CN100361457C - Method for transferring monitored information - Google Patents
Method for transferring monitored information Download PDFInfo
- Publication number
- CN100361457C CN100361457C CNB2004100389124A CN200410038912A CN100361457C CN 100361457 C CN100361457 C CN 100361457C CN B2004100389124 A CNB2004100389124 A CN B2004100389124A CN 200410038912 A CN200410038912 A CN 200410038912A CN 100361457 C CN100361457 C CN 100361457C
- Authority
- CN
- China
- Prior art keywords
- target
- communication equipment
- virtual identifying
- true identity
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The present invention discloses a method for transferring monitored information, which comprises: LIC provides a virtual label distributed for a set goal user device to communication devices which store the corresponding relationship between a true label and the virtual label of the goal user device, and the monitored information carrying the virtual label is transferred among the communication devices. The safety of the true label of the goal user device is guaranteed according to the method of the present invention, the true label of the goal user device is prevented from illegally stealing, and the safety and the confidentiality of monitored activities are greatly enhanced.
Description
Technical field
The present invention relates to the monitoring field, be meant a kind of method that transmits monitoring information especially.
Background technology
Lawful Interception is meant that in the law allowed band activity of telecommunication service is monitored by state security department.Requirement according to state security department, the communication network of all operations, comprise PSTN (PSTN, Public Switched Telephone Network), global mobile communication (GSM, GlobalSystem for Mobile Communication) network, code division multiple access (CDMA, Code DivisionMultiple Access) communication network, and following Wideband Code Division Multiple Access (WCDMA) (W-CDMA, Wide CodeDivision Multiple Access) communication network, next generation network (NGN) etc., state security department can be monitored target UE, and the monitoring interface of realizing monitoring is provided, as policing interface (lawful interception interface).Subscriber equipment by Lawful Interception is called target UE.
Fig. 1 is an existing techniques in realizing scheme schematic diagram, as shown in Figure 1, when target UE is monitored, Lawful Interception Center (LIC, Lawful Information Center) 101 by policing interface (lawful interception interface) 105 and the (MSC of mobile switching centre, Mobile Switch Center) 102 attaching position register (HLR,, Home Location Register) 103 mobile positioning center (MPC,, Mobile PositionCenter)/GMLC (GMLC, Gateway Mobile Location Center) 104 communication equipments such as grade are continuous.When LIC 101 need monitor target UE, just in communication equipment, set the target UE of being monitored by policing interface (lawful interception interface) 105, when target UE communicates activity, communication equipment reports the communication activity relevant information of target UE to LIC 101, as the communication activity incident of target UE, Content of Communication, positional information or the like, thereby realize the monitoring of 101 pairs of target UEs of LIC.
Above-described communication equipment also can comprise (the SMC of short message service center, Short MessageCenter), group data service node (PDSN, Packet Data Service Node), Authentication Authorization and accounting server (AAA, Authentication Authority Accounting), home subscriber server (HSS, Home Subscriber Server), service universal grouping wireless business supporting node (SGSN, Serving GPRS Support Node), ggsn (GGSN, Gateway GPRS Support Node) or the like.
In the existing communication network, generally target UE is carried out Lawful Interception by the target UE sign, promptly monitoring system is set the target UE of being monitored according to customer equipment identification.For GSM network, WCDMA communication network, the target UE sign can be travelling carriage Integrated Services Digital Network number (MSISDN, Mobile Subscriber ISDN Number), international mobile subscriber identity (IMSI) or international mobile equipment identification number (IMEI); For the cdma communication network, this target UE sign can be mobile number book (MDN), IMSI or electronics string number (ESN).Above-described target UE sign can be described as sign commonly used or true identity.
In the monitoring activity, the true identity of target UE should be sensitive, must guarantee the confidentiality of target UE true identity, guarantee that the target UE true identity can not illegally be known, therefore, for improving the confidentiality and the fail safe of monitoring activity, the policing interface (lawful interception interface) between LIC and the communication equipment adopts private line access usually or takes encryption measures, make that the target UE true identity that transmits between LIC and the communication equipment is as safe as a house, can illegally do not known.
But in some cases, when target UE communicates activity, need mutual by between communication equipment, triggering certain or some communication equipments wherein report the monitoring information of target UE to LIC, at this moment, to transmit the true identity of target UE between communication equipment, owing to adopt signaling network to connect between communication equipment usually, the fail safe of signaling network and confidentiality are all well below policing interface (lawful interception interface), like this, the node by signaling network transmits the true identity of target UE, and as easy as rolling off a log quilt is is illegally intercepted and captured, reduce the fail safe and the confidentiality of monitoring activity greatly, for the activity of monitoring brings serious potential safety hazard.
Contrast Fig. 1 describes with application example below, for making the monitoring personnel can grasp the whereabouts of target UE timely and accurately, can in communication equipment, preestablish special number, as in MSC102 or HLR103, setting special number, when target UE is called out special number, the MSC102 notice MPC/GMLC104 at the current place of target UE positions operation to target UE, and MPC/GMLC104 provides the positioning result of target UE to LIC101.When the MSC102 notice MPC/GMLC104 at the current place of target UE positions target UE, MSC102 need send the true identity of target UE to MPC/GMLC104, like this, the target UE true identity that transmits between the signaling network node will be very easy to illegally be intercepted and captured, thereby know the target UE of being monitored, greatly reduced the fail safe and the confidentiality of monitoring activity.
Though can earlier the target UE true identity be encrypted, and then between communication equipment, transmit, be decrypted at last, thereby obtain the true identity of target UE, like this, just need communication equipment support encryption, decipher function, and for strengthening the fail safe that the target UE true identity transmits, the encryption key that also needing upgrades in time uses between the communication equipment, cause the processing procedure between the communication equipment too complicated, and when traffic carrying capacity is bigger, the encryption of above-mentioned communication equipment, decipher function will have a strong impact on its performance.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of method that transmits monitoring information, to strengthen the fail safe and the confidentiality of monitoring activity.
In order to achieve the above object, the invention provides a kind of method that transmits monitoring information, the method includes the steps of:
A, Lawful Interception Center LIC are that target UE distributes a plurality of virtual identifyings, LIC request communication equipment is set the target UE of being monitored, and provide the true identity and the described virtual identifying of target UE to communication equipment, and the corresponding relation between target UE true identity, virtual identifying and each communication equipment, the corresponding relation between communication apparatus stores target UE true identity, virtual identifying and each communication equipment;
Corresponding relation between B, communication equipment between target UE true identity, virtual identifying and each communication equipment transmits the monitoring information that carries virtual identifying;
C, communication equipment report monitoring information according to the monitoring requirement of setting to LIC.
In the such scheme, described step B is: when first communication equipment transmits monitoring information to second communication equipment, carry in the described monitoring information and the corresponding target UE virtual identifying of second communication equipment.
Described steps A further comprises:
Corresponding relation between a, LIC storage target UE true identity and the virtual identifying.
Carry the virtual identifying of target UE described in the step C in the monitoring information.
LIC is a target UE when distributing a plurality of virtual identifying, and described step a further comprises: the corresponding relation between LIC storage target UE true identity, virtual identifying and each communication equipment.
Carry in the monitoring information described in the step C and the corresponding target UE virtual identifying of communication equipment.
Carry the true identity of target UE described in the step C in the monitoring information.
According to the proposed method, LIC distributes virtual identifying for the target UE of setting, and provide the virtual identifying of distribution to communication equipment, corresponding relation between communication apparatus stores target UE true identity and the virtual identifying, when transmitting relevant monitoring information between the communication equipment, only transmit the target UE virtual identifying that LIC distributes, guaranteed the fail safe of target UE true identity, avoid the true identity of target UE illegally to be stolen, strengthened the fail safe and the confidentiality of monitoring activity greatly.
Description of drawings
Fig. 1 is an existing techniques in realizing scheme schematic diagram;
Fig. 2 is an implementation schematic diagram of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Among the present invention, LIC distributes virtual identifying for the target UE of setting, and provide the virtual identifying of distribution to communication equipment, corresponding relation between communication apparatus stores target UE true identity and the virtual identifying, when transmitting relevant monitoring information between the communication equipment, only transmit the target UE virtual identifying that LIC distributes, to strengthen the fail safe and the confidentiality of monitoring activity.The virtual identifying of target UE also can be described as temporary mark.
Fig. 2 is an implementation schematic diagram of the present invention, as shown in Figure 2, LIC101 is before request communication equipment target setting subscriber equipment, for target UE distributes virtual identifying, the true identity and the virtual identifying of target UE are provided to communication equipment then, as the true identity and the virtual identifying of target UE, the corresponding relation between LIC101 and communication apparatus stores target UE true identity and the virtual identifying are provided to MSC102, HLR103, MPC/GMLC104 etc.
When target UE communicates activity, transmit the monitoring information that carries the target UE virtual identifying between the communication equipment, last communication equipment reports the monitoring information of target UE according to the monitoring requirement of setting to LIC101.
Contrast Fig. 2 describes with application example below, and the implementation procedure among the present invention may further comprise the steps:
Step 201:LIC101 for target UE distributes virtual identifying, and stored the corresponding relation between target UE true identity and the virtual identifying before request communication equipment target setting subscriber equipment.LIC101 can be target UE and distributes a unique and corresponding virtual identifying of true identity; Also can distribute a plurality of target UE virtual identifyings, as quantity according to communication equipment, the virtual identifying that distributes respective numbers, for example, LIC101 is at MSC102, HLR103 and MPC/GMLC104 are respectively target UE and distribute virtual identifying, be target UE and distribute 3 virtual identifyings, store the target UE true identity then, corresponding relation between virtual identifying and each communication equipment, or certain several communication equipment is corresponding to a target UE virtual identifying, for example, LIC101 is that target UE distributes a virtual identifying at MSC102 and HLR103, is that target UE distributes a virtual identifying at MPC/GMLC104.
Step 202:LIC101 request communication equipment target setting subscriber equipment provides the true identity and the virtual identifying of target UE, the corresponding relation between communication apparatus stores target UE true identity and the virtual identifying to communication equipment.If LIC101 has distributed a plurality of target UE virtual identifyings, then LIC101 also needs to provide the target UE true identity to each communication equipment, corresponding relation between virtual identifying and each communication equipment, each communication apparatus stores target UE true identity, corresponding relation between virtual identifying and each communication equipment, remove the corresponding relation of storing between target UE true identity and the virtual identifying as MSC102, also need store the target UE true identity, corresponding relation between virtual identifying and the HLR103, and target UE true identity, the corresponding relation of virtual identifying and MPC/GMLC104.
Step 203: when target UE communicates activity, transmit the virtual identifying that only carries target UE in the relevant monitoring information between communication equipment.If LIC101 has only distributed a unique target UE virtual identifying, the target UE virtual identifying that then transmits between all communication equipments is all identical; If LIC101 has distributed a plurality of target UE virtual identifyings, it is the corresponding relation of having stored in the communication equipment between target UE true identity, virtual identifying and the communication equipment, then communication equipment is according to stored relation, provide and the corresponding target UE virtual identifying of another communication equipment to another communication equipment, when MPC/GMLC104 sends the relevant monitoring information of target UE, provide corresponding target UE virtual identifying as MSC102 with MPC/GMLC104 to MPC/GMLC104.
Step 204: communication equipment reports the monitoring information of target UE according to the monitoring requirement of setting to LIC101.Owing to be connected to policing interface (lawful interception interface) 105 between communication equipment and the LIC101, policing interface (lawful interception interface) 105 has high fail safe and confidentiality, therefore, the target UE sign that transmits between communication equipment and the LIC101 can be the true identity of target UE, also can be the virtual identifying of target UE.
For example, LIC101 is that target UE distributes virtual identifying, the corresponding relation between storage target UE true identity and the virtual identifying; Target setting subscriber equipment in MSC102, HLR103 and MPC/GMLC104 then, and provide the virtual identifying of distribution, the corresponding relation between MSC102, HLR103 and MPC/GMLC104 storage target UE true identity and the virtual identifying to MSC102, HLR103 and MPC/GMLC104.For making the monitoring personnel can grasp the whereabouts of target UE timely and accurately, LIC101 has set special number in advance in communication equipment, requires when target UE is called out special number, and MPC/GMLC104 positions operation to target UE.
When the MSC102 at the current place of target UE detects the calling that target UE initiates special number, send the location indication to MPC/GMLC104, carry the virtual identifying of target UE in this location indication, can further carry the special number that target UE is called out in this location indication.If LIC101 is according to the quantity of communication equipment, the virtual identifying that has distributed respective numbers, it is the corresponding relation of having stored in the communication equipment between target UE true identity, virtual identifying and the communication equipment, then MSC102 carries the corresponding target UE virtual identifying with MPC/GMLC104 according to stored relation in the location indication that MPC/GMLC104 sends.
After MPC/GMLC104 receives the location indication, according to the target UE true identity of storage and the corresponding relation between the virtual identifying, after finding target UE, target UE is positioned operation, and MPC/GMLC104 provides the positioning result of target UE to LIC101 then.Since be connected to policing interface (lawful interception interface) 105 between LIC101 and the MPC/GMLC104, therefore, the true identity of portability target UE in the positioning result, the also virtual identifying of portability target UE.
If what communication equipment carried in the monitoring information that LIC101 reports is the true identity of target UE, then LIC101 can not store the corresponding relation between target UE true identity and the virtual identifying after distributing the target UE virtual identifying.
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (7)
1, a kind of method that transmits monitoring information is characterized in that the method includes the steps of:
A, Lawful Interception Center LIC are that target UE distributes a plurality of virtual identifyings, LIC request communication equipment is set the target UE of being monitored, and provide the true identity and the described virtual identifying of target UE to communication equipment, and the corresponding relation between target UE true identity, virtual identifying and each communication equipment, the corresponding relation between communication apparatus stores target UE true identity, virtual identifying and each communication equipment;
Transmit the monitoring information that carries virtual identifying according to the corresponding relation between target UE true identity, virtual identifying and each communication equipment between B, communication equipment;
C, communication equipment report monitoring information according to the monitoring requirement of setting to LIC.
2, method according to claim 1 is characterized in that, described step B is: when first communication equipment transmits monitoring information to second communication equipment, carry in the described monitoring information and the corresponding target UE virtual identifying of second communication equipment.
3, method according to claim 1 and 2 is characterized in that, described steps A further comprises:
Corresponding relation between a, LIC storage target UE true identity and the virtual identifying.
4, method according to claim 3 is characterized in that, carries the virtual identifying of target UE described in the step C in the monitoring information.
5, method according to claim 3, it is characterized in that, LIC is a target UE when distributing a plurality of virtual identifying, and described step a further comprises: the corresponding relation between LIC storage target UE true identity, virtual identifying and each communication equipment.
6, method according to claim 5 is characterized in that, carries in the monitoring information described in the step C and the corresponding target UE virtual identifying of communication equipment.
7, method according to claim 1 and 2 is characterized in that, carries the true identity of target UE described in the step C in the monitoring information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100389124A CN100361457C (en) | 2004-05-10 | 2004-05-10 | Method for transferring monitored information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100389124A CN100361457C (en) | 2004-05-10 | 2004-05-10 | Method for transferring monitored information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1697406A CN1697406A (en) | 2005-11-16 |
| CN100361457C true CN100361457C (en) | 2008-01-09 |
Family
ID=35349942
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100389124A Expired - Fee Related CN100361457C (en) | 2004-05-10 | 2004-05-10 | Method for transferring monitored information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100361457C (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000056029A1 (en) * | 1999-03-12 | 2000-09-21 | Nokia Networks Oy | Interception system and method |
| CN1338169A (en) * | 1999-01-14 | 2002-02-27 | 诺基亚网络有限公司 | Interception method and system |
| WO2003044966A2 (en) * | 2001-11-23 | 2003-05-30 | Nokia Corporation | Technique for generating correlation number for use in lawful interception of telecommunications traffic |
| CN1449218A (en) * | 2002-02-13 | 2003-10-15 | 日本电气株式会社 | Location system with enhanced security |
| CN1132374C (en) * | 1996-07-31 | 2003-12-24 | 西门子公司 | Method and system for user distinguishing and/or information enciphering |
| WO2004010649A1 (en) * | 2002-07-19 | 2004-01-29 | Nokia Corporation | Informing a lawful interception system of the serving system serving an intercepted target |
| CN1474564A (en) * | 2002-08-05 | 2004-02-11 | ��Ϊ��������˾ | Communication method between virtual local area webs |
-
2004
- 2004-05-10 CN CNB2004100389124A patent/CN100361457C/en not_active Expired - Fee Related
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1132374C (en) * | 1996-07-31 | 2003-12-24 | 西门子公司 | Method and system for user distinguishing and/or information enciphering |
| CN1338169A (en) * | 1999-01-14 | 2002-02-27 | 诺基亚网络有限公司 | Interception method and system |
| WO2000056029A1 (en) * | 1999-03-12 | 2000-09-21 | Nokia Networks Oy | Interception system and method |
| WO2003044966A2 (en) * | 2001-11-23 | 2003-05-30 | Nokia Corporation | Technique for generating correlation number for use in lawful interception of telecommunications traffic |
| WO2003044966A3 (en) * | 2001-11-23 | 2003-11-27 | Nokia Corp | Technique for generating correlation number for use in lawful interception of telecommunications traffic |
| CN1449218A (en) * | 2002-02-13 | 2003-10-15 | 日本电气株式会社 | Location system with enhanced security |
| WO2004010649A1 (en) * | 2002-07-19 | 2004-01-29 | Nokia Corporation | Informing a lawful interception system of the serving system serving an intercepted target |
| CN1474564A (en) * | 2002-08-05 | 2004-02-11 | ��Ϊ��������˾ | Communication method between virtual local area webs |
Non-Patent Citations (2)
| Title |
|---|
| Security Architecture. 3GPP TS 33.102 V5.3.0. 2003 * |
| 移动通信中的LI(合法侦听)的实现技术. 孟旭东,王隽,陶海.江苏通信技术,第20卷第1期. 2004 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1697406A (en) | 2005-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1523827B1 (en) | Informing a lawful interception system of the serving system serving an intercepted target | |
| US7570941B2 (en) | Method enabling detection of stolen mobile communication devices and systems thereof | |
| US9072081B2 (en) | Cellular telecommunications networks for temporarily associating unique connection numbers with terminals having token identification modules | |
| US6405030B1 (en) | System for interception of digital cellular phone communication | |
| CN100473187C (en) | Method and equipment for storing subscriber data | |
| CN101437225B (en) | System and method for ciphering key forwarding and RRC packet deciphering in a UMTS monitoring system | |
| CN101142805B (en) | Lawful interception of unauthorized subscribers and equipments | |
| CN101563944A (en) | IMSI handling system | |
| KR20200053609A (en) | Method for transmitting an encrypted subscription identifier stored in a secure element to a physical or virtual element of a telecommunication network, a corresponding secure element, a physical or virtual element and a terminal cooperating with the secure element | |
| EP1985145A1 (en) | Provision of position information in telecommunications networks | |
| WO2001028273A1 (en) | A method and system for protecting a user identifier | |
| CN101600209B (en) | Method for identifying copied subscriber identity module (SIM) card, device and system therefor | |
| CN101227339B (en) | Method for monitoring data traffic based on contents and/or IP address | |
| US8543688B1 (en) | Generating correlation codes for location information | |
| CN103139769B (en) | A kind of wireless communications method and network subsystem | |
| CN101184303A (en) | Anti-theft method and apparatus for mobile terminal | |
| CN100361457C (en) | Method for transferring monitored information | |
| WO2006098669A1 (en) | Area based monitoring | |
| CN101431754B (en) | Method for preventing clone terminal access | |
| CN102124767B (en) | A kind of method and apparatus for providing identity Confidentiality protection for user of communication terminal | |
| CN101159625A (en) | System and method of implementing monitor for police for WiMAX | |
| CN101340643A (en) | Air interface voice ciphering startup method and system | |
| CN100353794C (en) | Method of proceeding grouping business audiomonitoring according to user mark | |
| CN1691675B (en) | A method for automatically reporting target user equipment location information | |
| CN1270477C (en) | Monitoring realizing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080109 Termination date: 20200510 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |