CN100512161C - Method for transmitting legal monitoring information - Google Patents
Method for transmitting legal monitoring information Download PDFInfo
- Publication number
- CN100512161C CN100512161C CN 200710084874 CN200710084874A CN100512161C CN 100512161 C CN100512161 C CN 100512161C CN 200710084874 CN200710084874 CN 200710084874 CN 200710084874 A CN200710084874 A CN 200710084874A CN 100512161 C CN100512161 C CN 100512161C
- Authority
- CN
- China
- Prior art keywords
- message
- monitoring information
- functional entity
- eavesdropping target
- report
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
- H04M3/2281—Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
Abstract
The present invention discloses a method for transmitting legal monitoring information. The method comprises the monitoring information carried in the information relevant to the monitoring object, and the network function entity transmitted to the participated monitoring object conversation; the network function entity performs monitoring to the monitoring object according to the received monitoring information, and reports the relevant monitoring information IRI and / or the communication content CC to the law-enforcing institution. The method provided by the present invention can reduce the working quantity of the ADMF management and the network function entity maintenance and the possibility of the data leakage.
Description
Technical field
The present invention relates to the Lawful Interception field, relate in particular to a kind of method of transmitting legal monitoring information.
Background technology
Lawful Interception is a law enforcement agency through the approval of associated authorization office, the law enforcement behavior of public communication service being monitored according to national relevant law and public correspondence net industry standard.
In order to realize IP Multimedia System (IMS, IP Multimedia Subsystem) Lawful Interception in the network, 3GPP TS33.107 standard definition at the Lawful Interception model of IMS network, specifically referring to Fig. 1, this model comprises: judicial execution monitoring equipment (LEMF, Law EnforcementMonitoring Facility), management function (the ADMF of Lawful Interception, Administration Function) entity, handoff functions (DF, Delivery Function) entity, service call conversation control function (S-CSCF, Serving-Call Session Control Function) and/or Proxy Call Session Control Function (P-CSCF, Proxy-Call Session Control Function) entity.Wherein LEMF, ADMF and DF are positioned at law enforcement agency's side, and S-CSCF and P-CSCF are arranged in the IMS network as the monitoring control unit in the IMS network.
In concrete business realizing, when needs are carried out monitoring in the IMS network, ADMF is carried at the various monitored datas of law enforcement agency's side in the monitoring indication, send to S-CSCF and/or P-CSCF in the IMS network by the X1_1 interface, when call session signaling message process S-CSCF relevant and/or P-CSCF with the eavesdropping target, S-CSCF and/or P-CSCF monitor the eavesdropping target according to monitoring the monitored data that carries in the indication, and the Intercept related information (IRI, InterceptRelated Information) that is obtained is reported to the DF of law enforcement agency's side by X2 interface.Wherein, monitoring indication can comprise: the eavesdropping target activates indication, the eavesdropping target inquires about indication and the indication of eavesdropping target's attribute modification etc.; Monitored data can comprise eavesdropping target's sign etc.
In the scheme of this realization Lawful Interception, because S-CSCF and/or P-CSCF can't be known the supplementary service incident except basic session message, for example by application server (AS, ApplicationServer) value-added service that provides, so S-CSCF and/or P-CSCF can't give DF with eavesdropping target's supplementary service reporting events, therefore, law enforcement agency's side can't listen to the supplementary service incident of eavesdropping target in the IMS network.
At this problem, the subordinate's of ETSI (ETSI) TISPAN research Lawful Interception (LI, Lawful Interception) up-to-date manuscript 10tTD077a1 DTS-07013 has defined the functional entity that reports IRI and can further include the AS that links to each other with DF with ADMF.In this case, ADMF can be carried at monitored data to monitor in the indication and directly send to AS by the X1_1 interface, because AS is responsible for handling the supplementary service such as value-added service, so AS can report DF with the IRI relevant with the supplementary service incident according to monitored data, thereby can solve the problem that law enforcement agency's side can't listen to eavesdropping target's supplementary service incident in the IMS network.
Yet, solved the problem that reports eavesdropping target's supplementary service incident when monitoring though introduce AS, but in the IMS network, AS is provided by law enforcement agency and operator, but provide by the third party, may cause divulging a secret of monitored data so ADMF sends to AS with monitored data, have huge potential safety hazard.
In addition, use multiple different business because the eavesdropping target may contract, these different business may be provided by different AS, obtain eavesdropping target's monitored data by the X1_1 interface for making these AS, ADMF need manage these AS, disposes and safeguard the information of these AS.When the information of eavesdropping target's signing service changes, need to do synchronous renewal on the ADMF and handle, make corresponding AS acquisition or delete corresponding monitored data, this has greatly increased the workload that the side ADMF of law enforcement agency administers and maintains.
Can see from the above description, the pattern of current realization Lawful Interception sum up for: ADMF sends to monitored data the network functional entity that can report IRI, when the message relevant with the eavesdropping target is passed through these network functional entities, network functional entity is monitored the eavesdropping target according to monitored data, reports IRI to DF.The mode of this realization Lawful Interception has following shortcoming: the one, cause divulging a secret of monitored data easily, and there is potential safety hazard; The 2nd, because ADMF need administer and maintain the network functional entity of numerous acquisition monitored datas, so the workload that ADMF administers and maintains is big, and burden is heavy.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method of transmitting legal monitoring information, can reduce the workload that ADMF administers and maintains network functional entity.Further aim of the present invention is to reduce the possibility that monitored data is divulged a secret, and guarantees snooping safety.Particularly, this method comprises:
A, in the message relevant, carry monitoring information, send to the network functional entity that participates in eavesdropping target's session with the eavesdropping target;
B, network functional entity are monitored the eavesdropping target according to the monitoring information of receiving, and report Intercept related information IRI and/or Content of Communication CC to law enforcement agency's side,
Wherein, message described in the steps A is the call session sip message, and the described monitoring information that carries in the message relevant with the eavesdropping target is: service call conversation control function S-CSCF carries monitoring information in the sip message of being correlated with the eavesdropping target; Perhaps,
S-CSCF sends to legal monitoring business application server LI-AS with the sip message relevant with the eavesdropping target, and monitoring information on LI-AS carries in sip message sends to S-CSCF again.。
Described network functional entity is one of application server AS, inquiry CSCF I-CSCF, Interconnection Border Control Function IBCF, Breakout Gateway Control Function BGCF, MGCF MGCF, media gateway, Media Resource Function Processor MRFP or combination in any.
When the eavesdropping target was the calling party, the described monitoring information that carries in the message relevant with the eavesdropping target is: the network insertion unit carried monitoring information in the sip message of being correlated with the eavesdropping target.
After described step B, this method further comprises:
Network insertion unit, S-CSCF, I-CSCF, IBCF, BGCF or MGCF when sip message being mail to non-trust domain network entity, the monitoring information that carries in the deletion sip message.
The described monitoring information that carries in sip message comprises:
Utilize the SIP header field to carry monitoring information or utilize the sip message body to carry monitoring information.
Message described in the steps A is Diameter message or H.248 message or COPS message.
When described message was Diameter message, described network functional entity was service strategy decision making function SPDF or strategy decisive function PDF;
Described message is during for message H.248, and described network functional entity is media gateway or MRFP;
When described message was COPS message, described network functional entity was GGSN GGSN.
Described steps A comprises:
When described message was Diameter message, application function AF entity carried monitoring information and sends to service strategy decision making function SPDF or strategy decisive function PDF in Diameter message;
Described message is during for message H.248, and SPDF or PDF or MGCF carry monitoring information and send to media gateway in message H.248, and perhaps, media resource function controller MRFC carries monitoring information and sends to MRFP in message H.248;
When described message was COPS message, PDF carried monitoring information and sends to GGSN in COPS message.
Described Application Function is proxy call conversation control function entity P-CSCF or Interconnection Border Control Function entity IBCF or AGCF AGCF.
Described monitoring information comprises: eavesdropping target's sign.Described eavesdropping target's sign is made of one of SIP unified resource identifier, phone URL(uniform resource locator), a side or sign of being monitored in many ways or combination in any.Described monitoring information further comprises: report indication, DF address, key or the certificate of IRI and/or CC, cancellation to monitor one of indication or combination in any.Described DF address comprises DF2 address and/or DF3 address.
Described network functional entity reports CC specifically to comprise:
A network functional entity indicates follow-up network functional entity needn't report described CC once more after law enforcement agency's side reports CC.
Described indication subsequent network functional entity needn't report the method for CC to comprise once more:
A described network functional entity is deleted the indication that reports CC in monitoring information, maybe report the indication of CC to be set to not; After then described subsequent network functional entity receives described monitoring information, no longer report CC.
Described indication subsequent network functional entity needn't report the method for CC to comprise once more:
A described network functional entity is deleted the DF3 address in monitoring information, or is invalid with the DF3 address setting; After then described subsequent network functional entity receives described monitoring information, no longer report CC.
Described indication subsequent network functional entity needn't report the method for CC to comprise once more;
CC in the described network functional entity monitoring information report finish the indication be set to be; After then described subsequent network functional entity receives described monitoring information, no longer report CC.
Described CC reports and finishes indication and also further comprise: finish the network element and/or the CC that report CC and report corresponding DF3 address.
Can see from above technical scheme, the method of transmitting legal monitoring information provided by the invention, owing in the message relevant, carry monitoring information with the eavesdropping target, transmit monitoring information to the network functional entity that participates in eavesdropping target's session by sending the message relevant with the eavesdropping target, monitor according to monitoring information by network functional entity, and report IRI and/or CC to DF, so can reduce the workload that ADMF administers and maintains these network functional entities; In addition, owing to when the message relevant with the eavesdropping target mails to the network functional entity of not carrying out monitoring, delete the monitoring information that carries in the message relevant,, improved the fail safe of monitoring so the possibility that monitoring information is divulged a secret reduces with the eavesdropping target.
Description of drawings
Fig. 1 is the Lawful Interception model schematic diagram of IMS network in the prior art;
Fig. 2 is the Lawful Interception cellular logic structure chart that relates to eavesdropping target's signaling message according to the embodiment of the invention;
Fig. 3 is the flow chart according to the transmitting legal monitoring information of the embodiment of the invention;
Fig. 4 is the Lawful Interception cellular logic structure chart that relates to eavesdropping target's Media Stream according to the embodiment of the invention.
Embodiment
In order to make the features and advantages of the present invention clearer, the invention will be further described in conjunction with specific embodiments with reference to the accompanying drawings.
Main thought of the present invention is: monitoring information is carried in expansion in the message relevant with the eavesdropping target, when will the message relevant sending to the network functional entity that participates in eavesdropping target's session with the eavesdropping target, monitoring information is passed to the network functional entity that participates in eavesdropping target's session, these network functional entities are monitored the eavesdropping target according to the monitoring information of being received, report IRI and/or Content of Communication (CC, Content of Communication), because method transmitting legal monitoring information in the message relevant that the present invention adopts with the eavesdropping target, do not need ADMF to administer and maintain numerous network functional entities, so can reduce the workload of ADMF.
The specific implementation of the main thought of the present invention is described with reference to the accompanying drawings in conjunction with specific embodiments.
At first, referring to Fig. 2, the Lawful Interception cellular logic structure that relates to eavesdropping target's signaling message according to the embodiment of the invention is described.Fig. 2 is an example with the IMS network, provides the network configuration that comprises terminal, network insertion unit, S-CSCF, AS and legal monitoring business application server (LI-AS).
Here, terminal is the eavesdropping target, can be conversation initialized protocol (SIP, Session InitiationProtocol) terminal; It also can be traditional normal telephone service (POTS, Plain Old TelephoneService) terminal and integrated services digital network (ISDN, Integrated Services Digital Network) terminal.
The network insertion unit links to each other with S-CSCF with terminal, is used for terminal is linked into the IMS network, and functions such as registration, authentication and authentication are provided.E1 interface between network insertion unit and the S-CSCF adopts Session Initiation Protocol.The network insertion unit can be Application Function (AF, ApplicationFunction), P-CSCF for example, the corresponding terminal that inserts is a sip terminal; The network insertion unit also can be AGCF (AGCF, Access Gateway Control Function), and the corresponding terminal that inserts is POTS terminal and ISDN terminal.
The network insertion unit can receive the monitoring indication that carries monitored data that law enforcement agency's side sends, if the eavesdropping target is the calling party, then the sip message of calling party's transmission arrives in the time of can making the network insertion unit of its access network, the network insertion unit is expanded in sip message and is carried monitoring information, so, sip message the follow-up network element of process, Interconnection Border Control Function (IBCF for example, InterconnectionBorder Control Function), inquiry CSCF (I-CSCF, Interrogation-CallSession Control Function), S-CSCF, AS, Breakout Gateway Control Function (BGCF, BreakoutGateway Control Function), MGCF (MGCF, Media GatewayControl Function) etc. will report IRI and/or CC to DF according to receiving that the monitoring information that carries in the message monitors processing accordingly.When the network insertion unit mails to sip message non-trust domain network entity, the monitoring information that carries in the deletion sip message.Here, non-trust domain network entity is with respect to the trust domain network entity, the trust domain network entity is meant system that ISP (serviceprovider) has and/or exercisable and/or controllable and server, relative, equipment that non-trust domain network entity can be the consumer or third-party equipment etc.
S-CSCF links to each other with AS, has the E2 interface between the two, and this interface protocol is a Session Initiation Protocol.S-CSCF also can receive the monitoring indication that carries monitored data that law enforcement agency's side sends, when the sip message relevant with the eavesdropping target arrives the S-CSCF that serves for the eavesdropping target, monitoring information is carried in expansion in sip message, this sip message the follow-up network element of process, for example IBCF, I-CSCF, AS, BGCF, MGCF, network insertion unit etc. will be according to receiving that the monitoring information that carries in the message monitors processing accordingly.When S-CSCF for example mails to other non-trust domain network entity such as AS with sip message, the monitoring information that carries in the deletion sip message.
LI-AS is a functional entity of carrying out the legal monitoring business logic, and the Lawful Interception service is provided, and can obtain monitored data from law enforcement agency's side.Have the E3 interface between LI-AS and the S-CSCF, interface protocol is a Session Initiation Protocol.LI-AS receives the monitoring indication that carries monitored data that law enforcement agency's side sends, when the sip message relevant with the eavesdropping target arrives the LI-AS that serves for the eavesdropping target, monitoring information is carried in expansion in sip message, this sip message the follow-up network element of process, will be as IBCF, I-CSCF, S-CSCF, AS, BGCF, MGCF, network insertion unit etc. according to receiving that the monitoring information that carries in the message monitors processing accordingly.
In addition, LI-AS also can not receive the monitoring indication that carries monitored data that law enforcement agency's side sends, but the triggering of LI-AS is shown that S-CSCF current service user is the eavesdropping target by S-CSCF, S-CSCF obtains monitored data from law enforcement agency's side, after sip message arrives S-CSCF, S-CSCF judges according to monitored data whether serviced user is monitored in the current sessions, if monitored then sip message is routed to LI-AS; Perhaps the monitored data received of S-CSCF is a kind of triggering filtering rule, and S-CSCF is with sip message and this filtering rule coupling received, and the match is successful then is routed to LI-AS with this sip message, and LI-AS inserts monitoring information in the sip message of receiving.Triggering filtering rule described here can be the same with other initial filter criteria (iFC), obtained from home subscriber server (HSS) by S-CSCF; Also can produce according to the monitored data that obtains from law enforcement agency's side by S-CSCF.
In addition, except network insertion unit, S-CSCF can mailing to the monitoring information deletion of carrying in the sip message of non-trust domain network entity, IBCF, BGCF, I-CSCF, MGCF as the network boundary network element also can delete relevant monitoring information from sip message, these deletions can be unconditional, also can be by judging that sip message mails to non-trust domain and triggers deletion.
In addition, in packet domain, media gateway and Media Resource Function Processor (MRFP, MediaResource Function Processor) in the ordinary course of things, be based on agreement H.248 control, but in some cases, also can control based on Session Initiation Protocol, therefore, the above-mentioned sip message that carries monitoring information also can mail to media gateway and MRFP, and MRFP is also sometimes referred to as Media Resource Server.
Based on cellular logic structure shown in Figure 2, the detailed process of transmitting legal monitoring information is described below.In the present embodiment, eavesdropping target in the IMS network is the callee, callee's different business of may contracting, each business is handled by different AS, here, suppose that this callee source of having contracted identifies demonstration (OIP, Originating Identification Presentation) business is by this business of OIP AS processing callee, therefore, the network functional entity that participates in eavesdropping target's session is OIP AS, and the message relevant with the eavesdropping target is the request message Invite in the sip message.
Referring to Fig. 3, the detailed process of transmitting legal monitoring information comprises:
Step 301-303, the request message Invite that mails to the eavesdropping target arrive the S-CSCF that serves for the eavesdropping target, before the iFC of S-CSCF in carrying out eavesdropping target user's configuration, eavesdropping target's monitoring information is carried in expansion in request message Invite, S-CSCF carries out iFC then, and request message is routed to OIP AS;
OIP AS provides source sign display business for the eavesdropping target, therefore, when when the callee as the eavesdropping target sends a request message, the S-CSCF that serves for the callee can be routed to OIP AS with request message according to iFC, in order to listen to the supplementary service incident that OIP AS provides, before S-CSCF is routed to OIP AS with request message, monitoring information is carried in expansion in request message, then, S-CSCF carries out iFC again, request message is routed to OIP AS, and OIP AS just can receive monitoring information like this.So, do not carry out to monitor and report IRI thereby OIP AS does not need to obtain monitored data from ADMF, in other words, ADMF need not administer and maintain OIP AS, has therefore reduced the workload that ADMF administers and maintains OIP AS.
After step 304-307, OIP AS receive the request message that the S-CSCF route comes, carry out the OIP Business Processing, and analysis request message, according to the monitoring information that carries in the request message, the supplementary service incident that reports the eavesdropping target that the OIP business takes place is given DF, then the request message route is returned the S-CSCF into eavesdropping target's service;
After step 308-309, S-CSCF receive the request message that OIP AS route returns, priority according to iFC judges whether that also needs are routed to other AS with request message, here suppose callee's OIP business of only having contracted, so, S-CSCF can determine not need request message is routed to other AS, be that request message need mail to non-AS, so monitoring information that expansion is carried in the S-CSCF deletion request message, then request message is routed to other entity, for example is routed directly to callee's network insertion unit.
Because carrying monitoring information in sip request message sends to AS, AS reports IRI according to the monitoring information that carries in the sip request message, do not store the monitored data that ADMF sends, and when request message sends to non-AS, monitoring information in the S-CSCF meeting deletion request message is so can reduce the possibility of leakage of data.
Below only with reference to Fig. 3 with the eavesdropping target as the callee and to use the OIP business be example, described and in request message, carried monitoring information and send to OIP AS, OIP AS reports the process of supplementary service incident according to the monitoring information that carries in the request message, in fact, no matter in the calling which side eavesdropping target be in, no matter be calling party or callee, all arrive to the S-CSCF's of eavesdropping target's service, the request message relevant with the eavesdropping target, S-CSCF can carry monitoring information in request message, request message is sent to the AS of iFC appointment in eavesdropping target user's configuration, simultaneously also just monitoring information has been passed to AS, when S-CSCF sends to other non-trust domain network entity with request message, S-CSCF or as the IBCF of network boundary network element, BGCF, I-CSCF, the monitoring information that carries in the MGCF deletion request message.Especially, if the eavesdropping target is the calling party, the network insertion unit that receives the monitoring indication that carries monitored data of law enforcement agency's side transmission can be when the sip message arrival network insertion unit that the calling party sends, and monitoring information is carried in expansion in sip message.
In addition, it is example that embodiment shown in Figure 3 carries monitoring information with request message, in the practical application, also can utilize response message to carry monitoring information.
In process shown in Figure 3, be in sip message, to insert and delete monitoring information by S-CSCF for eavesdropping target's service, during specific implementation, can also be when the sip message relevant with the eavesdropping target arrive the LI-AS that serves for the eavesdropping target, expand in sip message by LI-AS and to carry monitoring information.
Equally, Fig. 3 only illustrates OIP AS and receives the process that the monitoring information that carries in the sip message reports IRI, in fact when the message of carrying monitoring information sent to network entities such as I-CSCF, S-CSCF in the trust domain, AS, BGCF, MGCF, media gateway, MRFP, these network entities can report IRI to DF according to monitoring information.
Below only described and in sip message, carried the process that legal monitoring information transmits, described below and specifically how in sip message, to carry monitoring information.
At first, entrained monitoring information is described.Entrained monitoring information comprises eavesdropping target's sign in sip message, this sign can be SIP unified resource identifier (URI) or phone (tel) URL(uniform resource locator) (URL), also can be a certain side of appointment in the describing message or the sign whether monitored in many ways.Monitoring information may further include the address information of law enforcement agency or listening center, this address information provides the address of current reception IRI and/or CC, can be a routable URI, it also can be an IP address, when reporting IRI and/or CC, can report to the DF of appointment in the monitoring information according to the address information of law enforcement agency that comprises in the monitoring information or listening center, this address information can be the DF2 address, is used for describing the address that receives eavesdropping target IRI; Can be the DF3 address also, be used for describing the address that receives eavesdropping target CC; It also can be the combination of DF2 address and DF3 address.Monitoring information can further include key or certificate, and key or certificate are unique signs of confirming and receiving the monitoring information that carries in the sip message, promptly has only and confirms just that when key or credentials match monitoring information is correct and legal, and receive monitoring information.Monitoring information can further include cancellation and monitors indication information, when the entity of AS or other participation eavesdropping target session is receiving the monitoring information that carries in the message, for avoid repeating to transmit and monitoring information can be kept at this locality at every turn, in this case, if the eavesdropping target is cancelled monitoring, AS or other entity that participates in eavesdropping target's session are monitored the monitoring information that the indication information deletion is kept at local eavesdropping target according to the cancellation in the monitoring information so.Above-mentioned monitoring information can carry in any sip message.
In conversation procedure, can there be more than one network element to participate in reporting of control CC, as reporting CC, also can report CC at home domain in the visit territory.For the repeatedly repetition CC that reduces different network elements reports, thereby avoid the waste of media resource, CC is reported under the prerequisite of same DF3, generally in a conversation procedure, only carry out a CC and report processing.Concrete implementation can be following two kinds:
Mode one is only to carry the indication that reports IRI in above-mentioned monitoring information, does not carry or delete the indication that reports CC, maybe reports the indication of CC to be set to "No".As in a session, P-CSCF knows that the user has been reported CC in the visit territory, then only carries the indication that reports IRI in the sip message that it sends, perhaps report the indication of CC to be set to not, like this, after the network element of home domain is received this sip message, will not handle that CC is reported.Certainly, in actual applications, be not limited only to visit the territory and report the back home domain no longer to report,, report visit territory, back no longer to report, belong to protection scope of the present invention equally at home domain for opposite process.Similarly, can also in monitoring information, only carry the DF2 address and do not carry the DF3 address, or delete the DF3 address, or be invalid etc. with the DF3 address setting, like this, follow-up network element is not owing to know the DF3 address, or the DF3 address that receives is invalid, just CC can not be reported.
Mode two is to carry CC to report and finish indication in above-mentioned monitoring information, indicates this session CC to report and finishes.Further, CC reports and finishes indication and can also comprise that finishing network element and/or this CC that CC reports reports corresponding DF3 address.As in a session, P-CSCF knows that the user has been reported CC in the visit territory, then carrying CC in the sip message that sends reports and finishes indication, and corresponding DF3 address, like this, after the network element of home domain is received this sip message, will judge that the front network element finishes CC and report corresponding DF3 address whether to report the DF3 address of CC correspondence whether consistent with this network element, if identical, then no longer handle CC and report; If inequality, then to the DF3 of this network element correspondence reporting address CC.Such as when the DF3 address of visit territory and home domain correspondence is inconsistent, even reported CC in the visit territory, home domain also will be handled CC and report.
In sip message, carry monitoring information and can use the SIP header field to carry, also can use the sip message body to carry.Use the SIP header field to carry monitoring information and comprise and use existing header field to carry and expand the sip message header field and carry, use existing header field to carry monitoring information and be exemplified below:
SIP header field P-Charging-Function-Address is used to transmit the distribution of billing function address, S-CSCF adds this message header in request when request message Invite arrives, and in this message header, use spreading parameter to carry monitoring information, for example, carry eavesdropping target's sign tom@home.com with spreading parameter li-id, carry DF address df2@lea.com with spreading parameter delivery-function
P-Charging-Function-Address:
li-id=tom@home.com;delivery-function=df2@lea.com
Expansion sip message header field carries monitoring information and is exemplified below:
P-LI:<sip:tom@home.com>;delivery-function=df2@lea.com
Carry expression eavesdropping target's the tom@home.com that is designated among this expansion sip message header field P-LI; The DF address is df2@lea.com;
Or,
P-LI:orig;delivery-function=df2@lea.com
What carry in the above-mentioned P-LI header field is that the eavesdropping target indicates orig, and expression message transmission source is that the calling subscriber is monitored, and concrete eavesdropping target is exactly the sign that message sends the source, can take from From header field or P-Asserted-Identity header field etc.;
Or,
P-LI:dest;delivery-function=df2@lea.com
What carry in the above-mentioned P-LI header field is that the eavesdropping target indicates dest, expression message purpose side is that the called subscriber is monitored, and concrete eavesdropping target is exactly a message purpose square mark, can take from Request-URI content, To header field, P-Asserted-Identity header field or P-Called-Party-ID header field etc.
The example that indication information is monitored in cancellation is as follows:
P-LI:dest;cancel
That carry in the above-mentioned P-LI header field is the sign cancel that the eavesdropping target indicates dest and cancellation monitoring indication, and expression message purpose side is cancelled monitoring.
The example of key or certificate is as follows:
P-LI:key=“6629fae49393a05397450978507c4ef1”
What carry in the above-mentioned P-LI header field is the key or the certificate key value of monitoring information, after the entity of participation eavesdropping target session receives the message of carrying monitoring information, key or certificate key value according to the monitoring information that carries in the message, according to the algorithm of prior agreement or other mode, the correctness of the monitoring information that carries in the acknowledge message and legitimacy, and further carry out the processing of describing among the present invention according to monitoring information.
Use the sip message body to carry monitoring information usually by in the sip message body, inserting a MIME (Multipurpose Internet Mail Extensions) (MIME who comprises typonym, subtype name, desired parameters reconciliation code type, Multipurpose Internet Mail Extensions) the type body carries monitoring information, and this monitoring information can use extending mark language (XML) to describe.
More than describe in detail referring to Fig. 2 and Fig. 3 and in sip message, to insert monitoring information, pass to the network element of AS or other participation eavesdropping target session, and participate in the process of the reported by network elements IRI of eavesdropping target's session by AS or other, in fact, participate in other network functional entity of eavesdropping target's session, always do not participate in the eavesdropping target session with Session Initiation Protocol, GGSN (GGSN for example, Gateway GPRS Support Node), Border Gateway Function (BGF, Border GatewayFunction), comprise the gateway of residential gateway and IAD etc., can obtain monitoring information by the mode of in the non-Session Initiation Protocol message relevant, transmitting monitoring information with the eavesdropping target, and then report IRI and/or CC, these non-Session Initiation Protocol message can be diameter (Diameter) message or H.248 message or public open policy service protocol protocol message (COPS, Common Open Policy Serviceprotocol) etc.
In fact, in network configuration shown in Figure 2, only considered the transmission of signaling message, for the dialog context of terminal when conversing, comprising Media Streams such as voice, video, according to the type difference of terminal, is to pass through functional entity access networks such as BGF, GGSN or gateway respectively.Specifically referring to Fig. 4, Fig. 4 illustrates the Lawful Interception cellular logic structure that relates to eavesdropping target's Media Stream according to the embodiment of the invention.Application Function (AF), P-CSCF for example, perhaps Interconnection Border Control Function (IBCF, Interconnection Border Control Function), perhaps AGCF, determine the size of terminal call Media Stream according to signaling message, and transmission message is informed service strategy decision making function (SPDF, ServicePolicy Decision Function) or strategy decisive function (PDF, Policy Decision Function), send a message to BGF, GGSN or gateway by SPDF or PDF, give the suitable bandwidth of terminal distribution.Because BGF or other gateway all are a kind of of media gateway (MG, Media Gateway),, BGF, gateway etc. are referred to as media gateway here.Interface protocol between AF and SPDF or the PDF is a Diameter, transmits Diameter message; Interface protocol between SPDF and the media gateway is agreement H.248, transmits H.248 message; Interface protocol between PDF and the GGSN is the COPS agreement, transmits COPS message.
In this case, AF expands in sending to the Diameter message of SPDF or PDF and carries monitoring information monitoring information is passed to SPDF or PDF, further carry monitoring information and send to BGF, GGSN or gateway by SPDF or PDF expansion in H.248 message or COPS message, BGF, GGSN or gateway are monitored the eavesdropping target, because the Media Stream of terminal call is through BGF, GGSN or gateway, so BGF, GGSN or gateway not only can report IRI can also report CC.In addition, similarly, for the terminal that inserts by AGCF, can be by AGCF with gateway when mutual, in message H.248, carry monitoring information and giving gateway, gateway reports IRI and/or CC to give DF according to the monitoring information in the message H.248.Therefore, here, the message relevant with the eavesdropping target comprises Diameter message, H.248 message and COPS message, and the network functional entity that participates in eavesdropping target's session is BGF, GGSN or gateway.MRFP also can carry the H.248 message acquisition monitoring information of monitoring information by expansion.For example, when eavesdropping target's session need be used resource on the MRFP, media resource function controller MRFC passed to MRFP by message H.248 with monitoring information, and MRFP reports IRI and/or CC to give DF according to the monitoring information in the message H.248.
Can see that from the above description monitoring information may further include the indication that reports IRI and/or CC, show whether current monitoring needs to report IRI and/or CC; Can further include the DF address, the DF address comprises DF2 address and DF3 address, the corresponding respectively address that reports the address of IRI and report CC, and DF2 address and DF3 address can be URI, also can be the IP addresses.
Particularly, being exemplified below of monitoring information carried in expansion in message H.248:
Expand and carry monitoring information, need definition monitoring information bag, here Ding Yi monitoring information comprises monitoring information bag sign (ID) and attribute, attribute comprises: eavesdropping target's sign, can also further comprise DF2 address and/or DF3 address, report indication, key or the certificate of IRI and/or CC, cancellation to monitor indication information etc.Wherein, eavesdropping target's sign is used for describing eavesdropping target's User Identity, can be SIP URI, also can be tel URL; The DF2 address is used for describing the address of eavesdropping target IRI output, can be URI, also can be the IP address; The DF3 address is used for describing the address of eavesdropping target CC output, can be URI, also can be the IP address.
Monitoring information is carried in expansion in Diameter message, and the property value that can pass through extended Diameter makes it carry monitoring information in conversation procedure and realizes (AVP).AVP comprises the type of attribute-name, attribute code, property value, can comprise eavesdropping target's sign, DF2 address and/or DF3 address etc. in the concrete AVP form.
Monitoring information is carried in expansion in COPS message, can by expansion 3GPP the policy information base (PIB of the Go interface definition between PDF and the GGSN, Policy Information Base), for example, the definition monitoring information is the proprietary object of COPS, comprises that the eavesdropping target identifies, DF2 address and/or DF3 address etc.The proprietary object of monitoring information carries in PDF sends to the message of GGSN.
Can see, be consistent in the content of sip message, Diameter message, the monitoring information that H.248 transmits in message, the COPS message, and difference only is the form difference of message.
