CN101227339B - Method for monitoring data traffic based on contents and/or IP address - Google Patents
Method for monitoring data traffic based on contents and/or IP address Download PDFInfo
- Publication number
- CN101227339B CN101227339B CN2007100011839A CN200710001183A CN101227339B CN 101227339 B CN101227339 B CN 101227339B CN 2007100011839 A CN2007100011839 A CN 2007100011839A CN 200710001183 A CN200710001183 A CN 200710001183A CN 101227339 B CN101227339 B CN 101227339B
- Authority
- CN
- China
- Prior art keywords
- pdsn
- message
- lic
- monitoring
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for monitoring data services on the basis of contents and/or an IP address, which can monitor an uncertain user group on the basis of data information contents and/or the IP address. The method comprises following steps: firstly, building connection between a monitoring center LIC and a grouped data service node PDSN, secondly, sending monitoring request message to the PDSN by the LIC, wherein the monitoring request message comprises an LIC uniqueness mark and monitoring information, the monitoring information comprises monitored contents and/or monitored IP or corresponding monitoring operations, and thirdly monitoring all or a group of or a plurality groups of mobile stations according to the monitoring information in the message after the PDSN receives the monitoring request message.
Description
Technical field
The present invention relates to CDMA2000 (code division multiple access) network packet data service system, particularly in the packet data service system to the method for supervising of MS (travelling carriage) data message.
Background technology
CDMA2000 (code division multiple access) system is one of main pattern of 3-G (Generation Three mobile communication system), a main distinction of 3-G (Generation Three mobile communication system) and second generation mobile communication system is that the former can provide the more data, services of high bandwidth, provides more colourful mobile service to become possibility thereby make.
Fig. 1 is the schematic network structure of CDMA2000.
Wireless network (RN) comprises base station controller (BSC), base station transceiver (BTS) and Packet Control Function (PCF) module.Mobile switching centre (MSC) is positioned at the travelling carriage (MS) of its compass of competency by RN control.Customer location home location register (HLR) is a database, storage user's the parameter information and the information of the present present position of relevant user.VLR Visitor Location Register (VLR) also is a database, is the call proceeding retrieving information of MS in the MSC compass of competency, storage user's number, the identification in present position district and the parameters such as service that provide to the user.
Packet network comprises packet data serving node (PDSN), authentication and authorization charging system (AAA) and Surveillance center (LIC).The CDMA2000 system is the service that travelling carriage (MS) provides access the Internet, and each functional entity is described below:
PCF: the Packet Control Function module is the unit of being responsible for grouping control in the base station controller, for wireless network and grouping networking provide interface.
PDSN: packet data serving node, close as grouped data access network, travelling carriage (MS) IP is provided access way, be responsible for travelling carriage (MS) distributing IP address, the state of leading subscriber is transmitted user's grouped data, enters the Internet.
Ownership AAA: to subscription authentication, mandate and charging.
Visit AAA: authentication, mandate and the charging message of transmitting the user are given ownership AAA.
Middle AAA: transmit authentication, mandate and charging message between visit AAA and the ownership AAA.
Surveillance center (LIC): alert use equipment, finish the management of controlled object, the incident of the controlled object of collecting and reporting and Content of Communication, and the information of collecting handled.
In the CDMA2000 packet data network, interface between PDSN and the AAA meets remote dial authentification of user service (RADIUS) agreement, can be referring to internet engineering task group (IETF) standard: RFC2865, RFC2866, RFC2869 and 3rd Generation Partnership Project 2 (3GPP2) agreement " 3GPP2P.S0001-A Wireless IP Network Standard ".Interface between PDSN and the LIC can be referring to " cdma2000 digital cellular mobile communication systems policing interface (lawful interception interface) technical specification ".
Packet data service is as the advantage business of being given prominence to the most in the 3G evolution process by 2G, comprise information browse, upload, download, mail, colourful data services such as recreation will be relied on by users' telecommuting, mobile office, visit internet.And the information fast free is propagated and the shared operating efficiency that improved, various facilities have been brought, the diversified problem of also can deriving simultaneously, existing CDMA2000 packet network does not also have perfect agreement, Surveillance center need finish monitoring in conjunction with AAA, LIC specifies MS to report reach the standard grade situation and SERVING PDSN of MS to deploy to ensure effective monitoring and control of illegal activities according to AAA then, PDSN reports and specifies all data services of MS, LIC can only monitor certain several MS, the behavior that can not use data, services according to the content and/or the IP address monitor terminal user group of grouping information can't be satisfied alert variation with demand.
Summary of the invention
Technical problem to be solved by this invention provides a kind of method for monitoring data traffic of content-based and/or IP address, can monitor uncertain user group based on data message content and/or IP address.
In order to solve the problems of the technologies described above, the invention provides a kind of method for monitoring data traffic of content-based and/or IP address, may further comprise the steps:
(a) LIC of Surveillance center and packet data serving node PDSN connect;
(b) described LIC sends the monitoring request message to PDSN, and described monitoring request message comprises LIC uniqueness sign and monitor message, and described monitor message comprises monitored content and/or monitored IP and corresponding policer operation thereof;
(c) after described PDSN receives the monitoring request message, all or a certain group or several groups of mobile station MSs are monitored according to the monitor message in the described message.
Further, said method also can have following characteristics: in described step (a), described LIC of Surveillance center and packet data serving node PDSN connect and may further comprise the steps: (a1) LIC initiates the TCP/IP connection request to PDSN; (a2) after PDSN receives described connection request, check whether the source IP address of this connection request is legal, and promptly whether this LIC is legal, if connect, otherwise PDSN does not respond.
Further, said method also can have following characteristics: in described step (b), also comprise following one or more in the described monitoring request message: the international mobile subscriber identity IMSI of MS, the security extension of LIC and PDSN, designated equipment IP address.
Further, said method also can have following characteristics: in the described step (c), described mobile station MS the monitoring according to the monitor message in the described message is meant, the target ip address of the data message that data message that PDSN monitoring MS receives/sends and/or MS send, the corresponding policer operation of this monitored content/IP is then carried out in discovery and the data message that monitored content/IP is complementary.
Further, said method also can have following characteristics: in the described step (c), described PDSN judges whether described monitoring request message is correct after receiving the monitoring request message, if, preserve monitor message, send the monitoring request response to LIC, begin to monitor, PDSN stops monitoring when the link idle time surpasses preset value or LIC and initiatively sends order and stop, otherwise, return monitoring request response failed message.
Further, said method also can have following characteristics: described PDSN monitors further mobile station MS and comprises: (i) PDSN uses algorithm to filter the data message of MS, according to the monitor message of preserving, monitored content and/or IP address have been judged whether, if have, carry out next step, otherwise, return this step and continue monitoring; (ii) PSDN carries out this monitored content and/or the corresponding policer operation of IP to MS, sends monitoring report message to LIC, and described monitoring report message comprises PDSN uniqueness sign at least.
Further, said method also can have following characteristics: described algorithm is a regular expression.
Further, said method also can have following characteristics: described policer operation comprises following one or more: the encryption/non-encrypted IMSI that reports MS to LIC; Report encryption/non-encrypted data message of MS to LIC; Abandon the data message that relates to monitored information; Be redirected data message to the assigned ip address; Interrupt the data, services of MS, disconnection is connected with MS's.
Further, said method also can have following characteristics: described monitoring report message also comprises following one or more: MS encryption/unencrypted IMSI, MS encryption/unencrypted data message, policer operation success, policer operation failure.
Further, said method also can have following characteristics: it is characterized in that described LIC uniqueness sign comprises LIC server ip address and server ID; Described PDSN uniqueness sign comprises PDSN server ip address and server ID.
The method for supervising of the packet data service system in the CDMA2000 network of the invention provides and/or IP address content-based to the data message of travelling carriage (MS), use this method, by the police being used the expansion of protocol attribute, can strengthen control and monitoring, monitor the sensitive data business of all MS simultaneously the data business.IP address-based monitoring is such as the IP address of Falun Gong website; Content-based monitoring, such as " XX harbour ", can also control in addition travelling carriage on roll off the production line, be redirected etc.
Description of drawings
Fig. 1 is the schematic network structure of CDMA2000;
Fig. 2 implements the flow chart of monitoring to MS for present embodiment LIC notice PDSN;
Fig. 3 is present embodiment PDSN implements monitoring to MS a flow chart.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in further detail.
The method for supervising content-based and/or the IP address that present embodiment provides utilizes the TCP/IP that sets up between LIC (Surveillance center) and a plurality of PDSN (packet data serving node) to link, the employing protocol message is mutual, make PDSN monitor the data message of all or a certain group or several groups of MS (travelling carriage), the data forwarding of control MS, state etc., by PDSN data message and the state of MS reported LIC, LIC by and PDSN between protocol message, by the data, services of PDSN restriction MS.
The LIC notice PDSN flow process that enforcement is monitored to MS may further comprise the steps as shown in Figure 2:
PDSN does not allow unknown IP address to build connection to it, if do not send the source IP address of connection request, thinks that then this IP address is illegal in the local tabulation of preserving of PDSN.
The continual monitoring of monitoring content-based and/or the IP address all or a certain group or several groups of MS, TCP/IP connect to continue keeps, when the link idle time surpasses preset value or administrative reason LIC and initiatively sends order and stop till.
Described LIC uniqueness sign comprises that LIC server ip address and server ID, IP address are binary system 32 figure places, the similar hostname of server ID, LIC-ID, and the two is used the uniqueness that can guarantee LIC;
Described policer operation comprises following one or more: the encryption/non-encrypted IMSI that reports MS to LIC; Report encryption/non-encrypted data message of MS to LIC; Abandon the data message that relates to monitored information; Be redirected data message to the assigned ip address, promptly change the destination address of data message; Interrupt the data, services of MS, disconnection is connected with MS's;
Described monitoring request message also can comprise except that foregoing: the international mobile subscriber identity IMSI of MS is used for compatible method for supervising assigned I MSI monitoring in the past; The security extension of LIC and PDSN is used to verify both sides' identity, in order to prevent to be intercepted by the third party, improves fail safe; Designated equipment IP address is used for being redirected data message.
PDSN can save as monitor message tabular form or other forms.
Described monitoring request response comprises PDSN uniqueness sign (comprising PDSN server ip address and server ID) at least, perhaps also comprises the security extension of PDSN and LIC.
PDSN can monitor the data message that MS receives/sends, and/or the target ip address of the data message that sends of MS, finds the data message that is complementary with monitored content/IP, then carries out the corresponding policer operation of this monitored content/IP.The PDSN flow process that enforcement is monitored to MS may further comprise the steps as shown in Figure 3:
Described monitoring report message also can comprise the security extension of PDSN and LIC.
According to the difference of monitored content/corresponding policer operation in IP address, PDSN carries out different operations, comprises following one or more situations:
(1) described policer operation is: the encryption/non-encrypted IMSI that reports MS to LIC;
If PDSN monitors the data message that is complementary with monitored content/IP, then source IMSI that this data message is related to or target IMSI report LIC.It is for fear of because of packet is leaked content to the third party by intercepting that the IMSI number is encrypted the back transmission, if LIC indicates the IMSI that need encrypt, then PDSN reports LIC after this IMSI is encrypted again.
(2) described policer operation is: the encryption/non-encrypted data message that reports MS to LIC;
If PDSN monitors the data message that is complementary with monitored content/IP, this data message or the IMSI that relates to this data message are in addition reported LIC.With the data message encrypted transmission is for fear of because of packet is leaked content to the third party by intercepting, and PDSN reports LIC after this data message is encrypted again.
(3) described policer operation is: abandon the data message that relates to monitored information;
If monitoring in the data message that the data message that sends to certain MS or certain MS send, PDSN comprises monitored content, then with this packet loss.In addition, if LIC does not just allow access sensitive content, and and whom is indifferent on earth in visit, the data message that can will be referred to monitored information abandoning quietly (silent discard).
(4) described policer operation is: be redirected data message to the assigned ip address, promptly change the destination address of data message;
If the data message destination address of certain MS relates to monitored IP address, be redirected this data message to the assigned ip address, described assigned ip is another IP address that LIC carries in the monitoring request message.Whether MS can receive that data message depends on the reaction of the IP address after being redirected after redirecting, and this IP address device can be provided with PDSN this data message is still sent to MS, perhaps no longer issues MS.
(5) described policer operation is: interrupt the data, services of MS, disconnection is connected with MS's;
Be complementary if PDSN monitors data message and the monitored content that certain MS receives/send, perhaps, the destination address of certain MS data message relates to monitored IP address, then interrupts the data, services of this MS, disconnects and being connected of this MS.
Therefore, as from the foregoing, difference according to policer operation, the content that monitoring report message is comprised is also different, for example: if the policer operation of carrying out is the encryption/non-encrypted IMSI that reports MS to LIC, or, then in monitoring report message, carry MS encryption/unencrypted IMSI or MS encryption/unencrypted data message to encryption/non-encrypted data message that LIC reports MS.If the policer operation of carrying out is to abandon the data message that MS relates to monitored information, or redirected data message is to the assigned ip address, or the data, services of interruption MS, disconnection is connected with MS's, then also comprises the indication of this policer operation success or failure in described monitoring report message.
Step 230 after LIC receives monitoring report message, sends the monitoring report response message to PDSN, and the monitoring report response message comprises LIC uniqueness sign at least, also can comprise the security extension of LIC and PDSN.
The present invention also can have other embodiment, and in the case of without departing from the present invention, those of ordinary skill in the art can make corresponding change according to the present invention, but these corresponding changes all should belong to the protection range of the appended claim of the present invention.
Claims (9)
1. the method for monitoring data traffic of a content-based and/or IP address may further comprise the steps:
(a) LIC of Surveillance center and packet data serving node PDSN connect, and comprising: LIC initiates the TCP/IP connection request to PDSN; After PDSN receives described connection request, check whether the source IP address of this connection request is legal, and promptly whether this LIC is legal, if connect, otherwise PDSN does not respond;
(b) described LIC sends the monitoring request message to PDSN, and described monitoring request message comprises LIC uniqueness sign and monitor message, and described monitor message comprises monitored content and/or monitored IP address and corresponding policer operation thereof;
(c) after described PDSN receives the monitoring request message, according to the monitor message in the described message all or a certain group or several groups of mobile station MSs are monitored, comprise: the target ip address of the data message that data message that PDSN monitoring MS receives/sends and/or MS send, if monitoring data message and the monitored content that certain MS receives/send, PDSN is complementary, perhaps, the target ip address of certain MS data message relates to monitored IP address, then carries out this monitored content/corresponding policer operation in monitored IP address.
2. the method for claim 1 is characterized in that, in described step (b), also comprises following one or more in the described monitoring request message: the international mobile subscriber identity IMSI of MS, the security extension of LIC and PDSN, designated equipment IP address.
3. the method for claim 1, it is characterized in that, in the described step (c), after described PDSN receives the monitoring request message, judge whether described monitoring request message is correct, if, preserve monitor message, send the monitoring request response to LIC, begin to monitor, PDSN stops monitoring when the link idle time surpasses preset value or LIC and initiatively sends order and stop, otherwise, return monitoring request response failed message.
4. method as claimed in claim 3 is characterized in that, described PDSN monitors further mobile station MS and comprises:
(i) PDSN uses algorithm to filter the data message of MS, and the monitor message according to preserving has judged whether monitored content and/or monitored IP address, if having, carries out next step, otherwise, return this step and continue monitoring;
(ii) PSDN carries out this monitored content and/or the corresponding policer operation in monitored IP address to MS, sends monitoring report message to LIC, and described monitoring report message comprises PDSN uniqueness sign at least.
5. method as claimed in claim 4 is characterized in that, described algorithm is a regular expression.
6. method as claimed in claim 4 is characterized in that, described policer operation comprises following one or more: the encryption/non-encrypted IMSI that reports MS to LIC; Report encryption/non-encrypted data message of MS to LIC; Abandon the data message that relates to monitored information; Be redirected data message to the assigned ip address; Interrupt the data, services of MS, disconnection is connected with MS's.
7. method as claimed in claim 6 is characterized in that, described monitoring report message also comprises following one or more: MS encryption/unencrypted IMSI, MS encryption/unencrypted data message, policer operation success, policer operation failure.
8. the method for claim 1 is characterized in that, described LIC uniqueness sign comprises LIC server ip address and server ID.
9. method as claimed in claim 4 is characterized in that, described PDSN uniqueness sign comprises PDSN server ip address and server ID.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007100011839A CN101227339B (en) | 2007-01-19 | 2007-01-19 | Method for monitoring data traffic based on contents and/or IP address |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007100011839A CN101227339B (en) | 2007-01-19 | 2007-01-19 | Method for monitoring data traffic based on contents and/or IP address |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101227339A CN101227339A (en) | 2008-07-23 |
CN101227339B true CN101227339B (en) | 2011-07-13 |
Family
ID=39859106
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007100011839A Expired - Fee Related CN101227339B (en) | 2007-01-19 | 2007-01-19 | Method for monitoring data traffic based on contents and/or IP address |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101227339B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101909325B (en) * | 2010-06-08 | 2014-01-22 | 惠州Tcl移动通信有限公司 | Monitoring system and monitoring method of mobile terminal |
CN103546331B (en) * | 2012-07-16 | 2018-10-26 | 南京中兴新软件有限责任公司 | Acquisition methods, the apparatus and system of monitoring information |
CN102843373A (en) * | 2012-08-28 | 2012-12-26 | 北京星网锐捷网络技术有限公司 | Method and device for obtaining UDP (user datagram protocol) service inaccessibility and network device |
CN102882869B (en) * | 2012-09-25 | 2015-04-15 | 深圳中兴网信科技有限公司 | System and method for controlling network service |
CN105873029B (en) * | 2015-01-21 | 2019-05-10 | 中国移动通信集团公司 | A kind of conversation monitoring method and device |
CN105704140A (en) * | 2016-03-17 | 2016-06-22 | 北京佰才邦技术有限公司 | Interception method, interception device and local gateway |
CN105704153B (en) * | 2016-03-30 | 2020-02-07 | 中国联合网络通信集团有限公司 | Method and system for tracking network access information in real time |
CN108777874A (en) * | 2018-05-31 | 2018-11-09 | 安徽电信器材贸易工业有限责任公司 | A kind of method and its system that router mutually switches |
CN109032884B (en) * | 2018-06-11 | 2021-05-28 | 平安科技(深圳)有限公司 | Monitoring data processing method, server and computer readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1389864A1 (en) * | 2002-08-13 | 2004-02-18 | Nortel Networks Limited | Network architecture for supporting the lawful intercept of a network communication |
CN1535068A (en) * | 2003-04-02 | 2004-10-06 | 华为技术有限公司 | Method of proceeding grouping business audiomonitoring according to user mark |
CN1549621A (en) * | 2003-05-22 | 2004-11-24 | 华为技术有限公司 | Method for realizing legal monitoring |
-
2007
- 2007-01-19 CN CN2007100011839A patent/CN101227339B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1389864A1 (en) * | 2002-08-13 | 2004-02-18 | Nortel Networks Limited | Network architecture for supporting the lawful intercept of a network communication |
CN1535068A (en) * | 2003-04-02 | 2004-10-06 | 华为技术有限公司 | Method of proceeding grouping business audiomonitoring according to user mark |
CN1549621A (en) * | 2003-05-22 | 2004-11-24 | 华为技术有限公司 | Method for realizing legal monitoring |
Non-Patent Citations (2)
Title |
---|
张天兰等.2G移动通信系统警用监听技术研究.《信息技术》.2006,(第9期),第97-99页. * |
齐鹏.WCDMA移动通信网络中警用接口的研究.《中国学位论文全文数据库》.2006,第12页第9-20行,第21页第27-28行,第26页第17行,第42页第11-12,20行,第44页第5-9,11-13行,第62页第3行至第64页第11行,第66页第1-8行、图4.1,4.2,4.3,4.6,4.7. * |
Also Published As
Publication number | Publication date |
---|---|
CN101227339A (en) | 2008-07-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101227339B (en) | Method for monitoring data traffic based on contents and/or IP address | |
CN100394728C (en) | Informing a lawful interception system of the serving system serving an intercepted target | |
CN100393144C (en) | Method for checking transmitting data volume | |
US9768961B2 (en) | Encrypted indentifiers in a wireless communication system | |
US6889328B1 (en) | Method and apparatus for secure communication | |
US7403763B2 (en) | Device agent | |
EP1484892B1 (en) | Method and system for lawful interception of packet switched network services | |
US7383035B2 (en) | Method of furnishing illegal mobile equipment user information | |
CN100375424C (en) | Multimedia information receiving and transmitting method system, gateway and customer's equipment | |
ZA200506363B (en) | Method for processing security message in a mobile communication system | |
US7974602B2 (en) | Fraud detection techniques for wireless network operators | |
US20070153696A1 (en) | Collaborative communication traffic control systems and methods | |
EP2929670B1 (en) | System to protect a mobile network | |
CN100538588C (en) | Communication system and the method that mobile communication business is provided | |
CN101257412B (en) | Alarming interception system and method for WiMAX network | |
IL184109A (en) | Interception of databases | |
CN101159625B (en) | System and method of implementing monitor for police for WiMAX | |
EP2267974A1 (en) | System and method for local policy enforcement for internet service providers | |
WO2000056097A1 (en) | Relating network events to subscriber and mobile equipment identities | |
Lei et al. | Security architecture and mechanism of third generation mobile communication | |
de Carvalho Macedo et al. | Attacks to mobile networks using SS7 vulnerabilities: a real traffic analysis | |
JP2006178836A (en) | Authentication transmitting system | |
CN100361457C (en) | Method for transferring monitored information | |
Ja’afer et al. | Enhancement Mobile Security and User Confidentiality for UMTS | |
KR20150072249A (en) | Communiction system and mobile device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110713 Termination date: 20180119 |
|
CF01 | Termination of patent right due to non-payment of annual fee |