WO2008009234A1 - Procédé d'identification d'utilisation abusive des ressources de supports d'urgence, dispositif et système associés - Google Patents

Procédé d'identification d'utilisation abusive des ressources de supports d'urgence, dispositif et système associés Download PDF

Info

Publication number
WO2008009234A1
WO2008009234A1 PCT/CN2007/070278 CN2007070278W WO2008009234A1 WO 2008009234 A1 WO2008009234 A1 WO 2008009234A1 CN 2007070278 W CN2007070278 W CN 2007070278W WO 2008009234 A1 WO2008009234 A1 WO 2008009234A1
Authority
WO
WIPO (PCT)
Prior art keywords
bearer
emergency
message
application
layer
Prior art date
Application number
PCT/CN2007/070278
Other languages
English (en)
Chinese (zh)
Inventor
Peng Zhao
Fenqin Zhu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008009234A1 publication Critical patent/WO2008009234A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/12Arrangements for interconnection between switching centres for working between exchanges having different types of switching equipment, e.g. power-driven and step by step or decimal and non-decimal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2242/00Special services or facilities
    • H04M2242/04Special services or facilities for emergency applications

Definitions

  • the present invention relates to the field of communication technologies, and in particular, to a method, device and system for identifying abuse of emergency bearer resources in an IP Multimedia Subsystem (IMS, Internet M ltiedia Subsystem).
  • IMS IP Multimedia Subsystem
  • IMS Internet M ltiedia Subsystem
  • the user In an emergency state, the user will use the user equipment (UE, User Equipment) to call the Public Safety Answering Point (PSAP) for assistance.
  • PSAP Public Safety Answering Point
  • the PSAP may also initiate a callback to the user after the user hangs up, in order to learn more. Information.
  • the emergency service mentioned in this article refers to the situation where the user initiates an emergency call, and may also include the case where the PSAP calls the user. Of course, the PSAP callback may not be included.
  • FIG. 1 shows the overall process framework of an existing IMS domain emergency call.
  • the solid line in the figure indicates the emergency call initiated by the UE, and the dotted line indicates the call initiated by the PSAP.
  • the emergency call initiated by the UE 10 passes through a GPRS Gateway Support Node (GGSN) 20, a Proxy Call Session Control Function (P-CSCF) entity 40, and an Emergency Call Session Control Function (E-CSCF)
  • GGSN GPRS Gateway Support Node
  • P-CSCF Proxy Call Session Control Function
  • E-CSCF Emergency Call Session Control Function
  • S-CSCF Serving Call Session Control Function
  • the E-CSCF sends the signaling to the S-CSCF to the PSAP and PS AJP.
  • the control function (MGCF, Media Gatewa Control Function) entity performs conversion. If the PSAP is in the IP domain, it does not need to go through.] GC
  • the policy decision function PDF, Policy Decision Functio entity is used to manage the resource.
  • MGCF1 and PSAP are roaming, but when PSAP calls back, there are two possibilities.
  • FIG. 2 is a schematic diagram of a management process of an existing IMS bearer resource.
  • Steps 101 - 102 after the user decides to initiate a call, firstly, by initiating an application for the bearer resource of the other side, generally, a request for creating a group data protocol (create PDF) is sent to the GGSN, and if it is the resource for the emergency service application, The request will carry an emergency bearer indication, such as an emergency bearer ID or an emergency access point name (APIs!, Access Pomi Name).
  • an emergency bearer indication such as an emergency bearer ID or an emergency access point name (APIs!, Access Pomi Name).
  • Steps 103 to 104 the UE sends a SIP request (i TVlTE) message using the applied bearer resource, and the destination address of the IP packet is the P-CSCF.
  • the message is transited through the GGSN. If the emergency call is performed, the INVITE is read.
  • the message contains an emergency service indication.
  • Steps 105 ⁇ 306 the P-CSCF forwards the i request to other devices, such as the E-CSCF, to establish an emergency call, and then receives the INVITE 200 message.
  • the P-CSCF sends the user connection information (such as the address port and the like) and the quality of service (QoS) information (such as bandwidth) obtained in the INVITE and the 200 to the PDF, usually using The AAR (AA-Request) message of the Diamter protocol, after which the response message from the PDF is received, and the AAA (AA-Answer) message of Diiffl ter is usually used. If the message is the first response message of the session, then the message is in the message. Must carry a Token, which identifies the PDF and this session
  • Steps 109 ⁇ 10 the P-CSCF forwards the 200 message received in step 106 to the UE through the GGSN. If the Token has not been carried before, the Tbken needs to be added to the 200 message.
  • Step 1 After receiving the message sent by the P-CSCF, the UE initiates a resource application process for the media information according to the obtained connection information and QoS information. This is a process of creating or updating a PDP, and the UE sends the create.
  • the PDP message carries a Token. If it is an emergency bearer request, the read message will contain an indication. The GGSN can know that this is an emergency service bearer request. The above indication may be the applied emergency bearer resource.
  • the association relationship may also be an emergency bearer identifier: - Step Bu Xing 112, after receiving the application message, the GGSN initiates an authentication request for the bearer resource to the PDF according to the Token therein, usually a general open policy service protocol (COPS) , Common Open Policy Service Protocol) REQ message (COPS REQtiest message).
  • COPS general open policy service protocol
  • COQ Common Open Policy Service Protocol
  • Step 113 the PDF sends related user connection information, QoS information and other information to
  • COPS DECision message COPS DEC message
  • Step 114 The GGSN checks the resource of the bearer application according to the received DEC message, for example, checks whether the IP address port and the bandwidth information meet the requirements of the application layer, and if yes, allocates bearer resources to the UE in the access network, and simultaneously gives the UE Send a response message that carries a resource request.
  • Step 1 ⁇ 5 if the bearer application is successful, IJE will send data to make a call, and the data packet will be transmitted to the GGSN, whose destination address is the relevant media device.
  • Step 1] 6 The GGSN forwards the data packet to the destination media device of the packet, where the media device includes the media device controlled by the PSAP and the media device controlled by the MGCF.
  • the indication that the resource requested by the UE is an emergency bearer is: an emergency identification field, or a global dedicated emergency, or an index that can be associated with an existing emergency bearer.
  • the existing emergency service adopts the following methods: First, configure filtering for the emergency ⁇ on the GGSN, and only allow the IP packet carrying the specified address of the P-CSCF for emergency call to pass through the GGSN, and ensure that the UE issues the IP packets can only reach the P-CSCF for emergency calls, and can only receive IP packets from these addresses. If it is for the emergency service to apply for the bearer resources, then at the time of application, the steps 01 and m in Figure 2 will carry the emergency bearer indication.
  • the GGSN When the GGSN receives the bearer resources applied for from these addresses, it will use the filtering rules to filter all the packets. The processing takes place in step 104, step 110 and step 1]6
  • the emergency bearer resources generally enjoy higher priority and QoS than the normal bearer resources. Even in the case of ordinary calls, because the roaming restrictions do not allow the use of bearer resources, the emergency bearer resources can be used, and the emergency call using the emergency bearer resources is also used. It is possible that the bearer layer is free, but the function of the GGSN is only to forward the IP packets sent by the UE, and does not parse the application layer content.
  • the filtering rules can restrict the IP packets sent by the UE to only reach certain specific emergency services.
  • the P-CSCF does not restrict the P-CSCF from parsing the received content. Otherwise, it still performs emergency service processing, so that the user may apply for emergency bearer resources when accessing the GGSN, and use it in the upper house application. Ordinary calls, so that you can evade billing and roaming restrictions on the access side, resulting in the abuse of emergency bearer resources.
  • the present invention provides a method and apparatus for identifying abuse of emergency bearer resources in an IMS. And systems to prevent abuse of emergency bearer resources.
  • a method for identifying an overflow emergency resource in an iMS comprising:
  • the intermediate entity for transmitting information determines that the bearer layer uses the emergency bearer, it checks whether the application layer is an emergency service;
  • a device for identifying abuse of emergency load resources in an IMS including:
  • a message receiving unit configured to receive a message or an application message from the same session during the call setup process
  • An emergency bearer identifying unit configured to check whether the bearer layer uses an emergency bearer according to the message or the application signaling
  • An emergency service identification unit configured to check whether the application layer is an emergency service by using the message or the application signaling
  • the determining unit determines, according to the check result of the emergency bearer identifying unit and the emergency service identifying unit, that the emergency bearer is used in the bearer layer, but the application is non-emergency service, determining the call abuse emergency bearer Resources.
  • a system for identifying abuse of emergency bearer resources in an IMS including an access side bearer control IP gateway and an application layer server,
  • the access-side bearer control device includes a resource allocation device, configured to allocate resources for the user terminal during the call setup process, including allocating related resources defined by the reserved bearer layer for the user applying for the emergency service bearer;
  • the application layer server includes an identifying device, configured to identify, according to the application signaling received by the application layer server, whether an application that uses the related resource defined by the bearer is abusing the emergency bearer resource.
  • the intermediate entity for transmitting information determines that the same service related request is used, for example, the bearer layer uses the emergency bearer, and then determines whether the application layer is an emergency service request, and if it is a non-emergency service request. Then, the call is judged to abuse the emergency bearer resources.
  • the present invention can be quickly and effectively identify misuse of the emergency call bearer resources, thus ensuring emergency bearer resources can be applied to emergency service, to avoid the abuse of emergency bearer resources 3 ⁇ 4
  • DRAWINGS Figure 1 Flowchart diagram of an emergency call for an existing IMS domain
  • FIG. 2 is a schematic diagram of a management process of an existing MS bearer resource
  • FIG. 3 is a schematic diagram of a bearer resource management process according to a first embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a bearer resource management process according to a second embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a management process of a bearer resource according to a fourth embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a bearer resource management process according to a fifth embodiment of the present invention.
  • FIG. 8 is a schematic diagram of an apparatus for identifying abuse of emergency bearer resources in an IMS according to an embodiment of the present invention
  • FIG. 9 is a schematic diagram of a system for identifying abuse of emergency bearer resources in an IMS according to an embodiment of the present invention.
  • the intermediate entity for transmitting information learns the emergency attribute information of the bearer layer and the application layer. If the bearer layer uses the emergency bearer, it checks whether the application layer is an emergency service. For non-emergency services, it is determined that the abuse of emergency bearer resources is requested.
  • the emergency attribute information includes: carrying an emergency indication and a service emergency indication
  • the foregoing intermediate entity for transmitting information may be an access bearer control gateway, such as a GGSN, a packet data serving node (PDSN), etc., and may also be an FDF or an application server, etc., of course, not limited to this and a message from the application layer.
  • the emergency service indication in the middle can be generated according to the emergency service indication inserted in the session creation message.
  • 3 and 4 are two specific embodiments based on the method of the present invention.
  • an emergency call is initiated by the UE, and the GGSN determines whether the message carrying the application and the application all contain an emergency indication.
  • Step 201 The UE initiates a session INVITE request. If the emergency service is performed, the NVITE request carries an emergency service indication to indicate that the request is an emergency service.
  • the emergency service indication may be a header field or a header field in the INVITE message.
  • Steps 202 to 203 after receiving the request, the P-CSCF checks whether the message contains an emergency service indication. If yes, the P-CSCF locally marks the session as an emergency service, and routes the request to the specified media device. For example, E-CSCF performs processing. If not, it does not need to be marked. P-CSCF is normal. After the message is forwarded to the il' request, the P-CSCF receives the feedback 200 response message.
  • Step 204 The P-CSCF sends an AAR message to the PDF. If the P-CSCF marks that the session is an emergency service, the AAR message carries an emergency service indication, and the read indication may be a field in the AAR message, otherwise the AAR message No need to carry emergency business instructions
  • Step 205 The PDF sends a response message AAA to the P-CSCF. If it is the first response message of the session, the message must carry a Tke.
  • the Token identifies the PDF and the current session.
  • Step 206 After receiving the AAA message returned by the PDF, the P-CSCF transmits the response to the 200
  • Step 207 After receiving the message sent by the P-CSCF, the UE sends a message to the GGSN according to the obtained user connection information and QoS information, which is a process of creating or updating a PDP, where the message carries If the Tote is for the emergency service application bearer, the application message needs to carry an emergency bearer indication to indicate that the application is an urgent bearer resource, and the emergency bearer indication may be an emergency identifier field, a global dedicated emergency APN, or An index that can be linked to an existing emergency bearer
  • Step 208 After receiving the application message, the GGSN initiates an authentication request for the bearer resource, usually a COPS REQ message, according to 'Ibl en.
  • Step 209 The FDF sends a DEC message to the GGSN.
  • the PDF receives an emergency service indication from the application layer from the P-CSCF, that is, the received AAR message includes an emergency service indication, and then the sent The DEC message also carries an emergency service indication. Otherwise, no urgent service indication is added to the transmitted PDF message.
  • Step 210 After receiving the DEC message, the GGSN first checks whether the user carries the emergency bearer indication in the resource application process. If yes, it checks whether the received DEC message also contains an emergency service indication, such as a DEC message. If the emergency service indication is not included, the GGSN determines that the emergency bearer resource is abused. After that, the GGSN may perform related processing, such as blocking the current call flow, and performing corresponding records, etc.; if the received I3.EC message contains an emergency service indication, Then continue the normal process, which means that the call is indeed an emergency call process.
  • an emergency service indication such as a DEC message.
  • the present embodiment initiates a call back to the UE by a media device such as a PSAP, and the PDF determines whether the message of the bearer layer and the application layer all contain an emergency indication, and currently considers that the PSAP callback is also an emergency service.
  • the P-CSCF receives the INVITE used to call the UE.
  • Step 302 If the P-CSCF recognizes that the request is a PSAP call, the P-CSCF will carry an emergency service indication in the AAR message sent to the PDF. If not, the emergency service indication is not carried, and the specific identification method may be Identify whether the emergency indication header field is included in the INVITE, or according to the identity of the calling user in the INVITE.
  • Step 303 the PDF sends a response message to the P-CSCF.
  • AAA If it is the first response message of the session, the message must carry a Tbken, which identifies the PDF and the current session step 304, P- The CSCF forwards the INVITE request to the UE.
  • Step 305 After receiving the message sent by the P-CSCF, the UE sends a message carrying the resource request to the GGSN according to the obtained user connection information and QoS information.
  • This is a process of creating or updating a PDP, where the message carries a T3 ⁇ 4ken, if If the application is a bearer resource for the emergency service, the emergency bearer indication is also required to indicate that the application is an emergency bearer resource.
  • Step 306 After receiving the application message, the GGSN, according to the T ken, will initiate a REQ message carrying the resource authentication to the PDF. If the emergency bearer indication is carried in the application message, the emergency bearer indication will also be carried in the REQ message.
  • Step 307 after received PDF REQ message, checks that the message carries the emergency bearer indicating the bearer layer, the P-CSCF checks for this session sent by the message carrying an emergency service application layer indicating that there is:: as ⁇ No, the PDF determines that the emergency bearer resource is abused. After that, the relevant processing can be performed, such as blocking the current call flow and performing corresponding recording; if not, the normal process is continued, and the call is confirmed to be urgent. Call flow.
  • the above embodiment is used when the PSAP initiates a callback to the UE, and the PDF identifies the call that abuses the emergency bearer resource by determining whether the message of the bearer layer and the application house contains an emergency indication, and the emergency bearer resource is guaranteed only Can be applied to emergency services, avoiding the abuse of emergency bearer resources.
  • the embodiment of the present invention can also set a filtering rule for the bearer of the emergency service on the bearer layer gateway, and ensure that the data packet including the related resources defined by the bearer layer reserved for the emergency service is allowed.
  • the application layer server determines, according to the information of the protocol layer controlled by the bearer layer, whether the message is a bearer resource reserved for emergency services, and if so, the application layer server checks whether the request is an emergency service.
  • the bearer layer is a message that can be used by the emergency bearer, for example, a register message is judged, and the application layer determines whether it is In the case of emergency services, it can be judged by a register message, and the response of the register message and subsequent invite, message, etc.
  • the SIP message determines that the bearer layer control protocol includes at least: an IP, a transport layer protocol, such as UDP (User, User-Data Packet Protocol), TCP (Transmission Control Protoco!), port, AH (Authentication Header), ESP (: Encapsu ing Security Pay load), SPI (Security Parameter Index), etc.;
  • the method includes: an IP address of the UE, an address of the application server, a port provided by the application server, a transport layer protocol provided by the application server, an SPI allocated by the application server for the UE, and a possible combination thereof
  • the embodiment of the present invention further discloses a method for identifying abuse of emergency bearer resources in an IMS multi-media subsystem IMS: reserve a dedicated service port for a message of an emergency service on the P-CSCF, and determine from the Whether the port-related application layer message is an emergency service.
  • FIG. 5 it is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention, where the method includes the following steps:
  • an emergency bearer-dedicated port is reserved for the emergency service on the application server, such as the P-CSCF, for example, 9000.
  • the bearer control gateway of the system access side such as the GGSN
  • the filtering rule for example, only allows the 9000 port of the P-CSCF to pass the emergency bearer IP packet, and the other port of the P-CSCF that uses the emergency bearer does not allow the filtering. Rules can also allow media related to emergency services to pass
  • Step 402 The user sends a create group data protocol (create PDF:) request to the GGSN to apply for an emergency service bearer resource, where the request carries an emergency bearer indication, such as an emergency bearer identifier or an emergency APN.
  • create PDF create PDF
  • Step 403 The GGSN allocates an emergency bearer resource to the UE according to the emergency bearer indication, and if the UE is identified as an emergency bearer, and returns an application bearer resource to the IJE.
  • the source successfully responds, such as create PDF response, the response includes the source IP address assigned by the GGS to the UE, and may also include a remote IP address and end that can be accessed, wherein the remote IP address is the IP address of the P-CSCF.
  • the port is an emergency service dedicated port preset by the P-CSCF.
  • Step 404 The UE initiates a registration request message by using the applied emergency bearer resource, where the source IP address of the IP packet is the source IP address assigned by the GGS, and the destination address is the address of the P-CSCF.
  • the port is 9000; the format of the IP packet is the destination IP address + the IIDP port; if an emergency call is made, the message further includes an emergency service indication, where the emergency service indication may be the user's registration information, etc.
  • the read registration request message is transited by the GGSN.
  • the GGSN first checks the registration request message IP packet according to the filtering rule of the neck. If the packet is not sent to the 9000 port of the CSCF, the GGSN will determine the request. An illegal request; otherwise, step 405 is performed.
  • Step 405 The GGSN forwards the registration request message to the P-CSCF, and the P-CSCF receives the message through the 9000 port. At this time, the P-CSCF considers that the bearer used by the message is an emergency bearer.
  • Steps 406 to 407 the P-CSCF sends the registered request message to other servers, and the other servers return corresponding 401 response messages.
  • Steps 408 - 409 the P-CSCF allocates the port for the next communication to the UE, and the SP of the ESP protocol simultaneously marks that the request received through the next communication port is an emergency bearer message, and the message is 40]
  • the message is forwarded by the GGSN to the UE, where the 401 response message further includes a newly assigned port number and SPL of the P-CSCF.
  • Step 410 The UE re-initiates a registration request message to the GGSN.
  • the format of the registration request message IP packet sent by the UE includes the IJ address + ESP, where the IP address includes the source IP address allocated by the GGSN for the UE.
  • the GGSN After receiving the registration request message, the GGSN checks whether the source IP address in the message is the IP address allocated by the GGSN to the UE when applying for the emergency bearer resource. If not, the GGSN can determine that the request is an illegal request. ; Otherwise, perform the steps below.
  • Step 411 416 the GGSN sends the registration request message to the P-CSCF, and after receiving the ageing request message of the UE by using the newly allocated port, the P-CSCF performs ESP decoding on the requested IP packet.
  • the P-CSCF checks whether the registration request message includes an emergency service indication. If the request is an emergency service, the registration request of the P-CSCF ⁇ M completes the subsequent registration process, and after the registration is completed, The 200 response message is sent by the GGSN to the UE; if the request does not contain an emergency service indication > then the P-CSCF considers the request to be an illegal request.
  • the P-CSCF checks whether the request is subsequently performed when the UE initiates a SIP request such as vte, message, etc. related to the registration. For emergency services, if not, the P-CSCF will determine to read the relevant request, 3 ⁇ 4_-1 ⁇ ⁇ * ⁇ ⁇ 3 ⁇ 4 water.
  • the P-CSCF also notifies the GGSN to add a new media filtering rule to ensure that the negotiated media portion can specifically notify the new media filtering rule through the GGS L.
  • the P-CSCF also notifies the GGSN to add a new media filtering rule to ensure that the negotiated media portion can specifically notify the new media filtering rule through the GGS L.
  • the GGSN may also check whether the source I address in the request message sent by the UE using the emergency bearer is the IP address allocated by the GGSN to the i UE when the UE applies for the emergency bearer resource, and if not, Then the GGSN determines that the read request is an illegal request.
  • the above-mentioned singular travel case allocates a dedicated port for the emergency service on the application server, and sets a filtering rule for the bearer of the emergency service on the bearer layer gateway, allowing the data packet including the application layer server dedicated port to pass; If the application layer server receives the data packet from the allocated dedicated port, it considers that the data packet is an emergency bearer message, and determines whether the message obtained from the dedicated port is an emergency service, thereby ensuring that the emergency bearer resource can only be Was used in emergency services, avoiding the abuse of emergency bearer resources
  • the embodiment of the present invention is not limited to the above-mentioned setting of the port of the emergency service to identify whether the emergency bearer message is adopted.
  • the application server may also reserve a range such as SPI for the emergency service. When there is an SH in the range in the received message, it is determined whether the message is an emergency service.
  • FIG. 6 is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention.
  • the method includes the following steps:
  • Step 500 ⁇ Step 501 on the application server, such as the P-CSCF, not only "set the emergency service dedicated port, but also reserve an SPI range for emergency services, for example, 20,000 - 30000, and also set SPi on the P-CSCF.
  • Assignment rules, ie P-CSCF receives a note from the port dedicated to emergency services - ⁇ ! - Book request message, then assign the SPI in the range of the slave S to the user UE, for example
  • This filtering rule also allows media related to emergency services to pass.
  • Bearer control on the system access side ⁇ Gateway such as GGSN, sets the filtering rules for bearers for emergency services, such as IP packets in the SPI range that allow users to send to the P-CSCF (such as IPSEC packets with SPI value of 20000 30000) ) can pass, and other SPI-range IP packets sent to the P-CSCF cannot pass, allowing the user to send IP packets to the designated port of the P-CSCF.
  • IP packets in the SPI range that allow users to send to the P-CSCF such as IPSEC packets with SPI value of 20000 30000
  • Step 502 The UE sends a create group data protocol (create PDF) request to the GGSN to apply for an emergency service bearer*, where the request carries an emergency bearer indication, such as an emergency bearer or an emergency APN.
  • create PDF create group data protocol
  • Step 503 The G TSN determines, according to the emergency bearer indication, that the UE applies for an emergency bearer, allocates an emergency bearer resource to the UE, and returns a response to the UE that successfully requests the bearer resource, such as create PDF response.
  • the response includes the source address assigned by the GGSN to the UE, and may also include a remote IP address and port that can be accessed, wherein the port is an emergency service dedicated port preset by the P-CSCF.
  • Step 504 The UE initiates a register request message by using the applied emergency bearer resource, where the source of the request message is the source address of the GGSN, and the destination address is P-CSCF.
  • IP address, UDP port is P-CSCF dedicated port; its IP packet format is preferably 0P address + UDP port; if ⁇ is an emergency call, the message also includes emergency service indication, emergency service indication here It can be the user's registration information, etc.
  • the registration request message is transited by the GGSN.
  • the GGSN first checks the registration request message IP packet according to the preset filtering rule. For example, the destination port number in the IP packet is not dedicated to the P-CSCF. Port, then the GGSN will determine that the request is an illegal request; otherwise, execute step 505,
  • step 505 the GGS forwards the registration request message to the P-CSCF.
  • Step 506 .507 the P-CSCF sends the registered request message to other servers, and the other servers return a corresponding 401 response message.
  • Steps 508 - 509 the P-CSCF allocates the port for the next communication to the UE and the S.PL of the ESP protocol. If the request is received from the emergency service dedicated port, the P-CSCF considers that the request uses the emergency bearer resource. At this time, the SPi is selected from the SPi range reserved for emergency services. At the same time, the P-CSCF forwards the 401 response message to the UE by the GGSN, where the 401 response message further includes the newly assigned port number and SPL of the P-CSCF.
  • Step 510 The UE re-initiates a registration request message to the GGSN, where the registration request message 1.P packet sent by the UE includes an IP address, where the IP address includes the source IP address and P allocated by the GGSN to the UE.
  • - Purpose of the CSCF P address, the ESP includes the SP1U allocated by the P-CSCF for the UE.
  • the GGSN After receiving the read registration request message, the GGSN checks whether the SPi in the read message belongs to the range reserved for the emergency service. If not, the GGSN can determine that the request is an illegal request; otherwise, perform the following steps.
  • Step 51] 515 the GGSN sends the registration request message to the P-CSCF, and after receiving the registration request message of the UE through the newly allocated port, the P-CSCF performs ESP decoding on the requested I packet.
  • the P-CSCF checks whether the SPI in the decoded registration request message is within the emergency service specific range, and if yes, considers that the read message is the used emergency bearer resource message, and the P-CSCF further checks whether the message is an emergency service. If not, then the P-CSCF considers that the read request is an illegal request. Otherwise, the P-CSCF completes the subsequent registration process according to the registration request, and after the registration is completed, sends the 200 response message to the UE.
  • the P-CSCF checks whether the request is subsequently performed when the UE initiates a SiP request such as an invite or a message related to the registration of the UI. For emergency services, if not, the P-CSCF will determine that the relevant request is an illegal request.
  • the above implementation implements the filtering rule on the bearer layer gateway to ensure that the data packet containing the relevant resource information defined by the emergency bearer layer is allowed to pass; meanwhile, after receiving the message of the IP packet sent by the user, the application layer server roots
  • the SP1 in the message determines that the message is a message that includes the related resource information defined by the emergency bearer layer
  • the emergency service check is performed on the message to further determine whether the message is an emergency service, thereby ensuring that the emergency bearer resource is only Can be applied to emergency services, avoiding the abuse of emergency bearer resources.
  • the embodiment of the present invention further discloses a method for identifying abuse of emergency bearer resources in an IMS: setting, on the GGSN, a request to allow an address included in the preset specification to pass, wherein, The preset range is dedicated to emergency bearer resources.
  • the P-CSCF checks whether the request is an emergency service.
  • FIG. 7 is a schematic diagram of a bearer resource management process according to a fifth embodiment of the present invention, where the method includes the following steps:
  • Step 600 Leave a source address range for the emergency service on the GGSN, which is used to allocate 1 ⁇ of the bearer for applying for emergency services.
  • a filtering rule is also set on the GGSN to allow packets containing the : ⁇ address in the reserved range to pass, and IP packets containing other source P addresses cannot pass. This filtering rule also allows media related to emergency services to pass.
  • Step 60 The source address range reserved on the GGSN is learned by configuration or other means on the P-CSCF, so that when the P-CSCF receives the request in the reserved IP range, it checks whether the request is an emergency service.
  • Step 602 The UE sends a create group data protocol (create PDF) request to the GGSN to apply for an emergency service bearer resource, where the request carries an emergency bearer indication, such as an emergency bearer identifier or an emergency APN.
  • create PDF create group data protocol
  • Step 603 Identify, according to the emergency bearer indication, that the UE applies for an emergency bearer, and allocate an emergency bearer resource to the user, where the source IP address in the bearer resource is in the address range reserved by the emergency service. IP address
  • the 3GSN returns a response to the UE that successfully requests the bearer resource, such as create PDP response, where the response includes the IP address allocated by the GGSN for the UE.
  • Step 604 The UE initiates a registration request message by using the applied emergency bearer resource allocation. Since the request message IP packet is sent by using an emergency bearer resource, the GGSN checks whether the source IP address of the read message belongs to the reserved range. If not, the message is considered an illegal request; otherwise, the following steps are performed.
  • Step 605 The GGSN forwards the registration request message to the P-CSCF, and the P-CSOF receives the message, and determines, according to the IP in the message, the bearer used by the message as an emergency bearer.
  • Steps 606-607 the P-CSCF sends the registration request message to other servers, and the other servers return corresponding 401 response messages.
  • Steps 608 ⁇ 609> The P-CSCF allocates the port for the next communication to the UE and the SPL of the ESP protocol.
  • the P-CSCF forwards the 401 response message to the UE by the GGSN, where the 401 ring
  • the message should also include the newly assigned port number and SP] of the P-CSCF.
  • Step 610 The UE re-initiates a registration request message to the GGSN, where the registration request message ⁇ packet sent by the UE includes an ⁇ address, where the ⁇ ⁇ address includes an IP dedicated to the emergency service allocated by the GGSN for the UE.
  • the address and the destination ff address of the P-CSCF, the ESP includes the SPI allocated by the P-CSCF for the UE.
  • the GGSN After receiving the registration request message, the GGSN checks whether the source IP address in the message belongs to the P address range reserved for emergency services. If not, the GGSN may determine that the request is an illegal request; otherwise, perform the following Step
  • Steps 611 to 616 the GGSN sends the registration request message to the P-CSCF, and after receiving the registration request message of the UE by using the newly allocated port, the P-CSCF decodes the requested IP packet into 4 ESPs.
  • the P-CSCF checks whether the IP belongs to the source reserved for the emergency service according to the IP address in the registration request message. If the address is the case, the P-CSCF considers the message to be the emergency bearer resource, P-CSCF. Will check whether the request is an emergency service, if the request is not an emergency service, then the CSCF considers the request to be an illegal request; if the request is for an emergency service, the APP-CSCF completes the subsequent registration process according to the registration request, And after the registration is completed, the 200 response message is sent by the GGSN to the UE.
  • the P-CSCF checks whether the request is subsequently performed when the UE initiates a SiP request such as imdte, message, etc. related to the registration. For the emergency service, if not, it is determined that the related request is an illegal request.
  • the carrier layer gateway allocates a source IP address for the emergency service to the user applying for the emergency bearer, and ensures that only the source IP address is allowed.
  • the application server checks the message containing the source IP address after receiving the message. When it is considered that the message is an emergency bearer, it further determines whether the message is an emergency service, thereby ensuring that the message is an emergency service.
  • Emergency bearer resources can only be applied to emergency services, avoiding the misuse of emergency bearer resources.
  • the present invention is not limited to the emergency attribute information in the foregoing embodiments, that is, the source IP address, the port provided by the application server, and the SPI allocated by the application server respectively determine whether the request message is used urgently. Carrying, thereby further determining whether the emergency bearer resource is applied to the emergency service; or using other bearer control protocol resources or taking at least one of the above-mentioned emergency Attribute information to judge
  • an embodiment of the present invention further provides an emergency call control method in an IMS.
  • an intermediate entity that transmits information receives a message or application signaling from the same session, and the message is based on the message. Or signaling to identify whether the call is abusing the emergency bearer, and if so, disabling or redirecting the call.
  • the process of identifying whether the call is abusing the emergency bearer resource according to the message is consistent with the description in the previous embodiment, and details are not described herein again.
  • the embodiment of the invention further discloses a device for identifying abuse of emergency bearer resources in M:S, as shown in FIG. 8 , which is a schematic diagram of the reading device:
  • the reading device includes: a message receiving unit 81, an emergency bearer identifying unit 82, and an emergency service identifying unit 8 determining unit 84.
  • the message receiving unit 81 is configured to receive a message or application signaling from the same session in the call setup process;
  • the emergency bearer identifying unit 82 is configured to check whether the bearer layer uses the emergency bearer according to the message or the application signaling;
  • the identifying unit 83 is configured to check whether the application layer is an emergency service by using a root message or an application signaling;
  • the determining unit 84 uses the result of the checking by the emergency bearer identifying unit 82 and the emergency service identifying unit 83, and the result is used as a bearer.
  • Emergency bearer but the application layer is non-emergency service, and the call abuse emergency bearer resource is determined.
  • the emergency bearer identifying unit 82 checks whether the bearer layer uses the emergency bearer, the emergency service identifying unit 83 performs a check on the application layer, and the emergency service identifying unit 83 notifies the determining unit 84 of the final result.
  • the bearer layer and the application layer may be inspected by the emergency bearer identifying unit 82 and the emergency service identifying unit 83, respectively, and the checking result is notified to the determining unit 84, respectively.
  • the emergency bearer identification unit 82 may check whether the emergency bearer is used by the bearer in the message from the bearer layer received by the message receiving unit 81, if the emergency bearer is included in the message, if the message includes the emergency bearer indication information. Then, it is determined that the bearer layer uses an emergency bearer.
  • the emergency bearer indication information may be: an emergency identification field, or a globally dedicated emergency access point name, or an index that can be associated with an existing emergency bearer, etc.
  • the emergency service identification unit 83 may pass the message receiving unit.
  • the message received from the application layer includes the emergency service indication information for checking to determine whether the application house is an emergency service. If the message includes emergency service indication information, it is determined that the application layer is an emergency service.
  • the emergency service indication information may be a calling number, a registration information of the user, or the like.
  • the il device can be integrated on the access side bearer control IP gateway such as G (3SN, or PDSN.
  • the above function can be realized by detecting the message of the user terminal applying for the resource and the resource authentication response message returned by the PDF; On the PDF, the above functions are implemented by detecting the resource authentication message initiated by the GGSN and the RADIUS authorization message of the P-CSCF.
  • the implementation process of the IKE can refer to the foregoing description of the processes in FIG. 3 and FIG.
  • the device can not only identify whether the emergency call initiated by the user terminal abuses the emergency bearer resource, but also identify whether the public safety answering point sends a call back to the emergency call to abuse the emergency bearer.
  • the emergency bearer identification unit 82 further Whether the bearer layer uses the emergency bearer is determined by checking whether the application signaling received by the message receiving unit 81 uses the bearer resource reserved for the emergency service, and if the bearer resource reserved for the emergency service is used, the bearer is determined.
  • the layer uses the emergency bearer, and the bearer resource reserved for the emergency service may be an address port dedicated to the emergency bearer, the SPI, etc., and the application signaling received by the emergency service identifying unit 83 through the message receiving unit 81 is The emergency service indication information is checked to determine whether the application is an emergency service. If the emergency service indication information is included in the signaling, the application layer is determined to be an emergency service.
  • the emergency service indication information may be a called number, a registration information of a user, etc.
  • the device may be integrated on an application layer server, such as a P-CSCF, by detecting a registration request message of the user terminal or a SIP request message such as imnte or message related to the registration, so as to implement the above-mentioned function. Facing the description of the flow in Figure 5, Figure 6 and Figure 7,
  • the embodiment of the invention also discloses a system for identifying abuse of emergency bearer resources in the IMS, as shown in FIG. 9, which is a schematic diagram of the system:
  • the system includes: an access side bearer control gateway 91 and an application layer server 92, wherein the access side bearer control IP gateway 91 includes a resource allocation device 9.1 for allocating resources for the user terminal during the call setup process, including The user who applies for the emergency service bearer resource is allocated as the related resource defined by the bearer layer reserved for the emergency service; the application layer server 92 includes the identifying means 921, for identifying the use of the emergency according to the application signaling received by the application layer server 92. Whether the call of the related resource defined by the bearer layer reserved by the service abuses the emergency bearer resource.
  • the structure of the identification device 921 is similar to that of the embodiment of the present invention shown in FIG. 8, and details are not described herein again.
  • the access side bearer control 0 gateway 91 may be a GGSN, or a PDSN, an application layer.
  • Server 91 can be a P-CSCF.
  • the access side bearer control IP gateway 91 may further include a filtering device 9i2 for setting an over-rule for the bearer of the emergency service, and checking the access reverse-bearing control IP gateway 9j according to the filtering rule.
  • the application signaling number includes the relevant information defined by the bearer layer, and if the related resources defined by the bearer layer belong to the related resources defined by the bearer layer reserved for the emergency service, the access side bearer control IP is allowed.
  • the gateway 91 forwards the application signaling. Otherwise, the access to the reverse bearer control IP gateway is prohibited.
  • the forwarding of the symptom signaling through the filtering device 92 can ensure that the information related to the emergency service can only reach the emergency of the carrying house. Attribute description entity
  • control device in the system to control the establishment of the call by the inspection result of the identification device 92.
  • the identification device 921 checks the result for the abuse of the call. If the resource is carried, the call is prohibited or redirected.
  • the control device and the identification device 92 may be located on different functional entities or may be located on the same functional entity.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé d'identification d'utilisation abusive des ressources de supports de secours, un dispositif et un système associés, dans lesquels l'entité intermédiaire de transmission des informations détermine si les informations émises par la couche support comportent un indicateur de support d'urgence. Si les informations émises par la couche d'application ne comportent pas d'indicateur de service d'urgence, on détermine ensuite que les ressources d'urgence sont utilisées de manière abusive. Il est ainsi possible d'empêcher l'établissement d'un appel qui utilise de manière abusive les ressouces de supports d'urgence.
PCT/CN2007/070278 2006-07-14 2007-07-12 Procédé d'identification d'utilisation abusive des ressources de supports d'urgence, dispositif et système associés WO2008009234A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610099415 2006-07-14
CN200610099415.4 2006-07-14

Publications (1)

Publication Number Publication Date
WO2008009234A1 true WO2008009234A1 (fr) 2008-01-24

Family

ID=38956552

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070278 WO2008009234A1 (fr) 2006-07-14 2007-07-12 Procédé d'identification d'utilisation abusive des ressources de supports d'urgence, dispositif et système associés

Country Status (1)

Country Link
WO (1) WO2008009234A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012025151A1 (fr) 2010-08-25 2012-03-01 Nokia Siemens Networks Oy Procédé et appareil d'enregistrement d'un service de secours dans des connexions de données par paquets
WO2016180152A1 (fr) * 2015-08-06 2016-11-17 中兴通讯股份有限公司 Procédé et appareil d'authentification pour accéder à un réseau d'activé spéciale

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1422507A (zh) * 2000-04-10 2003-06-04 诺基亚有限公司 移动ip网络中的电话服务
US20030198331A1 (en) * 2002-04-19 2003-10-23 Worldcom, Inc. Telephone system and method for reliable emergency services calling
WO2005039227A1 (fr) * 2003-10-17 2005-04-28 Nortel Networks Limited Procede pour obtenir des informations de localisation destinees a des services d'urgence dans des reseaux multimedias sans fil

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1422507A (zh) * 2000-04-10 2003-06-04 诺基亚有限公司 移动ip网络中的电话服务
US20030198331A1 (en) * 2002-04-19 2003-10-23 Worldcom, Inc. Telephone system and method for reliable emergency services calling
WO2005039227A1 (fr) * 2003-10-17 2005-04-28 Nortel Networks Limited Procede pour obtenir des informations de localisation destinees a des services d'urgence dans des reseaux multimedias sans fil

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012025151A1 (fr) 2010-08-25 2012-03-01 Nokia Siemens Networks Oy Procédé et appareil d'enregistrement d'un service de secours dans des connexions de données par paquets
CN103053149A (zh) * 2010-08-25 2013-04-17 诺基亚西门子通信公司 用于分组数据连接中的紧急服务的注册的方法和设备
WO2016180152A1 (fr) * 2015-08-06 2016-11-17 中兴通讯股份有限公司 Procédé et appareil d'authentification pour accéder à un réseau d'activé spéciale

Similar Documents

Publication Publication Date Title
EP2093931B1 (fr) Procédé, système et fonction pcrf pour traitement de flux de données de service
AU2006344794B2 (en) Loss of signalling bearer transport
EP1762056B1 (fr) Information dynamique sur le service pour reseau d'acces
US8572258B2 (en) Control of quality-of-service preconditions in an IP multimedia subsystem
EP2899937B1 (fr) Procédé et système de contrôle de la ressource d'une porteuse de qos durant la négociation d'un accès et la libération d'une ressource
BRPI0810914B1 (pt) método de controle de política em uma rede, aparelho que opera para agir como uma entidade de função de aplicativo, método de operação de aparelho e aparelho para operar como uma entidade de função de aplicativo, método de operação de um aparelho para operar como uma entidade de controle de política e sistema de controle de política
WO2010081339A1 (fr) Procédé, appareil, et système de gestion des priorités de réseaux
WO2010063174A1 (fr) Procédé de mise en oeuvre, système et dispositif pour surveillance ims
US20110085470A1 (en) Apparatus and method for integrated signal processing for ip-based convergence network
US11223658B2 (en) Method for prioritising media streams in a communications network
US8249077B2 (en) Methods and apparatus for enhancing the scalability of IMS in VoIP service deployment
US7899058B2 (en) Using a hash value as a pointer to an application class in a communications device
US20090204698A1 (en) Method, system and apparatus for reserving bearer resources
WO2014180410A1 (fr) Procédé et appareil de mise en œuvre de contrôle de ressources de porteuse qos de session multimédia
WO2008106885A1 (fr) Procédé et système permettant une compatibilité de services
WO2007045137A1 (fr) Procede d’autorisation de qos
WO2008009234A1 (fr) Procédé d'identification d'utilisation abusive des ressources de supports d'urgence, dispositif et système associés
WO2009043289A1 (fr) Procédé pour déterminer la relation de trajet de flux multimédia et système de commande d'appel
WO2008154850A1 (fr) Procédé, entité et système pour effectuer un transfert d'adresse de réseau
KR101007369B1 (ko) Pcrf 연동 없는 호 처리를 지원하는 이동 통신 시스템 및 그 방법
CN101110991B (zh) Ims中识别滥用紧急承载资源的方法、装置及系统
WO2008003214A1 (fr) Procédé, dispositif et système de passage de flux multimédia à travers la traduction d'adresse de réseau
WO2007085199A1 (fr) Procédé, application et appareil permettant d'identifier l'état utilisateur dans des réseaux
Mani et al. New QoS control mechanism based on extension to SIP for access to UMTS core network via different kinds of access networks
JP5112491B2 (ja) Ip基盤の有線無線統合ネットワークのための統合信号処理装置およびその方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764206

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07764206

Country of ref document: EP

Kind code of ref document: A1