The above process of having described transmitting legal monitoring information of the present invention with reference to accompanying drawing in conjunction with specific embodiments, can see from the above description, the core of method provided by the present invention is: monitoring information is carried in expansion in the message relevant with the eavesdropping target, when sending message, transmit monitoring information to the network functional entity that participates in eavesdropping target's session, make network functional entity to monitor the eavesdropping target, report IRI and/or CC to law enforcement agency's side according to transmitting the monitoring information that comes.Therefore, this method can reduce the possibility of leakage of data, alleviates the work load of law enforcement agency's side simultaneously.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (18)
1, a kind of method of transmitting legal monitoring information is characterized in that, this method comprises:
A, in the message relevant, carry monitoring information, send to the network functional entity that participates in eavesdropping target's session with the eavesdropping target;
B, network functional entity are monitored the eavesdropping target according to the monitoring information of receiving, and report Intercept related information IRI and/or Content of Communication CC to law enforcement agency's side,
Wherein, message described in the steps A is the call session sip message, and the described monitoring information that carries in the message relevant with the eavesdropping target is: service call conversation control function S-CSCF carries monitoring information in the sip message of being correlated with the eavesdropping target; Perhaps,
S-CSCF sends to legal monitoring business application server LI-AS with the sip message relevant with the eavesdropping target, and monitoring information on LI-AS carries in sip message sends to S-CSCF again.
2, method according to claim 1, it is characterized in that described network functional entity is one of application server AS, inquiry CSCF I-CSCF, Interconnection Border Control Function IBCF, Breakout Gateway Control Function BGCF, MGCF MGCF, media gateway, Media Resource Function Processor MRFP or combination in any.
3, method according to claim 1 is characterized in that, when the eavesdropping target was the calling party, the described monitoring information that carries in the message relevant with the eavesdropping target was:
The network insertion unit carries monitoring information in the sip message relevant with the eavesdropping target.
4, method according to claim 1 is characterized in that, after described step B, this method further comprises:
Network insertion unit, S-CSCF, I-CSCF, IBCF, BGCF or MGCF when sip message being mail to non-trust domain network entity, the monitoring information that carries in the deletion sip message.
According to claim 1,2,3 or 4 described methods, it is characterized in that 5, the described monitoring information that carries comprises in sip message:
Utilize the SIP header field to carry monitoring information or utilize the sip message body to carry monitoring information.
6, method according to claim 1 is characterized in that, message described in the steps A is diameter Diameter message or H.248 message or public open policy service protocol protocol message COPS message.
7, method according to claim 6 is characterized in that, when described message was Diameter message, described network functional entity was service strategy decision making function SPDF or strategy decisive function PDF;
Described message is during for message H.248, and described network functional entity is media gateway or MRFP;
When described message was COPS message, described network functional entity was GGSN GGSN.
8, method according to claim 6 is characterized in that, described steps A comprises:
When described message was Diameter message, application function AF entity carried monitoring information and sends to service strategy decision making function SPDF or strategy decisive function PDF in Diameter message;
Described message is during for message H.248, and SPDF or PDF or MGCF carry monitoring information and send to media gateway in message H.248, and perhaps, media resource function controller MRFC carries monitoring information and sends to MRFP in message H.248;
When described message was COPS message, PDF carried monitoring information and sends to GGSN in COPS message.
9, method according to claim 8 is characterized in that, described Application Function is proxy call conversation control function entity P-CSCF or Interconnection Border Control Function entity IBCF or AGCF AGCF.
10, according to claim 1,2,3,4,5,6,8 or 9 described methods, it is characterized in that described monitoring information comprises:
Eavesdropping target's sign.
11, method according to claim 10 is characterized in that, described eavesdropping target's sign is made of one of SIP unified resource identifier, phone URL(uniform resource locator), a side or sign of being monitored in many ways or combination in any.
12, method according to claim 10 is characterized in that, described monitoring information further comprises:
Report indication, DF address, key or certificate, the cancellation of IRI and/or CC to monitor one of indication or combination in any.
13, method according to claim 12 is characterized in that, described DF address comprises DF2 address and/or DF3 address.
14, method according to claim 13 is characterized in that, described network functional entity reports CC specifically to comprise:
A network functional entity indicates follow-up network functional entity needn't report described CC once more after law enforcement agency's side reports CC.
15, method according to claim 14 is characterized in that, described indication subsequent network functional entity needn't report the method for CC to comprise once more:
A described network functional entity is deleted the indication that reports CC in monitoring information, maybe report the indication of CC to be set to not; After then described subsequent network functional entity receives described monitoring information, no longer report CC.
16, method according to claim 14 is characterized in that, described indication subsequent network functional entity needn't report the method for CC to comprise once more:
A described network functional entity is deleted the DF3 address in monitoring information, or is invalid with the DF3 address setting; After then described subsequent network functional entity receives described monitoring information, no longer report CC.
17, method according to claim 14 is characterized in that, described indication subsequent network functional entity needn't report the method for CC to comprise once more;
CC in the described network functional entity monitoring information report finish the indication be set to be; After then described subsequent network functional entity receives described monitoring information, no longer report CC.
