CN106921570A - Diameter signaling methods and device - Google Patents

Diameter signaling methods and device Download PDF

Info

Publication number
CN106921570A
CN106921570A CN201510992477.7A CN201510992477A CN106921570A CN 106921570 A CN106921570 A CN 106921570A CN 201510992477 A CN201510992477 A CN 201510992477A CN 106921570 A CN106921570 A CN 106921570A
Authority
CN
China
Prior art keywords
diameter
dra
signalings
information
diameter signalings
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510992477.7A
Other languages
Chinese (zh)
Other versions
CN106921570B (en
Inventor
张学军
梁兵
唐伟
赵立花
王寿林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing ZTE New Software Co Ltd
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510992477.7A priority Critical patent/CN106921570B/en
Priority to PCT/CN2016/112681 priority patent/WO2017108009A1/en
Publication of CN106921570A publication Critical patent/CN106921570A/en
Application granted granted Critical
Publication of CN106921570B publication Critical patent/CN106921570B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/24Multipath
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2466Traffic characterised by specific attributes, e.g. priority or QoS using signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities

Abstract

The invention provides a kind of Diameter signaling methods and device.Wherein, the method includes:DRA receives Diameter signalings;DRA judges whether the upper hop node of Diameter signalings is service node;In the case where the judgment result is yes, the first path information in DRA removings Diameter signalings, and in addition the second routing information to Diameter signalings, wherein, the second routing information includes:The identification information of the upper hop node of Diameter signalings;DRA sends Diameter signalings.By the present invention, solve the problems, such as that Diameter signalings are forged caused Diameter signaling networks security low, improve the security of Diameter signaling networks.

Description

Diameter signaling methods and device
Technical field
The present invention relates to the communications field, in particular to a kind of Diameter signaling methods and device.
Background technology
Diameter (diameter) signaling is signaling system #7 (Signaling System#7, referred to as SS7) (mobile to answer With part (Mobile Application Part, referred to as MAP) agreement) replacement technology of signaling, it is widely used in the In the related network of four third-generation mobile communication technologies (4G).Fig. 1 is the core packet networks evolution (Evolved according to correlation technique Packet Core, referred to as EPC), IP multimedia subsystem (IP Multimedia Subsystem, referred to as IMS), The schematic diagram of policy and charging control (Policy Control and Charging, referred to as PCC), shown in Fig. 1 EPC, The part related network elements and Diameter signaling interfaces (dotted line represents Diameter signaling interfaces in Fig. 1) of IMS, PCC. Although 4G core networks have a very large change, basic service is similar to, and know-why is similar, and the second generation is moved The attack pattern of the dynamic communication technology (2G)/G mobile communication (3G) network can much be extrapolated to 4G networks.
For the MAP signalings of 2G/3G mobile networks, various network attack means, global mobile system communication are there are Association (Global System for Mobile Communications assembly, referred to as GSMA) is total in specification Following 5 class attack pattern is tied:
A:Tracking, obtains the current positional information of user;B:Intercept, intercept the calling of user, short message;C:DoS Attack, causing the regular traffic of user or network cannot be carried out;D:Deception;E:Waste advertisements.
For MAP signaling securities, the defensive measure that GSMA is given is that 3 class message are defined:
The first kind, only in the message of home network transmission, for example:SendRoutingInfo、SendRoutingInfo for GPRS、SendRoutingInfo for LCS、SendIMSI、AnyTimeInterogation、 AnyTimeSubscriberInterrogation、AnyTimeModification、SendIdentification;
Equations of The Second Kind, is only sent to the message of roaming network, for example from home network:InsertSubscriberData、 DeleteSubscriberData、Reset、ForwardCheckSSIndication、ProvideSubscriberInfo、 NoteSubscriberDataModified、ActivateTraceMode、ProvideRoamingNumber、 SetReportingState、RemoteUserFree、ISTCommand、AlertServiceCentre、CancelLocation;
3rd class, is only sent to the message of home network, for example from roaming network:RegisterSS、LocationUpdate、 ForwardSM、processUnstructuredSS。
Above-mentioned defensive measure can be carried out in end office (EO), and GSMA more recommends in Signalling Transfer Point (Signaling Transfer Point, referred to as STP) carry out.
For MAP signalings, " roaming network " and " home network " that GSMA technologies are related to is mainly by MAP The calling and called global title (Global Title, referred to as GT) and/or the international mobile subscriber identity of user of message (International Mobile Subscriber Identification Nnumber, referred to as IMSI)/mobile station is international comprehensive Service digital network (Integrated Services Digital Network, referred to as ISDN)/PSTN (Public Switched Telephone Network, referred to as PSTN) identification number (Mobile Subscriber International ISDN/PSTN number, referred to as MSISDN) mark judged.
Found in research process, column defects in the presence of above-mentioned defense mechanism:If calling/called GT and/or user's IMSI/MSISDN marks are all to forge, and STP None- identifieds its true and falses, then defence can be caused to fail.
For 4G core nets, Diameter route agents (Diameter Routing Agent, referred to as DRA) Equivalent to the STP in No.7 Network.GSMA technologies can be realized in Diameter signaling networks, but still Need to solve the problems, such as to prevent hacker from forging signaling content.
At present, other safety measures of Diameter signaling networks also have:Blacklist and white list.Found in research process, Due to the point of attack be difficult to predict and can not limit, therefore, blacklist less effective;When attacker disguises oneself as white name message During the message of list, the defensive measure of white list can also fail.
The content of the invention
The invention provides a kind of Diameter signaling methods and device, at least to solve Diameter in correlation technique Signaling is forged the low problem of caused Diameter signaling networks security.
According to an aspect of the invention, there is provided a kind of Diameter signaling methods, including:DRA is received Diameter signalings;The DRA judges whether the upper hop node of the Diameter signalings is service node;Sentencing For in the case of being, the DRA removes the first path information in the Diameter signalings to disconnected result, and adds the In two routing informations to the Diameter signalings, wherein, second routing information includes:The Diameter letters The identification information of the upper hop node of order;The DRA sends the Diameter signalings.
Alternatively, the DRA judge the Diameter signalings upper hop node whether be the service node it Afterwards, methods described also includes:In the case where judged result is no, the DRA retains in the Diameter signalings First path information, and add second routing information to the Diameter signalings;The DRA sends institute State Diameter signalings.
Alternatively, in the case where the DRA is for landing DRA, the DRA sends the Diameter signalings bag Include:Massage sets of the DRA according to belonging to second routing information and the Diameter signalings, judges described Whether Diameter signalings meet predetermined condition, wherein, the massage set includes one below:Ownership state is to roaming country Massage set, the roaming country of transmission are to the massage set of ownership state transmission, only in the domestic massage set for sending of ownership; Judged result is in the case of being, the DRA sends the Diameter signalings.
Alternatively, it is to belong to the massage set that state sends to roaming country in the massage set belonging to the Diameter signalings In the case of, the predetermined condition includes at least one of:The state that IMSI according to the Diameter signalings is inquired Operator of family is the first operator of state;The source host of the Diameter signalings and the first state fortune inquired according to IMSI Battalion business constitutes trusting relationship;Second routing information of the Diameter signalings includes first state's critical point DRA information, Wherein, first state critical point DRA information is the critical point DRA information of the first operator of state inquired according to IMSI; Second routing information of the Diameter signalings includes second state's critical point DRA information, wherein, second state Critical point DRA information is the critical point DRA information of the operator of described DRA the country one belongs to;The institute of the Diameter signalings State and contain up to two critical point DRA information of country in the second routing information.
Alternatively, it is the massage set that roaming country sends to ownership state in the massage set belonging to the Diameter signalings In the case of, the predetermined condition includes at least one of:The state that IMSI according to the Diameter signalings is inquired Operator of family is the second operator of state, wherein, operator of second state is the operator of described DRA the country one belongs to;Root The national operator inquired according to the source host of the Diameter signalings is the first operator of state;The Diameter letters Second routing information of order includes first state's critical point DRA information, wherein, according to first state critical point DRA The critical point DRA information of the first operator of state that source host is inquired;Second path letter of the Diameter signalings Breath includes second state's critical point DRA information, wherein, second state critical point DRA information is described DRA the country one belongs to The critical point DRA information of operator;Two countries are contained up in second routing information of the Diameter signalings Critical point DRA information.
Alternatively, in the feelings that the massage set belonging to the Diameter signalings is the massage set for only being sent in the ownership country Under condition, the predetermined condition includes at least one of:According to the IMSI or MSISDN of the Diameter signalings The national operator for inquiring is the second operator of state;Country's fortune that source host according to the Diameter signalings is inquired Battalion business is the second operator of state;The second operator of state is only included in second routing information of the Diameter signalings Critical point DRA information;Wherein, operator of second state is the operator of described DRA the country one belongs to.
According to an aspect of the invention, there is provided a kind of Diameter signaling methods, including:Service node is generated Diameter signalings;In service node addition the 3rd routing information to the Diameter signalings, wherein, described the Three routing informations are except the critical point DRA information for belonging to operator of state of the Diameter signalings and except described The critical point DRA information of the other countries outside the critical point DRA information of the roaming country operator of Diameter signalings;It is described Service node sends the Diameter signalings.
Alternatively, after the service node generates the Diameter signalings, methods described also includes:The business Node judges whether a DRA possesses the ability for removing the first path information in the Diameter signalings, wherein, First DRA is the next-hop DRA of the Diameter message;Wherein, the service node adds the 3rd path Information to the Diameter signalings include:In judged result in the case of no, the service node addition described the In three routing informations to the Diameter signalings.
Alternatively, after the service node sends the Diameter signalings, methods described also includes:Landing DRA Receive the Diameter signalings;The landing DRA determines the Diameter according to the 3rd routing information The path of signaling is forgery path.
According to an aspect of the invention, there is provided a kind of Diameter signaling sending devices, are applied to DRA, including: Receiver module, for receiving Diameter signalings;Judge module, the upper hop for judging the Diameter signalings Whether node is service node;First processing module, in the case where the judgment result is yes, removing the Diameter In first path information in signaling, and addition the second routing information to the Diameter signalings, wherein, described second Routing information includes:The identification information of the upper hop node of the Diameter signalings;First sending module, for sending The Diameter signalings.
Alternatively, described device also includes:Second processing module, in the case of being no in judged result, retains institute State the first path information in Diameter signalings, and add second routing information to the Diameter signalings; Second sending module, for sending the Diameter signalings.
Alternatively, first sending module or second sending module include respectively:Judging unit, in institute In the case of DRA is stated for landing DRA, disappearing according to belonging to second routing information and the Diameter signalings Breath set, judges whether the Diameter signalings meet predetermined condition, wherein, the massage set includes one below: Massage set that massage set that ownership state sends to roaming country, roaming country send to ownership state, only in the domestic transmission of ownership Massage set;Transmitting element, in the case where the judgment result is yes, sending the Diameter signalings.
According to an aspect of the invention, there is provided a kind of Diameter signaling sending devices, are applied to service node, bag Include:Generation module, for generating Diameter signalings;Processing module, the 3rd routing information of addition to the Diameter In signaling, wherein, the 3rd routing information is the critical point DRA of the operator of ownership state except the Diameter signalings Information and the pass of the other countries in addition to the critical point DRA information of the roaming country operator of the Diameter signalings Mouth DRA information;Sending module, for sending the Diameter signalings.
Alternatively, described device also includes:Judge module, for judging whether a DRA possesses the removing Diameter The ability of the first path information in signaling, wherein, a DRA is the next-hop of the Diameter message DRA;Wherein, the processing module is used for:In the case where the judged result of judge module is no, addition the described 3rd In routing information to the Diameter signalings.
By the present invention, Diameter signalings are received using DRA;DRA judges the upper hop section of Diameter signalings Whether point is service node;In the case where the judgment result is yes, DRA removes the first path in Diameter signalings In information, and addition the second routing information to Diameter signalings, wherein, the second routing information includes:Diameter The identification information of the upper hop node of signaling;DRA sends the mode of Diameter signalings, solves Diameter signalings The low problem of caused Diameter signaling networks security is forged, the security of Diameter signaling networks is improved.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, the present invention Schematic description and description be used for explain the present invention, do not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of core packet networks evolution EPC, IMS, the PCC according to correlation technique;
Fig. 2 is the flow chart one that Diameter signalings according to embodiments of the present invention send;
Fig. 3 is the flowchart 2 of Diameter signaling methods according to embodiments of the present invention;
Fig. 4 is the structured flowchart one of Diameter signaling sending devices according to embodiments of the present invention;
Fig. 5 is the alternative construction block diagram of Diameter signaling sending devices according to embodiments of the present invention;
Fig. 6 is the structured flowchart two of Diameter signaling sending devices according to embodiments of the present invention;
Fig. 7 is the schematic diagram of the message category of the MAP signalings according to alternative embodiment of the present invention;
Fig. 8 is the structural representation of the Diameter signaling networks according to alternative embodiment of the present invention;
Fig. 9 is the flow chart of the inspection of the message sent to roaming country according to the ownership state of alternative embodiment of the present invention;
Figure 10 is the flow chart of the inspection of the message sent to ownership state according to the roaming country of alternative embodiment of the present invention;
Figure 11 is the flow chart of the inspection for only belonging to the domestic message for sending according to alternative embodiment of the present invention;
Figure 12 is the flow chart that positive business node messages are advised according to the DRA of alternative embodiment of the present invention.
Specific embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that in the feelings not conflicted Under condition, the feature in embodiment and embodiment in the application can be mutually combined.
It should be noted that term " first ", " second " in description and claims of this specification and above-mentioned accompanying drawing Etc. being for distinguishing similar object, without for describing specific order or precedence.
A kind of Diameter signaling methods are provided in the present embodiment, and Fig. 2 is according to embodiments of the present invention The flow chart one that Diameter signalings send, as shown in Fig. 2 the flow comprises the following steps:
Step S202, DRA receive Diameter signalings;
Step S204, DRA judge whether the upper hop node of Diameter signalings is service node;
Step S206, in the case where the judgment result is yes, DRA removes the first path information in Diameter signalings, And in addition the second routing information to Diameter signalings, wherein, the second routing information includes:Diameter signalings it is upper The identification information of one hop node;
Step S208, DRA send Diameter signalings.
By above-mentioned steps, after Diameter signalings are received from service node, by first in Diameter signalings Routing information is removed, and is believed the identification information of upper hop node as the second path in Diameter signalings by DRA Breath is added in Diameter signalings.By this way, the road during service node forges Diameter signalings can be prevented Footpath information, solves the problems, such as that Diameter signalings are forged caused Diameter signaling networks security low, lifting The security of Diameter signaling networks.
If the upper hop of Diameter signalings is not service node, i.e., the situation that judged result is no in step S204 Under, DRA retains the first path information in Diameter signalings, and adds the second routing information to Diameter signalings In.So, the DRA not being directly connected to service node successively adds the identification information of the upper hop node of the DRA To in Diameter signalings, so that foring complete path chain in Diameter signalings, the Diameter is indicated The routing information of all nodes that signaling is passed through.
In Diameter signaling networks, service node is the initiation node or receiving terminal node of Diameter signalings; Signified service node is the initiation node of Diameter signalings in above-mentioned steps S204, for example, mobile management reality Body Mobility Management Entity, referred to as MME) etc..
Alternatively, in the case where DRA is for landing DRA, when DRA sends Diameter signalings, DRA roots According to the massage set belonging to the second routing information and Diameter signalings, judge whether Diameter signalings meet predetermined bar Part;In the case where the judgment result is yes, DRA sends Diameter signalings.Wherein, massage set include it is following it One:Massage set, the roaming country that ownership state sends to roaming country are to the massage set of ownership state transmission, only in the ownership country The massage set of transmission.By the difference to the massage set belonging to different Diameter signalings, can set different Predetermined condition, by the judgement to the routing information in Diameter signalings, can further recognize forgery signaling.
Wherein, above-mentioned landing DRA refers to last of Diameter signalings on the path from originating end to receiving terminal DRA, the DRA is received after Diameter signalings, and will be sent to for Diameter signalings and be located at by the DRA The service node of Diameter receiving terminals.
Above-mentioned predetermined condition can be configured as needed.
For example, in the case where the massage set belonging to Diameter signalings is the massage set that ownership state sends to roaming country, Predetermined condition includes but is not limited at least one of:The national operator that IMSI according to Diameter signalings is inquired It is the first operator of state;The source host of Diameter signalings is constituted with the first operator of state inquired according to IMSI trusts Relation;Second routing information of Diameter signalings includes first state's critical point DRA information, wherein, the first state critical point DRA Information is the critical point DRA information of the first operator of state inquired according to IMSI;The second path letter of Diameter signalings Breath includes second state's critical point DRA information, wherein, second state's critical point DRA information is the operator of DRA the country one belongs to Critical point DRA information;Two critical point DRA information of country are contained up in second routing information of Diameter signalings.
For example, in the case where the massage set belonging to Diameter signalings is the massage set that roaming country sends to ownership state, Predetermined condition includes but is not limited at least one of:The national operator that IMSI according to Diameter signalings is inquired It is the second operator of state, wherein, the second operator of state is the operator of DRA the country one belongs to;According to Diameter signalings The national operator that source host is inquired is the first operator of state;Second routing information of Diameter signalings includes the first state Critical point DRA information, wherein, the first state critical point DRA is the critical point of the first operator of state inquired according to source host DRA information;Second routing information of Diameter signalings includes second state's critical point DRA information, wherein, the second state closes Mouth DRA information is the critical point DRA information of the operator of DRA the country one belongs to;Second routing information of Diameter signalings In contain up to two critical point DRA information of country.
For example, the massage set belonging to Diameter signalings be only in the case of the domestic massage set for sending of ownership, Predetermined condition includes but is not limited at least one of:IMSI or MSISDN according to Diameter signalings are inquired National operator be the second operator of state;The national operator that source host according to Diameter signalings is inquired is second Operator of state;The critical point DRA information of the second operator of state is only included in second routing information of Diameter signalings;Its In, the second operator of state is the operator of DRA the country one belongs to.
Wherein it is possible to the command code (Command Code) and/or application interface according to Diameter signalings judge to be somebody's turn to do Massage set belonging to Diameter signalings.In addition, when judging whether Diameter signalings meet above-mentioned predetermined condition, The judgement of multiple predetermined conditions sequentially in embodiments of the present invention and is not construed as limiting.
Routing information in the embodiment of the present invention adds route record (Route-Record) attribute in Diameter signalings Value is in (Attribute-Value Pair, referred to as AVP).
The embodiment of the present invention additionally provides a kind of Diameter signaling methods, and Fig. 3 is according to embodiments of the present invention The flowchart 2 of Diameter signaling methods, as shown in figure 3, the flow comprises the following steps:
Step S302, service node generation Diameter signalings;
Step S304, in service node addition the 3rd routing information to Diameter signalings, wherein, the 3rd routing information It is except the critical point DRA information for belonging to operator of state of Diameter signalings and except the roaming country of Diameter signalings is transported The critical point DRA information of the other countries sought outside the critical point DRA information of business;
Step S306, service node sends Diameter signalings.
By above-mentioned steps, service node the 3rd country of addition (i.e. other above-mentioned in the Diameter signalings of generation Country) critical point DRA information as routing information.If the DRA of Incoming does not possess removes what service node sent The ability of routing information in Diameter signalings, then the routing information for landing the Diameter signalings that DRA is received will be same When in the presence of three critical point DRA information of country, and there are the critical point DRA information of three countries in Diameter signalings Illegal routing information is fallen within existing Diameter signaling networks, therefore, by this way so that follow-up DRA (for example landing DRA) the Diameter signalings can be judged according to the routing information of Diameter signalings To forge path, so as to solve Diameter signalings, to be forged caused Diameter signaling networks security low in path Problem, improve the security of Diameter signaling networks.
DRA pairs of the sponsor nation of Diameter signalings is needed by the Diameter signaling methods shown in Fig. 2 Routing information in Diameter signalings is purged treatment;However, it is contemplated that some countries may not allow the state DRA removes the routing information in Diameter signalings, then can use the Diameter signaling methods shown in Fig. 3, 3rd routing information is added to Diameter signalings by service node so that Diameter signalings do not meet at present The protocol specification of Diameter signaling networks.After landing DRA receives Diameter signalings;Landing DRA can be with According to the 3rd routing information, then the path of Diameter signalings is can determine that to forge path.
Alternatively, after step S302, service node can also judge whether a DRA possesses removing Diameter The ability of the first path information in signaling, wherein, a DRA is the next-hop DRA of Diameter message;Accordingly , in step s 304, in the case where judged result is no, service node adds the 3rd routing information to Diameter In signaling.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-described embodiment Method can add the mode of required general hardware platform by software to realize, naturally it is also possible to by hardware, but a lot In the case of the former be more preferably implementation method.Based on such understanding, technical scheme is substantially in other words to existing The part for having technology to contribute can be embodied in the form of software product, and the computer software product is stored at one In storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used to so that a station terminal equipment (can Being mobile phone, computer, server, or network equipment etc.) perform method described in each embodiment of the invention.
A kind of Diameter signaling sending devices are additionally provided in the present embodiment, and the device is applied in DRA, is used for Above-described embodiment and preferred embodiment are realized, repeating no more for explanation had been carried out.
Fig. 4 is the structured flowchart one of Diameter signaling sending devices according to embodiments of the present invention, as shown in figure 4, should Device includes:Receiver module 42, judge module 44, the sending module 48 of first processing module 46 and first, wherein,
Receiver module 42, for receiving Diameter signalings;Judge module 44, coupled to receiver module 42, for sentencing Whether the upper hop node of disconnected Diameter signalings is service node;First processing module 46, coupled to judge module 44, For in the case where the judgment result is yes, removing the first path information in Diameter signalings, and add the second path In information to Diameter signalings, wherein, the second routing information includes:The mark of the upper hop node of Diameter signalings Information;First sending module 48, coupled to first processing module 46, for sending Diameter signalings.
Fig. 5 is the alternative construction block diagram of Diameter signaling sending devices according to embodiments of the present invention, as shown in figure 5, Alternatively, device can also include:Second processing module 52, coupled to judge module 44, for being in judged result In the case of no, retain the first path information in Diameter signalings, and add the second routing information to Diameter In signaling;Second sending module 54, coupled to Second processing module 52, for sending Diameter signalings.
Alternatively, the first sending module 46 or the second sending module 54 include respectively:Judging unit, in DRA In the case of landing DRA, the massage set according to belonging to the second routing information and Diameter signalings judges Whether Diameter signalings meet predetermined condition, wherein, massage set includes one below:Ownership state sends to roaming country Massage set, roaming country sent to ownership state massage set, only in the domestic massage set for sending of ownership;Send single Unit, coupled to judging unit, in the case where the judgment result is yes, sending Diameter signalings.
A kind of Diameter signaling sending devices are additionally provided in the present embodiment, the device is applied in service node, use In above-described embodiment and preferred embodiment is realized, repeating no more for explanation had been carried out.
Fig. 6 is the structured flowchart two of Diameter signaling sending devices according to embodiments of the present invention, as shown in fig. 6, should Device includes:Generation module 62, processing module 66 and sending module 68, wherein,
Generation module 62, for generating Diameter signalings;Processing module 66, coupled to generation module 62, for adding Plus the 3rd in routing information to Diameter signalings, wherein, the 3rd routing information is the ownership state except Diameter signalings The critical point DRA information of operator and in addition to the critical point DRA information of the roaming country operator of Diameter signalings Other countries critical point DRA information;Sending module 68, coupled to processing module 66, for sending Diameter Signaling.
Alternatively, the device can also include judge module 64, be coupling between generation module 62 and processing module 66, For judging whether a DRA possesses the ability for removing the first path information in Diameter signalings, wherein, first DRA is the next-hop DRA of Diameter message;Processing module 66 is used for:It is in the judged result of judge module 64 In the case of no, in addition the 3rd routing information to Diameter signalings.
It should be noted that above-mentioned modules can be by software or hardware to realize, for the latter, Ke Yitong Cross in the following manner realization, but not limited to this:Above-mentioned module is respectively positioned in same processor;Or, above-mentioned module distinguishes position In multiple processors.
Embodiments of the invention additionally provide a kind of software, during the software is used to perform above-described embodiment and preferred embodiment The technical scheme of description.
Embodiments of the invention additionally provide a kind of storage medium.In the present embodiment, above-mentioned storage medium can be set It is used to perform the program code of following steps for storage:
Step S202, DRA receive Diameter signalings;
Step S204, DRA judge whether the upper hop node of Diameter signalings is service node;
Step S206, in the case where the judgment result is yes, DRA removes the first path information in Diameter signalings, And in addition the second routing information to Diameter signalings, wherein, the second routing information includes:Diameter signalings it is upper The identification information of one hop node;
Step S208, DRA send Diameter signalings.
Embodiments of the invention additionally provide a kind of storage medium.In the present embodiment, above-mentioned storage medium can be set It is used to perform the program code of following steps for storage:
Step S302, service node generation Diameter signalings;
Step S304, in service node addition the 3rd routing information to Diameter signalings, wherein, the 3rd routing information It is except the critical point DRA information for belonging to operator of state of Diameter signalings and except the roaming country of Diameter signalings is transported The critical point DRA information of the other countries sought outside the critical point DRA information of business;
Step S306, service node sends Diameter signalings.
Alternatively, in the present embodiment, above-mentioned storage medium can be included but is not limited to:USB flash disk, read-only storage (Read-Only Memory, referred to as ROM), random access memory (Random Access Memory, referred to as Be RAM), mobile hard disk, magnetic disc or CD etc. are various can be with the medium of store program codes.
Alternatively, the specific example in the present embodiment may be referred to showing described in above-described embodiment and optional embodiment Example, the present embodiment will not be repeated here.
In order that the description of the embodiment of the present invention is clearer, it is described with reference to alternative embodiment and is illustrated.
In order to overcome in the signaling such as source address or IMSI number of the camouflage of None- identified present in existing GSMA technologies The problem and defect of appearance, the source address or the method for IMSI number pretended there is provided a kind of identification in the embodiment of the present invention, Device and system, including following technical scheme:
Step 1, when DRA receives message (i.e. the Diameter signalings) of service node, by the Route-Record in message AVP is all removed, it is ensured that this Route-Record AVP is not forged by hacker;
Step 2, each DRA forward any Diameter request messages when, by the DRA or service node of upper hop Recorded in Route-Record AVP, form a Route-Record AVP chain, completely embodying the Diameter please Ask all DRA nodes that message is passed through or the path that service node is constituted;
Three class message, when before DRA forwarding Diameter request messages to service node, (" are belonged to state by step 3 To the message that roaming country sends ", " message that roaming country sends to ownership state ", " only belonging to the domestic message for sending ") increase Plus roaming country critical point DRA, the inspection of landing state critical point DRA, by checking that the message of signaling content is forged in identification, and Shielding cannot be by the above-mentioned message for all checking.
Step 4, anti-Route-Record AVP are forged.When the national DRA of the business of initiation is not to Route-Record AVP Enter professional etiquette just (to carry routing information in the message that service node sends, but initiate the national DRA of business not Route-Record AVP in the message are all removed) when, service node can be in the message for sending out comprising one group Route-Record AVP, are used to forge the path of the 3rd state.Landing DRA is in forwarding Diameter request messages to industry Before business node, whether check in its path comprising circuitous path or comprising three or more than three country critical point DRA Information, if including, confirm as forging path, shield the message.By this way, realize and do not changing In the case of DRA flows, by actively forging the path of the 3rd state, existing forgery function of path recognition is make use of, Realize the message identification to there is potential safety hazard and shield.
Step 5, after all inspections pass through, DRA forwards Diameter request messages to service node.
By above-mentioned steps, due to the particularity of Diameter signalings:Service node does not carry path letter when sending message Breath, routing information (i.e. one or more Route-Record AVP) is existed one by one by the DRA nodes for forwarding the message Added in message.Further, since DRA nodes are more with a high credibility than service node, therefore, the path letter of DRA additions Breath is more reliable.By that after above-mentioned treatment, then can be verified using the routing information carried in Diameter request messages The uniformity of its source host name/domain name/IMSI number or its whether be legal path so that recognize forgery Diameter Signaling, substantially increases the defence capability of network.That can be effectively defendd " to hide at an a corner, attack complete using which The attack pattern of ball ".
Additionally, to " ownership state is sent to roaming country message ", the message of the transmission of ownership state " roaming country to ", " only belong to The message that the country sends " can further formulate predetermined condition according to the characteristics of these message respectively, realize reliability higher Property.
Alternative embodiment of the present invention is described and illustrated with example below in conjunction with the accompanying drawings.
Fig. 7 is the schematic diagram of the message category of the MAP signalings according to alternative embodiment of the present invention, as shown in fig. 7,1. Represent the transmission scope of " only belonging to the domestic message for sending ";2. represent " message that ownership state sends to roaming country " Transmission scope;3. the transmission scope of " message that roaming country sends to ownership state " is represented.Diameter signalings also according to The sorting technique of MAP signalings is divided three classes.
Fig. 8 is the structural representation of the Diameter signaling networks according to alternative embodiment of the present invention, as shown in figure 8, Diameter signaling networks are divided into three layers, respectively:Bottom is service node;The domestic DRA interposers in intermediate layer; International DRA (iDRA) signal switching layer of the superiors.In addition, diagrammatically illustrating Diameter signalings in Fig. 8 Bang path.
In order that the embodiment of the present invention is more easily understood, the configuration in alternative embodiment of the present invention to parameter is described. It should be noted that the configuration of following parameter only property explanation as an example, the embodiment of the present invention is not limited to following specific Parameter configuration value;I.e. actual disposition value can modify according to reality need and related protocol, however it is not limited to following The design parameter configuration of signal.
1st, configuration " national carrier network title, critical point DRA main frames " relation, wherein,
The national entitled full name domain name of carrier network (Fully Qualified Domain Name, referred to as FQDN) word Symbol string, 128 byte most long;Critical point DRA main frames are FQDN character strings, 128 byte most long;
It should be noted that when a national carrier network title has multiple critical point DRA to carry out load sharing, this Multiple critical point DRA main frames are required for configuration in " national carrier network title, critical point DRA main frames " relation.
2nd, configuration " national carrier network title, business main frame, business main frame application ID set " relation, wherein,
The national entitled FQDN character strings of carrier network, 128 byte most long;Business main frame is FQDN character strings, 128 byte most long;Business main frame application ID gathers:That is the set of Application ID, represents the conjunction that the main frame is supported Method application;
It should be noted that when a national carrier network title has multiple business main frames, multiple business main frames are all needed Configure in " national carrier network title, business main frame, business main frame application ID set " relation;When one Business main frame can simultaneously support multiple interfaces, for example:PCRF, while supporting Gxx, Gx, Rx, S9, Sd, Gy Deng interface when, multiple interfaces be required for configuration in " national carrier network title, business main frame, business main frame application ID In set " relation.
3rd, " national carrier network title, IMSI number section " relation is configured, wherein,
The national entitled FQDN character strings of carrier network, 128 byte most long;IMSI number section is decimal code, most 15 bytes long;
It should be noted that when a national carrier network title has multiple IMSI number sections, multiple IMSI number sections are all Need to configure in " national carrier network title, IMSI number section " relation.
4th, " national carrier network title, public subscriber identification (Public User Identity, referred to as PUI) are configured Number section " relation, wherein,
The national entitled FQDN character strings of carrier network, 128 byte most long;PUI number sections are character string, most long 128 bytes;
It should be noted that when a national carrier network title has multiple PUI number sections, multiple PUI number sections are all needed Configure in " national carrier network title, PUI number sections " relation.
5th, this national carrier network title is configured.
After parameter configuration is completed, then identification flow can be separately designed according to the type of message in the affiliated Fig. 7 of message.
Fig. 9 is the flow chart of the inspection of the message sent to roaming country according to the ownership state of alternative embodiment of the present invention, is such as schemed Shown in 9, it is assumed that A states are the ownership state of Diameter message sender, B states are unrestrained for Diameter message sender's You Guo, the flow comprises the following steps:
The DRA of step S901, B states receives Diameter message (i.e. Diameter signalings), and route analysis is next Node is service node;
Step S902:The DRA of B states judges whether to belong to and returns according to the command code and application interface of the Diameter message Category state is to roaming country massage set, if it is, continuing.Otherwise processed according to other decision logics.
Step S903:The DRA of B states obtains IMSI correspondences according to " national carrier network title, IMSI number section " National carrier network title, if its operator of state (that is, the operators of the other countries in addition to B states), Then continue.Otherwise processed according to other decision logics.
Step S904:The DRA of B states checks the source master of message according to " national carrier network title, business main frame " Machine name, if constituting trusting relationship with the national carrier network title obtained according to IMSI.Then continue, otherwise judge It is invalid message, abandons.
Step S905:The DRA of B states is according to " national carrier network title, critical point DRA main frames " and the request The Route-Record chains of message, judge whether Route-Record chains include the critical point DRA of B states.It is to continue. If mismatched, it is judged to invalid message, abandons.
Step S906:The DRA of B states checks message according to " national carrier network title, critical point DRA main frames " Route-Record chains, if the critical point DRA containing A states, continues.Otherwise it is judged to invalid message, abandons.
Step S907:The DRA of B states checks the Route-Record AVP chains of message, if at most containing two countries Critical point DRA, then continue.Otherwise it is judged to forge Route-Record message, abandons.
Verified by the content shown in Fig. 9 and Route-Record routing informations are checked, for example, believing for Diameter The CLR request messages of S6a interfaces are made, if attacker is attacked by the information deletion that the 3rd state initiates validated user, DRA can be identified and abandoned.
Figure 10 is the flow chart of the inspection of the message sent to ownership state according to the roaming country of alternative embodiment of the present invention, such as Shown in Figure 10, it is assumed that A states are the ownership state of Diameter message sender, B states are Diameter message sender's Roaming country, the flow comprises the following steps:
Step S1001:The DRA of A states receives Diameter message, and route analysis next node is service node;
Step S1002:Whether the DRA of A states belongs to roaming country to ownership state according to the command code of the Diameter message The massage set of transmission, if it is, continuing.Otherwise processed according to other decision logics.
Step S1003:The DRA of A states obtains IMSI pairs according to " national carrier network title, IMSI number section " The national carrier network title answered, if operator of A states, then continue.Otherwise abandon.
Step S1004:The DRA of A states obtains source host name according to " national carrier network title, business main frame " Corresponding national carrier network title, if its operator of state (that is, the operators of the other countries in addition to A states), Then continue.Otherwise processed according to other decision logics.
Step S1005:The DRA of A states is according to " national carrier network title, critical point DRA main frames " and the request The Route-Record chains of message, judge whether Route-Record chains include the critical point DRA of B states.It is to continue. If mismatched, it is judged to invalid message, abandons.
Step S1006:The DRA of A states checks message according to " national carrier network title, critical point DRA main frames " Route-Record chains, if the critical point DRA containing A states, continues.Otherwise it is judged to invalid message, abandons.
Step S1007:The DRA of A states checks the Route-Record AVP chains of message, if at most containing two countries Critical point DRA, then continue.Otherwise it is judged to forge Route-Record message, abandons.
Verified by the content shown in Figure 10 and Route-Record routing informations are checked, for example, believing for Diameter The PUR request messages of S6a interfaces are made, if attacker is deleted by the information roaming information that the 3rd state initiates validated user Remove, DRA can be identified and abandoned.
Figure 11 is the flow chart of the inspection for only belonging to the domestic message for sending according to alternative embodiment of the present invention, such as Figure 11 Shown, it is assumed that A states are the ownership state of Diameter message sender, the flow comprises the following steps:
Step S1101:The DRA of A states receives Diameter message, and route analysis next node is service node;
Step S1102:The DRA of A states only belong to domestic transmission according to whether the command code of the Diameter message belongs to Massage set, if it is, continue.Otherwise processed according to other decision logics.
Step S1103:The DRA of A states checks the IMSI of message according to " national carrier network title, IMSI number section " Or MSISDN, if the country of matching is A states, continue, otherwise it is judged to invalid message, abandon.
Step S1104:The DRA of A states obtains source host name according to " national carrier network title, business main frame " Corresponding national carrier network title, if operator of A states, then continue.Otherwise it is judged to invalid message, abandons.
Step S1105:The DRA of A states checks message according to " national carrier network title, critical point DRA main frames " Route-Record chains, if without its state (other countries i.e. in addition to A states) critical point DRA, continue. Otherwise it is judged to invalid message, abandons.
Verified by the content shown in Figure 11 and Route-Record routing informations are checked, for example, for Sh interface UDR request messages, if the user data requests that attacker plays IMS-HSS by the 3rd promulgated by the State Council (are intended to illegally obtain Take user signing contract information), DRA can be identified and abandoned.
Figure 12 is the flow chart that positive business node messages are advised according to the DRA of alternative embodiment of the present invention, as shown in figure 12, The flow comprises the following steps:
Step S1201:DRA receives Diameter request messages, if service node is initiated, then will Route-Record AVP are all removed;
Step S1202:Subsequently carry out regular traffic treatment.
By above-mentioned steps, if the Incoming of Diameter signalings is service node, no matter Route-Record AVP The routing information of carrying how many, it will all delete these routing informations, it is ensured that the Diameter signalings of subsequent delivery In will not carry service node addition Route-Record AVP information.
Obviously, those skilled in the art should be understood that above-mentioned of the invention each module or each step can be with general Computing device realizes that they can be concentrated on single computing device, or is distributed in multiple computing devices and is constituted Network on, alternatively, the program code that they can be can perform with computing device be realized, it is thus possible to by they Storage is performed by computing device in the storage device, and in some cases, can be held with different from order herein The shown or described step of row, or they are fabricated to each integrated circuit modules respectively, or will be many in them Individual module or step are fabricated to single integrated circuit module to realize.So, the present invention is not restricted to any specific hardware Combined with software.
The preferred embodiments of the present invention are the foregoing is only, is not intended to limit the invention, for the technology of this area For personnel, the present invention can have various modifications and variations.It is all within the spirit and principles in the present invention, made it is any Modification, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (14)

1. a kind of Diameter signaling methods, it is characterised in that including:
Diameter route agents DRA receives Diameter signalings;
The DRA judges whether the upper hop node of the Diameter signalings is service node;
In the case where the judgment result is yes, the DRA removes the first path information in the Diameter signalings, and In adding the second routing information to the Diameter signalings, wherein, second routing information includes:The Diameter The identification information of the upper hop node of signaling;
The DRA sends the Diameter signalings.
2. method according to claim 1, it is characterised in that judge the upper hop of the Diameter signalings in the DRA After whether node is the service node, methods described also includes:
In the case where judged result is no, the DRA retains the first path information in the Diameter signalings, and In adding second routing information to the Diameter signalings;
The DRA sends the Diameter signalings.
3. method according to claim 1 and 2, it is characterised in that described in the case where the DRA is for landing DRA DRA sends the Diameter signalings to be included:
Massage sets of the DRA according to belonging to second routing information and the Diameter signalings, judges described Whether Diameter signalings meet predetermined condition, wherein, the massage set includes one below:Ownership state is to roaming country Massage set, the roaming country of transmission are to the massage set of ownership state transmission, only in the domestic massage set for sending of ownership;
In the case where the judgment result is yes, the DRA sends the Diameter signalings.
4. method according to claim 3, it is characterised in that in the massage set belonging to the Diameter signalings be ownership In the case of the massage set that state is sent to roaming country, the predetermined condition includes at least one of:
The national operator that international mobile subscriber identity IMSI according to the Diameter signalings is inquired transports for the first state Battalion business;
The source host of the Diameter signalings constitutes trusting relationship with the first operator of state inquired according to IMSI;
Second routing information of the Diameter signalings includes first state's critical point DRA information, wherein, described first State's critical point DRA information is the critical point DRA information of the first operator of state inquired according to IMSI;
Second routing information of the Diameter signalings includes second state's critical point DRA information, wherein, described second State's critical point DRA information is the critical point DRA information of the operator of described DRA the country one belongs to;
Two critical point DRA information of country are contained up in second routing information of the Diameter signalings.
5. method according to claim 3, it is characterised in that in the massage set belonging to the Diameter signalings be roaming In the case of massage set of the state to the transmission of ownership state, the predetermined condition includes at least one of:
The national operator that international mobile subscriber identity IMSI according to the Diameter signalings is inquired transports for the second state Battalion business, wherein, operator of second state is the operator of described DRA the country one belongs to;
The national operator that source host according to the Diameter signalings is inquired is the first operator of state;
Second routing information of the Diameter signalings includes first state's critical point DRA information, wherein, described first State critical point DRA is the critical point DRA information of the first operator of state inquired according to source host;
Second routing information of the Diameter signalings includes second state's critical point DRA information, wherein, described second State's critical point DRA information is the critical point DRA information of the operator of described DRA the country one belongs to;
Two critical point DRA information of country are contained up in second routing information of the Diameter signalings.
6. method according to claim 3, it is characterised in that in the massage set belonging to the Diameter signalings only to exist In the case of the domestic massage set for sending of ownership, the predetermined condition includes at least one of:
International mobile subscriber identity IMSI or mobile station International ISDN according to the Diameter signalings/PSTN identifications The national operator that number MSISDN is inquired is the second operator of state;
The national operator that source host according to the Diameter signalings is inquired is the second operator of state;
The critical point DRA information of the second operator of state is only included in second routing information of the Diameter signalings;
Wherein, operator of second state is the operator of described DRA the country one belongs to.
7. a kind of Diameter signaling methods, it is characterised in that including:
Service node generates Diameter signalings;
In service node addition the 3rd routing information to the Diameter signalings, wherein, the 3rd routing information It is except the critical point Diameter route agents DRA information for belonging to operator of state of the Diameter signalings and except described The critical point DRA information of the other countries outside the critical point DRA information of the roaming country operator of Diameter signalings;
The service node sends the Diameter signalings.
8. method according to claim 7, it is characterised in that after the service node generates the Diameter signalings, Methods described also includes:
The service node judges whether a DRA possesses the energy for removing the first path information in the Diameter signalings Power, wherein, a DRA is the next-hop DRA of the Diameter message;
Wherein, service node addition the 3rd routing information to the Diameter signalings include:It is in judged result In the case of no, the service node is added in the 3rd routing information to the Diameter signalings.
9. the method according to claim 7 or 8, it is characterised in that send the Diameter signalings in the service node Afterwards, methods described also includes:
Landing DRA receives the Diameter signalings;
The landing DRA determines the path of the Diameter signalings to forge path according to the 3rd routing information.
10. a kind of Diameter signaling sending devices, are applied to Diameter route agents DRA, it is characterised in that including:
Receiver module, for receiving Diameter signalings;
Judge module, whether the upper hop node for judging the Diameter signalings is service node;
First processing module, in the case where the judgment result is yes, removing the first via in the Diameter signalings In footpath information, and addition the second routing information to the Diameter signalings, wherein, second routing information includes: The identification information of the upper hop node of the Diameter signalings;
First sending module, for sending the Diameter signalings.
11. devices according to claim 9, it is characterised in that described device also includes:
Second processing module, in the case of being no in judged result, retains the first via in the Diameter signalings Footpath information, and add second routing information to the Diameter signalings;
Second sending module, for sending the Diameter signalings.
12. device according to claim 9 or 10, it is characterised in that first sending module or the second transmission mould Block includes respectively:
Judging unit, in the case of in the DRA for landing DRA, according to second routing information and described Massage set belonging to Diameter signalings, judges whether the Diameter signalings meet predetermined condition, wherein, it is described Massage set includes one below:Massage set, the roaming country that ownership state sends to roaming country are to the message for belonging to state's transmission Set, the massage set for only being sent in the ownership country;
Transmitting element, in the case where the judgment result is yes, sending the Diameter signalings.
A kind of 13. Diameter signaling sending devices, are applied to service node, it is characterised in that including:
Generation module, for generating Diameter signalings;
Processing module, for adding the 3rd routing information to the Diameter signalings in, wherein, the 3rd path letter Breath is except the critical point Diameter route agents DRA information for belonging to operator of state of the Diameter signalings and except institute The critical point DRA information of the other countries outside the critical point DRA information of the roaming country operator for stating Diameter signalings;
Sending module, for sending the Diameter signalings.
14. devices according to claim 13, it is characterised in that described device also includes:
Judge module, for judging whether a DRA possesses the first path information removed in the Diameter signalings Ability, wherein, a DRA is the next-hop DRA of the Diameter message;
Wherein, the processing module is used for:In the case where the judged result of judge module is no, the 3rd tunnel is added In footpath information to the Diameter signalings.
CN201510992477.7A 2015-12-24 2015-12-24 Diameter signaling sending method and device Active CN106921570B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510992477.7A CN106921570B (en) 2015-12-24 2015-12-24 Diameter signaling sending method and device
PCT/CN2016/112681 WO2017108009A1 (en) 2015-12-24 2016-12-28 Diameter signaling transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510992477.7A CN106921570B (en) 2015-12-24 2015-12-24 Diameter signaling sending method and device

