CN101594340B - Method and device for realizing internet lawful interception - Google Patents
Method and device for realizing internet lawful interception Download PDFInfo
- Publication number
- CN101594340B CN101594340B CN2008100381510A CN200810038151A CN101594340B CN 101594340 B CN101594340 B CN 101594340B CN 2008100381510 A CN2008100381510 A CN 2008100381510A CN 200810038151 A CN200810038151 A CN 200810038151A CN 101594340 B CN101594340 B CN 101594340B
- Authority
- CN
- China
- Prior art keywords
- management
- monitor information
- protocol
- targeted customer
- dhcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a device for realizing internet lawful interception, wherein a lawful interception facility configures interception management information needing interception to a network access management apparatus; the network access management apparatus transmits the interception management information to a network access apparatus where a target user is located when the target user authenticates network access or requests network resources; and the network access apparatus intercepts the target user and transmits interception events or communication contents obtained by interception to the lawful interception facility according to the interception management information. The invention also provides two methods for transmitting the interception management information and a device for realizing the internet lawful interception. The device comprises an authentication server, a DHCP server and a network access apparatus. The common protocols of the standard DHCP, RADIUS, and the like only need to be simply expanded, and the invention can effectively support the static lawful interception and the dynamic lawful interception and is easy to realize and deploy.
Description
Technical field
The present invention relates to the network service field of information security technology, relate in particular to a kind of legal listening method and device of realizing on the Internet thereof.
Background technology
Lawful Interception is in the state's laws allowed band, and the activity of certain electric communication service is monitored by state security department, and is as shown in Figure 1.This activity through sending snoop command to Virtual network operator/access provider/service provider (NWO/AP/SvP), and provides the eavesdropping target's of institute Content of Communication and relevant information to accomplish by its related network device by Lawful Interception management organization (LEMF).Typical three kinds of Lawful Interception interface types have been illustrated among the figure: management information interface (HI1), Intercept related information interface (H12) and Content of Communication interface (HI3) 3 class interfaces.The HI1 interface transmits different classes of Lawful Interception transaction management information between the network equipment of LEMF and NWO/AP/SvP, and monitors and set up and monitor release information; The function of switching interface HI2 is to transmit relevant monitoring incident from the network equipment IIF of NWO/AP/SvP to LEMF; Like information relevant or data with communication service; Comprise in order to set up the signaling information of communication service and its process of control, if possible also the delivery time stab, more information such as value-added service information and positional information; Switching interface HI3 transmits to LEMF and monitors the Content of Communication (CC) that obtains.The transparent copy of the two-way communication information flow that Content of Communication is monitored.
The Internet (IP) Lawful Interception is a kind of to IP network user under a cloud or the professional monitoring of carrying out.Fig. 2 is that a kind of typical IP Lawful Interception is realized the system configuration sketch map; It comprises user terminal 21, network access equipment 22, Lawful Interception facility 23 (specifically can comprise Lawful Interception management equipment LIAF and law compulsion watch-dog LEMF), and wherein, user terminal is controlled by the user as the relevant device that the user is used for communicating; Network access equipment; The connection device that is used to connect user terminal and leads to other networks; It inserts provider by visit and provides; Direct and user terminal links, and according to its technology that adopts and configuration, can carry out data decryptor and to LEMF monitored data is provided in physical layer, data link layer, network layer through its inner inside monitor function (IIF).
As shown in Figure 2; Lawful Interception facility 23 passes through its management information interface to the network insertion management equipment; For example certificate server 24 is issued the Lawful Interception transaction management informations; The correlated identities information (for example user name or other can identified information) (step S1) that wherein can comprise the targeted customer; When user terminal 21 during as targeted customer's access network; It carries out authentication and further Resource Allocation in Networks or configuration (step S2) through network access equipment 22 to certificate server 24 requests; Certificate server 24 will produce this targeted customer's monitoring relevent information, and for example network access equipment information, user terminal IP address etc. are given Lawful Interception facility 23 (step S3), and Lawful Interception facility 23 is implemented communication activity monitoring (step S4) through specific network protocol (for example snmp simple network management protocol or other proprietary protocol) 22 couples of targeted customers of informing network access device again and Content of Communication sent to the relevant interface (step S5) of the Lawful Interception facility 23 of appointment;
In the above-mentioned listening mode; As needing the certain protocol mode carrying out snoop transaction management information, to monitor relevent information and communicate by letter and handle between the certificate server 24 of network insertion management equipment and the Lawful Interception facility 23, also need certain protocol simultaneously between Lawful Interception facility 23 and the network access equipment 22 to carry out snoop transaction and communicate by letter and to handle; And because inexactness and the dynamic of targeted customer 21 in setting up communication session, above-mentioned listening mode is difficult to accomplish timely and effective.
Summary of the invention
The present invention aims to provide a kind of method that realizes the Internet (IP) Lawful Interception, and it gives network access equipment through expansion existing communication agreement to carry management of monitor information, is carried out Lawful Interception and is transmitted the Content of Communication that monitoring obtains to the Lawful Interception facility by it.
Another object of the present invention provides at least two kinds of transmission methods that are used to realize the management of monitor information of IP Lawful Interception.
Another purpose of the present invention provides the equipment that is used for auxiliary Lawful Interception in the communication network, comprising certificate server, Dynamic Host Configuration Protocol server and communication network access device.
Through the application of method of the present invention and equipment, to overcome the deficiency of prior art.
The present invention provides a kind of method that realizes internet lawful interception, and this method comprises the steps: that a) the Lawful Interception facility is to the management of monitor information of network insertion management equipment configuration needs monitoring; B) the network insertion management equipment passes to the network access equipment that the targeted customer belongs to management of monitor information when the targeted customer carries out network access authentication or network resource request; C) network access equipment is implemented to monitor and transmit the Content of Communication that monitoring obtains to the Lawful Interception facility to the targeted customer according to said management of monitor information.
In addition, the present invention provides a kind of transmission method of management of monitor information, and the method comprising the steps of: a1) expansion remote authentication dial-in user service (RADIUS) agreement defines new protocol option so that carry management of monitor information; B1), targeted customer's access network management of monitor information is inserted corresponding response message when carrying out access authentication through the radius protocol after the above-mentioned expansion.
The present invention also provides the transmission method of another kind of management of monitor information, and this method comprises: a2) extended dynamic host configuration (DHCP) agreement defines new protocol option so that carry management of monitor information; B2) when targeted customer's access network carries out network resource request, management of monitor information is inserted corresponding response message through the DHCP agreement after the above-mentioned expansion.
In addition, the present invention also provides certificate server, Dynamic Host Configuration Protocol server and the communication network access device that is used for auxiliary Lawful Interception in a kind of communication network.
The certificate server that is used for auxiliary Lawful Interception in a kind of communication network of the present invention comprises: one monitors processing unit: receive the management of monitor information from the Lawful Interception facility; One authenticate device: when the targeted customer carries out authentication request, pairing management of monitor information is inserted the radius protocol packet of an appointment and sent to targeted customer's communication network access device.
Be used for the Dynamic Host Configuration Protocol server of auxiliary legal prison in a kind of communication network of the present invention, comprise: one monitors processing unit: receive targeted customer and the management of monitor information monitored from the needs of Lawful Interception facility; One DHCP protocol processes device: when the targeted customer carries out network resource request, said management of monitor information is inserted the DHCP protocol data bag of appointment and sent to the targeted customer.
Be used for the network access equipment of auxiliary legal prison in a kind of communication network of the present invention, comprise: a receiving system: receive from the specific protocol packet that comprises management of monitor information of network insertion management equipment and extract entrained management of monitor information; One monitoring device: the destination host Content of Communication is monitored and transmit to be monitored the Content of Communication that obtains to the Lawful Interception facility according to said management of monitor information.
The present invention has following beneficial effect:
1) the present invention can support static Lawful Interception and dynamic Lawful Interception effectively, overcomes inexactness and dynamic in setting up communication session.
2) the present invention can simply expand standard DHCP agreement commonly used and radius protocol etc., is easy to realize and dispose; Only need are simply revised the partial function of existing equipment and are upgraded in implementation process.Do not need the certain protocol mode to carry out snoop transaction management information between Lawful Interception facility and the network access equipment, monitor relevent information and communicate by letter and handle.
3) the present invention realizes the centralized management of management of monitor information, is beneficial to the security risk that reduces management of monitor information, reduces management of monitor information security management cost.
Description of drawings
Through the detailed description with the accompanying drawing of following proposition, it is more obvious that characteristic of the present invention, character and advantage will become, and components identical has identical sign in the accompanying drawing, wherein:
Fig. 1 is Lawful Interception network architecture figure;
Fig. 2 is a kind of typical IP network legal interception system structure legend;
Fig. 3 A is IP network legal interception system structure embodiment one provided by the present invention;
Fig. 3 B is IP network legal interception system structure embodiment two provided by the present invention;
Fig. 4 is certificate server structure embodiment provided by the present invention;
Fig. 5 is Dynamic Host Configuration Protocol server structure embodiment provided by the present invention;
Fig. 6 is network access equipment structure embodiment provided by the present invention;
Embodiment
Below in conjunction with accompanying drawing, preferred implementation of the present invention is carried out detailed explanation.
Fig. 3 A is IP network legal interception system structure embodiment one provided by the present invention.It comprises user terminal 31, network access equipment 32, certificate server 34, Lawful Interception facility 33 (specifically can comprise Lawful Interception management equipment LIAF and law compulsion watch-dog LEMF).Wherein, said user terminal 31 is controlled by the user as the relevant device that the user is used for communicating; Said network access equipment 32; The connection device that is used to connect user terminal and leads to other networks; It is provided by Network Access Provider (NAP); Direct and user terminal links; According to its technology that adopts and configuration, can carry out data decryptor and monitored data is provided in physical layer, data link layer, network layer through its inner inside monitor function (IIF) to Lawful Interception facility 33, certificate server 34 is as one of network insertion management equipment; General link to each other with network access equipment, be used for providing before the user access network resource and legitimacy discriminating, the service authority of this user identity distinguished etc. through corresponding expansion remote authentication dial-in user service (RADIUS) protocol interface.
Like Fig. 3 A step S1; Lawful Interception facility 33 through its management information interface to 34 configurations of network insertion management equipment certificate server need that the management of monitor information of monitoring, management of monitor information can comprise that the targeted customer identifies, the address of Lawful Interception facility and port information.
As scheme step S2 ', when certificate server 34 carries out network access authentication or network resource request targeted customer 31, management of monitor information is passed to the network access equipment 33 at targeted customer 22 places; Certificate server 34 can adopt the advanced radius agreement that aforementioned management of monitor information is passed to the network access equipment at targeted customer place, or can further through RADIUS dynamic authentication Extended Protocol management of monitor information be passed to the network access equipment at targeted customer place.The back also will combine Fig. 4 that certificate server and corresponding management of monitor information transmitting methods are further described.
As scheme step S3; Network insertion management equipment certificate server 34 will further send to Lawful Interception facility 33 owing to the monitoring incident that this targeted customer's access network is produced, the network access equipment that for example this targeted customer inserted, the Internet resources relevant with authentication, call duration time etc.Also can aforementioned monitoring incident further be sent to Lawful Interception facility 33 (like figure step S3 ' signal) by this network access equipment 32.
As scheme step S5, network access equipment 32 is monitored targeted customer's 31 implementation contents according to said management of monitor information and is transmitted the resulting Lawful Interception content of monitoring to Lawful Interception facility 33.
Fig. 4 is certificate server structure embodiment provided by the present invention, and it comprises monitors processing unit 41, authenticate device 42, wherein:
Monitor the management of monitor information that processing unit 41 receives from the Lawful Interception facility, management of monitor information can comprise that the targeted customer identifies, the address of Lawful Interception facility and port information; A kind of typical monitoring processing unit 41 structures comprise processing unit 411 and corresponding data logger 412 thereof.
When authenticate device 42 carries out authentication request the targeted customer, pairing management of monitor information is inserted the radius protocol packet of an appointment and sent to targeted customer's communication network access device; A kind of typical authenticate device 421 structures comprise authentication apparatus 421 and corresponding data logger 422 thereof.
Here; Authentication apparatus 421 can the advanced radius agreement, the new protocol option of definition is so that carry management of monitor information; When targeted customer's access network carries out access authentication, through the radius protocol after the above-mentioned expansion management of monitor information is inserted corresponding response message, said authenticate device is further through inserting the access network device that successful back message using sends to said management of monitor information the targeted customer.Typically insert successful back message using (Access-Accept) through the back at one at authenticating user identification and insert said management of monitor information, implementation can combine RFC2865 protocol specifications such as " Remote Authentication Dial In UserService (RADIUS) " to describe in detail.
In addition, authentication apparatus 421 can pass through advanced radius dynamic authentication Extended Protocol, defines new protocol option so that carry management of monitor information.In the practical application; If targeted customer's session is set up, the Lawful Interception facility is obviously not enough through aforementioned manner issue management of monitor information; Processing unit 411 is necessary after receiving management of monitor information; Its data query record sheet 422 finds that the targeted customer sets up through authentication and session; Its direct triggering authentication processing unit 421 is through advanced radius dynamic authentication Extended Protocol; Management of monitor information is inserted the access network device that corresponding protocol message sends to the targeted customer, and implementation can combine RFC3576 protocol specifications such as " Dynamic Authorization Extensions toRemote Authentication Dial In User Service " to describe in detail.
Monitor processing unit 41 and also will further send to Lawful Interception facility 33, the network access equipment that for example this targeted customer inserted, the network of relation resource of being distributed, call duration time etc. owing to the monitoring incident that this targeted customer's access network is produced.
Fig. 3 B is IP network legal interception system structure embodiment two provided by the present invention, and it comprises user terminal 31, network access equipment 32, Dynamic Host Configuration Protocol server 35, Lawful Interception facility 33 (specifically can comprise Lawful Interception management equipment LIAF and law compulsion watch-dog LEMF).Wherein, said user terminal 31 is controlled by the user as the relevant device that the user is used for communicating; Said network access equipment 32; The connection device that is used to connect user terminal and leads to other networks; It is provided by Network Access Provider (NAP); Direct and user terminal links, and according to its technology that adopts and configuration, can carry out data decryptor and to Lawful Interception facility 33 monitored data is provided in physical layer, data link layer, network layer through its inner inside monitor function (IIF); Dynamic Host Configuration Protocol server 35 as one of network insertion management equipment, generally provides the network parameter configuration management of this user network access-in resource before the user access network resource etc. through the DHCP agreement, for example IP address dynamic assignment etc.
Like Fig. 3 B step S1; Lawful Interception facility 33 through its management information interface to 35 configurations of network insertion management equipment Dynamic Host Configuration Protocol server need that the management of monitor information of monitoring, management of monitor information can comprise that the targeted customer identifies, the address of Lawful Interception facility and port information.
As scheme step S2 ", when Dynamic Host Configuration Protocol server 35 carries out the network insertion resource request targeted customer 31, management of monitor information is passed to the network access equipment 33 at targeted customer 22 places; Dynamic Host Configuration Protocol server 35 can adopt expansion DHCP agreement that aforementioned management of monitor information is passed to the network access equipment 32 at targeted customer place, or can further reconfigure the network access equipment 32 that Extended Protocol message passes to management of monitor information at the targeted customer place through DHCP.The back will combine Fig. 5 that Dynamic Host Configuration Protocol server and corresponding management of monitor information transmitting methods are further described.
As scheme step S3; Network insertion management equipment Dynamic Host Configuration Protocol server 35 can further send to Lawful Interception facility 33 with the monitoring incident that is produced owing to this targeted customer's access network, the network access equipment that for example this targeted customer inserted, the network of relation resource of being distributed, call duration time etc.Also can aforementioned monitoring incident further be sent to Lawful Interception facility 33 (like figure step S3 ' signal) by this network access equipment 32.
As scheme step S5, network access equipment 32 is monitored targeted customer's 31 implementation contents according to said management of monitor information and is transmitted the resulting Lawful Interception content of monitoring to Lawful Interception facility 33.
Fig. 5 is Dynamic Host Configuration Protocol server structure embodiment provided by the present invention, and it comprises monitors processing unit 51, DHCP protocol processes device 52, wherein:
Monitor the management of monitor information that processing unit 51 receives from the Lawful Interception facility, management of monitor information can comprise that the targeted customer identifies, the address of Lawful Interception facility and port information; A kind of typical receiving system 51 structure example comprise processing unit 511 and corresponding data logger 512 thereof.
DHCP protocol processes device 52 when the targeted customer carries out network resource request, said management of monitor information inserted the DHCP protocol data bag of appointment and send to the targeted customer the communication network access device; A kind of typical authenticate device 521 structure example comprise DHCP protocol processes device 521 and corresponding data logger 522 thereof.
Here; DHCP protocol processes device 521 can be expanded the DHCP agreement, define new protocol option so that carry management of monitor information, and the DHCP agreement after for example expanding is with the new sub-option at DHCP agreement option 82, or the appointment option in the DHCP agreement inserts said management of monitor information; Carry out network resource request at targeted customer's access network; For example during IP address assignment, through the DHCP protocol option after the above-mentioned expansion management of monitor information is inserted corresponding response message, typically; Dynamic Host Configuration Protocol server is after receiving the DHCP REQUEST of client; Can send DHCPACK response to client, confirming the formally effective of an IP lease, this response message generally includes one and rents all other configuration informations that time limit and client are asked; We can be chosen in and insert said management of monitor information in this DHCPACK message, and implementation can combine RFC2131 protocol specifications such as " Dynamic Host ConfigurationProtocol " to describe in detail.
In addition, DHCP protocol processes device 521 can reconfigure Extended Protocol through expansion DHCP and carry management of monitor information.In the practical application; If targeted customer's session is set up, the Lawful Interception facility is obviously not enough through aforementioned manner issue management of monitor information; Processing unit 511 is necessary after receiving management of monitor information; The 522 discovery targeted customer sessions of its data query record sheet are set up; Its direct DHCP of triggering protocol processes device 521 reconfigures Extended Protocol through DHCP management of monitor information is inserted the access network device that the pairing DHCP FORCERENEW of targeted customer message sends to the targeted customer, and implementation can combine RFC3203 protocol specifications such as " DHCP Reconfigure Extension " to describe in detail.
Fig. 6 is network access equipment structure embodiment provided by the present invention, and it comprises a receiving system 61, a monitoring device 62, wherein:
Receiving system 61; Reception is from the specific protocol packet that comprises management of monitor information of network insertion management equipment; Typical network insertion management equipment such as certificate server, Dynamic Host Configuration Protocol server; Here receiving system is through realizing the interface protocol processing unit to corresponding access management product, and for example RADIUS client unit 611, DHCP protocol processing unit 612 receive from the specific protocol packet aforementioned network access management product, that comprise management of monitor information and to management of monitor information entrained in the specific protocol packet and extract.
Said RADIUS client unit 611, it receives from specific radius protocol message certificate server, that comprise management of monitor information.Can also further receive the particular extension RADIUS dynamic authentication Extended Protocol message that comprises management of monitor information.Can the access success back message using (Access-Accept) from network side be filtered, it is the affirmation message to client user's authentication, and we can extract the management of monitor information of inserting in this DHCPACK message according to set mode.
Said DHCP protocol processing unit 612, it receives from DHCP protocol message Dynamic Host Configuration Protocol server, that comprise management of monitor information.Can also further receive the particular extension DHCP that comprises management of monitor information and reconfigure Extended Protocol message.Can the DHCPACK response message from network side be filtered; This message is that client is confirmed the formally effective of an IP lease; Generally include one and rent all other configuration informations that time limit and client are asked, we can extract the management of monitor information of inserting in this DHCPACK message according to set mode.
For the network security factor is considered, after the management of monitor information in 61 couples of specific RADIUS that received of receiving system, the DHCP protocol data bag is extracted, be transmitted to corresponding targeted customer again after needing further management of monitor information wherein to be peeled off.
Monitoring device (IIF) 62 is monitored the destination host Content of Communication according to said management of monitor information and is transmitted monitoring resulting Content of Communication (HI3) to the Lawful Interception facility; Describe like preamble, enough information such as management of monitor information comprises that the targeted customer identifies, the address of Lawful Interception facility and port information are to provide 62 couples of targeted customers of monitoring device to position to monitor and monitored result is offered target Lawful Interception facility.
Monitoring device (IIF) 62 also can further send to Lawful Interception facility 33 with the monitoring incident that is produced owing to this targeted customer's access network, the network access equipment that for example this targeted customer inserted, the network of relation resource of being distributed, call duration time etc.
Although above-mentioned being illustrated as the invention provides some embodiment; Be not to be used for limiting protection scope of the present invention; The professional in present technique field can carry out various modifications to embodiment under the prerequisite that does not depart from the scope of the present invention with spirit, this modification all belongs in the scope of the present invention.
Claims (28)
1. a method that realizes internet lawful interception comprises the steps:
A) the Lawful Interception facility needs the management of monitor information of monitoring to the configuration of network insertion management equipment;
B) the network insertion management equipment passes to the network access equipment that the targeted customer belongs to management of monitor information when the targeted customer carries out network access authentication or network resource request;
C) network access equipment is implemented to monitor to the targeted customer according to said management of monitor information and is transmitted the Content of Communication that monitoring incident or monitoring obtain to the Lawful Interception facility.
2. method according to claim 1 is characterized in that, said step a), b) and c) in management of monitor information comprise at least: the address and the port information of targeted customer sign, Lawful Interception facility.
3. method according to claim 1; It is characterized in that; Said step a) and b) in the network insertion management equipment be certificate server, it passes to management of monitor information through expansion remote authentication dial-in user service agreement the network access equipment at targeted customer place.
4. method according to claim 3 is characterized in that, in the said step b), certificate server further passes to management of monitor information through RADIUS dynamic authentication Extended Protocol the network access equipment at targeted customer place.
5. method according to claim 1 is characterized in that, said step a) and b) in the network insertion management equipment be Dynamic Host Configuration Protocol server, it passes to management of monitor information through expansion DHCP agreement the network access equipment at targeted customer place.
6. method according to claim 5 is characterized in that, in the said step b), Dynamic Host Configuration Protocol server further reconfigures the network access equipment that Extended Protocol passes to management of monitor information at the targeted customer place through DHCP.
7. according to the described method of one of claim 1 to 6, it is characterized in that said step b) comprises that further the network insertion management equipment transmits the monitoring incident to the Lawful Interception facility.
8. the transmission method of a management of monitor information comprises:
A1) advanced radius agreement defines new protocol option so that carry management of monitor information;
B1) when targeted customer's access network carries out access authentication, management of monitor information is inserted corresponding response message through the radius protocol after the above-mentioned expansion.
9. method according to claim 8 is characterized in that, said step b1) in response message be to insert successful back message using.
10. according to Claim 8 or 9 described methods, it is characterized in that said method further comprises step c1), through advanced radius dynamic authentication Extended Protocol, management of monitor information is inserted corresponding protocol message.
11. the transmission method of a management of monitor information comprises:
A2) expansion DHCP agreement defines new protocol option so that carry management of monitor information;
B2) when targeted customer's access network carries out network resource request, management of monitor information is inserted corresponding response message through the DHCP agreement after the above-mentioned expansion.
12. method according to claim 11 is characterized in that, said step a2) in, the DHCP agreement after the expansion is carried said management of monitor information with sub-option or independent option of option 82.
13. method according to claim 11 is characterized in that, said step b2) in, said DHCP protocol responses message is DHCPACK message.
14. according to the described method of one of claim 11 to 13, it is characterized in that, further comprise step c2), expansion DHCP agreement reconfigures Extended Protocol corresponding FORCERENEW message is inserted in the transmission of management of monitor information.
15. be used for the certificate server of auxiliary Lawful Interception in the communication network, comprise:
Monitor processing unit: receive management of monitor information from the Lawful Interception facility;
Authenticate device: when the targeted customer carries out authentication request, pairing management of monitor information inserted remote authentication dial-in user's service agreement packet of an appointment and send to targeted customer's communication network access device.
16. certificate server according to claim 15; It is characterized in that; Said monitoring processing unit is when the management of monitor information of receiving from the Lawful Interception facility; If targeted customer's session is set up, authenticate device passes through advanced radius dynamic authentication Extended Protocol, management of monitor information is inserted the access network device that corresponding protocol message sends to the targeted customer.
17. certificate server according to claim 15 is characterized in that, said authenticate device is further through inserting the access network device that successful back message using sends to said management of monitor information the targeted customer.
18. be used for the Dynamic Host Configuration Protocol server of auxiliary Lawful Interception in the communication network, comprise:
Monitor processing unit: receive targeted customer and the management of monitor information monitored from the needs of Lawful Interception facility;
DHCP protocol processes device: when the targeted customer carries out network resource request, said management of monitor information is inserted the DHCP protocol data bag of appointment and sent to the targeted customer.
19. Dynamic Host Configuration Protocol server according to claim 18 is characterized in that, said DHCP protocol processes device is at the new sub-option of DHCP agreement option 82, or the appointment option in the DHCP agreement inserts said management of monitor information.
20. Dynamic Host Configuration Protocol server according to claim 18 is characterized in that, said DHCP protocol processes device inserts the DHCPACK message with said management of monitor information.
21., it is characterized in that said DHCP protocol processes device can further expand DHCP and reconfigure Extended Protocol with management of monitor information transmission insertion corresponding protocol message according to the described Dynamic Host Configuration Protocol server of one of claim 18 to 20.
22. Dynamic Host Configuration Protocol server according to claim 21 is characterized in that, it is DHCPFORCERENEW message that said DHCP reconfigures Extended Protocol message.
23. be used for the communication network access device of auxiliary Lawful Interception in the communication network, comprise:
Receiving system: receive from the expanding communication protocol data bag that comprises management of monitor information of network insertion management equipment and extract entrained management of monitor information;
Monitoring device: the destination host Content of Communication is monitored and transmitted the Content of Communication that monitoring incident or monitoring obtain to the Lawful Interception facility according to said management of monitor information.
24. communication network access device according to claim 23 is characterized in that, said receiving system comprises a RADIUS client unit, and it receives from specific radius protocol message certificate server, that comprise management of monitor information.
25. communication network access device according to claim 24 is characterized in that, said RADIUS client unit further receives the particular extension RADIUS dynamic authentication Extended Protocol message that comprises management of monitor information.
26. communication network access device according to claim 23 is characterized in that, said receiving system comprises a DHCP protocol processes device, and it receives from DHCP protocol message Dynamic Host Configuration Protocol server, that comprise management of monitor information.
27. communication network access device according to claim 26 is characterized in that, said DHCP protocol processes device further receives the particular extension DHCP that comprises management of monitor information and reconfigures Extended Protocol message.
28., it is characterized in that said receiving system is transmitted to targeted customer's main frame with it after further peeling off the management of monitor information of specific protocol packet according to the described communication network access device of one of claim 23 to 27.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100381510A CN101594340B (en) | 2008-05-28 | 2008-05-28 | Method and device for realizing internet lawful interception |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100381510A CN101594340B (en) | 2008-05-28 | 2008-05-28 | Method and device for realizing internet lawful interception |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101594340A CN101594340A (en) | 2009-12-02 |
| CN101594340B true CN101594340B (en) | 2012-07-04 |
Family
ID=41408784
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100381510A Active CN101594340B (en) | 2008-05-28 | 2008-05-28 | Method and device for realizing internet lawful interception |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101594340B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102123367A (en) * | 2011-01-19 | 2011-07-13 | 华为技术有限公司 | Method for monitoring terminal and communication system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852179A (en) * | 2005-10-26 | 2006-10-25 | 华为技术有限公司 | System and method for realizing legally monitoring |
| CN101094122A (en) * | 2007-08-17 | 2007-12-26 | 中兴通讯股份有限公司 | Monitoring system and method in use for WiMAX network |
| CN101110715A (en) * | 2006-07-18 | 2008-01-23 | 华为技术有限公司 | Method for transmitting legal monitoring information |
-
2008
- 2008-05-28 CN CN2008100381510A patent/CN101594340B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852179A (en) * | 2005-10-26 | 2006-10-25 | 华为技术有限公司 | System and method for realizing legally monitoring |
| CN101110715A (en) * | 2006-07-18 | 2008-01-23 | 华为技术有限公司 | Method for transmitting legal monitoring information |
| CN101094122A (en) * | 2007-08-17 | 2007-12-26 | 中兴通讯股份有限公司 | Monitoring system and method in use for WiMAX network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101594340A (en) | 2009-12-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3641266A1 (en) | Data processing method and apparatus, terminal, and access point computer | |
| CN103297437B (en) | A kind of method of mobile intelligent terminal secure access service device | |
| US20100122338A1 (en) | Network system, dhcp server device, and dhcp client device | |
| CN101501670B (en) | Early authentication in cable modem initialization | |
| CN104901928A (en) | Data interaction method, device and system | |
| CN103414709A (en) | User identity binding and user identity binding assisting method and device | |
| CN103428211A (en) | Network authentication system on basis of switchboards and authentication method for network authentication system | |
| CN112929188B (en) | Device connection method, system, apparatus and computer readable storage medium | |
| CN104618522B (en) | The method and Ethernet access equipment that IP address of terminal automatically updates | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| CN112203271A (en) | Communication connection method, device and system | |
| EP1791322A1 (en) | A method and system for automatically distributing the service to the ppp access terminal | |
| CN103391286A (en) | Full IP remote monitoring network system and safety authentication method | |
| CN110337101B (en) | Remote configuration method of number resources | |
| CN102263826A (en) | Method and device for establishing connection with transport layer | |
| CN103731410A (en) | Virtual network building system, virtual network building method, small terminal, and authentication server | |
| CN105591848A (en) | Authentication method and device of IPv6 stateless automatic configuration | |
| CN109067729A (en) | A kind of authentication method and device | |
| CN101594340B (en) | Method and device for realizing internet lawful interception | |
| JP5715030B2 (en) | Access line identification / authentication system | |
| CN209882108U (en) | Device for mobile phone terminal to safely access information network | |
| CN114338218B (en) | PPPoE dialing method | |
| CN109688104A (en) | It is a kind of to realize the system and method for the hiding host in network | |
| CN112395586A (en) | File access control method, device, system, storage medium and electronic device | |
| CN102130976B (en) | Method and system for accessing soft switch network at terminal as well as terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: SHANGHAI ALCATEL-LUCENT CO., LTD. Free format text: FORMER NAME: BEIER AERKATE CO., LTD., SHANGHAI |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 201206 Pudong New Area Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai Patentee after: Shanghai Alcatel-Lucent Co., Ltd. Address before: 201206 Pudong New Area Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai Patentee before: Beier Aerkate Co., Ltd., Shanghai |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 201206 Pudong New Area Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai Patentee after: Shanghai NOKIA Baer Limited by Share Ltd Address before: 201206 Pudong New Area Jinqiao Export Processing Zone, Nanjing Road, No. 388, Shanghai Patentee before: Shanghai Alcatel-Lucent Co., Ltd. |