CN101163056B - Method of processing monitor sign of microwave access global intercommunication system - Google Patents
Method of processing monitor sign of microwave access global intercommunication system Download PDFInfo
- Publication number
- CN101163056B CN101163056B CN2007101664599A CN200710166459A CN101163056B CN 101163056 B CN101163056 B CN 101163056B CN 2007101664599 A CN2007101664599 A CN 2007101664599A CN 200710166459 A CN200710166459 A CN 200710166459A CN 101163056 B CN101163056 B CN 101163056B
- Authority
- CN
- China
- Prior art keywords
- user
- network
- sign
- authentication
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The prevent invention a monitoring marker processing method for microwave accessing international communication system, which comprises: Step S102, the HAAA of a user distributes an only monitoring marker to the NAI of a user, in the state that the user is not monitored and is not assessed into internet, the monitoring marker can be changed when a prescheduled condition is reached. Step S104, when the user is being monitored, a monitoring mechanism gains the monitoring marker of the user from the HAAA of the user; at the user is monitored in the microwave accessing international communication system by the monitoring marker. With the prevent invention, a WiMAX network can be monitored under the premise that the security of an EAP authentication is not damaged; and the influence on the security of hidden marker of the user in the AAA security framework of WiMAX network is eliminated or is minimized.
Description
Technical field
The present invention relates to the communications field, and especially, relate to a kind of micro-wave access to global intercommunication (Worldwide Interoperability for Microwave Access, WiMAX) processing method of the monitor sign of system of being used for.
Background technology
In the present communications field, the Lawful Interception function has obtained extensive use, comprise 3GPP, core network devices such as 3GPP2 all can provide and Lawful Interception Center (LawfulInformation Center, abbreviation LIC) interface, Lawful Interception Center is according to user's global mobile user identification (International Mobile Station Identity, be called for short IMSI) or network access Identifier (Network Access Identifier, be called for short NAI) at (the Mobile Switching Center of mobile switching centre, be called for short MSC), webmaster moves (Gateway Mobile Switching Center in the exchange, be called for short GMSC), attaching position register (Home Location Register, be called for short HLR), sms center (Short MessageCenter, be called for short SMC), packet data serving node (Packet Data Serving Node, be called for short PDSN) and authentication, authorize and accounting server (Authentication, Authorization and Accounting, be called for short AAA) etc. network element device deploy to ensure effective monitoring and control of illegal activities, the network element of deploying to ensure effective monitoring and control of illegal activities is sent to the alert center of using with the traffic activity (comprising audio call/data call/Packet data service) of controlled object and non-traffic activity (activation/deactivation/registration/cancellation/business such as inquiry short message that comprise supplementary service) by the monitor for police interface, warn incident and Content of Communication, and the information of collecting is handled with the controlled object of center collecting and reporting.
In the process of monitoring, WiMAX can provide, and WiMAX fixing, mobile, portable forms connects, and finally can provide mobile wireless wide-band to connect under the situation that does not need direct sighting distance base station.Along with the extensive use of WiMAX network, the Lawful Interception function of WiMAX network also produces along with the market demand.
WiMAX network work group (Network Work Group is called for short NWG) is the working group that is devoted to study the WiMAX system definition network architecture and reference model below WiMAX organizes.At present, this working group has taken up research and has met the Lawful Interception framework, to satisfy the WiMAX utilization demand that constantly enlarges.
In at present common communication network, the foundation of monitoring users is user's permanent identification (the main IMSI of use identification user in the 3GPP network, use IMSI or NAI identification user in the 3GPP2 network), and in the WiMAX network, user's unique identification is the true NAI of user that stores among the AAA, is not similar to the information of IMSI.
That the authentication protocol of access authentication of user adopts is extended authentication agreement (ExtensibleAuthentication Protocol, abbreviation EAP).The EAP agreement is considered from security standpoint, the true NAI of user that requires the user to use in access authentication procedure encapsulates in the EAP message and encrypts, like this, for removing ownership authentication, mandate and accounting server (HomeAuthentication, Authorization and Accounting Server, be called for short HAAA) and the WiMAX terminal beyond other network elements, the real NAI of user all is sightless, and all is pseudorandom NAI to user's true NAI employing in message packet.Pseudorandom NAI produces when being inserted by the WiMAX terminal at every turn at random, therefore, for WiMAX access service network (Access Service Network, be called for short ASN), can't learn user's true NAI, so at Access Service Network Gateway (ASN Gateway, be called for short AGW), comprehensive base station (Integrated Base Station, be called for short IBS), home agent (Home Agent, be called for short HA), with the visit authentication, authorize and accounting server (VisitedAuthentication, Authorization and Accounting Server is called for short VAAA) etc. can't be in the network element by the true NAI monitoring users of deploying to ensure effective monitoring and control of illegal activities.
Therefore, in the WiMAX network, how other network elements except that the HAAA network element discern controlled user, also do not influence simultaneously or influence as small as possible in the WiMAX AAA security architecture the hiding requirement of user identity, are the problems that must solve.
At some controlled objects, typical WiMAX network monitoring system is by (the Home Network Service Provider of home network services provider of controlled object, abbreviation H-NSP), visited network service provider (the Visited Network ServiceProvider of controlled object, abbreviation V-NSP), Network Access Provider (Network Access Provider, NAP abridges) and (the Law Enforcement Agency of law enforcement agency, be called for short LEA), four kinds of networks are formed, and the network annexation between them is as follows:
H-NSP is the local network service provider, is an operator or commercial organization, has the user-dependent Service Level Agreement with WiMAX, but authentication and authorization user's session (the interior and roaming scence of net), and the charging of customer service (chargeing and bill).In order to support services of roaming, can have roaming relationships between a H-NSP and other NSP.Authentication, mandate and the accounting server (AAA) and home agent (HA) network element that mainly comprise the storing user subscription business in the H-NSP network.
For V-NSP, can define from roamer's angle, the roamer uses the wireless coverage visit WiMAX service of V-NSP; V-NSP can have roaming agreement with user's H-NSP, and V-NSP is provided to the professional route of AAA of H-NSP.Based on the roaming agreement between user WiMAX service request and H-NSP and the V-NSP, V-NSP can provide some or all of WiMAX business to the roamer, perhaps provides the professional route of data/control to H-NSP.Mainly comprising in the V-NSP network provides authentication, mandate and accounting server (AAA) and home agent (HA) network element of acting on behalf of forwarding capability.
Network Access Provider (NAP): Network Access Provider.Network Access Provider is the business units that WiMAX wireless access framework is provided for one or more WiMAX Internet Service Providers (NSP).Comprise one or more access service network (ASN) among the NAP, WiMAX NWG standard code, ASN has two kinds of frameworks: Profile C model ASN is made up of base station (BS) and two stand-alone network elements of Access Service Network Gateway (AGW); Profile B model ASN only comprises comprehensive base station (IBS), the BS+AGW of its functional equivalent in Profile C.
Law enforcement agency (LEA): law enforcement agency is independent of outside any telecommunication service provider network.Law enforcement agency generally provides equipment Lawful Interception Center (LIC), sets up safe protocol interface, the various information that are used to collect controlled object with the service provider's network that needs management of monitor.
At present, can't effective solution also not proposed by the true NAI monitoring users problem of deploying to ensure effective monitoring and control of illegal activities at the part network element that occurs under this network configuration.
Summary of the invention
Consider the problems referred to above and make the present invention, for this reason, main purpose of the present invention is to provide a kind of processing scheme that is used for the monitor sign of WiMAX system, makes all network elements can know that all user's live network inserts sign, can guarantee that user identity is hiding simultaneously.
According to embodiments of the invention, a kind of processing method that is used for the monitor sign of WiMAX system is provided, this system comprises user's ownership authentication, mandate and accounting server, monitoring agency.
This method comprises: ownership authentication, mandate and accounting server distribute unique monitor sign to user's network access Identifier, and do not monitored and be under the situation of the state of access network not the user, when reaching predetermined condition, changed user's monitor sign; When the user was monitored, monitoring agency obtained user's monitor sign to user's ownership authentication, mandate and accounting server, and utilizes this monitor sign in WiMAX system the user to be provided with monitoring.
Wherein, predetermined condition comprises: monitoring agency cancellation to user's monitoring and this user who is cancelled monitoring not during access network or when the user who is not monitored exits network or ownership authentication, mandate and accounting server triggering itself during to the renewal of monitor sign.
Wherein, at user access network, and under the situation that ownership authentication, mandate and accounting server pass through user's authentication, ownership authentication, mandate and accounting server are issued to user's monitor sign the related network elements in the visited network at user place, wherein, related network elements comprises: Access Service Network Gateway, comprehensive base station, visit authentication, mandate and accounting server, and home agent.Ownership authentication, mandate and accounting server are issued to related network elements by the response message of expression user by authentication with user's monitor sign.And when user access network, related network elements is bound user's monitor sign and user's loading end session and chain of command session.
Monitoring agency utilizes the monitor sign that obtains at visited network the user to be monitored.
In addition, in the method, above-mentioned monitoring agency comprises: Lawful Interception Center.
Ownership authentication, mandate and accounting server distribute unique monitor sign respectively to each user's of registration network access Identifier thereon.
By technique scheme of the present invention, can under the prerequisite of the fail safe that can't harm the EAP authentication, monitor the WiMAX network; And can minimum degree influence or not influence the security consideration of in the AAA framework security architecture user ID being hidden among the WiMAX.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to the processing method of the monitor sign that is used for the WiMAX system of the embodiment of the invention;
Fig. 2 is the system construction drawing of realizing according to the method for the embodiment of the invention.
Fig. 3 is the process chart that the Lawful Interception according to the embodiment of the invention upgrades when being identified at HAAA generation, mandate and user offline.
Fig. 4 is the process chart according to the renewal Lawful Interception sign when HAAA receives that the LIC cancellation is monitored of the embodiment of the invention;
Fig. 5 is the process chart that triggers renewal Lawful Interception sign according to the HAAA of the embodiment of the invention according to local policy;
Fig. 6 is deploy to ensure effective monitoring and control of illegal activities on H-NSP network user's a process chart of the system according to the WiMAX network Lawful Interception of the embodiment of the invention; And
Fig. 7 is deploy to ensure effective monitoring and control of illegal activities on other non-attribution network user's a process chart of the system according to the WiMAX network Lawful Interception of the embodiment of the invention.
Embodiment
In the present embodiment, provide the processing method of the monitor sign of a kind of WiMAX of being used for system, this system relates to ownership authentication, mandate and accounting server (HAAA), monitoring agency.This method is in existing Lawful Interception framework, and by produce the Lawful Interception sign for each user, each network element that reaches the WiMAX network can both be crossed identification and monitor controlled object user's purpose.
When this method of realization, at first need in the WiMAX network of supporting the Lawful Interception framework, provide Lawful Interception management function entity by all network provider (NSP) and Network Access Provider (NAP), realization is collected the management and the reporting information of each network element in the present networks, and the compatibility of the Lawful Interception interface of outside country variant standard.Lawful Interception functional entity among NSP and the NAP can provide Telnet, graphic interface or other interface modes that management function externally is provided.And the Lawful Interception functional entity among NSP and the NAP can provide the Lawful Interception interface that meets the country variant standard to report controlled telex network incident and Content of Communication.
The Lawful Interception management function entity that monitoring agency's (for example, can be Lawful Interception Center (LIC)) provides by H-NSP can insert sign (NAI) is inquired about controlled object in HAAA Lawful Interception sign according to user's live network; LIC is according to the controlled user's that inquires Lawful Interception sign, the Lawful Interception interface protocol that provides by NSP and NAP respectively, each network element in the WiMAX network targeted customer that deploys to ensure effective monitoring and control of illegal activities.
As shown in Figure 1, processing method according to the monitor sign that is used for WiMAX system of present embodiment comprises: step S102, user's HAAA distributes unique monitor sign to user's NAI, and do not monitored and be under the situation of the state of access network not the user, when reaching predetermined condition, changed user's monitor sign; Step S104, when the user was monitored, monitoring agency obtained user's monitor sign to user's HAAA, and utilizes this monitor sign in WiMAX system the user to be provided with monitoring.
In step S102, the HAAA among the H-NSP can be when the user creates account number, for each signatory account number (that is user's NAI) is distributed a unique Lawful Interception sign.The Lawful Interception sign is by NSP strategy Unified coding, and the Lawful Interception identification code strategy of different N SP can not conflict, and must guarantee the corresponding one by one of user account number and monitor sign.
And above-mentioned predetermined condition comprises: monitoring agency cancellation to user's monitoring and this user who is cancelled monitoring not during access network or when the user who is not monitored exits network or HAAA itself triggering during to the renewal of monitor sign.
When HAAA upgrades monitor sign to the user that do not monitored and upgrades, the monitor sign after upgrading can be buffered among the HAAA, and license to other network elements when being used for this user network access authentication next time.In addition, HAAA can trigger according to local policy and upgrade, and the user who does not upgrade monitor sign is for a long time upgraded.
Update strategy described here only is concrete example, and is not construed as limiting the invention, and those skilled in the art can be provided with multiple update strategy according to actual operating position.
And, should be noted that and in the process that the user is monitored, not upgrade user's monitor sign.
In addition, at user access network and under the situation that HAAA passes through user's authentication, HAAA is issued to user's monitor sign the related network elements in the visited network at user place, wherein, related network elements comprises: Access Service Network Gateway, comprehensive base station, VAAA, and HA.HAAA is issued to related network elements by the response message of expression user by authentication with user's monitor sign.And when user access network, related network elements can be bound user's monitor sign and user's loading end session and chain of command session.
That is to say, when the user inserts the WiMAX network when HAAA authentication is passed through, no matter whether the user is monitored, HAAA must be at authorization messages (for example, RADIUS access approval Access-Accept message) in the Lawful Interception sign is handed down to ASN, VAAA or HA, they need be the binding session of user's monitor sign and user's loading end and chain of command, to make things convenient for monitoring users relevant incident and Content of Communication.
In addition, monitoring agency utilizes the user's who obtains monitor sign at visited network the user to be monitored.
And above-mentioned monitoring agency can be a Lawful Interception Center.
When reality realizes this method, specifically can may further comprise the steps:
The management interface that step 1:LIC provides by H-NSP is provided with supervisory user according to the true NAI of user to H-NSP;
Step 2:H-NSP Lawful Interception management function entity is provided with this user of monitoring according to the true NAI of user to HAAA, and HAAA finishes the deploying to ensure effective monitoring and control of illegal activities of this user, and returns user's Lawful Interception sign; H-NSP Lawful Interception management function entity provides this user's Lawful Interception sign to LIC, carry out simultaneously to local NSP other network elements (for example, deploying to ensure effective monitoring and control of illegal activities HA), be provided with successfully after, provide the result that deploys to ensure effective monitoring and control of illegal activities to LIC;
Step 3:LIC obtains controlled object user's Lawful Interception sign, in the mapping relations of local update NAI and Lawful Interception sign, makes all these users' Lawful Interception be identified to other networks (for example, NAP and NSP) then monitoring is set;
Step 4: after other networks were received the request of deploying to ensure effective monitoring and control of illegal activities of LIC, the Lawful Interception sign according to LIC provides was provided with this user of monitoring to the network element of managing separately (for example, AGW, IBS, HA, AAA etc.);
Step 5:WiMAX terminal request connecting system, ASN are defined as terminal and carry out authentication;
Step 6:ASN sends and inserts request message to HAAA;
Step 7:HAAA gives ASN return authorization information, no matter whether this user is deployed to ensure effective monitoring and control of illegal activities, all comprises the Lawful Interception sign in the authorization message; Simultaneously, HAAA judges whether the user is deployed to ensure effective monitoring and control of illegal activities, and is sent to LIC if deploy to ensure effective monitoring and control of illegal activities then by the Lawful Interception interface with H-NSP the user is inserted notification event information; Here, H-NSP must support to deploy to ensure effective monitoring and control of illegal activities according to targeted customer's NAI, and the corresponding relation that can provide controlled user NAI and Lawful Interception to identify, and H-NSP can support to deploy to ensure effective monitoring and control of illegal activities according to targeted customer's Lawful Interception sign, and the corresponding relation of controlled user NAI and Lawful Interception sign can be provided; The information that HAAA reports LIC comprises controlled user's access events (comprising subscription authentication or discrimination weight), charging beginning incident etc. at least;
The authorization message that step 8:ASN returns according to HAAA allows user access network, carries out data service, and can preserve user's Lawful Interception sign.Meanwhile ASN judges according to the Lawful Interception sign that HAAA issues whether this user is monitored, if the user is monitored (for example with the communication activity dependent event of controlled object, packet sessions establishment, release, switching etc.), report LIC with the grouping busihess data of controlled object cladding system and by policing interface (lawful interception interface), the information that ASN reports LIC comprises session foundation, session release, session switching, user's notification line and controlled telex network content etc. at least;
Step 9: if the user uses mobile IP service, mobile IPv 4 registration or IPv6 Binding Update need have been carried out to the HA of H-NSP or V-NSP, this moment, HA also needed to authenticate to HAAA, HAAA also need carry Lawful Interception and identify to HA in authorization messages, HA must will be somebody's turn to do the mobile IP binding session of sign with the user.Meanwhile the Lawful Interception sign that issues according to HAAA of HA judges whether this user monitored, if the family is monitored with the mobile IP dependent event of controlled object, duplicate Content of Communication and report LIC by policing interface (lawful interception interface); And the home agent of mobile IP grappling (HA) reports Lawful Interception Center (LIC) must comprise incidents such as mobile IPv 4 registration, mobile IP v 6 Binding Update, alternatively, reports controlled user's communications content.
The block diagram of monitoring system in involved WiMAX network when Fig. 2 is the method that realizes according to the embodiment of the invention.
As shown in Figure 2, this system can comprise:
Mobile terminal device in the WiMAX terminal 11:WiMAX network increases after the monitor for police function, does not need terminal is carried out any modification;
Base station under the 12:ProfileC pattern of WiMAX base station (BS) among the ASN, the wireless base station device of WiMAX network, and wave point is provided between the terminal;
Gateway in the access service network under the AGW13:ProfileC pattern (ASN) for the user provides access service and control, is arranged in NAP; In the present embodiment,, can collect controlled user's incident and Content of Communication such as grouping establishment, switching, report to LIC through the Lawful Interception functional entity as AGW during as grappling AGW;
HA14: accept mobile IPv 4 register requirement or IPv6 Binding Update or function that access server sends, and respond, cooperate the service that IP is provided for terminal with Access Service Network Gateway, be arranged in NSP (comprising H-NSP or V-NSP).In the present invention, HA comprises support Lawful Interception function, can collect controlled user and move the IP event information, reports to LIC through the Lawful Interception functional entity.In addition, when LIC was provided with the controlled user of monitoring, certain HA was the grappling HA that this user moves the IP session, and this user is online, also can send the online event information of user to LIC; HA also can collect controlled user's communications message as required, sends to LIC;
AAA15: for the user provides authentication, mandate and charging service, AAA is as ownership, and it can distribute to the user of its management, authorize and renewal Lawful Interception sign.If the user is monitored, user's Lawful Interception sign remains unchanged during monitored, simultaneously, consider for the as far as possible little demand that influences the hiding user identity in the WiMAX AAA security architecture, ownership AAA carries out update method to user's Lawful Interception sign, can adopt the flow process shown in Fig. 3, Fig. 4 and Fig. 5.When receiving the terminal access request that access server sends, will carry out authentication to terminal, and authorize accordingly, be positioned at NSP (comprising H-NSP or V-NSP).In embodiments of the present invention, AAA during AAA, can collect controlled authentification of user (comprising authentication initialization or re-authentication) and charging event information as ownership, passes through the Lawful Interception functional entity and reports to LIC.AAA during AAA, can collect controlled authentification of user (re-authentication) and charging event information as visit, passes through the Lawful Interception functional entity and reports to LIC;
Network element among comprehensive base station (IBS) the 16:Profile B Mode A SN, base station under the integrated ProfileC pattern and AGW function.In embodiments of the present invention, when IBS comprises as grappling IBS, can collect controlled user's incident and Content of Communication such as grouping establishment, switching, report to LIC through the Lawful Interception functional entity;
LIC17: be arranged on alert in the law enforcement agency (LEA) and use equipment, do not belong to the equipment of common carrier, it mainly finishes the management of controlled object, collects the incident and the Content of Communication of the controlled object that each network reports, and the information of collecting is handled.Interface between LIC and each WiMAX provider is that the Lawful Interception standard of country variant realizes;
Lawful Interception functional module 18: be independent function entity in the embodiment of the invention, can be positioned at WiMAX provider network, also can be arranged in connectivity serving network (CSN), also can be arranged in WiMAX access service network (ASN), also may be positioned at the third party place.Its major function comprises: provide but be not limited to graphic user interface (GUI), Telnet Telnet mode and provide to meet the external interface that standard is monitored by various countries, the controlled user ID tabulation of supervisory user and inquiry is set; Provide interactive interface with the network element of support Lawful Interception in the WiMAX system, the monitoring information that controlled user is set and accepts network element reports; The LIC standard that meets country variant or regional standard interface is provided, and the output of finishing controlled user's monitoring information reports.
Based on this system, in order not influence or minimum degree ground influence identify label safety requirements in the WiMAX framework, HAAA needs regular or irregular renewal user monitor sign, to prevent the user identity leakage.Below in conjunction with instantiation embodiments of the invention are described.
Fig. 3 is the entire flow of the monitor sign when being identified at HAAA generation, mandate and user offline of the Lawful Interception according to the embodiment of the invention.As shown in Figure 3, it specifically comprises following processing:
Step 301: ownership authentication, mandate and accounting server (HAAA) are newly created a contracted user, a newly-increased NAI and relevant service contracting data in HAAA;
Step 302:HAAA distributes a unique sign for the user, and the Lawful Interception sign as the user is cached among the HAAA;
Step 303: before the user used the WiMAX business, the ASN by NAP authorized to HAAA authentication and request, and the HAAA authentication is carried Lawful Interception by the back and identified to ASN in authorization messages, and ASN binds all session informations of user and Lawful Interception sign;
Step 304: whether the user uses mobile IP service, if use, then execution in step 305; Otherwise execution in step 306;
Step 305: if when the user uses mobile IP service, terminal is carried out mobile IPv 4 registration or mobile IP v 6 Binding Update to HA, HA need carry out the relevant mobile IP parameter of authentication request mandate to HAAA, the HAAA authentication is carried Lawful Interception by the back and is identified to HA in authorization messages, HA is Lawful Interception sign and user's mobile IP service binding session;
Step 306: after the user used the business that the WiMAX network provides, the user stopped using the WiMAX network, finishes all sessions, withdraws from;
Step 307:HAAA judges whether the active user is monitored by LIC, if the monitored step 308 that enters;
Step 308: monitored if the user does not have, then HAAA upgrades this user's Lawful Interception sign, and buffer memory, and during for next user access network, mandate is gone down;
Step 309:HAAA does not upgrade this user's Lawful Interception sign, remains unchanged.
Fig. 4 is the more new technological process according to Lawful Interception identifies when HAAA receives LIC cancellation monitoring in the method for the embodiment of the invention.As shown in Figure 4, specifically comprise following processing:
Step 401:LIC is provided with supervisory user to H-NSP, and NAI and Lawful Interception that the HAAA among the H-NSP can return controlled user identify to LIC;
Step 402:LIC is to this user of H-NSP cancellation monitoring;
HAAA among the step 403:H-NSP judges whether this user is online, if online then execution in step 405;
Step 404:HAAA judges that this user is current not online, upgrades user's Lawful Interception sign and buffer memory, upgrades and finishes;
Step 405:HAAA does not upgrade this user's Lawful Interception sign, remains unchanged.
Fig. 5 is a more new technological process of the monitor sign that triggers by local policy according to HAAA in the method for the embodiment of the invention.As shown in Figure 5, specifically comprise following processing:
Step 501:HAAA triggers according to local policy, initiates to upgrade user's Lawful Interception sign;
Step 502:HAAA judges that the user is whether online or just monitored, if online or monitored, then execution in step 504;
Step 503:HAAA judges that this user is current not online and do not have monitoredly, upgrades user's Lawful Interception sign and buffer memory;
Step 504:HAAA does not upgrade this user's Lawful Interception sign, remains unchanged.
Fig. 6 is deploy to ensure effective monitoring and control of illegal activities on H-NSP network user's a process chart of the system according to the WiMAX network Lawful Interception of the embodiment of the invention.LIC deploys to ensure effective monitoring and control of illegal activities to the user at home network by the Telnet that provides, graphic interface or other interfaces of H-NSP Lawful Interception functional module, and concrete steps are as follows:
Step 601:LIC carries user's true NAI or monitor sign to the Lawful Interception functional entity request of the controlled user attaching network H-NSP user that deploys to ensure effective monitoring and control of illegal activities;
The Lawful Interception functional entity of step 602:H-NSP sends request to HAAA, and supervisory user is set;
According to NAI or monitor sign in the request, it is monitored that the user is set among the step 603:HAAA, and HAAA replys response for the Lawful Interception functional module, and expression is deployed to ensure effective monitoring and control of illegal activities successfully, carries controlled user's true NAI and this user's monitor sign in the message;
Step 604: the Lawful Interception functional entity reports controlled user's monitor sign to give LIC, carries controlled user's true NAI and monitor sign in the message;
Step 605: the Lawful Interception functional entity is received replying of HAAA, uses the Lawful Interception sign, sends the user command of deploying to ensure effective monitoring and control of illegal activities to other network elements (for example HA) of its administration, carries monitor sign information;
Step 606: if when HA deploys to ensure effective monitoring and control of illegal activities, current controlled user is online by this network element, and then the online notification message of HA report of user is given the Lawful Interception functional entity, and the Lawful Interception functional entity reports LIC;
Step 607: other network elements (for example HA) of Lawful Interception functional entity administration, in this network element watch-list, increase this user's monitor sign according to monitor sign, send to the Lawful Interception functional entity and reply;
Step 608: the Lawful Interception functional entity is received replying of other network elements, and assembling meets the interface of LIC protocol requirement, carries true NAI and the monitor sign corresponding relation is sent to LIC, and user's function of deploying to ensure effective monitoring and control of illegal activities is finished in indication.
Fig. 7 is deploy to ensure effective monitoring and control of illegal activities on other non-attribution networks (other NAP or NSP) user's a process chart of the system according to WiMAX network Lawful Interception of the present invention.Other network that need monitor may be a lot, and LIC need monitor to each network settings, but its flow process is similar.As shown in Figure 7, concrete steps are as follows:
Step 701:LIC carries user's monitor sign to controlled user's non-attribution network Lawful Interception functional entity request user that deploys to ensure effective monitoring and control of illegal activities;
Step 702: the Lawful Interception functional entity is received the LIC instruction of deploying to ensure effective monitoring and control of illegal activities, and preserves controlled user's monitor sign information, sends the user command of deploying to ensure effective monitoring and control of illegal activities to other network elements (may comprise AGW, IBS, HA, AAA) of its administration, carries monitor sign information;
Step 703: if when AGW/IBS/HA deploys to ensure effective monitoring and control of illegal activities, and current controlled user is online by this network element, and then the online notification message of AGW/IBS/HA report of user is given the Lawful Interception functional entity, and the Lawful Interception functional entity reports LIC;
Step 704: the Lawful Interception functional entity is received replying of other network elements, and assembling meets the interface of Lawful Interception Center (LIC) protocol requirement, is sent to Lawful Interception Center (LIC), and user's function of deploying to ensure effective monitoring and control of illegal activities is finished in indication.
In sum, the invention solves wireless broadband network, especially in the WiMAX network, adopt the EAP method for authenticating in network element, to forbid transmitting true NAI and can't be in the AGW network element problem of deploying to ensure effective monitoring and control of illegal activities.And defined in the WiMAX network LIC to the incident and the data of AAA and AGW network element monitoring.By means of technical scheme of the present invention, can under the prerequisite of the fail safe that can't harm the EAP authentication, monitor the WiMAX network; And, can minimum degree influence or not influence the security consideration of in the AAA framework security architecture user ID being hidden among the WiMAX by increasing the update mechanism of monitor sign; And, use in the access network of EAP authentication arithmetic at other, if only have under the situation that true NAI represents as the user, can adopt the present invention to finish the monitor for police function.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. processing method that is used for the monitor sign of WiMAX system, described system comprises user's ownership authentication, mandate and accounting server and monitoring agency, it is characterized in that, described method comprises:
Described ownership authentication, mandate and accounting server distribute unique monitor sign to described user's network access Identifier, and change described user's monitor sign when reaching predetermined condition;
When described user is monitored, described monitoring agency obtains described user's monitor sign to described user's ownership authentication, mandate and accounting server, and utilizes described monitor sign in described WiMAX system described user to be provided with monitoring;
Wherein, described predetermined condition comprises: the cancellation of described monitoring agency to described user's monitoring and this user who is cancelled monitoring not during access network or when the user who is not monitored exits network or described ownership authentication, mandate and accounting server triggering itself during to the renewal of monitor sign.
2. processing method according to claim 1, it is characterized in that, at described user access network, and under the situation that described ownership authentication, mandate and accounting server pass through described user's authentication, described ownership authentication, mandate and accounting server are issued to described user's monitor sign the related network elements in the visited network at described user place, wherein, described related network elements comprises: Access Service Network Gateway, comprehensive base station, visit authentication, mandate and accounting server, and home agent.
3. processing method according to claim 2 is characterized in that, described ownership authentication, mandate and accounting server are issued to described related network elements by the response message of authentication with described user's monitor sign by representing described user.
4. according to claim 2 or 3 described processing methods, it is characterized in that, further comprise following processing:
When described user access network, described related network elements is bound described user's monitor sign and described user's loading end session and chain of command session.
5. processing method according to claim 2 is characterized in that, described monitoring agency utilizes the described monitor sign that obtains at described visited network described user to be monitored.
6. according to each described processing method in the claim 1,2,3 and 5, it is characterized in that described monitoring agency comprises: Lawful Interception Center.
7. according to each described processing method in the claim 1,2,3 and 5, it is characterized in that described ownership authentication, mandate and accounting server distribute unique monitor sign respectively to each user's the network access Identifier of registration thereon.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101664599A CN101163056B (en) | 2007-11-13 | 2007-11-13 | Method of processing monitor sign of microwave access global intercommunication system |
| PCT/CN2008/000125 WO2009039710A1 (en) | 2007-09-24 | 2008-01-17 | Listening system and listening method of wimax network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101664599A CN101163056B (en) | 2007-11-13 | 2007-11-13 | Method of processing monitor sign of microwave access global intercommunication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101163056A CN101163056A (en) | 2008-04-16 |
| CN101163056B true CN101163056B (en) | 2011-09-21 |
Family
ID=39297890
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101664599A Expired - Fee Related CN101163056B (en) | 2007-09-24 | 2007-11-13 | Method of processing monitor sign of microwave access global intercommunication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101163056B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102026199B (en) * | 2010-12-03 | 2016-01-13 | 中兴通讯股份有限公司 | The apparatus and method of a kind of WiMAX system and defending DDoS (Distributed Denial of Service) attacks thereof |
| WO2018049646A1 (en) * | 2016-09-18 | 2018-03-22 | Nokia Shanghai Bell Co., Ltd. | Unified security architecture |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070184875A1 (en) * | 2006-02-09 | 2007-08-09 | Rybicki Mathew A | Multimedia client/server system, client module, multimedia server, radio receiver and methods for use therewith |
| CN101026506A (en) * | 2007-01-25 | 2007-08-29 | 中兴通讯股份有限公司 | Access network monitoring system and its realizing method |
| CN101035036A (en) * | 2007-04-19 | 2007-09-12 | 中兴通讯股份有限公司 | Legal monitoring system and method |
-
2007
- 2007-11-13 CN CN2007101664599A patent/CN101163056B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070184875A1 (en) * | 2006-02-09 | 2007-08-09 | Rybicki Mathew A | Multimedia client/server system, client module, multimedia server, radio receiver and methods for use therewith |
| CN101026506A (en) * | 2007-01-25 | 2007-08-29 | 中兴通讯股份有限公司 | Access network monitoring system and its realizing method |
| CN101035036A (en) * | 2007-04-19 | 2007-09-12 | 中兴通讯股份有限公司 | Legal monitoring system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101163056A (en) | 2008-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2539527C (en) | System and method for providing a temporary subscriber identity to a roaming mobile communications device | |
| KR100651716B1 (en) | Bootstrapping method in mobile network based on Diameter protocol and system therein | |
| US8347361B2 (en) | Distributed network management hierarchy in a multi-station communication network | |
| US7764773B2 (en) | Determining services accessible via a subscription in a communication system | |
| CN102882853A (en) | System and method for internet user authentication | |
| US10826945B1 (en) | Apparatuses, methods and systems of network connectivity management for secure access | |
| CN102325358A (en) | Method and apparatus for packet data service discovery | |
| EP2400795B1 (en) | Method and system for roaming communication | |
| WO2009053918A2 (en) | Method and system for on demand provisioning in a mobile communication network | |
| CN101127648B (en) | Legal monitoring method and system for WiMAX network | |
| US7215943B2 (en) | Mobile terminal identity protection through home location register modification | |
| CN103517249A (en) | Method, device and system of strategy control | |
| EP2725831B1 (en) | Method for using a user equipment in a coverage area of a visited public land mobile network, public land mobile network and computer program product | |
| JP2022508384A (en) | Network access service systems and methods | |
| CN113329403B (en) | One-number multi-terminal authentication network access method and system | |
| CN101094122A (en) | Monitoring system and method in use for WiMAX network | |
| CN101163056B (en) | Method of processing monitor sign of microwave access global intercommunication system | |
| CN101257412B (en) | Alarming interception system and method for WiMAX network | |
| CN100525307C (en) | Method for crossing firewall under mobile environment | |
| CN1939029B (en) | Routing method and system, corresponding network for IP mobile network | |
| CN101159625B (en) | System and method of implementing monitor for police for WiMAX | |
| CN101442417B (en) | Method, apparatus and system for implementing pre-payment in network | |
| CN107911813B (en) | Transparent mode mobile user identity management method and system | |
| CN101031133B (en) | Method and apparatus for determining mobile-node home agent | |
| JP2006345343A (en) | Roaming method, radio communication system, and mobile |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110921 Termination date: 20191113 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |