line state and report LIC; And must contain user data transmission in the breath of notifying thereon, comprise upstream data and downlink data.
Fig. 3 is the concrete flow chart of using of the foregoing description, and comprising flow process and the data report flow of deploying to ensure effective monitoring and control of illegal activities, concrete steps are as follows:
301:LIC sends target information query requests (no matter whether this user is deployed to ensure effective monitoring and control of illegal activities) according to the real NAI of user to AAA;
302:AAA inquires the WIMAX terminal MAC Address of binding with it according to this NAI, sends to LIC;
303:LIC uses real NAI of user or WIMAX terminal MAC Address to AAA target to be deployed to ensure effective monitoring and control of illegal activities;
304:LIC uses WIMAX terminal MAC Address to AGW target to be deployed to ensure effective monitoring and control of illegal activities;
More than being the step of the flow process of deploying to ensure effective monitoring and control of illegal activities, is the step of data report flow with next:
The 305:WiMAX terminal sends EAP via BS to AGW and inserts request message;
306:AGW is packaged into the RADIUS message with it and sends out forwarding to AAA after receiving the EAP request message;
307:AAA authenticates and authorizes the user who inserts; Judge that according to real NAI of user or WIMAX terminal MAC Address then the access events with this user reports LIC if the user is a controlled object then;
308:AAA returns the permission message that EAP inserts response to AGW;
309:AGW returns the response message of EAP authentication success through BS to the WiMAX terminal, allows the user to use the WiMAX network;
310: the user through authorization identifying carries out Business Processing by the WiMAX network;
When 311:AGW used the WiMAX network to carry out Business Processing the user, if judge that this user is a controlled object, then dependent event and the duplicating of grouping busihess data bag thereof with this telex network activity reported LIC according to WIMAX terminal MAC Address.
From the above mentioned as can be seen, the present invention is only by changing AAA in the WiMAX network and AGW Network Element Function, can't carry out the monitor for police problem of deploying to ensure effective monitoring and control of illegal activities with regard to having solved in the WiMAX network to the AGW network element owing to adopt the EAP method for authenticating, and the EAP method for authenticating is not had any change, and historical facts or anecdotes is executed than being easier to.The present invention has also defined in the WiMAX network LIC to the incident and the data of AAA and AGW network element monitoring.
Though the present invention discloses preferred embodiment as above; right its is not in order to limiting the present invention, anyly has the knack of this skill person, without departing from the spirit and scope of the present invention; when can doing a little change and retouching, thus protection scope of the present invention when with aforementioned claims the person of being defined be as the criterion.

Claims (18)

1. the system of a WiMAX network realization monitor for police comprises WiMAX terminal, WiMAX base station BS, access gateway AG W, authentication-mandate-accounting server AAA and Lawful Interception Center LIC; Wherein, the user holds described terminal and sends the extended authentication agreement EAP request message that inserts described WiMAX network through described BS to described AGW, and after the message of receiving the aaa authorization permission access that described AGW transmits, uses described WiMAX network to carry out Business Processing; It is characterized in that:
Described AGW, be connected by IP network with described AAA, and be connected by the first monitor for police interface with described LIC, the described EAP request message that is used for receiving is transmitted to described AAA, after cooperating described LIC that target is deployed to ensure effective monitoring and control of illegal activities, when described terminal is carried out described Business Processing, if judge that described user is a controlled object, then duplicating of its session state information and Packet Service up-downgoing packet thereof reported described LIC according to the MAC Address of described terminal;
Described AAA, be connected by the second monitor for police interface with described LIC, be used for after cooperating described LIC that described target is deployed to ensure effective monitoring and control of illegal activities, when the access request of receiving the described user that described AGW transmits, the user data authentication is carried out in this request to be handled, and according to the real network access Identifier sign indicating number of user NAI if judging described user is controlled object, then its access events information is reported described LIC;
Described LIC is used for described target being deployed to ensure effective monitoring and control of illegal activities to described AAA according to described NAI; And the MAC Address of the described terminal that provides according to described AAA, to described AGW described target is deployed to ensure effective monitoring and control of illegal activities; Thereby pass through the monitor for police of described AGW and described AAA realization to Packet Service.
2. according to the described system of claim 1, it is characterized in that, described AGW when the described access request of receiving described user first, storage and the unique related described mac address information of the real NAI of described user, and described user is set is the state of not deploying to ensure effective monitoring and control of illegal activities.
3. according to the described system of claim 1, it is characterized in that described AGW is by the described terminal in the unique location of described MAC Address, and described AGW supports according to described MAC Address described target to be deployed to ensure effective monitoring and control of illegal activities; Described AAA supports according to the real NAI of described user described target to be deployed to ensure effective monitoring and control of illegal activities.
4. according to the described system of claim 1, it is characterized in that the described session state information that described AGW reports comprises session foundation, session release, session switching and user's notification line; The described access events information that described AAA reports comprises user account number, user cipher, authentication mode, successfully sign, access failure reason, the IP address of described AGW and the sign of described BS at least.
5. according to the described system of claim 1, it is characterized in that, described IP network adopts remote authentication dial-up access customer service radius protocol interface communication, and described AGW transmits to described AAA after when receiving described EAP request message it being packaged into the RADIUS message again; Described first monitor for police interface and the described second monitor for police interface all adopt ICP/IP protocol communication.
6. according to each described system of claim 1 to 5, it is characterized in that, the MAC Address of described terminal is transmitted described user by described AGW to described AAA and is inserted request and the time carry to described AAA, and reports described LIC by described AAA when reporting described access events information.
7. according to each described system of claim 1 to 5, it is characterized in that, the MAC Address of described terminal, described LIC inquires from described AAA according to the real NAI of described user, and described MAC Address is unique related with described NAI; Described LIC or to described AAA target is deployed to ensure effective monitoring and control of illegal activities by the MAC Address of described terminal, described AAA or according to described MAC Address if judge that described user is a controlled object, then its access events information is reported described LIC.
8. according to the described system of claim 7, it is characterized in that the increase of described AAA, deletion, modification and query function guarantee in the inner described MAC Address of described AAA corresponding one by one with described NAI; Described AAA also supports according to the MAC Address of described terminal described target to be deployed to ensure effective monitoring and control of illegal activities.
9. realize may further comprise the steps the method for monitor for police based on the WiMAX network of the described system of claim 1 for one kind:
Described LIC deploys to ensure effective monitoring and control of illegal activities to target to described AAA according to the real NAI of described user; And the MAC Address of the described terminal that provides according to described AAA is deployed to ensure effective monitoring and control of illegal activities to target to described AGW;
Described terminal sends the EAP request message that inserts the WiMAX network via described BS to described AGW, and the described EAP request message that described AGW will receive is transmitted to described AAA; Described AAA carries out the user data authentication to described request to be handled, and be controlled object if judge described user according to the real NAI of described user, then its access events information is reported described LIC, return EAP to described AGW then and insert response message;
Described AGW allows described terminal to insert described WiMAX network, and is its distribute links resource according to described AAA entrained authorization message in described response message; Described terminal uses described WiMAX network to carry out Business Processing; Described AGW is controlled object according to the MAC Address of described terminal as if the described user of judgement, then duplicating of its session state information and Packet Service up-downgoing packet thereof is reported described LIC.
10. in accordance with the method for claim 9, it is characterized in that, described AGW when receiving described user's described EAP request message first, storage and the unique related described mac address information of the real NAI of described user, and described user is set is the state of not deploying to ensure effective monitoring and control of illegal activities.
11. in accordance with the method for claim 9, it is characterized in that described AGW is by the described terminal in the unique location of described MAC Address, and described AGW supports according to described MAC Address described target to be deployed to ensure effective monitoring and control of illegal activities.
12. in accordance with the method for claim 9, it is characterized in that the described session state information that described AGW reports comprises session foundation, session release, session switching and user's notification line; The described access events information that described AAA reports comprises user account number, user cipher, authentication mode, successfully sign, access failure reason, the IP address of described AGW and the sign of described BS at least.
13. according to each described method of claim 9 to 12, it is characterized in that, before described method step, also comprise step:
Described LIC sends the target information inquiry request message according to the real network access Identifier sign indicating number of user NAI to described AAA; Described AAA is according to the described NAI that carries in the described request message, inquires the mac address information with its unique related described terminal, and returns to described LIC.
14. in accordance with the method for claim 13, it is characterized in that described LIC or according to described MAC Address deploys to ensure effective monitoring and control of illegal activities to described target to described AAA.
15. the method based on the WiMAX network realization monitor for police interface of the described system of claim 6 may further comprise the steps:
(a) described LIC deploys to ensure effective monitoring and control of illegal activities to target to described AAA according to the real NAI of user;
(b) described terminal sends the EAP request message that inserts the WiMAX network via described BS to described AGW; The described EAP request message that described AGW will receive is transmitted to described AAA, and carries the MAC Address of described terminal when described the forwarding; Described AAA carries out the user data authentication to described request to be handled, and according to the real NAI of described user if judge when described user is controlled object, the MAC Address of its terminal and the information of access events are reported described LIC, return EAP to described AGW then and insert response message;
(c) described LIC deploys to ensure effective monitoring and control of illegal activities to described target to described AGW according to the MAC Address of described terminal; Described AGW transmits described AAA entrained authorization messages in described response message to described terminal, allows described terminal to insert described WiMAX network, and is described terminal distribution link circuit resource;
(d) described terminal uses described WiMAX network to carry out Business Processing, and described AGW if judge when described user is controlled object, reports described LIC with duplicating of its session status and Packet Service up-downgoing packet according to the MAC Address of described terminal.
16. in accordance with the method for claim 15, it is characterized in that, the described AGW of step (b) when receiving described user's described EAP request message first, storage and the unique related described mac address information of the real NAI of described user, and described user is set is the state of not deploying to ensure effective monitoring and control of illegal activities.
17. in accordance with the method for claim 15, it is characterized in that the described AAA of step (b) supports the MAC Address of described terminal is reported described LIC; Step (c) and the described AGW of step (d) are by the described terminal in the unique location of described MAC Address, and described AGW supports according to described MAC Address described target to be deployed to ensure effective monitoring and control of illegal activities.
18. in accordance with the method for claim 15, it is characterized in that, the described access events information that the described AAA of step (b) reports comprises user account number, user cipher, authentication mode, successfully sign, access failure reason, the IP address of described AGW and the sign of described BS at least; The described session state information that the described AGW of step (d) reports comprises session foundation, session release, session switching and user's notification line.
CN2007101664442A 2007-11-07 2007-11-07 System and method of implementing monitor for police for WiMAX Expired - Fee Related CN101159625B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2007101664442A CN101159625B (en) 2007-11-07 2007-11-07 System and method of implementing monitor for police for WiMAX

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2007101664442A CN101159625B (en) 2007-11-07 2007-11-07 System and method of implementing monitor for police for WiMAX

Publications (2)

Publication Number Publication Date
CN101159625A CN101159625A (en) 2008-04-09
CN101159625B true CN101159625B (en) 2011-04-20

Family

ID=39307551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007101664442A Expired - Fee Related CN101159625B (en) 2007-11-07 2007-11-07 System and method of implementing monitor for police for WiMAX

Country Status (1)

Country Link
CN (1) CN101159625B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459904B (en) * 2008-06-17 2010-12-29 中兴通讯股份有限公司 AAA server, P-GW, PCRF, obtaining method and system for customer equipment identification
CN101370304B (en) * 2008-09-19 2012-12-19 中兴通讯股份有限公司 Authentication implementing method and device
CN101599904B (en) * 2009-06-26 2012-06-27 中国电信股份有限公司 Method and system for virtual dial-up safe access
WO2014169470A1 (en) * 2013-04-19 2014-10-23 Telefonaktiebolaget L M Ericsson(Publ) Method and switch for lawful interception

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1535068A (en) * 2003-04-02 2004-10-06 华为技术有限公司 Method of proceeding grouping business audiomonitoring according to user mark
CN1549621A (en) * 2003-05-22 2004-11-24 华为技术有限公司 Method for realizing legal monitoring
CN1852179A (en) * 2005-10-26 2006-10-25 华为技术有限公司 System and method for realizing legally monitoring
CN1855883A (en) * 2005-04-29 2006-11-01 华为技术有限公司 WiMAX flow switching method
EP1838065A1 (en) * 2006-03-20 2007-09-26 Siemens Aktiengesellschaft Apparatus & method for assuring MIPv6 functionality after handover

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1535068A (en) * 2003-04-02 2004-10-06 华为技术有限公司 Method of proceeding grouping business audiomonitoring according to user mark
CN1549621A (en) * 2003-05-22 2004-11-24 华为技术有限公司 Method for realizing legal monitoring
CN1855883A (en) * 2005-04-29 2006-11-01 华为技术有限公司 WiMAX flow switching method
CN1852179A (en) * 2005-10-26 2006-10-25 华为技术有限公司 System and method for realizing legally monitoring
EP1838065A1 (en) * 2006-03-20 2007-09-26 Siemens Aktiengesellschaft Apparatus & method for assuring MIPv6 functionality after handover

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Arunabha Ghosh.Broadband Wireless Access with WiMax/8O2.16: Current Performance Benchmarks and Future Potential.《IEEE Communications Magazine》.2005,第43卷(第2期),129-136. *
雷震洲.IEEE 802.16和WiMAX.《现代电信科技》.2004,(第7期),4-9. *

Also Published As

Publication number Publication date
CN101159625A (en) 2008-04-09

Similar Documents

Publication Publication Date Title
CN101682827B (en) Method and system for call management based on geographical location
JP3981118B2 (en) Method for notifying a legitimate intercept system of a service system that services an intercepted goal
EP2547134B1 (en) Improved subscriber authentication for unlicensed mobile access signaling
WO2014032570A1 (en) Method, user equipment and remote management platform for switching operator network
US7383035B2 (en) Method of furnishing illegal mobile equipment user information
JPH0669879A (en) Method for detection of unlawfully discriminated mobile station and mobile communication exchange center apparatus for it
CN101352052A (en) Apparatus and method for cordless internet protocol
JP2003524336A (en) How to check the amount of data sent
CN103503411A (en) Security mechanism for mobile users
CN101227339B (en) Method for monitoring data traffic based on contents and/or IP address
CN103298110A (en) Method and system for triggering MTC device
CN101159625B (en) System and method of implementing monitor for police for WiMAX
CN101257412B (en) Alarming interception system and method for WiMAX network
CN101127648B (en) Legal monitoring method and system for WiMAX network
CN104486358A (en) Converged communication system based on micro base station
CN101094122A (en) Monitoring system and method in use for WiMAX network
CN100426739C (en) Network unit long-distance management system and method
CN101330756B (en) Intelligent network business implementing system and method for preventing user identification from being stolen
CN1200544C (en) Communication system and its method
CN103458499A (en) Off-line processing method and equipment
CN104618895A (en) Safety communication system based on micro base station
CN102932748B (en) A kind of method and system of triggering terminal group
CN104735688A (en) Micro base station system
CN101237615B (en) Dynamic control activation system and realization method for media network element
CN101163056B (en) Method of processing monitor sign of microwave access global intercommunication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110420

Termination date: 20161107

CF01 Termination of patent right due to non-payment of annual fee