18, method according to claim 17 is characterized in that, described CC reports and finishes indication and also further comprise: finish the network element and/or the CC that report CC and report corresponding DF3 address.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710084874 CN100512161C (en) | 2006-07-18 | 2007-02-16 | Method for transmitting legal monitoring information |
| PCT/CN2007/070216 WO2008011819A1 (en) | 2006-07-18 | 2007-07-02 | Method and device for transmitting legal intercepting information |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610103317.3 | 2006-07-18 | ||
| CN200610103317 | 2006-07-18 | ||
| CN 200710084874 CN100512161C (en) | 2006-07-18 | 2007-02-16 | Method for transmitting legal monitoring information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101110715A CN101110715A (en) | 2008-01-23 |
| CN100512161C true CN100512161C (en) | 2009-07-08 |
Family
ID=38981149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710084874 Expired - Fee Related CN100512161C (en) | 2006-07-18 | 2007-02-16 | Method for transmitting legal monitoring information |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100512161C (en) |
| WO (1) | WO2008011819A1 (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222539B (en) * | 2008-01-30 | 2012-02-29 | 中兴通讯股份有限公司 | IP multimedia subsystem and its supplementary service monitoring method |
| CN101594340B (en) * | 2008-05-28 | 2012-07-04 | 上海贝尔阿尔卡特股份有限公司 | Method and device for realizing internet lawful interception |
| CN102057621B (en) * | 2008-06-05 | 2013-11-06 | 爱立信电话股份有限公司 | Charging for services in a communication network |
| CN101835132A (en) * | 2010-04-21 | 2010-09-15 | 中兴通讯股份有限公司 | Method and system for lawful monitoring and dispatching of IP multimedia subsystem domain |
| CN102487520B (en) * | 2010-12-02 | 2015-08-12 | 中兴通讯股份有限公司 | Media content monitor method and device in IP Multimedia System |
| CN102487521B (en) * | 2010-12-03 | 2016-06-08 | 中兴通讯股份有限公司 | Media content monitor method and device in IP Multimedia System |
| CN102123367A (en) * | 2011-01-19 | 2011-07-13 | 华为技术有限公司 | Method for monitoring terminal and communication system |
| WO2011144074A2 (en) * | 2011-05-25 | 2011-11-24 | 华为技术有限公司 | Interception method, interception system and safety split-flow device |
| CN102843337B (en) * | 2011-06-20 | 2017-07-14 | 中兴通讯股份有限公司 | Media content monitor method and device in IP multimedia subsystem |
| KR101418698B1 (en) * | 2014-02-03 | 2014-07-10 | 박상래 | System, method and computer readable recording medium for controlling of wireless emergency bell |
| CN109257330B (en) * | 2017-07-13 | 2020-12-08 | 华为技术有限公司 | Legal monitoring method and related equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3593100B2 (en) * | 1999-09-07 | 2004-11-24 | ノキア コーポレイション | Ordered delivery of intercepted data |
| CN100499906C (en) * | 2003-05-22 | 2009-06-10 | 华为技术有限公司 | Method for realizing legal monitoring |
| US20050058161A1 (en) * | 2003-09-17 | 2005-03-17 | Gennady Sorokopud | Packet transport over General Packet Radio Service (GPRS) networks |
| CN100372342C (en) * | 2004-11-08 | 2008-02-27 | 华为技术有限公司 | Method for providing service to circuit field user via group field |
-
2007
- 2007-02-16 CN CN 200710084874 patent/CN100512161C/en not_active Expired - Fee Related
- 2007-07-02 WO PCT/CN2007/070216 patent/WO2008011819A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2008011819A1 (en) | 2008-01-31 |
| CN101110715A (en) | 2008-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100512161C (en) | Method for transmitting legal monitoring information | |
| CN100379315C (en) | Method for carrying out authentication on user terminal | |
| JP4975106B2 (en) | Third party billing for SIP sessions | |
| US9973541B2 (en) | Lawful interception in an IP multimedia subsystem network | |
| US8150002B2 (en) | Method and apparatus for controlling unsolicited messaging in real time messaging networks | |
| CN1922912B (en) | Method for the control and evaluation of a message traffic of a communication unit by means of a first network unit within a mobile radio system, pertaining communication unit and first network unit | |
| EP1976186B1 (en) | A method for realizing the legal listening in the next generation network and a system thereof | |
| CN100531074C (en) | Method and system for legally monitoring IP multimedia subsystem network | |
| CN101945047B (en) | Diameter routing method and system | |
| CN100571258C (en) | The method and system of secure communication between communication networks is provided | |
| CN101227272A (en) | System and method for obtaining media stream protection cryptographic key | |
| US9628938B2 (en) | Determination of IMS application server instance based on network information | |
| CN102144380A (en) | End-to-end address transfer | |
| CN101123512A (en) | Method and system for billing users in IP multimedia subsystem | |
| US20110078281A1 (en) | Lawful access data retention diameter application | |
| KR101319066B1 (en) | Protection against unsolicited communication for internet protocol multimedia subsystem | |
| CN101150424B (en) | Method for batch conference member addition after conference service creation | |
| CN101489266A (en) | IMS user stage controlling method and system based on signature data | |
| EP2301232B1 (en) | Lawful interception of bearer traffic | |
| US20100246447A1 (en) | Method and device for processing data and communication system comprising such device | |
| CN103828321A (en) | Extending sip p-served user header over ims interfaces | |
| Tompros et al. | A strategy for harmonised QoS manipulation in heterogeneous IMS networks | |
| EP2367319A1 (en) | Improved method and devices for charging | |
| Kovacikova | Incorporation of the Universal Communications Identifier (UCI) to NGN | |
| Gupta | Implementation Agreement for the 3GPP2 defined Service Based Bearer Control– |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090708 Termination date: 20130216 |