CN105704140A - Interception method, interception device and local gateway - Google Patents
Interception method, interception device and local gateway Download PDFInfo
- Publication number
- CN105704140A CN105704140A CN201610152734.0A CN201610152734A CN105704140A CN 105704140 A CN105704140 A CN 105704140A CN 201610152734 A CN201610152734 A CN 201610152734A CN 105704140 A CN105704140 A CN 105704140A
- Authority
- CN
- China
- Prior art keywords
- listened
- user
- local gateway
- order
- intercept
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Abstract
The invention provides an interception method, which is applied to a scene for unloading traffic in the local gateway. The method comprises steps: an interception command is acquired, the interception command is issued to the local gateway to which the intercepted user belongs, and thus the local gateway intercepts the intercepted user according to the identifier of the intercepted user. Through issuing the acquired interception command to the local gateway to which the intercepted user belongs, the local gateway intercepts the intercepted user according to the identifier of the intercepted user, and lawful interception on the user data in a LBO (Local Break Out) scene is realized.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of intercepting method, interception device and local gateway。
Background technology
LI (LawfulInterception, Lawful intercept) is affected by the lawful behavior that communication is intercepted, and is taken as a kind of business in a mobile network and is supplied to law enforcement agency and the use of department of Guoan。At the beginning of Lawful intercept business occurs, owing to the problems such as privacy become the topic having huge dispute, many countries experienced by silent approvement, limit, forbid arriving the change procedures such as accreditation again, nowadays, many countries reach common understanding substantially: guaranteeing citizen privacy and safeguarding national security on Demand Base, balance benefits of different parties, with the form of legislation, " intercepting " this behavior is carried out specification, carry out under the supervision of law, must not abuse;Meanwhile, also require that the realization that Office of the Telecommunications Authority is necessary for Lawful intercept provides to support。
In the prior art, for Lawful intercept, main with 3GPP (3rdGenerationPartnershipProject, third generation partner program) realize S-GW (ServingGateWay based on the standard that defines, gateway), PDN-GW (PacketDataNetworkGateway, packet data gateway), the Lawful intercept of ePDG (EvolvedPacketDataGateway, the packet data gateway of evolution)。
High speed development along with communication technology, data in mobile network are explosive growth, in order to alleviate mobile network EPC (EvolvedPacketCore, core net) pressure, the data message of some low value-added business can be routed directly to PDN (PublicDataNetwork from this locality, public data network) in network, i.e. LBO (LocalBreakOut, local flow unloading), the specifically network deployment structure schematic diagram under LBO service application scene as shown in Figure 1。
As shown in Figure 1, under LBO scene, UE (UserEquipment, subscriber equipment) after networking, its data message is directly out routed to Internet by local gateway from base station, namely base station is as the final jump of subscriber equipment, and by user service data local routing to Internet, LBO is scene in an increasingly wide range of applications in a mobile network。
In the process realizing the present invention, at least there are the following problems to inventor have found that prior art:
In the mobile communication network, current Lawful intercept object is mainly the network element device in core net, but in LBO scene, owing to data do not send to S-GW, PDN-GW, ePDG, therefore, there is presently no the framework of Lawful intercept and implementation。
Summary of the invention
The present invention provides a kind of intercepting method, by the order of intercepting obtained is handed down to the local gateway being listened user attaching, so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted, it is achieved that the Lawful intercept under LBO scene, to user data。
The invention provides a kind of intercepting method, described method is applied to flow and carries out under the scene unloaded at local gateway, and described method includes:
Order is intercepted in acquisition, wherein, described in intercept order and include being listened the mark of user;
By described intercept order be handed down to described in be listened the local gateway of user attaching so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted。
By described intercept order be handed down to described in be listened user attaching local gateway before, described method includes:
The mark of the described user of being listened is sent to mobile management nodes so that described mobile management nodes according to described in the mark that is listened determine described in be listened the IP address of described local gateway of user attaching;
By described intercept order be handed down to described in be listened the local gateway of user attaching, particularly as follows:
The described mobile management nodes received is listened the IP address of described local gateway of user attaching described in determining;
IP address according to the described described local gateway being listened user attaching by described intercept order be handed down to described in be listened the described local gateway of user attaching。
Described intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment intercepts at least one local gateway。
When described intercept order issued by described lawful intercept agent equipment time, described Lawful intercept equipment is intercepted order described in the mark of user be sent to home signature user server by being listened described in carrying, by described home signature user server according to described in be listened the mark of user and determine the IP address of the described lawful intercept agent equipment corresponding with the described local gateway being listened user attaching, the IP address of the described lawful intercept agent equipment that described Lawful intercept equipment is determined according to described home signature user server is intercepted order be sent to described local gateway by described。
Described method also includes:
Intercept order be sent to mobile management nodes by described, so that described mobile management nodes will be listened the signaling control data being listened user described in the identifier lookup of user described in intercepting described in basis in order;
Receive the described signaling control data of described mobile management nodes feedback。
By described intercept order be handed down to described in be listened user attaching local gateway after, described method also includes:
Receive described local gateway send described in be listened other signaling control data and the communication data of user, other signaling control data described and described communication data be described local gateway according to described in be listened the mark acquisition of user;
Wherein, other signaling control data described and described communication data include the labelling that described local gateway distributes;
Described labelling in other signaling control data described sent and described communication data is identical, and other signaling control data described that labelling is identical and described communication data are to obtain according to the mark being listened user described in same。
After being listened other signaling control data and the communication data of user described in receiving described local gateway and sending, described method also includes:
Other signaling control data described and described signaling control data are merged and is listened, described in generating, the described signaling control data that user is total;
It is listened the total described signaling control data of user by having described in same tag and described communication data is associated, in order to carry out data analysis。
The mark of the described user of being listened at least includes following one:
International mobile subscriber identity IMSI, international mobile station equipment identity IMEI, mobile user comprehensive service digital net code MSISDN, network access identity NAI。
A kind of interception device, described interception device includes:
Acquisition module, flow carries out, under the scene unloaded, intercepting order for acquisition at local gateway, wherein, described in intercept order and include being listened the mark of user;
Sending module, for by described intercept order be handed down to described in be listened the local gateway of user attaching so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted。
Described sending module, is additionally operable to:
By described intercept order be handed down to described in be listened user attaching local gateway before, the mark of the described user of being listened is sent to mobile management nodes mobile management nodes so that described mobile management nodes according to described in the mark that is listened determine described in be listened the IP address of described local gateway of user attaching;
Described sending module, also particularly useful for:
The described mobile management nodes received is listened the IP address of described local gateway of user attaching described in determining;
IP address according to the described described local gateway being listened user attaching by described intercept order be handed down to described in be listened the described local gateway of user attaching。
Described intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
When described intercept order issued by described lawful intercept agent equipment time, described Lawful intercept equipment is intercepted order described in the mark of user be sent to home signature user server by being listened described in carrying, by described home signature user server according to described in be listened the mark of user and determine the IP address of the described lawful intercept agent equipment corresponding with the described local gateway being listened user attaching, the IP address of the described lawful intercept agent equipment that described Lawful intercept equipment is determined according to described home signature user server is intercepted order be sent to described local gateway by described。
Described sending module, also particularly useful for:
Intercept order be sent to mobile management nodes by described, so that described mobile management nodes will be listened the signaling control data being listened user described in the identifier lookup of user described in intercepting described in basis in order;
Described interception device, also includes:
Receiver module, for receiving the described signaling control data of described mobile management nodes feedback。
Described receiver module, is additionally operable to:
By described intercept order be handed down to described in be listened user attaching local gateway after, receive described local gateway send described in be listened other signaling control data and the communication data of user, other signaling control data described and described communication data be described local gateway according to described in be listened the mark acquisition of user;;
Wherein, other signaling control data described and described communication data include the labelling that described local gateway distributes;
Described labelling in other signaling control data described sent and described communication data is identical, and other signaling control data described that labelling is identical and described communication data are to obtain according to the mark being listened user described in same。
Described interception device, also includes:
Merge module, after being listened other signaling control data and the communication data of user described in receiving described local gateway and sending, it is listened, described in generation, the described signaling control data that user is total for other signaling control data described and described signaling control data being merged;
Relating module, for being listened the total described signaling control data of user by having described in same tag and described communication data is associated, in order to carry out data analysis。
The mark of the described user of being listened at least includes following one:
International mobile subscriber identity IMSI, international mobile station equipment identity IMEI, mobile user comprehensive service digital net code MSISDN, network access identity NAI。
A kind of intercepting method, described method is applied to flow and carries out under the scene unloaded at local gateway, and described method includes:
Order is intercepted in reception, wherein, described in intercept order and include being listened the mark of user;
The described user of being listened is intercepted by the mark according to the described user of being listened。
Described intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
The described user of being listened is intercepted by the mark according to the described user of being listened, and specifically includes:
Mark according to the described user of being listened carries out intercepting the signaling control data being listened user described in acquisition and communication data。
After the mark being listened user described in basis carries out intercepting the signaling control data being listened user described in acquisition and communication data, described method also includes:
Described signaling control data and described communication data are added labelling, and wherein, the described labelling that the described signaling control data obtained according to the mark being listened user described in same and described communication data add is identical;
The markd described signaling control data of interpolation and described communication data are sent to the described lawful intercept agent equipment or described Lawful intercept equipment of being responsible for intercepting described local gateway。
The mark of the described user of being listened at least includes following one:
International mobile subscriber identity IMSI, international mobile station equipment identity IMEI, mobile user comprehensive service digital net code MSISDN, network access identity NAI。
A kind of local gateway, described local gateway includes:
Receiver module, when flow carries out, under the scene unloaded, intercepting order for reception at local gateway, wherein, described in intercept order and include being listened the mark of user;
Intercepting module, the described user of being listened is intercepted by the mark being listened user described in basis。
Described intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
Described intercept module, specifically for:
Mark according to the described user of being listened carries out intercepting the signaling control data being listened user described in acquisition and communication data。
Described local gateway, also includes:
Add module, after the mark being listened user described in basis carries out intercepting the signaling control data being listened user described in acquisition and communication data, for described signaling control data and described communication data are added labelling, wherein, the described labelling that the described signaling control data obtained according to the mark being listened user described in same and described communication data add is identical;
Sending module, for being sent to, by the markd described signaling control data of interpolation and described communication data, the described lawful intercept agent equipment or described Lawful intercept equipment of being responsible for intercepting described local gateway。
The mark of the described user of being listened at least includes following one:
International mobile subscriber identity IMSI, international mobile station equipment identity IMEI, mobile user comprehensive service digital net code MSISDN, network access identity NAI。
The present invention is by being handed down to, by the order of intercepting obtained, the local gateway being listened user attaching, so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted, achieve the Lawful intercept under LBO scene, to user data。
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings。
Fig. 1 is the network deployment structure schematic diagram in prior art under a kind of LBO service application scene;
Fig. 2 is one of a kind of intercepting method flow chart in the embodiment of the present invention;
Fig. 3 is two of a kind of intercepting method flow chart in the embodiment of the present invention;
Fig. 4 is one of a kind of interception system structural representation in the embodiment of the present invention;
Fig. 5 is two of a kind of interception system structural representation in the embodiment of the present invention;
Fig. 6 is a kind of monitoring device structural representation in the embodiment of the present invention;
Fig. 7 is a kind of local gateway structural representation in the embodiment of the present invention。
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is a part of embodiment of the present invention, rather than whole embodiments。Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention。
In order to solve cannot to realize the problem of Lawful intercept under LBO scene in prior art, the present invention proposes a kind of intercepting method, and concrete as in figure 2 it is shown, method is applied to flow carries out under the scene unloaded at local gateway, method comprises the following steps:
Step 201, obtains and intercepts order。
Wherein, intercept order and include being listened the mark of user。
The mark being listened user at least includes one or more of:
IMSI (InternationalMobileSubscriberIdentity, international mobile subscriber identity), IMEI (InternationalMobilestationEquipmentIdentity, international mobile station equipment identity), MSISDN (MobileSubscriberIntegratedServicesDigitalNetworkNumber, mobile user comprehensive service digital net code), NAI (NetworkAccessIdentity, network access identity)。
Concrete, each user has unique mark in a communication network, is uniquely identified by user and just can distinguish different users, and can find unique user according to mark。
Step 202, is handed down to, by intercepting order, the local gateway being listened user attaching, so that local gateway is intercepted being listened user according to the mark being listened user。
Under LBO scene, the data on flows of user only through local gateway without other gateways in core net, it is handed down to, by intercepting order, the local gateway being listened user attaching in order to realize Lawful intercept under LBO scene, and then local gateway can be intercepted being uniquely listened user according to intercepting order。
Owing to a local gateway is responsible in certain area user, in order to ensure that snoop command is sent to the local gateway being listened belonging to user, to realize the Lawful intercept being listened user, will intercepting before order is handed down to the local gateway being listened user attaching, method includes:
The mark being listened user is sent to mobile management nodes, so that mobile management nodes determines the IP address of the local gateway being listened user attaching according to the mark being listened。
Concrete, owing to mobile management nodes is 3GPP agreement LTE (LongTermEvolution, the Long Term Evolution) key control node accessing network, it is responsible for the UE (UserEquipment of idle pulley, subscriber equipment) location, notify from a phone call process, including relaying。It relates to carrying bearer activation/closing process, and selects a SGW when a UE initializes and is connected to for this UE。By with one user of home signature user server interactive authentication, it is that a user distributes a temporary mark, simultaneously, mobile management nodes can be supported to carry out within legal limits intercepting, monitoring, therefore, mobile management nodes can determine the IP address of the local gateway being listened user attaching according to the mark being listened user。
It is handed down to the local gateway being listened user attaching by intercepting order, particularly as follows:
The IP address of the local gateway being listened user attaching that the mobile management nodes received is determined;
The local gateway being listened user attaching is handed down to, by intercepting order, in IP address according to the local gateway being listened user attaching。
Intercept order to be issued by Lawful intercept equipment;Or,
Intercepting order to be issued by lawful intercept agent equipment, wherein, lawful intercept agent equipment is positioned at core net, and lawful intercept agent equipment is responsible for intercepting at least one local gateway。
When intercept order be lawful intercept agent equipment issue time, interception system structural representation is concrete as shown in Figure 4, when intercept order be Lawful intercept equipment issue time, interception system structural representation is concrete as shown in Figure 5。
Concrete, Lawful intercept equipment is original Lawful intercept equipment in communication network, obtain being listened the IP address of the local gateway belonging to user at Lawful intercept equipment after, data interaction is carried out by Lawful intercept equipment and local gateway, obtain the data on flows being listened user, thus can realize carrying out the purpose of Lawful intercept when not changing original communication structure under LBO scene。Can also lawful intercept agent equipment in a communications system, in order to ensure that lawful intercept agent equipment is believable, and it is in security standpoint consideration, lawful intercept agent deployed with devices is in the core network, can certainly be deployed in outside core net, particular location can be disposed as the case may be, after increasing lawful intercept agent equipment, data interaction is carried out by lawful intercept agent equipment and local gateway, obtain the data on flows being listened user, realize carrying out the purpose of Lawful intercept under LBO scene by changing existing communication structure。Increase lawful intercept agent equipment to realize the method for Lawful intercept and can alleviate the burden of original Lawful intercept equipment, and there is certain autgmentability。
When described intercept order issued by described lawful intercept agent equipment time, described Lawful intercept equipment is intercepted order described in the mark of user be sent to home signature user server by being listened described in carrying, by described home signature user server according to described in be listened the mark of user and determine the IP address of the described lawful intercept agent equipment corresponding with the described local gateway being listened user attaching, the IP address of the described lawful intercept agent equipment that described Lawful intercept equipment is determined according to described home signature user server is intercepted order be sent to described local gateway by described。
Concrete, described lawful intercept agent equipment intercepts order from described in the acquisition of described Lawful intercept equipment, described Lawful intercept equipment by described intercept order be sent to described in be listened user attaching described lawful intercept agent equipment before need the mark by the described user of being listened to be sent to home signature user server, so that being listened the IP address of the described lawful intercept agent equipment of user attaching described in the lookup of described home signature user server, at described home signature user server according to after being listened the IP address of described lawful intercept agent equipment of user attaching described in finding, return lookup result, described Lawful intercept equipment further according to the IP address of described lawful intercept agent equipment issue described in intercept order, and then make described lawful intercept agent equipment by described intercept order be handed down to described in be listened the local gateway of user attaching。
In order to obtain complete described in be listened the interception data of user, described method also includes:
Intercept order be sent to mobile management nodes by described, so that described mobile management nodes will be listened the signaling control data being listened user described in the identifier lookup of user described in intercepting described in basis in order;
Receive the described signaling control data of described mobile management nodes feedback。
Concrete, due in mobile management nodes storage have described in be listened the part signaling control data of user, also to intercept order be sent to described mobile management nodes by described to be listened the whole signaling control data of user described in obtaining, so that described mobile management nodes according to described in intercept order be listened in the identifier lookup mobile management nodes of user the signaling control data being listened user described in storage, wherein in mobile management nodes, the signaling control data of storage includes: intercept the position of target, intercept target some events (as: attachment, bearing activation, amendment), carrying QoS (QualityofService, service quality) etc. information, the current state information of user it is listened described in described signaling control data record, as: it is listened the current position of user, the information such as the attachment state being listened user, described signaling control data is for being listened the current state of user described in determining。
By described intercept order be handed down to described in be listened user attaching local gateway after, described method also includes:
Receive described local gateway send described in be listened other signaling control data and the communication data of user, other signaling control data described and described communication data be described local gateway according to described in be listened the mark acquisition of user;
Wherein, other signaling control data described and described communication data include the labelling that described local gateway distributes;
Described labelling in other signaling control data described sent and described communication data is identical, and other signaling control data described that labelling is identical and described communication data are to obtain according to the mark being listened user described in same。
Concrete, receive at the described local gateway being listened user attaching carry the mark that is listened user intercept order after, described local gateway according to described in be listened user mark obtain described in be listened other signaling control data described of user and described communication data, and after getting other signaling control data described and described communication data, add labelling, after ensureing that other signaling control data described in the described user of being listened and described communication data are sent by local gateway, the data being listened user described in same can be associated by the snooping equipment receiving other signaling control data described and described communication data, described local gateway is when adding labelling, the data obtained according to the mark being listened user described in same are added identical labelling。Certainly when being listened the data of user described in obtaining, intercepting order can also only obtain other signaling control data described according to described, the concrete content obtained can be determined according to practical situation。
After being listened other signaling control data and the communication data of user described in receiving described local gateway and sending, described method also includes:
Other signaling control data described and described signaling control data are merged and is listened, described in generating, the described signaling control data that user is total;
It is listened the total described signaling control data of user by having described in same tag and described communication data is associated, in order to carry out data analysis。
If the described signaling control data and the communication data that are listened user described in receiving are described lawful intercept agent equipment, described lawful intercept agent equipment needs the data of acquisition are sent to described Lawful intercept equipment, described Lawful intercept equipment carry out man-machine interaction with user。
If described in intercept order and sent by described lawful intercept agent equipment, if and described legal detect intercepting and also carrying X2 interface and X3 interface in order of described Lawful intercept equipment transmission that agency listens equipment to receive, described lawful intercept agent equipment return to described Lawful intercept equipment get described in when being listened the data of userWillSignaling control data is packaged according to the encapsulation mode of X2 interface, and is transmitted by X2 interface,WillCommunication data is packaged according to the encapsulation mode of X3 interface, and is transmitted by X3 interface。
The present invention is by being handed down to, by the order of intercepting obtained, the local gateway being listened user attaching, so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted, achieve the Lawful intercept under LBO scene, to user data。
The invention allows for a kind of intercepting method, concrete as it is shown on figure 3, described method is applied to flow carries out, under the scene unloaded, said method comprising the steps of at local gateway:
Step 301, receives and intercepts order, wherein, described in intercept order and include being listened the mark of user;
Step 302, intercepts the described user of being listened according to the mark of the described user of being listened。
Described intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
The described user of being listened is intercepted by the mark according to the described user of being listened, and specifically includes:
Mark according to the described user of being listened carries out intercepting the signaling control data being listened user described in acquisition and communication data。
After the mark being listened user described in basis carries out intercepting the signaling control data being listened user described in acquisition and communication data, described method also includes:
Described signaling control data and described communication data are added labelling, and wherein, the described labelling that the described signaling control data obtained according to the mark being listened user described in same and described communication data add is identical;
The markd described signaling control data of interpolation and described communication data are sent to the described lawful intercept agent equipment or described Lawful intercept equipment of being responsible for intercepting described local gateway。
The mark of the described user of being listened at least includes following one:
International mobile subscriber identity IMSI, international mobile station equipment identity IMEI, mobile user comprehensive service digital net code MSISDN, network access identity NAI。
Particular content is described in detail above-mentioned, is not again repeating one by one。
The present invention is by being handed down to, by the order of intercepting obtained, the local gateway being listened user attaching, so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted, achieve the Lawful intercept under LBO scene, to user data。
In order to the technological thought of the application is expanded on further, in conjunction with concrete application scenarios, the technical scheme of the embodiment of the present invention is illustrated, concrete, the flow being listened user 139******** unloads at local gateway, if realizing intercepting this user, as shown in Figure 4, specific implementation is as follows for network frame:
1, get the mark being listened user at Lawful intercept equipment: after 139********, this mark is sent to home signature user server to inquire about the Lawful intercept equipment of this user attaching。
2, home signature user server determines the IP address of the lawful intercept agent equipment being listened user attaching according to this mark, and the IP address being listened the lawful intercept agent equipment of user attaching is returned to Lawful intercept equipment。
3, this mark is sent to lawful intercept agent equipment according to the IP address of lawful intercept agent equipment by Lawful intercept equipment。
4, the order of intercepting carrying mark is sent to mobile management nodes by lawful intercept agent equipment。
5, mobile management nodes is determined the IP address of the local gateway being listened user attaching according to mark and is listened the signaling control data of user, and with the signaling control data being listened user, the IP address intercepting the local gateway of user attaching is sent to lawful intercept agent equipment。
6, the order of intercepting carrying mark is sent to the local gateway intercepting user attaching according to the IP address of the local gateway intercepting user attaching by lawful intercept agent equipment, so that the user being designated 139******** is intercepted by local gateway。
7, local gateway obtains, according to identifying to carry out intercepting, other signaling control data and the communication data being listened user, and adds identical labelling in other signaling control data and communication data。
8, other signaling control data and communication data of carrying same tag are sent to lawful intercept agent equipment by local gateway。
9, other signaling control data related for tool and signaling control data are merged by lawful intercept agent equipment。
10, the signaling control data after having the merging of same tag and communication data are associated by lawful intercept agent equipment, and related for tool data are sent jointly to Lawful intercept equipment, so that user uses the signaling control data after merging and communication data to realize the purpose that the user being designated 139******** is monitored by Lawful intercept equipment。
In the process that data interact, detailed exchange method has been described in detail above-mentioned, and this is no longer going to repeat them。
Based on the application design same with said method, the present invention proposes a kind of interception device, and as shown in Figure 6, described interception device includes:
Acquisition module 61, flow carries out, under the scene unloaded, intercepting order for acquisition at local gateway, wherein, described in intercept order and include being listened the mark of user;
Sending module 62, for by described intercept order be handed down to described in be listened the local gateway of user attaching so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted。
Described sending module, is additionally operable to:
By described intercept order be handed down to described in be listened user attaching local gateway before, the mark of the described user of being listened is sent to mobile management nodes mobile management nodes so that described mobile management nodes according to described in the mark that is listened determine described in be listened the IP address of described local gateway of user attaching;
Described sending module, also particularly useful for:
The described mobile management nodes received is listened the IP address of described local gateway of user attaching described in determining;
IP address according to the described described local gateway being listened user attaching by described intercept order be handed down to described in be listened the described local gateway of user attaching。
Described intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
When described intercept order issued by described lawful intercept agent equipment time, described Lawful intercept equipment is intercepted order described in the mark of user be sent to home signature user server by being listened described in carrying, by described home signature user server according to described in be listened the mark of user and determine the IP address of the described lawful intercept agent equipment corresponding with the described local gateway being listened user attaching, the IP address of the described lawful intercept agent equipment that described Lawful intercept equipment is determined according to described home signature user server is intercepted order be sent to described local gateway by described。
Described sending module, also particularly useful for:
Intercept order be sent to mobile management nodes by described, so that described mobile management nodes will be listened the signaling control data being listened user described in the identifier lookup of user described in intercepting described in basis in order;
Described interception device, also includes:
Receiver module, for receiving the described signaling control data of described mobile management nodes feedback。
Described receiver module, is additionally operable to:
By described intercept order be handed down to described in be listened user attaching local gateway after, receive described local gateway send described in be listened other signaling control data and the communication data of user, other signaling control data described and described communication data be described local gateway according to described in be listened the mark acquisition of user;;
Wherein, other signaling control data described and described communication data include the labelling that described local gateway distributes;
Described labelling in other signaling control data described sent and described communication data is identical, and other signaling control data described that labelling is identical and described communication data are to obtain according to the mark being listened user described in same。
Described interception device, also includes:
Merge module, after being listened other signaling control data and the communication data of user described in receiving described local gateway and sending, it is listened, described in generation, the described signaling control data that user is total for other signaling control data described and described signaling control data being merged;
Relating module, for being listened the total described signaling control data of user by having described in same tag and described communication data is associated, in order to carry out data analysis。
The mark of the described user of being listened at least includes following one:
International mobile subscriber identity IMSI, international mobile station equipment identity IMEI, mobile user comprehensive service digital net code MSISDN, network access identity NAI。
The present invention is by being handed down to, by the order of intercepting obtained, the local gateway being listened user attaching, so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted, achieve the Lawful intercept under LBO scene, to user data。
Based on the application design same with said method, the invention allows for a kind of local gateway, as it is shown in fig. 7, described local gateway includes:
Receiver module 71, when flow carries out, under the scene unloaded, intercepting order for reception at local gateway, wherein, described in intercept order and include being listened the mark of user;
Intercepting module 72, the described user of being listened is intercepted by the mark being listened user described in basis。
Described intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
Described intercept module, specifically for:
Mark according to the described user of being listened carries out intercepting the signaling control data being listened user described in acquisition and communication data。
Described local gateway, also includes:
Add module, after the mark being listened user described in basis carries out intercepting the signaling control data being listened user described in acquisition and communication data, for described signaling control data and described communication data are added labelling, wherein, the described labelling that the described signaling control data obtained according to the mark being listened user described in same and described communication data add is identical;
Sending module, for being sent to, by the markd described signaling control data of interpolation and described communication data, the described lawful intercept agent equipment or described Lawful intercept equipment of being responsible for intercepting described local gateway。
The mark of the described user of being listened at least includes following one:
International mobile subscriber identity IMSI, international mobile station equipment identity IMEI, mobile user comprehensive service digital net code MSISDN, network access identity NAI。
The present invention is by being handed down to, by the order of intercepting obtained, the local gateway being listened user attaching, so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted, achieve the Lawful intercept under LBO scene, to user data。
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can be completed by the hardware that programmed instruction is relevant。Aforesaid program can be stored in a computer read/write memory medium。This program upon execution, performs to include the step of above-mentioned each embodiment of the method;And aforesaid storage medium includes: the various media that can store program code such as ROM, RAM, magnetic disc or CDs。
Device embodiment described above is merely schematic, the unit wherein illustrated as separating component can be or may not be physically separate, the parts shown as unit can be or may not be physical location, namely may be located at a place, or can also be distributed at least two NE。Some or all of module therein can be selected according to the actual needs to realize the purpose of the present embodiment scheme。Those of ordinary skill in the art, when not paying performing creative labour, are namely appreciated that and implement。
Last it is noted that various embodiments above is only in order to illustrate technical scheme, it is not intended to limit;Although the present invention being described in detail with reference to foregoing embodiments, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or wherein some or all of technical characteristic is carried out equivalent replacement;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme。
Claims (10)
1. an intercepting method, it is characterised in that described method is applied to flow and carries out under the scene unloaded at local gateway, and described method includes:
Order is intercepted in acquisition, wherein, described in intercept order and include being listened the mark of user;
By described intercept order be handed down to described in be listened the local gateway of user attaching so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted。
2. as claimed in claim 1 method, it is characterised in that by described intercept order be handed down to described in be listened user attaching local gateway before, described method includes:
The mark of the described user of being listened is sent to mobile management nodes so that described mobile management nodes according to described in the mark that is listened determine described in be listened the IP address of described local gateway of user attaching;
By described intercept order be handed down to described in be listened the local gateway of user attaching, particularly as follows:
The described mobile management nodes received is listened the IP address of described local gateway of user attaching described in determining;
IP address according to the described described local gateway being listened user attaching by described intercept order be handed down to described in be listened the described local gateway of user attaching。
3. as claimed in claim 1 method, it is characterised in that described in intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment intercepts at least one local gateway。
4. an interception device, it is characterised in that described interception device includes:
Acquisition module, flow carries out, under the scene unloaded, intercepting order for acquisition at local gateway, wherein, described in intercept order and include being listened the mark of user;
Sending module, for by described intercept order be handed down to described in be listened the local gateway of user attaching so that described local gateway according to described in be listened the mark of user the described user of being listened intercepted。
5. interception device as claimed in claim 4, it is characterised in that described sending module, is additionally operable to:
By described intercept order be handed down to described in be listened user attaching local gateway before, the mark of the described user of being listened is sent to mobile management nodes mobile management nodes so that described mobile management nodes according to described in the mark that is listened determine described in be listened the IP address of described local gateway of user attaching;
Described sending module, also particularly useful for:
The described mobile management nodes received is listened the IP address of described local gateway of user attaching described in determining;
IP address according to the described described local gateway being listened user attaching by described intercept order be handed down to described in be listened the described local gateway of user attaching。
6. as claimed in claim 4 interception device, it is characterised in that described in intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
7. an intercepting method, it is characterised in that described method is applied to flow and carries out under the scene unloaded at local gateway, and described method includes:
Order is intercepted in reception, wherein, described in intercept order and include being listened the mark of user;
The described user of being listened is intercepted by the mark according to the described user of being listened。
8. as claimed in claim 7 method, it is characterised in that described in intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
The described user of being listened is intercepted by the mark according to the described user of being listened, and specifically includes:
Mark according to the described user of being listened carries out intercepting the signaling control data being listened user described in acquisition and communication data。
9. a local gateway, it is characterised in that described local gateway includes:
Receiver module, when flow carries out, under the scene unloaded, intercepting order for reception at local gateway, wherein, described in intercept order and include being listened the mark of user;
Intercepting module, the described user of being listened is intercepted by the mark being listened user described in basis。
10. as claimed in claim 9 local gateway, it is characterised in that described in intercept order and issued by Lawful intercept equipment;Or,
Described intercepting order and issued by lawful intercept agent equipment, wherein, described lawful intercept agent equipment is positioned at core net, and described lawful intercept agent equipment is responsible for intercepting at least one local gateway。
Described intercept module, specifically for:
Mark according to the described user of being listened carries out intercepting the signaling control data being listened user described in acquisition and communication data。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610152734.0A CN105704140A (en) | 2016-03-17 | 2016-03-17 | Interception method, interception device and local gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610152734.0A CN105704140A (en) | 2016-03-17 | 2016-03-17 | Interception method, interception device and local gateway |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105704140A true CN105704140A (en) | 2016-06-22 |
Family
ID=56221889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610152734.0A Pending CN105704140A (en) | 2016-03-17 | 2016-03-17 | Interception method, interception device and local gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105704140A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017157255A1 (en) * | 2016-03-17 | 2017-09-21 | 北京佰才邦技术有限公司 | Local breakout-based data interception method and device |
| WO2017157314A1 (en) * | 2016-03-17 | 2017-09-21 | 北京佰才邦技术有限公司 | Interception method and apparatus based on local breakout |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1535038A (en) * | 2003-03-28 | 2004-10-06 | 华为技术有限公司 | Method of inserting audiomonitoring system into mobile communication network and its device |
| CN101127648A (en) * | 2007-09-24 | 2008-02-20 | 中兴通讯股份有限公司 | Legal monitoring method and system for WiMAX network |
| CN101141314A (en) * | 2007-10-16 | 2008-03-12 | 中兴通讯股份有限公司 | System and method for monitor gateway to perform media and signalling distribution |
| CN101227339A (en) * | 2007-01-19 | 2008-07-23 | 中兴通讯股份有限公司 | Method for monitoring data traffic based on contents and/or IP address |
| CN101227536A (en) * | 2008-01-31 | 2008-07-23 | 中兴通讯股份有限公司 | System and method of dynamic networking lawful monitoring |
| CN101605342A (en) * | 2009-07-01 | 2009-12-16 | 中兴通讯股份有限公司 | Monitor method, system and the device of Content of Communication in a kind of IMS network |
| US20110176460A1 (en) * | 2008-07-24 | 2011-07-21 | Telefonaktiebolaget L M Ericsson (Publ) | Lawful Interception for Targets in a Proxy Mobile Internet Protocol Network |
| CN102158859A (en) * | 2009-12-15 | 2011-08-17 | 华为技术有限公司 | Control method for monitoring user, monitoring system and network node |
| CN102647311A (en) * | 2012-04-28 | 2012-08-22 | 中兴通讯股份有限公司南京分公司 | Instruction and implementation methods and device for communication monitoring |
| US20130326631A1 (en) * | 2012-06-04 | 2013-12-05 | Interdigital Patent Holdings, Inc. | Lawful interception for local selected ip traffic offload and local ip access performed at a non-core gateway |
| CN104980943A (en) * | 2014-04-02 | 2015-10-14 | 中兴通讯股份有限公司 | Interception method and interception device |
| CN105075225A (en) * | 2012-12-24 | 2015-11-18 | 瑞典爱立信有限公司 | Enabling external access to multiple services on a local server |
-
2016
- 2016-03-17 CN CN201610152734.0A patent/CN105704140A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1535038A (en) * | 2003-03-28 | 2004-10-06 | 华为技术有限公司 | Method of inserting audiomonitoring system into mobile communication network and its device |
| CN101227339A (en) * | 2007-01-19 | 2008-07-23 | 中兴通讯股份有限公司 | Method for monitoring data traffic based on contents and/or IP address |
| CN101127648A (en) * | 2007-09-24 | 2008-02-20 | 中兴通讯股份有限公司 | Legal monitoring method and system for WiMAX network |
| CN101141314A (en) * | 2007-10-16 | 2008-03-12 | 中兴通讯股份有限公司 | System and method for monitor gateway to perform media and signalling distribution |
| CN101227536A (en) * | 2008-01-31 | 2008-07-23 | 中兴通讯股份有限公司 | System and method of dynamic networking lawful monitoring |
| US20110176460A1 (en) * | 2008-07-24 | 2011-07-21 | Telefonaktiebolaget L M Ericsson (Publ) | Lawful Interception for Targets in a Proxy Mobile Internet Protocol Network |
| CN101605342A (en) * | 2009-07-01 | 2009-12-16 | 中兴通讯股份有限公司 | Monitor method, system and the device of Content of Communication in a kind of IMS network |
| CN102158859A (en) * | 2009-12-15 | 2011-08-17 | 华为技术有限公司 | Control method for monitoring user, monitoring system and network node |
| CN102647311A (en) * | 2012-04-28 | 2012-08-22 | 中兴通讯股份有限公司南京分公司 | Instruction and implementation methods and device for communication monitoring |
| US20130326631A1 (en) * | 2012-06-04 | 2013-12-05 | Interdigital Patent Holdings, Inc. | Lawful interception for local selected ip traffic offload and local ip access performed at a non-core gateway |
| CN105075225A (en) * | 2012-12-24 | 2015-11-18 | 瑞典爱立信有限公司 | Enabling external access to multiple services on a local server |
| CN104980943A (en) * | 2014-04-02 | 2015-10-14 | 中兴通讯股份有限公司 | Interception method and interception device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017157255A1 (en) * | 2016-03-17 | 2017-09-21 | 北京佰才邦技术有限公司 | Local breakout-based data interception method and device |
| WO2017157314A1 (en) * | 2016-03-17 | 2017-09-21 | 北京佰才邦技术有限公司 | Interception method and apparatus based on local breakout |
| US10931718B2 (en) | 2016-03-17 | 2021-02-23 | Baicells Technologies Co. Ltd. | Local breakout-based data interception method and device |
| US10986495B2 (en) | 2016-03-17 | 2021-04-20 | Baicells Technologies Co. Ltd. | Interception method and apparatus based on local breakout |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2671949C1 (en) | Methods and modules for managing packets in program-configurable network | |
| US9173244B2 (en) | Methods for establishing and using public path, M2M communication method, and systems thereof | |
| CN101938705B (en) | Group management method, network equipment and network system | |
| KR101903928B1 (en) | Communication system, base station, communication method, and non-transitory computer readable medium storing program | |
| CN108886678B (en) | Message interaction method, device and system | |
| CN101227391A (en) | Tactics under non-roaming condition and method for selecting charging regulation function entity | |
| EP3972332A1 (en) | Congestion control method and device | |
| WO2016177106A1 (en) | Dedicated core network selection method and device | |
| CN110870256B (en) | Method, system and computer readable medium for operating a telecommunication network | |
| CN105744519A (en) | Monitoring method, core network device and base station | |
| JP2019500819A (en) | Method for establishing communication connection of communication terminal via communication network | |
| CN103384380A (en) | Machine-type communication event reporting method and corresponding device | |
| CN102740297A (en) | Paging method, device and system | |
| US10986495B2 (en) | Interception method and apparatus based on local breakout | |
| CN105704140A (en) | Interception method, interception device and local gateway | |
| CN107911813B (en) | Transparent mode mobile user identity management method and system | |
| Holtmanns et al. | Subscriber profile extraction and modification via diameter interconnection | |
| EP4135376A1 (en) | Method and device for secure communication | |
| EP3897013B1 (en) | Method for accessing local network, and related device | |
| CN105847242A (en) | Data interception method and device based on local unloading | |
| EP2637359A1 (en) | Method and system for monitoring locator/identifier separation network | |
| CN114024696A (en) | Trusted communication method and related device | |
| CN107251483A (en) | A kind of strategy and charging rule functions system of selection and device | |
| CN104735688A (en) | Micro base station system | |
| US9942767B2 (en) | Reducing fraudulent activity associated with mobile networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160622 |