Publications (2)

Publication Number Publication Date
CN106921570A true CN106921570A (en) 2017-07-04
CN106921570B CN106921570B (en) 2020-09-29

Family

ID=59089143

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510992477.7A Active CN106921570B (en) 2015-12-24 2015-12-24 Diameter signaling sending method and device

Country Status (2)

Country Link
CN (1) CN106921570B (en)
WO (1) WO2017108009A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246144A (en) * 2018-10-31 2019-01-18 中国人民解放军战略支援部队信息工程大学 HSS unauthorized access detection device and method in IMS network
CN111277552A (en) * 2018-12-05 2020-06-12 中国移动通信集团广西有限公司 Method, device and storage medium for identifying direct signaling security threat
CN112954625A (en) * 2021-03-02 2021-06-11 武汉绿色网络信息服务有限责任公司 Signaling transmission method, device, equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247321A (en) * 2007-02-14 2008-08-20 华为技术有限公司 Method, device and system for routing diagnosis in network based on diameter protocol
US20110188397A1 (en) * 2009-10-16 2011-08-04 Mccann Thomas M Methods, systems, and computer readable media for multi-interface monitoring and correlation of diameter signaling information
CN103385012A (en) * 2010-12-23 2013-11-06 泰克莱克股份有限公司 Methods, systems, and computer readable media for modifying a Diameter signaling message directed to a charging function node
US20140043969A1 (en) * 2012-08-10 2014-02-13 Ibasis, Inc. Signaling Traffic Reduction In Mobile Communication Systems
CN103650543A (en) * 2013-06-28 2014-03-19 华为技术有限公司 Routing message transmission method and device
CN104350711A (en) * 2012-06-11 2015-02-11 泰科来股份有限公司 Methods, systems, and computer readable media for routing diameter messages at diameter signaling router
JP2015065539A (en) * 2013-09-24 2015-04-09 株式会社Nttドコモ Ip multimedia sub-system, proxy session control device, and communication control method
EP2534794A4 (en) * 2010-02-12 2015-07-29 Tekelec Inc Methods, systems, and computer readable media for providing peer routing at a diameter node

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247321A (en) * 2007-02-14 2008-08-20 华为技术有限公司 Method, device and system for routing diagnosis in network based on diameter protocol
US20110188397A1 (en) * 2009-10-16 2011-08-04 Mccann Thomas M Methods, systems, and computer readable media for multi-interface monitoring and correlation of diameter signaling information
EP2534794A4 (en) * 2010-02-12 2015-07-29 Tekelec Inc Methods, systems, and computer readable media for providing peer routing at a diameter node
CN103385012A (en) * 2010-12-23 2013-11-06 泰克莱克股份有限公司 Methods, systems, and computer readable media for modifying a Diameter signaling message directed to a charging function node
CN104350711A (en) * 2012-06-11 2015-02-11 泰科来股份有限公司 Methods, systems, and computer readable media for routing diameter messages at diameter signaling router
US20140043969A1 (en) * 2012-08-10 2014-02-13 Ibasis, Inc. Signaling Traffic Reduction In Mobile Communication Systems
CN103650543A (en) * 2013-06-28 2014-03-19 华为技术有限公司 Routing message transmission method and device
JP2015065539A (en) * 2013-09-24 2015-04-09 株式会社Nttドコモ Ip multimedia sub-system, proxy session control device, and communication control method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246144A (en) * 2018-10-31 2019-01-18 中国人民解放军战略支援部队信息工程大学 HSS unauthorized access detection device and method in IMS network
CN111277552A (en) * 2018-12-05 2020-06-12 中国移动通信集团广西有限公司 Method, device and storage medium for identifying direct signaling security threat
CN111277552B (en) * 2018-12-05 2022-06-14 中国移动通信集团广西有限公司 Method, device and storage medium for identifying direct signaling security threat
CN112954625A (en) * 2021-03-02 2021-06-11 武汉绿色网络信息服务有限责任公司 Signaling transmission method, device, equipment and storage medium
CN112954625B (en) * 2021-03-02 2022-03-11 武汉绿色网络信息服务有限责任公司 Signaling transmission method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN106921570B (en) 2020-09-29
WO2017108009A1 (en) 2017-06-29

Similar Documents

Publication Publication Date Title
CN114902714B (en) Methods, systems, and computer readable media for implementing indirect General Packet Radio Service (GPRS) tunneling protocol (GTP) firewall filtering using DIAMETER agents and signaling points (STPs)
CN103493522B (en) For enriching the method for Diameter signaling message, system and computer-readable medium
CN103460648B (en) Methods and systems for screening Diameter messages within a Diameter signaling router (DSR)
US10237721B2 (en) Methods, systems, and computer readable media for validating a redirect address in a diameter message
US8908864B2 (en) Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions
CN103477662A (en) Methods, systems and computer readable media for dynamically learning Diameter binding information
US20150319603A1 (en) Method for serving visitor subscribers in a mobile communication system
CN105915517A (en) Realization method for voice verification code service
CN108307385A (en) One kind preventing Signaling attack method and device
Rao et al. Unblocking stolen mobile devices using SS7-MAP vulnerabilities: Exploiting the relationship between IMEI and IMSI for EIR access
CN103906067A (en) Method and device for identifying false calling number
CN101330740A (en) Method for selecting gateway in wireless network
CN101557562A (en) Method for updating ACL of terminal and equipment thereof
CN107889175A (en) Method for switching network, apparatus and system, method for network access and device
US20160277591A1 (en) Global local number
CN104486091A (en) Charging method and device
CN106921570A (en) Diameter signaling methods and device
CN104883428B (en) Recognize the method and device of VOIP phones
CN104469725B (en) Realize the method and system of heterogeneous network international roaming short message prepayment service
CN105429936A (en) Defense method and apparatus of malicious occupation of storage resources in private network router
CN100461958C (en) Mobile communication access system and method
CN108738023A (en) Prevent method, Internet of Things server and the system of internet-of-things terminal access pseudo-base station
CN105208022A (en) Alarm information generation method and device
EP3018876A1 (en) Monitoring of signalling traffic
CN109309905A (en) A kind of identification of pseudo-base station note and hold-up interception method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20200819

Address after: 210012 Nanjing, Yuhuatai District, South Street, Bauhinia Road, No. 68

Applicant after: Nanjing Zhongxing Software Co.,Ltd.

Address before: 518057 Nanshan District science and technology, Guangdong Province, South Road, No. 55, No.

Applicant before: ZTE Corp.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant