WO2007082435A1 - Système, procédé et équipement réseau d'écoute légale dans un réseau de nouvelle génération - Google Patents
Système, procédé et équipement réseau d'écoute légale dans un réseau de nouvelle génération Download PDFInfo
- Publication number
- WO2007082435A1 WO2007082435A1 PCT/CN2006/002893 CN2006002893W WO2007082435A1 WO 2007082435 A1 WO2007082435 A1 WO 2007082435A1 CN 2006002893 W CN2006002893 W CN 2006002893W WO 2007082435 A1 WO2007082435 A1 WO 2007082435A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mgf
- call
- media
- interception
- lawful interception
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
- H04M3/2281—Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1016—IP multimedia subsystem [IMS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/006—Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/80—Arrangements enabling lawful interception [LI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1069—Session establishment or de-establishment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1083—In-session procedures
- H04L65/1093—In-session procedures by adding participants; by removing participants
Definitions
- the present invention relates to the field of network communication technologies, and in particular, to a system, method, and network device for lawful interception in a next generation network. Background of the invention
- LI “Lawful Interception” refers to the security organization, such as a country or region, for the purpose of law enforcement and other purposes, to monitor a user or a communication process. Listening includes signaling level monitoring and media level monitoring. For the interception of the signaling layer, it is necessary to output the IRI (Intercept Related Information) of the interception object; for the media level monitoring, it is necessary to output the CC (Content of Communication) of the interception object.
- IRI Intercept Related Information
- CC Content of Communication
- Method 1 The communication content is copied and reported by the GSN, as shown in FIG.
- the 3G GSN (3rd Generation GPRS Support Node), such as the GGSN/SGSN (GPRS Gateway Support Node/Serving GPRS Support Node), copies the communication media packet of the monitored object, that is, the communication content. And copy the copied communication media packet to DF3 (Delivery Function 3P, 3 channel delivery function entity)
- GGSN/SGSN GPRS Gateway Support Node/Serving GPRS Support Node
- DF3 Delivery Function 3P, 3 channel delivery function entity
- the 3G GSN can use the MGCP (Media Gateway Control Protocol) and the H248 protocol when copying the communication media packets of the monitored object.
- the MGCP and H248 protocols are the two most widely used media gateway control protocols.
- H.248 Profile for Basic RTP-based Lawful Interception (H.248 based on RTP flow) is the current standard organization to study the legal listening media.
- the topology logic shown in Figures 2 and 3 is suitable for the case of creating multiple media streams in one session, such as creating video streams and audio streams in a video call. Using the topology logic in Figure 2, Figure 3, you can complete the copy of the video stream and the audio stream separately.
- the H248 extended listening packet is a specific protocol language description of the H248 to implement the above RTP replication. The following describes the method for copying the data packet by using the extended H248 listening packet in conjunction with FIG.
- the listener media copy indication attribute is used to specify the replication dependent attribute of the endpoint, that is, whether the endpoint is a slave attribute, a master attribute, or a common ( Normal) Attribute, for an endpoint that does not display the attribute, it is considered to be an endpoint that is not related to replication.
- the dependent attribute of such an endpoint is always common.
- the listener endpoint affiliation "Master termination", which is valid for the slave endpoint and is a string of 8 bytes in length. Set the endpoint ID of the master endpoint corresponding to the slave endpoint in Master termination. This attribute is valid for the slave endpoint.
- T3 and ⁇ 4 are slave endpoints
- T1 is the master endpoint of T3
- T2 is the master endpoint of T4.
- the listening endpoint copy mode "Interception mode”. The values of the listening endpoint copy mode include "upstream”, "downstream” and "combined stream”.
- the listening endpoint replication mode is used to express the connection mode between the slave endpoint and the replicated endpoint, that is, the upstream media, the downlink media, or the upstream and downstream mixed media of the replication source endpoint. This attribute is valid for slave endpoints.
- the slave endpoint copies the corresponding flow from the specified master endpoint. Packet.
- Method 2 The communication content is copied and reported by the PDG, as shown in Figure 4.
- the PDG Packet Data Gateway
- 3GPP WLAN Wireless Local Area Network
- the PDG can also use the MGCP (Media Gateway Control Protocol) and the H248 protocol when copying the communication media packets of the monitored object, as described in the first method.
- MGCP Media Gateway Control Protocol
- the access network device is provided to provide the corresponding monitoring function.
- the user accessing the fixed network has no function to legally monitor the collection and reporting of the communication content; and, because the function of monitoring and collecting the communication content in the mobile network access mode depends on the access layer device
- the data packet replication function is required to transmit legal interception control signaling information or legal interception data information between the session control layer and the access layer, and this needs to establish mutual trust monitoring or mutual trust between the session control layer and the access layer.
- the above method cannot implement the function of monitoring the user and reporting the communication content. Summary of the invention
- the object of the present invention is to provide a system, method and network device for implementing lawful interception in a next generation network, and the implementation process of the lawful interception communication content of the present invention is independent of the access network, and avoids the session control layer and access. Layer trust and authorization issues, thus providing a complete and feasible technical solution for lawful interception of communication content for NGN networks.
- the present invention provides a system for implementing lawful interception in a next-generation network, the system comprising: a lawful interception service application server LI-AS and a lawful interception media gateway function LI-MGF;
- the lawful interception control module in the LI-AS adds itself to the call signaling route according to the session establishment request it receives when determining that the call needs to be monitored, and the lawful interception control module in the LI-AS according to the The received call signaling controls the LI-MGF, adds the LI-MGF to the media route, and the LI-MGF copies the call media stream and outputs the same.
- the LI-MGF is located in the home domain of the monitored object, or the home domain of any of the parties, and the LI-MGF is an IP to IP gateway.
- the LI-MGF is an independent functional entity, or the LI-MGF is disposed in the LI-AS.
- an interface exists between the lawful interception control module in the LI-AS and the LI-MGF, and the interface protocol includes: H.248 protocol and/or session initiation protocol SIP ;
- LI-MGF When the LI-MGF is set in the LI-AS, a custom internal interface connection is adopted between the lawful interception control module and the LI-MGF in the LI-AS.
- the LI-AS and the LI-MGF are provided with: a lawful interception media gateway control function LI-MGCF;
- the method monitoring control module in the LI-AS controls the LI-MGF to join the media route through the LI-MGCF.
- the LI-MGCF is an independent functional entity, or the LI-MGCF is set in the LI-AS or in the LI-MGF.
- the LI-MGCF is an independent functional entity
- an interface exists between the lawful interception control module and the LI-MGCF in the LI-AS, and the interface protocol is: H.248 and/or SIP
- An interface exists between the LI-MGF and the LI-MGCF, and the interface protocol is: H.248 and/or a session initiation protocol SIP;
- the LI-MGCF When the LI-MGCF is set in the LI-AS or is disposed in the LI-MGF, between the lawful interception control module in the LI-AS and the LI-MGCF or the LI-MGF and The LI-MGCF is connected by a custom internal interface.
- the present invention also provides a method for implementing lawful interception in a next generation network, the method comprising the steps of:
- the LI-AS When determining that the call needs to be monitored, the LI-AS adds itself to the call signaling route according to the session establishment request it receives;
- the LI-AS controls the LI-MGF according to the received call signaling, and adds the LI-MGF to the media route; the LI-MGF copies the call media stream and outputs.
- the step of adding the LI-AS to the call signaling route includes:
- the S-CSCF After receiving the session establishment request, the S-CSCF routes the session establishment request message to the LI-AS; the LI-AS determines whether it needs to be monitored according to the session establishment request message it receives;
- the session establishment request is returned to the S-CSCF; if it is determined that no listening is required, the session establishment request is directly returned to the S-CSCF.
- the step of routing the session establishment request message to the LI-AS includes:
- the S-CSCF After receiving the session establishment request, the S-CSCF routes the setup request message to the LI-AS when it is determined that the session needs to be monitored according to the stored interception information.
- the interception information stored by the S-CSCF includes: a lawful interception initial filter rule, and/or interception data obtained by the S-CSCF from the management function entity ADMF and/or the home subscriber server HSS;
- the lawful interception initial filter rule is generated by the S-CSCF from the interception data obtained by the management function entity ADMF, and/or the lawful interception initial filter rule is downloaded by the S-CSCF from the home subscriber server HSS.
- the step of the LI-AS adding the LI-MGF to the media route includes:
- the LI-AS applies for a session connection resource to the LI-MGF during a call setup process
- the LI-AS by controlling the LI-MGF, causes the LI-MGF to modify an IP address and a real-time transport protocol RTP port described by the session description protocol SDP in the session establishment request and the call request corresponding message according to the session connection resource. Number information, adding the LI-MGF to the media route;
- step of the LI-AS adding the LI-MGF to the media route includes:
- the LI-AS adds the LI-MGF to the media route by controlling the LI-MGF to initiate a media redirection process
- the step of the LI-AS adding the LI-MGF to the media route includes: When the monitoring center determines that the content of the call currently being intercepted by the monitored object needs to be copied and output, the output call media stream instruction carrying the identifier of the monitored object is transmitted to the LI-AS;
- the LI-AS initiates a media redirection process of both parties of the call
- the LI-AS modifies the current call connection of the calling parties according to the session connection resource, and connects the call media streams of the calling parties to the LI-MGF.
- the step of transmitting, by the monitoring center, an output call media stream instruction carrying the identifier of the monitored object to the LI-AS includes:
- the XMF instruction of ADMF transmits an output call media stream command carrying the identity of the monitored object to the LI-AS.
- the step of the LI-AS adding the LI-MGF to the media route includes:
- the LI-AS directly controls the LI-MGF according to the received call signaling, and adds the LI-MGF to the media route; or the LI-AS passes the LI-based according to the call signaling it receives.
- the MGCF indirectly controls the LI-MGF, and adds the LI-MGF to the media route.
- the step of the LI-MGF copying the call media stream and outputting includes: the LI-AS transmitting the topology description information of the interception media stream copy to the LI-MGF;
- the LI-MGF copies the call media stream according to the received topology description information of the interception media stream replication, and outputs the voice media stream.
- step of copying and outputting the call media stream by the LI-MGF includes:
- the LI-AS transmits user monitoring data to the LI-MGF;
- the LI-MGF copies the call media stream according to the user monitoring data it receives, and outputs it.
- the topology description information or user interception data of the interception media stream replication is carried in the extended H.248 protocol and/or the extended session initiation protocol SIP to the LI-MGF.
- the H.248 protocol is extended to: an extended H.248 interception data packet carrying intercept data, the SIP extension being: an extensible markup language XML message body that extends topology description information for intercepting media stream replication, or extended bearer monitoring The XML message body of the data message.
- the step of the LI-MGF copying the call media stream and outputting the method further includes:
- the LI-AS initiates a call to the 3-channel delivery function entity DF3, and controls the LI-MGF to transmit the copied call media through the DF3 to the interception center.
- the present invention also provides a network device having a function of legally listening to a media gateway.
- the network device adds a media stream of a call to be intercepted by the device according to the control of the control terminal, and copies the call media stream and outputs the same.
- the network device is located in the home domain of the monitored object, or the home domain of any of the parties, and is an IP to IP gateway.
- the invention also provides an application server, wherein the application server is provided with a lawful interception control module, and the lawful interception control module adds itself to the call signaling according to the session establishment request it receives when determining that the call needs to be monitored. In the routing, the lawful interception control module controls the LI-MGF according to the received call signaling, and adds the LI-MGF to the media route.
- the present invention adds the LI-AS to the call signaling route, adds the LI-MGF to the media route, and copies and outputs the call media stream through the LI-MGF, so that the present invention is legal.
- the implementation process of monitoring the communication content is independent of the access network.
- the present invention can legally monitor the call of the user accessing the fixed network in the NGN network, and can also perform the call of the user accessing the mobile network through the mobile network in the NGN network.
- the lawful interception because the implementation process of the lawful interception communication content of the present invention can be independent of the access network, the present invention avoids the trust and authorization problems of the session control layer and the access layer; LI-AS in the present invention
- the LI-MGF can be added to the media route by modifying the media information of the interaction between the two parties during the call setup process.
- the LI-AS can also add the LI-MGF to the media route by initiating the redirect process after the call setup process.
- the present invention copies and outputs the call media stream of the currently ongoing call; thereby providing a complete and feasible NGN network. Lawful interception of content of communications technology solutions. BRIEF DESCRIPTION OF THE DRAWINGS
- FIG. 1 is a schematic diagram of a IMS domain GSN legally listening for communication content and reporting in the prior art
- FIG. 2 is a topological logic diagram 1 for replicating an RTP-based data packet in the prior art
- FIG. 3 is a schematic diagram 2 of a topology logic for replicating an RTP-based data packet in the prior art
- FIG. 5 is a schematic diagram of a network logical structure of a lawful interception communication content according to an embodiment of the present invention
- FIG. 6 is a flow chart 1 of lawfully intercepting communication content and reporting it according to an embodiment of the present invention
- FIG. 7 is a second flowchart of the lawful interception of communication content and reported in the embodiment of the present invention.
- FIG. 8 is a third flowchart of legally listening for communication content and reporting the embodiment of the present invention. Mode for carrying out the invention
- the present invention uses the method of inserting the application server into the call signaling route and inserting the media gateway into the call media route to implement the replication of the call media stream of the monitored object. And output the call media stream of the monitored object.
- the system for legally monitoring communication content mainly includes: LI-AS (legal monitoring service application server) and network device having LI-MGF (legal listening media gateway function), hereinafter referred to as LI-MGF.
- LI-AS legal monitoring service application server
- LI-MGF legal listening media gateway function
- the main process of legally monitoring the communication content and reporting between LI-AS and LI-MGF is - first, LI-AS will itself when receiving the session establishment request and determining that the call needs to be legally monitored. Adding to the call signaling route of the call, the LI-AS adds the LI-MGF to the media route of the call by controlling the LI-MGF, and the LI-MGF copies the call media stream of the monitored object. And output.
- the call media stream output by LI-MGF can pass
- the DF3 is transmitted to the monitoring center.
- the session establishment request received by the LI-AS may be transmitted by the S-CSCF (Serving-CSCF, Service Call Session Control Function).
- S-CSCF Serving-CSCF, Service Call Session Control Function
- the AS that implements the lawful interception service in the communication system is the LI-AS, that is, the LI-AS is a functional entity that performs the lawful interception service logic.
- a legal listening control module is set in the LI-AS.
- the LI-MGF is located in the home domain of the monitored object or in the home domain of any party in the call.
- the LI-MGF is an IP to IP gateway function entity, and the LI-MGF can be an independent functional entity or other functional entities. If it is combined with LI-AS, it is set to the same functional entity.
- the interface can be a standard SIP interface.
- the legal interception control module in the LI-AS can be IMS through ISC (IMS Service Control). Provide legal listening services.
- IMS Service Control IMS Service Control
- the lawful interception control module in the LI-AS needs to add itself to the call signaling route when implementing the lawful interception service. After the legal interception control module in the LI-AS joins the call signaling route, it receives it according to the The call signaling directly controls the LI-MGF through its interface with the LI-MGF, and controls the LI-MGF to join the media route.
- the lawful interception control module in the LI-AS can add the LI-MGF to the media route by modifying the media information of the interaction between the two parties in the session establishment process.
- the legal interception control module in the LI-AS can also be established in the session. After that, the LI-MGF is added to the media route by initiating the media redirection process.
- the lawful interception control module in the LI-AS can transmit the topology logic description information of the call media copy to the LI-MGF, and can also transmit the interception data to the LI-MGF.
- LI-MGF After the LI-MGF is added to the intercepted object's call media route according to the control of the LI-AS, the LI-MGF needs to provide the function of legally listening to the communication content, that is, the LI-MGF needs to copy the call media stream of the monitored object.
- LI-MGF can use the various methods for legally monitoring communication content to realize the function of monitoring communication content. For example, when LI-MGF receives the topology logic description information transmitted by LI-AS, it uses Figure 2 And the method for monitoring the communication content based on the RTP lawful listening communication content shown in FIG.
- the interface can be an E1 interface, a legal listening control module in the LI-MGF and the LI-AS.
- the interface protocol between the two can be SIP or H.248.
- the interface between LI-MGF and the legal listening control module in LI-AS can be a custom internal interface.
- the system for legally monitoring the communication content provided by the embodiment of the present invention may further include: LI-MGCF (legal monitoring media gateway control function), so that the lawful interception control module in the LI-AS may not directly control the LI-MGF.
- LI-MGCF legal monitoring media gateway control function
- the LI-MGF is controlled by the LI-MGCF, that is, the lawful interception control module in the LI-AS can directly control the LI-MGF through its interface with the LI-MGF, such as the E1 interface, or through The interface between LI-MGCF indirectly controls the LI-MGF.
- the LI-MGCF can be a separate functional entity or can be combined with other functional entities, such as LI-MGF as the same functional entity, and as LI-AS as the same functional entity.
- the LI-MGCF is a lawful interception media gateway control function entity, and the LI-MGCF controls the LI-MGF to perform the function of legally monitoring the communication content according to the LI-AS control command.
- LI-MGCF is an independent functional entity
- an E3 interface exists between LI-MGCF and LI-MGF, and an interface protocol between LI-MGCF and LI-MGF can use SIP or H.248.
- the E3 interface can be a custom internal interface.
- LI-AS can indirectly control LI-MGF via LI-MGCF.
- LI-AS has an interface with LI-MGCF E2, and the interface protocol is SIP.
- the interface between LI-MGCF and LI-AS can be a custom internal interface.
- the LI-AS can transmit the message carrying the interception data directly to the LI-MGF through the E1 interface between it and the LI-MGF, and the LI-MGF intercepts the interception in the received message. Data, triggers the interception, and copies the media stream of the intercepted object; the LI-AS can also transmit the message carrying the topology description of the intercepted media stream directly to the LI-MGF through the E1 interface between the LI-MGF and the LI-MGF.
- the LI-MGF triggers the interception by parsing the topology description in the message it receives, and copies the call media stream according to the topology description.
- the LI-AS can pass the message carrying the interception data through it and the LI.
- the E2 interface between the MGCFs is transmitted to the LI-MGCF, and the LI-MGCF transmits the message to the LI-MGF through its E3 interface with the LI-MGF, and the LI-MGF resolves the intercepted data in the received message by the LI-MGF , triggering the monitoring, and copying the conversation media stream of the monitored object; the LI-AS may also transmit the message carrying the topology description of the interception media stream replication to the LI-MGCF through the E2 interface between the LI-MGCF and the LI-MGCF.
- the LI-MGCF transmits the message to the LI-MGF through its E3 interface with the LI-MGF.
- the LI-MGF triggers the interception by parsing the topology description in the received message, and copies the call media stream according to the topology description.
- Embodiment 1 The replication of the call media stream is implemented by transmitting the topology information, that is, the LI-AS carries the topology description of the interception media stream replication in the message transmitted to the LI-MGF, and is parsed by the LI-MGF according to the received message. Listen to the topology description of the media stream replication and copy the media stream according to the topology description.
- the LI-AS uses the E2 and E3 interfaces described in the system in FIG. 5 or the E1 interface to transmit the topology description of the interception media stream replication
- the data can be used.
- the existing extended H.248 listening packet carries the topology description; if SIP is used, it will involve the protocol extension of SIP, and the extension is as follows - the embodiment of the present invention can implement the SIP protocol by extending an application type based on the XML format. Expanding, and then carrying the topology description of the media stream replication through the message body.
- the XML message body can be of the form - Content-type: application/session-topology+xml
- the XML message body in the above example gives the current call to copy the RTP upstream (upstream) from [5555::1:2:3:4]:1357 to [5555::a:b:c:d]:7531 Media stream.
- the LI-AS inserts the LI-MGF into the media route by modifying the media information of the interaction between the two parties.
- LI-MGF has a direct interface with LI-AS, and the interface protocol is H.248.
- LI-AS acts as the MGC (Media Gateway Control Part), that is, LI-AS has the media gateway control function to control the LI-MGF.
- LI-AS uses the extended H.248 listening package to directly control LI-MGF.
- the calling party that sets the basic call is the monitored object. The process of legally listening to the communication content is shown in Figure 6.
- step 1 to step 2 the monitored object initiates a call as the calling party of the call.
- the session establishment request passes through the S-CSCF, the lawful interception initial filtering rule in the S-CSCF is triggered, and the S-CSCF routes the session establishment request to the LI-AS.
- step 3 to step 5 when the LI-AS determines that the calling party of the call is being monitored and needs to output the communication content according to the session establishment request, the LI-AS controls the LI-MGF by using the extended H.248 monitoring packet. Apply for the session connection resource on the LI-MGF, and replace the IP address and RTP port number information of the SDP description of the calling party in the session establishment request with the applied session connection resource, and add itself to the call route. Then, LI-AS will The call request is routed back to the S-CSCF.
- Figure 2 Figure 3 to add the LI-MGF to the call routing.
- the S-CSCF After receiving the call request of the LI-AS route back, the S-CSCF resolves the called identity by the S-CSCF, and sends the call request to the next hop node. .
- the call request eventually arrives at the called party.
- the called party After the called party responds to the call request, it sends back a 200 OK message, and the 200 OK message carries the media type of the called party SDP description and selection.
- the message is routed to the LI-AS after passing through the S-CSCF.
- step 9 to step 12 the LI-AS extracts the called party SDP description in the message, and modifies the connection resource on the LI-MGF according to the called party SDP description, so that the LI-MGF connects the media streams of the two parties.
- the LI-AS uses the extended H.248 listening packet to control the LI-MGF to complete the replication of the call media stream between the calling party and the called party, and then the LI-AS initiates the call to the DF3. , the media stream copied by the LI-MGF is sent to the monitoring center.
- step 19 to step 22 the LI-AS modifies the called party SDP description in the called response message 200 OK, replaces the called party SDP description with the connection resource requested on the LI-MGF, and sends the called response message 200 OK. To the next hop node, the reply message finally arrives at the calling party.
- the LI-AS controls the LI-MGF and establishes the media description of the two parties in the signaling route by modifying the session, so that the media streams of the two parties are connected to the LI-MGF, thereby realizing The purpose of inserting LI-MGF into the media route.
- This process does not affect the media negotiation between the two parties. This is because, in the signaling of the interaction between the two parties, the LI-AS only modifies the IP addresses and RTP port numbers of the two parties in the media description, and does not change the coding scheme negotiated by both parties.
- LI-MGF acts as A gateway function entity located in the IP to IP of the home domain of the controlled user implements the function of providing legal interception of media stream replication.
- the first embodiment shows the implementation process of the LI-MGF copying the call media stream when the caller is intercepted in the basic call in the case of non-resource reservation.
- LI-AS can also control LI-MGF by the above method, and insert the LI-MGF into the media route by modifying the SDP description in the signaling interaction between the two tongues.
- the S-CSCF triggers the lawful interception of the iFC (initial filtering rule) to route the session establishment request to the LI-AS.
- the LI-AS determines that the calling party of the call is being monitored and needs to output the communication content, it adds itself to the signaling route of the call and applies for resources on the LI-MGF, so that The signaling interaction message will pass through the LI-AS.
- the LI-AS replaces the SDP description of the calling party with the resource applied for on the LI-MGF, and the media stream of the two parties is connected to the LI-MGF. . It can be seen that, in the case of resource reservation, the process of legally intercepting the communication content is the same as the process of legally intercepting the communication content in the case of non-resource reservation.
- the first embodiment is described by taking the calling party as the monitored object in the basic call as an example.
- the S-CSCF registered by the called party can also use the implementation method of the calling party's S-CSCF to route the session establishment request to the called domain in the called domain.
- the LI-MGF is inserted into the call media route by the called domain LI-AS, and the call media stream is copied by the LI-MGF.
- the above method can also be used to directly monitor the called party in the calling domain.
- This method is also applicable to situations where multiple parties are being monitored in a call.
- the method is also applicable to subsequent embodiments of the present invention.
- the lawful interception initial filtering rule in the S-CSCF may be downloaded from the HSS (Home Subscriber Server), or may be obtained by the S-CSCF according to the interception data obtained from the ADMF.
- the process of generating the lawful interception initial filtering rule by the S-CSCF according to the interception data obtained from the ADMF may be:
- the S-CSCF obtains the interception data from the ADMF, and after the interception data is determined to be monitored by the party of the session, the session is established.
- the request is routed to the LI-AS, and the S-CSCF generates the interception filtering rule of the user being intercepted by using the lawful interception initial filtering rule.
- the S-CSCF After the S-CSCF generates the lawful interception initial filtering rule, the S-CSCF can also transmit the generated lawful interception initial filtering rule to the HSS through the interface with the HSS to refresh the lawful interception initial filtering rule in the HSS.
- the S-CSCF can also determine whether it is necessary to monitor the party of the session based on the interception data. That is, the S-CSCF does not generate a lawful interception initial filter after determining that the party of the session needs to be monitored according to the interception data. rule.
- some temporary messages in the call such as a 100 response message of the Invite message, are omitted.
- the first embodiment is described by taking a basic call as an example.
- the embodiment of the present invention is also applicable to other services except the basic call, that is, when the monitored party generates a service, the method described in the first embodiment is used.
- the LI-MGF can be inserted into the call media route of the monitored party to copy the call media stream.
- the method for adding the LI-MGF to the media routing may also be:
- the LI-AS initiates the media redirection process, so that the media streams of the two parties are connected to the LI-MGF.
- the function of inserting the LI-MGF into the call media stream is realized.
- the LI-AS receives the called party call response message 200 OK
- the LI-MGF is requested to apply for the session connection resource.
- the media connection description is replaced by the session connection resource, and then the call to the call is respectively initiated.
- the party's media redirects the process, redirecting the media of the calling parties to the LI-MGF, thereby connecting the media streams.
- the LI-AS can control the LI-MGF by carrying the topology description of the interception media stream replication in the message, so that the LI-MGF copies the call media stream.
- the LI-AS directly controls the LI-MGF using the extended H.248 listening packet.
- the LI-AS can also use the extended XML body to carry the topology description of the interception media stream replication in the SIP message, and the LI-MGF copies the media stream by parsing the topology description of the interception media stream replication.
- the LI-AS sends a session establishment request to the LI-MGF, requests the session connection resource in the LI-MGF, and the LI-AS replaces the SDP in the session establishment request with the applied session connection resource.
- the LI-MGF Describe, and add itself to the call signaling route, then return the session establishment request to the LI-AS, and finally return to the S-CSCF, and the S-CSCF sends the session establishment request to the next hop node.
- the LI-MGF receives the called response message, it replaces the SDP description in the called response message, so that the LI-MGF is located in the call media route;
- the LI-AS receives the called response message, the LI-AS initiates to the LI
- the MGF call carries the topology description of the interception media stream replication through the extended XML body, and the LI-MGF parses the topology description of the interception media stream replication in the XML body, and copies the corresponding media stream.
- LI-AS can also indirectly control LI-MGF through LI-MGCF. That is to say, LI-AS implements specific media gateway control functions through LI-MGCF to control LI-MGF to copy the call media stream. At this time, the LI-AS can route the call to the LI-MGCF.
- the LI-MGCF uses the extended R248 listening packet to control the LI-MGF to copy it. Call media stream.
- the LI-AS adopts the SDP description mode in the signaling interaction message during the session establishment process, or the LI-AS actively initiates the media redirection process after the session establishment is completed.
- the monitoring center can selectively copy the call media stream according to the monitoring related information (IRI) reported by the user when the call is made.
- IRI monitoring related information
- the user is set to enter the call state, and the interception center temporarily determines that the network is required to copy the user's call media stream according to the user monitoring related information reported by the network.
- step A the controlled object is in the session, and the session enters a call state.
- the monitoring center temporarily determines that the communication content of the current conversation of the monitored object needs to be output according to the reported monitoring related information, and the ADMF (management function entity) sends an output media stream instruction to the LI-AS through the XI-1 instruction, and the XI-1 instruction carries The identifier of the monitored object.
- ADMF management function entity
- step 1 to step 2 the LI-AS obtains a coding scheme negotiated by the calling party when the call signaling interaction is obtained according to the identity of the monitored object, and uses the coding scheme to control the LI-MGF, and the LI-AS applies for the session in the LI-MGF.
- Connection resource used to connect the media stream of both parties.
- LI-AS can set the LI-MGF using the setting method in Figure 2 and Figure 3.
- step 3 to step 14 the LI-AS initiates a media redirection process to both parties of the call, that is, the LI-AS initiates a media redirection process to the calling party and the called party, and the media redirection process carries the LI-
- the AS applies for an SDP description of the resource on the LI-MGF.
- the LI-AS modifies the connection on the LI-MGF to connect the media stream of the calling party to the LI-MGF.
- step 15 to step 26 the LI-AS uses the extended H.248 listening packet to control the LI-MGF, and requests the lawful interception of the media copy resource to copy the user's call media stream. And initiate a call to DF3, and output the copied call media stream to the monitoring center.
- the LI-AS After receiving the call response message of the DF3 in step B, the LI-AS sends a request to the ADMF to output a media stream response message. Indicates that its output specifies the media stream being listened to.
- the LI-AS controls the LI-MGF, and initiates the media redirection process after the session is established, so that the media streams of the two parties are connected to the LI-MGF, thereby realizing the purpose of inserting the U-MGF into the media route. This did not affect the media negotiation between the two parties.
- the sequence of the media redirection process to the calling party in the call and the media redirection process to the called party in the call does not affect the solution of the embodiment of the present invention.
- the LI-AS is located in the call signaling route. This is because the premise of the embodiment is that the user is being monitored but does not need to output the communication content. Therefore, when a user makes a call, the LI-AS is located in the signaling route and participates in the call signaling interaction.
- Embodiment 2 copying the communication media stream by transmitting the interception data, that is, the LI-AS carries the interception data in the message transmitted to the LI-MGF, and the LI-MGF parses the interception data according to the received message, and The media stream is copied according to the interception data.
- the LI-AS uses the E2 and E3 interfaces described in the system in Figure 5, or the E1 interface to deliver the interception data, it will involve the extension of the SEP and the extension of the H.248 protocol.
- IRI (0x0001) outputs only IRI.
- the MGC can carry a listener packet in any command to indicate that the user is listening and the current user's listening data.
- SIP When SIP is extended to enable it to carry intercepted data, SIP can be extended by extending an XML-based application type.
- the XML message body can be of the form:
- the current identifier of the monitored object is abcd@example.com, and the current IRI and CC are required to be output to the user.
- the address of the output IRI is df2@lea.com, and the address of the output CC is dfi@lea.com.
- the extended interception data packet in H.248 or the extended XML message body in the SEP message is merely for explaining that the relevant interception can be used in the interface protocol defined by the existing architecture. data.
- the specific fields and meanings defined are only meant to illustrate the need to have such fields and data in the listening data, and does not mean that the listening data must be extended in the manner given above.
- multiple monitoring centers can be carried in the monitoring data to listen to the same user's data.
- DF2 output address and different DF3 output addresses these can be carried in the same message body.
- the method of transmitting the interception data in the message interaction, and completing the call data stream replication by the LI-MGF is as shown in FIG.
- step 1 to step 2 the monitored object initiates a call as the calling party of the call.
- the session establishment request arrives at the S-CSCF, and the S-CSCF triggers the lawful interception of the iFC and routes the session establishment request to the LI-AS.
- step 3A the LI-AS directly routes the call back to the S-CSCF when it is determined that the communication content of the monitored object does not need to be output, and the S-CSCF sends the call request to the called party, and completes the existing call flow. The call.
- step 3B when determining that the communication content of the monitored object needs to be output, the LI-AS routes the session establishment request to the LI-MGF, and carries the intercepted data of the monitored object through the extended XML message body in the call request.
- step 4 to step 7 the LI-MGF parses and saves the interception data in the XML message body, and the LI-MGF applies for the session connection resource, and replaces the calling party IP in the SDP description in the session establishment request with the applied session connection resource. Address and RTP port number, add yourself to the call route.
- the LI-MGF then returns the session establishment request to the LI-AS, which returns the session establishment request to the S-CSCF by the LI-AS, and the session establishment request finally arrives at the called party.
- step 8 to step 16 the called party responds to the call, and the response message 200 OK is routed to the LI-MGF.
- the LI-MGF replaces the called party SDP description in the message by using the applied session connection resource, and sends the response message to the next hop. Node, the response message finally arrives at the calling party, so that the LI-MGF is located in the call media route.
- the LI-MGF applies for legally listening to the replication resource, and copies the current call media stream between the calling party and the called party.
- the LI-MGF outputs the copied media stream to the specified address, such as the monitoring center, according to the saved monitoring data. receiving address.
- the LI-AS When determining that the current call needs to output the monitoring communication content, the LI-AS carries the extended XML message body in the session establishment request, and transmits the monitoring data to the LI-MGF.
- the LI-MGF saves the monitoring data, and when the called party responds to the call, copies the call media stream to the designated listening center to receive the address.
- the LI-AS may also use the extended XML message body to carry the interception data in the called response message, and send the interception data to the LI-MGF.
- the H.248 protocol can also be used to transfer interception data between LI-AS and LI-MGF.
- the LI-MGF parses the received listening data and copies the call media stream.
- a SIP interface exists between the LI-AS and the LI-MGF, and the XML message body extended in the SIP message is used to carry the interception data.
- the LI-AS can also indirectly control the LI-MGF through the LI-MGCF, and transmit the interception data in the signaling, and control the LI-MGF to copy the call media stream.
- the specific implementation process is basically the same as described above. More details will be described.
- the description of the lawful interception initial filtering rule in the S-CSCF is as described in the foregoing first embodiment, and, in the second embodiment, the S-CSCF can also directly judge whether the data is based on the monitoring data.
- the monitoring is required, as described in the first embodiment above.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
L'invention concerne un système, un procédé et un équipement réseau d'écoute légale dans un réseau de nouvelle génération. A cet effet, on se connecte au serveur de fourniture de service d'écoute légale selon le chemin de signalisation d'appel, puis à l'entité de fonction de passerelle média d'écoute légale selon le chemin média. Cette entité collecte et transmet le contenu de communication d'écoute légale. L'invention permet la mise sur écoute légale des appels des utilisateurs accédant via le réseau fixe ou le réseau mobile à un réseau de nouvelle génération en raison de l'indépendance du réseau d'accès collectant et transmettant le contenu de communication de l'écoute légale vers l'entité de fonction passerelle média d'écoute légale. On évite ainsi les problèmes liés à la confidencialité et à l'autorisation de la couche de contrôle de session et de la couche d'accès, ce qui permet de proposer une solution intégrée et viable de collecte du contenu de communication d'écoute légale pour un réseau de nouvelle génération.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610001744.0 | 2006-01-23 | ||
CN200610001744 | 2006-01-23 | ||
CNB2006100598294A CN100550784C (zh) | 2006-01-23 | 2006-03-15 | 下一代网络中实现合法监听的系统、方法和应用服务器 |
CN200610059829.4 | 2006-03-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007082435A1 true WO2007082435A1 (fr) | 2007-07-26 |
Family
ID=38287246
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2006/002893 WO2007082435A1 (fr) | 2006-01-23 | 2006-10-30 | Système, procédé et équipement réseau d'écoute légale dans un réseau de nouvelle génération |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN100550784C (fr) |
WO (1) | WO2007082435A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008080335A1 (fr) * | 2006-12-31 | 2008-07-10 | Huawei Technologies Co., Ltd. | Système d'interception légale, procédé et serveur d'application |
CN101237660B (zh) * | 2008-02-28 | 2012-05-09 | 中兴通讯股份有限公司 | 一种在下一代网络中实现监听的系统和方法 |
CN107534588B (zh) * | 2015-10-12 | 2020-08-14 | 泉州台商投资区天泰工业设计有限公司 | 监听方法和相关设备 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004091250A1 (fr) * | 2003-04-09 | 2004-10-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Interception licite d'appels multimedia |
US20050094651A1 (en) * | 2003-10-30 | 2005-05-05 | Alcatel | Lawful interception gateway |
WO2005069663A1 (fr) * | 2004-01-14 | 2005-07-28 | Nokia Corporation | Procede, systeme et element de reseau destines a controler un contenu de session et des donnees de signalisation dans des reseaux |
-
2006
- 2006-03-15 CN CNB2006100598294A patent/CN100550784C/zh not_active Expired - Fee Related
- 2006-10-30 WO PCT/CN2006/002893 patent/WO2007082435A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004091250A1 (fr) * | 2003-04-09 | 2004-10-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Interception licite d'appels multimedia |
US20050094651A1 (en) * | 2003-10-30 | 2005-05-05 | Alcatel | Lawful interception gateway |
WO2005069663A1 (fr) * | 2004-01-14 | 2005-07-28 | Nokia Corporation | Procede, systeme et element de reseau destines a controler un contenu de session et des donnees de signalisation dans des reseaux |
Also Published As
Publication number | Publication date |
---|---|
CN101009604A (zh) | 2007-08-01 |
CN100550784C (zh) | 2009-10-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1976186B1 (fr) | Procédé d'écoute légale dans un réseau de nouvelle génération et système associé | |
US8599747B1 (en) | Lawful interception of real time packet data | |
US7408948B2 (en) | Packet mode speech communication | |
US7386000B2 (en) | Packet mode speech communication | |
JP5043392B2 (ja) | Sip通信セッションをセットアップする方法、並びに、そのシステム及びコンピュータ・プログラム | |
EP2522122B1 (fr) | Aide d'interception légale d'appels dans un reseau packetcable | |
EP2247031B1 (fr) | Procédé de mise en oeuvre, système et dispositif pour surveillance ims | |
CN100512161C (zh) | 一种传递合法监听信息的方法 | |
CN101379802B (zh) | 在媒体服务器和用户设备之间以加密方式传输媒体数据的方法和装置 | |
WO2008037220A1 (fr) | Procédé, système et dispositif pour autoriser une émission de télévision en direct sur un canal par un réseau | |
WO2008089694A1 (fr) | Procédé, système et équipement d'obtention de clé de protection de flux multimédia dans un réseau ims | |
WO2011032426A1 (fr) | Procédé, dispositif et système de mise en œuvre de service de priorité d'appel d'urgence | |
WO2007095855A1 (fr) | Procédé et entité réseau de négociation d'un paramètre de type média | |
WO2008000121A1 (fr) | Procédé de transmission de l'état de service d'un service de continuité de communication vocale. | |
AU2005263756A1 (en) | Push to watch network element and software architecture | |
WO2007082435A1 (fr) | Système, procédé et équipement réseau d'écoute légale dans un réseau de nouvelle génération | |
WO2009049518A1 (fr) | Procédé, système et entité d'établissement de session de système de télévision par internet ip | |
US20200204595A1 (en) | Media protection within the core network of an ims network | |
WO2007056925A1 (fr) | Procede et materiel de controle de session dans un reseau ims | |
WO2007085199A1 (fr) | Procédé, application et appareil permettant d'identifier l'état utilisateur dans des réseaux | |
CN100583786C (zh) | 一种合法监听系统、方法和应用服务器 | |
WO2008080335A1 (fr) | Système d'interception légale, procédé et serveur d'application | |
Jiang et al. | Design and implementation of voip transceiver module based on sip protocol | |
WO2007082493A1 (fr) | Procédé et entité de réseau pour le traitement du contenu de message de protocole d'ouverture de session |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06805098 Country of ref document: EP Kind code of ref document: A1 |