WO2008011819A1 - Method and device for transmitting legal intercepting information - Google Patents

Method and device for transmitting legal intercepting information Download PDF

Info

Publication number
WO2008011819A1
WO2008011819A1 PCT/CN2007/070216 CN2007070216W WO2008011819A1 WO 2008011819 A1 WO2008011819 A1 WO 2008011819A1 CN 2007070216 W CN2007070216 W CN 2007070216W WO 2008011819 A1 WO2008011819 A1 WO 2008011819A1
Authority
WO
WIPO (PCT)
Prior art keywords
interception
message
information
indication
function entity
Prior art date
Application number
PCT/CN2007/070216
Other languages
French (fr)
Chinese (zh)
Inventor
Bo Zheng
Youzhu Shi
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008011819A1 publication Critical patent/WO2008011819A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications

Definitions

  • the present invention relates to the field of lawful interception, and in particular, to a method and apparatus for transmitting legal interception information. Background of the invention
  • Lawful interception is a law enforcement act that the law enforcement agencies approve the public communication business according to relevant national laws and public communication network industry specifications with the approval of relevant authorized authorities.
  • the 3GPP TS33.107 standard defines a lawful interception model for the IMS network.
  • the model includes: Judicial Execution Monitoring Equipment (LEMF, Law Enforcement Monitoring Facility ), the administrative function of ADMF (Administration Function) entity, the DF, Delivery Function entity, the Serving-Call Session Control Function (S-CSCF) entity and/or Proxy-Call Session Control Function (P-CSCF) entity.
  • LEMF, ADMF and DF are located on the law enforcement side
  • S-CSCF and P-CSCF are located in the IMS network as the interception control unit in the IMS network.
  • the ADMF when performing monitoring in the IMS network, the ADMF carries various interception data on the law enforcement agency side in the interception indication, and sends the S-CSCF and/or P- in the IMS network through the X1_1 interface.
  • CSCF when the call session signaling message related to the interception object passes through the S-CSCF and/or the P-CSCF, the S-CSCF and/or the P-CSCF listen to the interception object according to the interception data carried in the interception indication, and The acquired Intercept Related Information (IRI) is reported to the DF on the law enforcement side through the X2 interface.
  • the interception indication may include: a listener object activation indication, a listener object query The indication and the interception object attribute modification indication, etc.; the interception data may include the identifier of the interception object, and the like.
  • the functional entity that defines the reporting of the IRI may further include an AS connected to the ADMF and the DF.
  • the ADMF can carry the interception data in the interception indication and directly send it to the AS through the Xl_l interface.
  • the AS is responsible for processing supplementary services such as value-added services, the AS can report the IRI related to the supplementary service event according to the interception data.
  • the DF it can solve the problem that the law enforcement agency side cannot monitor the supplementary service event of the interception object in the IMS network.
  • ADMF sends the interception data to the network function entity that can report the IRI.
  • the network function entity monitors according to the network function entity.
  • the data listens to the interception object and reports the IRL to the DF.
  • these different services may be provided by different ASs.
  • ADMF In order for these ASs to obtain the interception data of the interception object through the 1_1 interface, ADMF
  • These ASs need to be managed, configured, and maintained with information about these ASs.
  • the ADMF needs to perform synchronous update processing to enable the corresponding AS to obtain or delete the corresponding monitoring data, which greatly increases the workload of the ADMF management and maintenance on the law enforcement agency side. Summary of the invention
  • the embodiment of the present invention provides a method for transmitting legal interception information, which can reduce the workload of the ADMF to manage and maintain the network functional entity.
  • the method includes the following steps: The network function entity participating in the interception object session receives a message related to the interception object carrying the interception information;
  • the network function entity monitors the interception object according to the received interception information, and reports the interception related information IRI and/or the communication content CC to the law enforcement agency side.
  • An embodiment of the present invention further provides an apparatus for transmitting legal interception information, where the apparatus is disposed in a network function entity participating in a listening object session, and includes the following modules:
  • a monitoring information parsing module configured to parse out the interception information from the message related to the interception object received by the network function entity, and send the interception information to the monitoring module;
  • a monitoring module configured to monitor the monitoring object according to the monitoring information, to generate an IRI and/or CC
  • the reporting module is configured to report the IRI and/or CC generated by the monitoring module.
  • the method for transmitting legal interception information provided by the embodiment of the present invention, because the interception information is carried in the message related to the interception object, and the interception information is transmitted to the participating listener session by sending a message related to the interception object.
  • the network function entity is monitored by the network function entity according to the interception information, and reports the IRI and/or CC to the DF, so the workload of the ADMF management and maintenance of these network function entities can be reduced.
  • FIG. 1 is a schematic diagram of a lawful interception model of an IMS network in the prior art
  • FIG. 2 is a logical structure diagram of a lawful interception network related to a listening object signaling message according to an embodiment of the present invention
  • 3 is a flow chart of transmitting legal interception information according to an embodiment of the present invention
  • 4 is a logical structural diagram of a lawful interception network related to intercepting an object media stream according to an embodiment of the present invention. Mode for carrying out the invention
  • the interception information is extended in the message related to the interception object, and the message related to the interception object is sent to the network function entity participating in the interception object session, and the interception information is transmitted to the session of the participating listener object.
  • the network function entity, the network function entity monitors the interception object according to the received interception information, and reports the IRI and/or the content of the communication (CC, Content of Communication), which is transmitted in the message related to the interception object according to the embodiment of the present invention.
  • Monitoring information does not require ADMF to manage and maintain numerous network functional entities, so it can reduce the workload of ADMF.
  • FIG. 2 shows an IMS network as an example.
  • the network structure including the terminal, the network access unit, the S-CSCF, the AS, and the lawful interception service application server (LI-AS) is given.
  • LI-AS lawful interception service application server
  • the terminal is a listening object, which may be a Session Initiation Protocol (SIP) terminal; or a traditional Plain Telephone Service (POTS) terminal and an Integrated Services Digital Network (ISDN). terminal.
  • SIP Session Initiation Protocol
  • POTS Plain Telephone Service
  • ISDN Integrated Services Digital Network
  • the network access unit is connected to the terminal and the S-CSCF, and is used to connect the terminal to the IMS network, and provides functions such as registration, authentication, and authentication.
  • the E1 interface between the network access unit and the S-CSCF uses the SIP protocol.
  • the network access unit can be an application function entity (AF, Application Function ), for example: 3 ⁇ 4 port P-CSCF, the corresponding access terminal is a SIP terminal; the network access unit can also be an access gateway control function (AGCF, Access Gateway Control Function), and the corresponding access terminal is a POTS terminal. And ISDN terminals.
  • AF Application Function
  • AGCF Access Gateway Control Function
  • the network access unit may receive the interception indication that is sent by the law enforcement agency and carries the interception data. If the interception object is the calling party, the SIP message sent by the calling party arrives at the network access unit that can access the network, the network The access unit extends the interception information in the SIP message, so that subsequent network elements that the SIP message passes, such as an Interconnection Border Control Function (IBCF), and an inquiry call session control function (I-CSCF, Interrogation) -Call Session Control Function ), S-CSCF, AS, Exit Gateway Control Function (BGCF, Breakout Gateway Control Function), Media Gateway Control Function (MGCF, Media Gateway Control Function), etc. will be based on the interception information carried in the received message.
  • IBCF Interconnection Border Control Function
  • I-CSCF inquiry call session control function
  • BGCF Exit Gateway Control Function
  • MGCF Media Gateway Control Function
  • the corresponding monitoring process reports the IRI and/or CC to the DF.
  • the network access unit sends the SIP message to the untrusted domain network entity
  • the interception information carried in the SIP message is deleted.
  • the untrusted domain network entity is relative to the trust domain network entity, and the trust domain network entity refers to a system and server owned, and/or operable, and/or controllable by the service provider.
  • the untrusted domain network entity may be a consumer device or a third party device or the like.
  • the S-CSCF is connected to the AS. There is an E2 interface between the two.
  • the interface protocol is a SIP protocol.
  • the S-CSCF can also receive the interception indication that is sent by the law enforcement agency and carries the interception data.
  • the S-CSCF is extended to carry the interception information in the SIP message.
  • the subsequent network elements that the message passes such as the IBCF, the I-CSCF, the AS, the BGCF, the MGCF, and the network access unit, perform corresponding interception processing according to the interception information carried in the received message.
  • the S-CSCF sends a SIP message to another untrusted domain network entity such as an AS, the interception information carried in the SIP message is deleted.
  • LI-AS is a functional entity that performs lawful interception of business logic and provides lawful interception services.
  • the interception data can be obtained from the law enforcement agency side.
  • An E3 interface exists between the LI-AS and the S-CSCF, and the interface protocol is the SIP protocol.
  • the LI-AS receives the interception indication that is sent by the law enforcement agency and carries the interception data.
  • the SIP message related to the interception object arrives at the LI-AS that is the listener service, the SIP message is extended and carried in the SIP message.
  • Subsequent network elements, such as IBCF, I-CSCF, S-CSCF, AS, BGCF, MGCF, network access unit, etc. will perform corresponding interception processing according to the interception information carried in the received message.
  • the LI-AS may also not receive the interception indication sent by the law enforcement agency with the interception data, but the trigger of the S-CSCF to the LI-AS indicates that the current service user of the S-CSCF is the interception object, and the S-CSCF from the law enforcement The organization side obtains the interception data.
  • the S-CSCF determines whether the serviced user in the current session is monitored according to the interception data, and if it is intercepted, routes the SIP message to the LI-AS; or the S-CSCF receives
  • the intercepted data is a triggering filter rule, and the S-CSCF matches the received SIP message with the filtering rule.
  • the SIP message is routed to the LI-AS, and the LI-AS inserts the received SIP message. Monitor information.
  • the trigger filtering rules described herein may be obtained from the Home Subscriber Server (HSS) by the S-CSCF, as well as other initial filtering rules (iFC); or may be generated by the S-CSCF based on the interception data obtained from the law enforcement agency side.
  • the S-CSCF may delete the interception information carried in the SIP message sent to the untrusted domain network entity, and the IBCF, BGCF, I-CSCF, and MGCF as the network boundary network element may also be from the SIP.
  • the related interception information is deleted in the message, and the deletion may be unconditional, or the SIP message may be sent to the untrusted domain to trigger the deletion.
  • the media gateway and the Media Resource Function Processor are generally controlled based on the 248.248 protocol, but in some cases, they may also be controlled based on the SIP protocol. Therefore, the above SIP message carrying the interception information can also be sent to the media gateway and the MRFP, and the MRFP is sometimes called the media resource. Source server.
  • the interception object in the IMS network is the called party, and the called party may sign different services, and each service is processed by a different AS.
  • the called party signs the source identifier display (OIP, Originating Identification Presentation)
  • OIPAS the source identifier display
  • the network function entity participating in the interception object session is OIPAS
  • the message related to the interception object is the request message Invite in the SIP message.
  • the specific process of transmitting legal interception information includes:
  • Steps 301-303 the request message Invite sent to the interception object arrives at the S-CSCF serving the interception object, and the S-CSCF expands the interception information of the interception object in the request message Invite before executing the iFC in the interception target user configuration.
  • the S-CSCF then performs iFC to route the request message to the OIPAS;
  • the OIPAS provides the source identifier display service for the interception object. Therefore, when the request message is sent to the called party as the interception object, the S-CSCF serving the called party will route the request message to the OIP AS according to the iFC, in order to be able to listen.
  • the supplementary service event provided by the OIP AS is extended to carry the interception information in the request message before the S-CSCF routes the request message to the OIPAS, and then the S-CSCF performs the iFC to route the request message to the OIP AS, such that the OIPAS You can receive the monitoring information. Therefore, OIPAS does not need to obtain monitoring data from ADMF to perform monitoring to report IRI. In other words, ADMF does not need to manage and maintain OIP AS, thus reducing the workload of ADMF to manage and maintain OIPAS.
  • Steps 304-307 After receiving the request message routed by the S-CSCF, the OIP AS performs the OIP service processing, and parses the request message, and reports the supplementary service event of the OIP service to the DF according to the interception information carried in the request message. And then routing the request message back to the S-CSCF serving the listener object;
  • Steps 308-309 after receiving the request message returned by the OIP AS, the S-CSCF according to the request message
  • the priority of the iFC determines whether the request message needs to be routed to other ASs. It is assumed that the called party only subscribes to the OIP service. Then, the S-CSCF can determine that the request message does not need to be routed to other ASs, that is, the request message needs to be sent to the AS. Non-AS, then the S-CSCF deletes the interception information carried in the extension request message, and then routes the request message to other entities, for example, directly to the network access unit of the called party.
  • the AS sends the interception information to the AS in the SIP request message, and the AS reports the IRI according to the interception information carried in the SIP request message, and does not store the interception data sent by the ADMF, and the S-CSCF deletes the request message when it is sent to the non-AS.
  • the interception information in the request message so the possibility of data leakage can be reduced.
  • the process of reporting the supplementary service event by the OIP AS according to the interception information carried in the request message is described in the following example.
  • the S-CSCF can The request message carries the interception information, and sends the request message to the AS specified by the iFC in the user configuration of the interception object, and also transmits the interception information to the AS, when the S-CSCF sends the request message to other untrusted domain network entities.
  • the S-CSCF or the IBCF, the BGCF, the I-CSCF, and the MGCF as the network boundary network element delete the interception information carried in the request message.
  • the network access unit that receives the interception indication that carries the interception data sent by the law enforcement agency side can be in the SIP message when the SIP message sent by the calling party arrives at the network access unit.
  • the extension carries the monitoring information.
  • the embodiment shown in FIG. 3 is an example in which the request message carries the interception information.
  • the response message may also be used to carry the interception information.
  • the S-CSCF serving the interception object inserts and deletes the interception information in the SIP message.
  • the SIP related to the interception object may also be used.
  • the LI-AS extends the interception information in the SIP message.
  • FIG. 3 only shows the process in which the OIPAS receives the interception information carried in the SIP message and reports the IRI.
  • the message carrying the interception information is sent to the I-CSCF, S-CSCF, AS, BGCF, MGCF, and media gateway in the trust domain.
  • these network entities can report IRI to DF according to the interception information.
  • the interception information carried in the SIP message includes an identifier of the interception object, and the identifier may be a SIP Uniform Resource Identifier (URI) or a telephone (td) Uniform Resource Locator (URL), or may be one of the specified parties in the description message. Or the flag of whether multiple parties are being monitored.
  • URI SIP Uniform Resource Identifier
  • td telephone
  • URL Uniform Resource Locator
  • the interception information may further include address information of the law enforcement agency or the interception center, the address information giving an address of the currently received IRI and/or CC, may be a routable URI, or an IP address, when reporting the IRI and/or
  • the CC may be reported to the DF specified in the interception information according to the address information of the law enforcement agency or the interception center included in the interception information, and the address information may be a DF2 address, which is used to describe the address of the IRI receiving the interception object; or may be DF3 The address is used to describe the address of the receiving listening object CC; it can also be a combination of the DF2 address and the DF3 address.
  • the interception information may further include a key or a certificate, and the key or the certificate is a unique identifier for confirming and receiving the interception information carried in the SIP message, that is, the interception information is confirmed to be correct and legal only when the key or the certificate matches, and the interception is received.
  • the interception information may further include canceling the interception indication information.
  • the AS or other entity participating in the interception object session receives the interception information carried in the message, the interception information may be saved locally in each case to avoid the repeated transmission.
  • the AS or other entity participating in the interception object session deletes the interception information of the local monitor object according to the cancel monitor indication information in the interception information.
  • the listening message can be carried in any SIP message.
  • the CC can be reported in the visited domain, or cc can be reported in the home domain.
  • the CC reporting process is generally performed only once in a session, on the premise that the CC is reported to the same DF3.
  • the specific implementation can be as follows:
  • the first method is to carry only the indication for reporting the IRI in the above-mentioned monitoring information, and does not carry or delete the indication for reporting the CC, or set the indication for reporting the CC to "No".
  • the P-CSCF knows that the user has reported the CC in the visited domain, and only carries the indication of reporting the IRI in the SIP message sent by the P-CSCF, or sets the indication of reporting the CC to No, so that the home domain
  • the NE will not report the CC.
  • the home domain is not reported only after the domain is reported.
  • the domain is not reported after the home domain is reported, which is also within the protection scope of the present invention.
  • the DF2 address may be carried in the interception information without carrying the DF3 address, or the DF3 address may be deleted, or the DF3 address may be set to be invalid, etc., so that the subsequent network element does not know the DF3 address, or the received DF3. If the address is invalid, the CC cannot be reported.
  • the second method is to carry the CC report completion indication in the foregoing interception information, and indicate that the CC report has been completed in the current session.
  • the CC reporting completion indication may further include completing the network element reported by the CC and/or the corresponding DF3 address reported by the CC.
  • the P-CSCF knows that the user has reported the CC in the visited domain, and the SIP message sent in the sent SIP message carries the completion indication of the CC and the corresponding DF3 address, so that the network element of the home domain is received. After the SIP message, it is determined whether the DF3 address corresponding to the CC reported by the previous network element is consistent with the DF3 address corresponding to the CC reported by the local network element.
  • the CC report is not processed; if not, the local network element is not processed.
  • the corresponding DF3 address is reported to the CC. For example, when the DF3 address corresponding to the visited domain and the home domain is inconsistent, even if the CC has been reported in the visited domain, the home domain is processed. CC reported.
  • the interception information carried in the SIP message can be carried by the SIP header field or by the SIP message body.
  • the use of the SIP header field to carry the interception information includes carrying and extending the SIP header field carrying the existing header field, and using the existing header field to carry the interception message is as follows:
  • the SIP header field P-Charging-Function-Address is used to transmit the allocation of the charging function address.
  • the S-CSCF adds the message header to the request when the request message Invite arrives, and uses the extended parameter to carry the interception information in the message header. For example, use the extended parameter li-id to carry the identifier of the listener object tom@home.com, and use the extended parameter delivery-function to carry the DF address df2@lea.com,
  • the extended SIP message header field P-LI carries the identifier indicating the listening object as tom@home.com; the DF address is df2@lea.com;
  • the P-LI header field carries the interception object identifier orig, indicating that the message sending source, that is, the calling user is monitored, and the specific listening object is the identifier of the message sending source, which can be taken from the From header field or P-Asserted-Identity. Head field, etc.
  • the P-LI header field carries the interception object flag dest, indicating that the called party of the message is the listener, and the specific interception object is the message destination identifier, which can be taken from the Request-URI content, the To header field, and the P - Asserted-Identity header field or P-Called-Party-ID Header field, etc.
  • the above-mentioned P-LI header field carries the interception object flag dest and the cancel cancel indication flag cancel, indicating that the message destination is canceled.
  • the key in the P-LI header field is the key of the interception information or the key value of the certificate.
  • the key or certificate key value of the interception information carried in the message is The correctness and legality of the interception information carried in the message are confirmed according to a previously agreed algorithm or other manner, and the processing described in the present invention is further performed according to the interception information.
  • Using the SIP message body to carry the interception message usually carries the interception information by inserting a type of MIME (Multipurpose Internet Mail Extensions) type including a type name, a subtype name, a required parameter, and a decoding type in the SIP message body.
  • MIME Multipurpose Internet Mail Extensions
  • the interception information can be described in the Extended Markup Language (XML).
  • GGSN GPRS Gateway Support Node
  • BGF Border Gateway Function
  • the gateway of the residential gateway and the access gateway can obtain the interception information by transmitting the interception information in the non-SIP protocol message related to the interception object, and then report the IRI and/or CC, and the non-SIP protocol messages can be diameters ( Diameter) message or H.248 message or public open policy service protocol message (COPS, Common Open Policy Service protocol).
  • diameters Diameter
  • H.248 H.248 message
  • COPS Common Open Policy Service protocol
  • FIG. 4 illustrates a logical structure of a normal interception network involved in listening to an object media stream according to an embodiment of the present invention.
  • An application function entity such as a P-CSCF, or an Interconnection Border Control Function (IBCF), or an AGCF, determines the size of the terminal call media stream according to the signaling message, and sends a message to notify the service policy decision function ( SPDF (Service Policy Decision Function) or Policy Decision Function (PDF), which sends a message to the BGF, GGSN or gateway by SPDF or PDF to allocate the appropriate bandwidth to the terminal.
  • SPDF Service Policy Decision Function
  • PDF Policy Decision Function
  • BGF or other gateways are all types of media gateways (MGs, Media Gateways), BGFs, gateways, etc. are collectively referred to as media gateways.
  • the interface protocol between AF and SPDF or PDF is Diameter protocol, and the Diameter message is transmitted;
  • the interface protocol between SPDF and media gateway is H.248 protocol, and H.248 message is transmitted;
  • the interface protocol between PDF and GGSN is COPS protocol. , Pass the COPS message.
  • the AF extends the carrying information in the Diameter message sent to the SPDF or PDF to transmit the monitoring information to the SPDF or PDF, and further expands the carrying information in the H.248 message or the COPS message by the SPDF or the PDF.
  • the BGF, the GGSN, or the gateway, the BGF, the GGSN, or the gateway monitors the intercepted object. Since the media stream of the terminal call passes through the BGF, the GGSN, or the gateway, the BGF, the GGSN, or the gateway can not only report the IRI but also report the CC.
  • the AGCF can carry the interception information to the gateway in the H.248 message when interacting with the gateway, and the gateway reports the IRI and/or according to the interception information in the H.248 message.
  • the message related to the interception object includes a Diameter message, an H.248 message, and a COPS message
  • the network function entity participating in the interception object session is a BGF, a GGSN, or a gateway.
  • MRFP is also available
  • the interception information is obtained by extending the H.248 message carrying the interception information.
  • the media resource function controller MRFC transmits the interception information to the MRFP through the H.248 message, and the MRFP reports the IRI and/or CC according to the interception information in the H.248 message.
  • the media resource function controller MRFC transmits the interception information to the MRFP through the H.248 message, and the MRFP reports the IRI and/or CC according to the interception information in the H.248 message.
  • the interception information may further include an indication of reporting the IRI and/or the CC, indicating whether the current monitoring needs to report the IRI and/or the CC; and further including a DF address, the DF address including the DF2 address and the DF3 address, respectively Corresponding to the address of the reported IRI and the address of the CC, the DF2 address and the DF3 address can both be URIs or IP addresses.
  • an example of extending the interception information in the H.248 message is as follows:
  • the interception information packet defined here includes the interception information packet identifier (ID) and the attribute, and the attributes include: the interception object identifier, and may further include a DF2 address and/or a DF3 address, and report IRI and/or CC indication, key or certificate, canceled listening indication information, etc.
  • the listening object identifier is used to describe the user identity of the listening object, which may be a SIP URI or a td URL.
  • the DF2 address is used to describe the address of the IRI output of the listening object, which may be a URI or an IP address;
  • DF3 address The address used to describe the output of the listening object CC, which can be either a URI or an IP address.
  • the extension carrying the interception information in the Diameter message can be implemented by extending the Diameter attribute value pair (AVP) to carry the interception information during the session.
  • AVP includes the attribute name, attribute code, and attribute value type.
  • the specific AVP format can include the listener object identifier, the DF2 address, and/or the DF3 address.
  • the 3GPP can be extended to the Policy Information Base (PIB) defined by the Go interface between the PDF and the GGSN.
  • the interception information is defined as a COPS proprietary object, including the interception object identifier. , DF2 address and / or DF3 address, etc. Listening to information specific objects are sent to the GGSN in PDF Carry in the message.
  • the contents of the interception information transmitted in the SIP message, the Diameter message, the H.248 message, and the COPS message are the same, except that the format of the message is different.
  • the embodiment of the present invention sets an apparatus for transmitting a lawful interception message in a network function entity participating in a listening object session, and the apparatus includes the following modules:
  • a monitoring information parsing module configured to parse out the interception information from the message related to the interception object received by the network function entity, and send the interception information to the monitoring module;
  • a monitoring module configured to monitor the monitoring object according to the monitoring information, to generate an IRI and/or CC
  • the reporting module is configured to report the IRI and/or CC generated by the monitoring module.
  • the network function entity participating in the interception object session is an AS, an I-CSCF, an IBCF, a BGCF, an MGCF, a media gateway, or
  • the network function entity is SPDF or PDF
  • the network function entity is a media gateway or an MRFP
  • the network function entity is a GGSN.
  • the device may further comprise:
  • a monitoring information deleting module configured to: before the network function entity sends the message related to the intercepting object to the untrusted domain entity, if yes, delete the message related to the intercepting object Monitor information.
  • the apparatus further includes:
  • the CC reporting indication setting module is configured to delete the indication of reporting the CC in the monitoring information, set the indication of reporting the CC to No, delete the DF3 address in the monitoring information, or set the DF3 address to be invalid;
  • the CC reporting indication determining module is configured to determine, according to the interception information parsed by the interception information parsing module, whether the intercepted message meets any of the following conditions:
  • the indication of the CC is not reported, the indication of the CC is no, the DF3 address or the DF3 address is invalid. If yes, the indication is not sent to the reporting module.
  • the CC reporting indication setting module and the CC reporting indication determining module implement the following functions:
  • the CC report indication determining module is configured to determine, according to the interception information parsed by the interception information parsing module, whether the CC report completion indication is set to Yes in the snoop message, and if yes, send an indication that the CC is not reported to the reporting module. If not, notifying the CC reporting indication setting module to set the CC reporting completion indication to Yes;
  • the CC report indication setting module is configured to set the CC report completion indication in the interception message to Yes according to the notification of the CC report indication module.
  • the embodiment of the present invention extends the carrying of the interception information in the message related to the interception object, and transmits the interception while transmitting the message.
  • the message is sent to the network function entity participating in the listening object session, so that the network function entity can listen to the monitoring object according to the transmitted monitoring information, and report the IRI and/or CC to the law enforcement agency side. Therefore, this approach can reduce the likelihood of data breaches while reducing the burden on the law enforcement agency side.
  • the interception information carried in the message related to the interception object is deleted, so that the possibility that the interception information is leaked is reduced, and the security of the monitoring is improved. Sex.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Technology Law (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method and device for transmitting legal intercepting information. The method includes: a network functional entity concerning the intercepting object session receives the related intercepting object messages with the intercepting information; the network functional entity intercepts the intercepted object according to the received intercepting information, and reports the Intercept Related Information (IRI) and/or Content of Communication (CC) to a law enforcement agency. The device is configured in the network functional entity concerning the intercepting object session, and includes the following modules: an intercepting information parsing module for parsing the intercepting information from the related intercepting object messages received by the network functional entity, and sending the intercepting information to an intercepting module; an intercepting module for intercepting the intercepted object according to the intercepting information to acquire the IRI and/or CC; a reporting module for reporting the IRI and/or CC acquired by the intercepting module.

Description

一种传递合法监听信息的方法和装置 技术领域  Method and device for transmitting legal monitoring information
本发明涉及合法监听领域, 尤其涉及一种传递合法监听信息的方法 和装置。 发明背景  The present invention relates to the field of lawful interception, and in particular, to a method and apparatus for transmitting legal interception information. Background of the invention
合法监听是执法机构经相关授权机关批准, 根据国家相关法律和公 众通信网行业规范对公众通信业务进行监听的执法行为。  Lawful interception is a law enforcement act that the law enforcement agencies approve the public communication business according to relevant national laws and public communication network industry specifications with the approval of relevant authorized authorities.
为了实现 IP多媒体子系统( IMS , IP Multimedia Subsystem )网络中 的合法监听, 3GPP TS33.107标准定义了针对 IMS网络的合法监听模型, 具体参见图 1 ,该模型包括:司法执行监视设备( LEMF, Law Enforcement Monitoring Facility )、 合法监听的管理功能 ( ADMF , Administration Function ) 实体、 转交功能 ( DF, Delivery Function ) 实体、 服务呼叫会 话控制功能(S-CSCF, Serving-Call Session Control Function ) 实体和 / 或代理呼叫会话控制功能( P-CSCF, Proxy- Call Session Control Function ) 实体。 其中 LEMF、 ADMF和 DF位于执法机构侧, S-CSCF和 P-CSCF 作为 IMS网络中的监听控制单元位于 IMS网络中。  In order to implement lawful interception in the IP Multimedia Subsystem (IMS) network, the 3GPP TS33.107 standard defines a lawful interception model for the IMS network. Referring specifically to Figure 1, the model includes: Judicial Execution Monitoring Equipment (LEMF, Law Enforcement Monitoring Facility ), the administrative function of ADMF (Administration Function) entity, the DF, Delivery Function entity, the Serving-Call Session Control Function (S-CSCF) entity and/or Proxy-Call Session Control Function (P-CSCF) entity. Among them, LEMF, ADMF and DF are located on the law enforcement side, and S-CSCF and P-CSCF are located in the IMS network as the interception control unit in the IMS network.
在具体的业务实现中, 当需要在 IMS网络中执行监听时, ADMF将 执法机构侧的各种监听数据携带在监听指示中, 通过 Xl_l接口发送给 IMS网络中的 S-CSCF和 /或 P-CSCF, 当与监听对象相关的呼叫会话信 令消息经过 S-CSCF和 /或 P-CSCF时, S-CSCF和 /或 P-CSCF根据监听 指示中携带的监听数据对监听对象进行监听, 并将所获取的监听相关信 息(IRI, Intercept Related Information )通过 X2接口上报至执法机构侧 的 DF。 其中, 监听指示可以包括: 监听对象激活指示、 监听对象查询 指示及监听对象属性修改指示等; 监听数据可以包括监听对象的标识 等。 In a specific service implementation, when performing monitoring in the IMS network, the ADMF carries various interception data on the law enforcement agency side in the interception indication, and sends the S-CSCF and/or P- in the IMS network through the X1_1 interface. CSCF, when the call session signaling message related to the interception object passes through the S-CSCF and/or the P-CSCF, the S-CSCF and/or the P-CSCF listen to the interception object according to the interception data carried in the interception indication, and The acquired Intercept Related Information (IRI) is reported to the DF on the law enforcement side through the X2 interface. The interception indication may include: a listener object activation indication, a listener object query The indication and the interception object attribute modification indication, etc.; the interception data may include the identifier of the interception object, and the like.
在这种实现合法监听的方案中, 由于 S-CSCF和 /或 P-CSCF无法获 知除了基本会话消息以外的补充业务事件, 例如由应用服务器 (AS , Application Server )提供的增值业务, 所以 S-CSCF和 /或 P-CSCF无法 将监听对象的补充业务事件上报给 DF, 因此, 执法机构侧无法监听到 IMS网络中监听对象的补充业务事件。  In this scheme for implementing lawful interception, since the S-CSCF and/or the P-CSCF cannot learn supplementary service events other than basic session messages, such as value-added services provided by an application server (AS, Application Server), S- The CSCF and/or the P-CSCF cannot report the supplementary service event of the interception object to the DF. Therefore, the law enforcement agency side cannot monitor the supplementary service event of the interception object in the IMS network.
针对这一问题, 欧洲电信标准协会(ETSI ) 下属的电信和英特网融 合业务和十办议 ( TISPAN , Telecommunication and Internet converged Services and Protocols for Advanced Networking )研究合法监听 ( LI, Lawful Interception )的最新文稿 10tTD077al DTS-07013,定义了上报 IRI 的功能实体还可以进一步包括与 ADMF和 DF相连的 AS。 在这种情况 下, ADMF可以将监听数据携带在监听指示中通过 Xl_l接口直接发送 给 AS, 由于 AS负责处理诸如增值业务的补充业务, 所以 AS可以根据 监听数据将与补充业务事件相关的 IRI上报给 DF,从而可以解决执法机 构侧无法监听到 IMS网络中监听对象补充业务事件的问题。  In response to this problem, the European Telecommunications Standards Institute (ETSI)'s Telecommunication and Internet converged Services and Protocols for Advanced Networking study the latest contributions of LI, Lawful Interception. 10tTD077al DTS-07013, the functional entity that defines the reporting of the IRI may further include an AS connected to the ADMF and the DF. In this case, the ADMF can carry the interception data in the interception indication and directly send it to the AS through the Xl_l interface. Since the AS is responsible for processing supplementary services such as value-added services, the AS can report the IRI related to the supplementary service event according to the interception data. To the DF, it can solve the problem that the law enforcement agency side cannot monitor the supplementary service event of the interception object in the IMS network.
从以上描述可以看到,当前实现合法监听的模式总结起来为: ADMF 将监听数据发送给可以上报 IRI的网络功能实体, 当与监听对象相关的 消息经过这些网络功能实体时, 网络功能实体根据监听数据对监听对象 进行监听, 向 DF上报 IRL 由于监听对象可能会签约使用多种不同的业 务, 这些不同的业务可能由不同的 AS提供, 为使这些 AS通过 1_1接 口获得监听对象的监听数据, ADMF需要对这些 AS进行管理, 配置和 维护这些 AS的信息。 当监听对象签约业务的信息发生变化时, ADMF 上需要做同步的更新处理, 使对应的 AS获得或删除相应的监听数据, 这极大地增加了执法机构侧 ADMF管理和维护的工作量。 发明内容 As can be seen from the above description, the current mode of implementing lawful interception is summarized as follows: ADMF sends the interception data to the network function entity that can report the IRI. When the message related to the interception object passes through these network function entities, the network function entity monitors according to the network function entity. The data listens to the interception object and reports the IRL to the DF. Since the interception object may sign up to use a variety of different services, these different services may be provided by different ASs. In order for these ASs to obtain the interception data of the interception object through the 1_1 interface, ADMF These ASs need to be managed, configured, and maintained with information about these ASs. When the information of the subscription object subscription service changes, the ADMF needs to perform synchronous update processing to enable the corresponding AS to obtain or delete the corresponding monitoring data, which greatly increases the workload of the ADMF management and maintenance on the law enforcement agency side. Summary of the invention
有鉴于此, 本发明实施例提供一种传递合法监听信息的方法, 可以 降低 ADMF管理和维护网络功能实体的工作量。 该方法包括如下步骤: 参与监听对象会话的网络功能实体接收到携带监听信息的与监听对 象相关的消息;  In view of this, the embodiment of the present invention provides a method for transmitting legal interception information, which can reduce the workload of the ADMF to manage and maintain the network functional entity. The method includes the following steps: The network function entity participating in the interception object session receives a message related to the interception object carrying the interception information;
网络功能实体根据收到的监听信息对监听对象进行监听, 并向执法 机构侧上报监听相关信息 IRI和 /或通信内容 CC。  The network function entity monitors the interception object according to the received interception information, and reports the interception related information IRI and/or the communication content CC to the law enforcement agency side.
本发明实施例还提供一种传递合法监听信息的装置, 该装置设置于 参与监听对象会话的网络功能实体中, 并包括如下模块:  An embodiment of the present invention further provides an apparatus for transmitting legal interception information, where the apparatus is disposed in a network function entity participating in a listening object session, and includes the following modules:
监听信息解析模块, 用于从所述网络功能实体接收的与监听对象有 关的消息中解析出监听信息, 并将所述监听信息发送至监听模块;  a monitoring information parsing module, configured to parse out the interception information from the message related to the interception object received by the network function entity, and send the interception information to the monitoring module;
监听模块, 用于根据所述监听信息对监听对象进行监听, 产生 IRI 和 /或 CC;  a monitoring module, configured to monitor the monitoring object according to the monitoring information, to generate an IRI and/or CC;
上报模块, 用于将所述监听模块产生的 IRI和 /或 CC上报。  The reporting module is configured to report the IRI and/or CC generated by the monitoring module.
从以上技术方案可以看到, 本发明实施例提供的传递合法监听信息 的方法, 由于在与监听对象相关的消息中携带监听信息, 通过发送与监 听对象相关的消息传递监听信息给参与监听对象会话的网络功能实体, 由网络功能实体根据监听信息进行监听, 并向 DF上报 IRI和 /或 CC, 所以能降低 ADMF管理和维护这些网络功能实体的工作量。 附图简要说明  As can be seen from the above technical solution, the method for transmitting legal interception information provided by the embodiment of the present invention, because the interception information is carried in the message related to the interception object, and the interception information is transmitted to the participating listener session by sending a message related to the interception object. The network function entity is monitored by the network function entity according to the interception information, and reports the IRI and/or CC to the DF, so the workload of the ADMF management and maintenance of these network function entities can be reduced. BRIEF DESCRIPTION OF THE DRAWINGS
图 1是现有技术中 IMS网络的合法监听模型示意图;  1 is a schematic diagram of a lawful interception model of an IMS network in the prior art;
图 2是根据本发明实施例的涉及监听对象信令消息的合法监听网络 逻辑结构图;  2 is a logical structure diagram of a lawful interception network related to a listening object signaling message according to an embodiment of the present invention;
图 3是根据本发明实施例的传递合法监听信息的流程图; 图 4是根据本发明实施例的涉及监听对象媒体流的合法监听网络逻 辑结构图。 实施本发明的方式 3 is a flow chart of transmitting legal interception information according to an embodiment of the present invention; 4 is a logical structural diagram of a lawful interception network related to intercepting an object media stream according to an embodiment of the present invention. Mode for carrying out the invention
为了使本发明的特征和优点更加清楚明白, 下面参照附图结合具体 实施例对本发明作进一步的描述。  In order to make the features and advantages of the present invention more comprehensible, the present invention will be further described with reference to the accompanying drawings.
本发明实施例中, 在与监听对象相关的消息中扩展携带监听信息, 在将与监听对象相关的消息发送给参与监听对象会话的网络功能实体 的同时, 将监听信息传递给参与监听对象会话的网络功能实体, 这些网 络功能实体根据所收到的监听信息对监听对象进行监听, 上报 IRI 和 / 或通信内容( CC, Content of Communication ), 由于本发明实施例在与 监听对象相关的消息中传递监听信息,不需要 ADMF管理和维护众多的 网络功能实体, 所以可以降低 ADMF的工作量。  In the embodiment of the present invention, the interception information is extended in the message related to the interception object, and the message related to the interception object is sent to the network function entity participating in the interception object session, and the interception information is transmitted to the session of the participating listener object. The network function entity, the network function entity monitors the interception object according to the received interception information, and reports the IRI and/or the content of the communication (CC, Content of Communication), which is transmitted in the message related to the interception object according to the embodiment of the present invention. Monitoring information does not require ADMF to manage and maintain numerous network functional entities, so it can reduce the workload of ADMF.
下面参照附图结合具体实施例描述本发明主要思想的具体实现。 首先, 参见图 2, 描述根据本发明实施例的涉及监听对象信令消息 的合法监听网络逻辑结构。 图 2以 IMS网络为例, 给出包括终端、 网络 接入单元、 S-CSCF、 AS和合法监听业务应用服务器(LI-AS )的网络结 构。  The specific implementation of the main idea of the present invention will be described below with reference to the specific embodiments with reference to the accompanying drawings. First, referring to FIG. 2, a logical structure of a lawful interception network related to a listening object signaling message according to an embodiment of the present invention will be described. Figure 2 shows an IMS network as an example. The network structure including the terminal, the network access unit, the S-CSCF, the AS, and the lawful interception service application server (LI-AS) is given.
这里, 终端是监听对象, 可以是会话初始化协议 ( SIP, Session Initiation Protocol )终端; 也可以是传统普通电话服务( POTS, Plain Old Telephone Service )终端和综合业务数字网 (ISDN, Integrated Services Digital Network )终端。  Here, the terminal is a listening object, which may be a Session Initiation Protocol (SIP) terminal; or a traditional Plain Telephone Service (POTS) terminal and an Integrated Services Digital Network (ISDN). terminal.
网络接入单元与终端和 S-CSCF相连, 用于将终端接入到 IMS网络 中, 并提供注册、 认证和鉴权等功能。 网络接入单元和 S-CSCF之间的 E1 接口采用 SIP 协议。 网络接入单元可以是应用功能实体 (AF, Application Function ), 例: ¾口 P-CSCF, 对应接入的终端是 SIP终端; 网 络接入单元也可以是接入网关控制功能( AGCF, Access Gateway Control Function ), 对应接入的终端是 POTS终端和 ISDN终端。 The network access unit is connected to the terminal and the S-CSCF, and is used to connect the terminal to the IMS network, and provides functions such as registration, authentication, and authentication. The E1 interface between the network access unit and the S-CSCF uses the SIP protocol. The network access unit can be an application function entity (AF, Application Function ), for example: 3⁄4 port P-CSCF, the corresponding access terminal is a SIP terminal; the network access unit can also be an access gateway control function (AGCF, Access Gateway Control Function), and the corresponding access terminal is a POTS terminal. And ISDN terminals.
网络接入单元可以接收执法机构侧发送的携带有监听数据的监听指 示, 如果监听对象是主叫方, 则主叫方发送的 SIP消息到达可以使其接 入网络的网络接入单元时, 网络接入单元在 SIP消息中扩展携带上监听 信息,于是, SIP消息所经过的后续网元,例如互通边界控制功能(IBCF, Interconnection Border Control Function )、 问询呼叫会话控制功能 ( I-CSCF, Interrogation-Call Session Control Function ), S-CSCF, AS、 出口网关控制功能( BGCF, Breakout Gateway Control Function ), 媒体 网关控制功能( MGCF, Media Gateway Control Function )等将根据收到 消息中携带的监听信息进行相应的监听处理, 向 DF上报 IRI和 /或 CC。 当网络接入单元将 SIP消息发往非信任域网络实体时, 删除 SIP消息中 携带的监听信息。 这里, 非信任域网络实体是相对于信任域网络实体来 说的, 信任域网络实体是指服务提供者 (service provider )拥有的、 和 / 或可操作的、 和 /或可控制的系统和服务器, 相对的, 非信任域网络实体 可以是消费者的设备或第三方的设备等。  The network access unit may receive the interception indication that is sent by the law enforcement agency and carries the interception data. If the interception object is the calling party, the SIP message sent by the calling party arrives at the network access unit that can access the network, the network The access unit extends the interception information in the SIP message, so that subsequent network elements that the SIP message passes, such as an Interconnection Border Control Function (IBCF), and an inquiry call session control function (I-CSCF, Interrogation) -Call Session Control Function ), S-CSCF, AS, Exit Gateway Control Function (BGCF, Breakout Gateway Control Function), Media Gateway Control Function (MGCF, Media Gateway Control Function), etc. will be based on the interception information carried in the received message. The corresponding monitoring process reports the IRI and/or CC to the DF. When the network access unit sends the SIP message to the untrusted domain network entity, the interception information carried in the SIP message is deleted. Here, the untrusted domain network entity is relative to the trust domain network entity, and the trust domain network entity refers to a system and server owned, and/or operable, and/or controllable by the service provider. In contrast, the untrusted domain network entity may be a consumer device or a third party device or the like.
S-CSCF与 AS相连, 二者之间存在 E2接口, 该接口协议为 SIP协 议。 S-CSCF也可以接收执法机构侧发送的携带有监听数据的监听指示, 在与监听对象相关的 SIP消息到达为监听对象服务的 S-CSCF时,在 SIP 消息中扩展携带上监听信息,该 SIP消息所经过的后续网元,例如 IBCF、 I-CSCF, AS、 BGCF, MGCF, 网络接入单元等将根据收到消息中携带 的监听信息进行相应的监听处理。 当 S-CSCF将 SIP消息发往例如 AS 等其它非信任域网络实体时, 删除 SIP消息中携带的监听信息。  The S-CSCF is connected to the AS. There is an E2 interface between the two. The interface protocol is a SIP protocol. The S-CSCF can also receive the interception indication that is sent by the law enforcement agency and carries the interception data. When the SIP message related to the interception object arrives at the S-CSCF serving as the interception object, the S-CSCF is extended to carry the interception information in the SIP message. The subsequent network elements that the message passes, such as the IBCF, the I-CSCF, the AS, the BGCF, the MGCF, and the network access unit, perform corresponding interception processing according to the interception information carried in the received message. When the S-CSCF sends a SIP message to another untrusted domain network entity such as an AS, the interception information carried in the SIP message is deleted.
LI-AS 是执行合法监听业务逻辑的功能实体, 提供合法监听服务, 可以从执法机构侧获得监听数据。 LI-AS与 S-CSCF之间存在 E3接口, 接口协议为 SIP协议。 LI- AS接收执法机构侧发送的携带有监听数据的 监听指示, 在与监听对象相关的 SIP消息到达为监听对象服务的 LI-AS 时,在 SIP消息中扩展携带上监听信息,该 SIP消息所经过的后续网元, 如 IBCF、 I-CSCF、 S-CSCF, AS、 BGCF、 MGCF, 网络接入单元等将 根据收到消息中携带的监听信息进行相应的监听处理。 LI-AS is a functional entity that performs lawful interception of business logic and provides lawful interception services. The interception data can be obtained from the law enforcement agency side. An E3 interface exists between the LI-AS and the S-CSCF, and the interface protocol is the SIP protocol. The LI-AS receives the interception indication that is sent by the law enforcement agency and carries the interception data. When the SIP message related to the interception object arrives at the LI-AS that is the listener service, the SIP message is extended and carried in the SIP message. Subsequent network elements, such as IBCF, I-CSCF, S-CSCF, AS, BGCF, MGCF, network access unit, etc., will perform corresponding interception processing according to the interception information carried in the received message.
此外, LI-AS 也可以不接收执法机构侧发送的携带有监听数据的监 听指示, 而是由 S-CSCF对 LI-AS的触发表明 S-CSCF当前服务用户是 监听对象, S-CSCF从执法机构侧获取监听数据,在 SIP消息到达 S-CSCF 后, S-CSCF根据监听数据判断当前会话中被服务用户是否被监听, 若 被监听则将 SIP消息路由到 LI-AS; 或者 S-CSCF收到的监听数据是一 种触发过滤规则, S-CSCF将收到的 SIP消息和该过滤规则匹配, 匹配 成功则将该 SIP消息路由到 LI-AS, LI-AS在收到的 SIP消息中插入监 听信息。 这里所述的触发过滤规则可以和其它的初始过滤规则 (iFC ) 一样, 由 S-CSCF从归属用户服务器(HSS ) 中获取; 也可以由 S-CSCF 根据从执法机构侧获取的监听数据产生。  In addition, the LI-AS may also not receive the interception indication sent by the law enforcement agency with the interception data, but the trigger of the S-CSCF to the LI-AS indicates that the current service user of the S-CSCF is the interception object, and the S-CSCF from the law enforcement The organization side obtains the interception data. After the SIP message arrives at the S-CSCF, the S-CSCF determines whether the serviced user in the current session is monitored according to the interception data, and if it is intercepted, routes the SIP message to the LI-AS; or the S-CSCF receives The intercepted data is a triggering filter rule, and the S-CSCF matches the received SIP message with the filtering rule. If the matching succeeds, the SIP message is routed to the LI-AS, and the LI-AS inserts the received SIP message. Monitor information. The trigger filtering rules described herein may be obtained from the Home Subscriber Server (HSS) by the S-CSCF, as well as other initial filtering rules (iFC); or may be generated by the S-CSCF based on the interception data obtained from the law enforcement agency side.
此外,除了网络接入单元、 S-CSCF可以将发往非信任域网络实体的 SIP 消息中携带的监听信息删除以外, 作为网络边界网元的 IBCF、 BGCF、 I-CSCF、 MGCF也可以从 SIP消息中删除相关的监听信息, 这 些删除可以是无条件的, 也可以通过判断 SIP消息发往非信任域进行触 发删除。  In addition, in addition to the network access unit, the S-CSCF may delete the interception information carried in the SIP message sent to the untrusted domain network entity, and the IBCF, BGCF, I-CSCF, and MGCF as the network boundary network element may also be from the SIP. The related interception information is deleted in the message, and the deletion may be unconditional, or the SIP message may be sent to the untrusted domain to trigger the deletion.
此外,在分组域中,媒体网关和媒体资源功能处理器(MRFP, Media Resource Function Processor )在一般情况下, 是基于 Η.248协议控制的, 但在某些情况下, 也可以基于 SIP协议控制, 因此, 上述携带监听信息 的 SIP消息也可以发往媒体网关和 MRFP, MRFP有时也被称为媒体资 源服务器。 In addition, in the packet domain, the media gateway and the Media Resource Function Processor (MRFP) are generally controlled based on the 248.248 protocol, but in some cases, they may also be controlled based on the SIP protocol. Therefore, the above SIP message carrying the interception information can also be sent to the media gateway and the MRFP, and the MRFP is sometimes called the media resource. Source server.
下面基于图 2所示的网络逻辑结构, 描述传递合法监听信息的具体 过程。 在本实施例中, IMS网络中的监听对象为被叫方, 被叫方可能签 约不同的业务, 每个业务由不同的 AS处理, 这里, 假定该被叫方签约 了源标识显示 ( OIP, Originating Identification Presentation ) 业务, 由 OIPAS处理被叫方的该业务, 因此, 参与监听对象会话的网络功能实体 为 OIPAS, 与监听对象相关的消息是 SIP消息中的请求消息 Invite。  The following describes the specific process of transmitting legal interception information based on the network logical structure shown in FIG. 2. In this embodiment, the interception object in the IMS network is the called party, and the called party may sign different services, and each service is processed by a different AS. Here, it is assumed that the called party signs the source identifier display (OIP, Originating Identification Presentation) The service of the called party is processed by the OIPAS. Therefore, the network function entity participating in the interception object session is OIPAS, and the message related to the interception object is the request message Invite in the SIP message.
参见图 3, 传递合法监听信息的具体过程包括:  Referring to Figure 3, the specific process of transmitting legal interception information includes:
步骤 301-303、发往监听对象的请求消息 Invite到达为监听对象服务 的 S-CSCF, S-CSCF在执行监听对象用户配置中的 iFC之前, 在请求消 息 Invite中扩展携带监听对象的监听信息, 然后 S-CSCF执行 iFC,将请 求消息路由到 OIPAS;  Steps 301-303, the request message Invite sent to the interception object arrives at the S-CSCF serving the interception object, and the S-CSCF expands the interception information of the interception object in the request message Invite before executing the iFC in the interception target user configuration. The S-CSCF then performs iFC to route the request message to the OIPAS;
OIPAS为监听对象提供了源标识显示业务, 因此, 当向作为监听对 象的被叫方发送请求消息时, 为被叫方服务的 S-CSCF会根据 iFC将请 求消息路由到 OIP AS, 为了可以监听到 OIP AS提供的补充业务事件, 在 S-CSCF将请求消息路由到 OIPAS之前,在请求消息中扩展携带上监 听信息, 然后, S-CSCF再执行 iFC, 将请求消息路由到 OIP AS, 这样 OIPAS就可以收到监听信息。 于是, OIPAS不需要从 ADMF上获取监 听数据来执行监听从而上报 IRI,换句话说, ADMF不用管理和维护 OIP AS, 因此降低了 ADMF管理和维护 OIPAS的工作量。  The OIPAS provides the source identifier display service for the interception object. Therefore, when the request message is sent to the called party as the interception object, the S-CSCF serving the called party will route the request message to the OIP AS according to the iFC, in order to be able to listen. The supplementary service event provided by the OIP AS is extended to carry the interception information in the request message before the S-CSCF routes the request message to the OIPAS, and then the S-CSCF performs the iFC to route the request message to the OIP AS, such that the OIPAS You can receive the monitoring information. Therefore, OIPAS does not need to obtain monitoring data from ADMF to perform monitoring to report IRI. In other words, ADMF does not need to manage and maintain OIP AS, thus reducing the workload of ADMF to manage and maintain OIPAS.
步骤 304-307、 OIP AS收到 S-CSCF路由过来的请求消息后, 执行 OIP业务处理, 并解析请求消息, 根据请求消息中携带的监听信息, 上 报监听对象发生 OIP业务的补充业务事件给 DF, 然后将请求消息路由 回为监听对象服务的 S-CSCF;  Steps 304-307: After receiving the request message routed by the S-CSCF, the OIP AS performs the OIP service processing, and parses the request message, and reports the supplementary service event of the OIP service to the DF according to the interception information carried in the request message. And then routing the request message back to the S-CSCF serving the listener object;
步骤 308-309、 S-CSCF收到 OIP AS路由回来的请求消息后, 根据 iFC的优先级判断是否还需要将请求消息路由到其它 AS,这里假定被叫 方只签约了 OIP业务, 那么, S-CSCF可以确定不需要将请求消息路由 到其它 AS, 即请求消息需要发往非 AS, 于是 S-CSCF删除请求消息中 扩展携带的监听信息, 然后将请求消息路由到其它实体, 例如直接路由 到被叫方的网络接入单元。 Steps 308-309, after receiving the request message returned by the OIP AS, the S-CSCF according to the request message The priority of the iFC determines whether the request message needs to be routed to other ASs. It is assumed that the called party only subscribes to the OIP service. Then, the S-CSCF can determine that the request message does not need to be routed to other ASs, that is, the request message needs to be sent to the AS. Non-AS, then the S-CSCF deletes the interception information carried in the extension request message, and then routes the request message to other entities, for example, directly to the network access unit of the called party.
由于在 SIP请求消息中携带监听信息发送给 AS, AS根据 SIP请求 消息中携带的监听信息上报 IRI, 并不存储 ADMF发送的监听数据, 并 且在请求消息发送给非 AS时, S-CSCF会删除请求消息中的监听信息, 所以可以降低数据泄密的可能性。  The AS sends the interception information to the AS in the SIP request message, and the AS reports the IRI according to the interception information carried in the SIP request message, and does not store the interception data sent by the ADMF, and the S-CSCF deletes the request message when it is sent to the non-AS. The interception information in the request message, so the possibility of data leakage can be reduced.
以上仅参照图 3以监听对象作为被叫方并应用 OIP业务为例, 描述 了在请求消息中携带监听信息发送给 OIP AS, OIP AS根据请求消息中 携带的监听信息上报补充业务事件的过程, 事实上, 无论监听对象是处 于呼叫中的哪一方, 无论是主叫方还是被叫方, 所有到达为监听对象服 务的 S-CSCF的、与监听对象相关的请求消息, S-CSCF都可以在请求消 息中携带上监听信息, 将请求消息发送给监听对象用户配置中 iFC指定 的 AS, 同时也就将监听信息传递给了 AS, 在 S-CSCF将请求消息发送 给其它非信任域网络实体时, S-CSCF或者作为网络边界网元的 IBCF、 BGCF、 I-CSCF、 MGCF删除请求消息中携带的监听信息。 特别地, 如 果监听对象是主叫方, 接收到执法机构侧发送的携带有监听数据的监听 指示的网络接入单元可以在主叫方发送的 SIP 消息到达网络接入单元 时, 在 SIP消息中扩展携带上监听信息。  The process of reporting the supplementary service event by the OIP AS according to the interception information carried in the request message is described in the following example. In fact, regardless of which party is in the call, whether it is the calling party or the called party, all the S-CSCFs that arrive at the S-CSCF serving the listening object, the request message related to the listening object, the S-CSCF can The request message carries the interception information, and sends the request message to the AS specified by the iFC in the user configuration of the interception object, and also transmits the interception information to the AS, when the S-CSCF sends the request message to other untrusted domain network entities. The S-CSCF or the IBCF, the BGCF, the I-CSCF, and the MGCF as the network boundary network element delete the interception information carried in the request message. Specifically, if the intercepting object is the calling party, the network access unit that receives the interception indication that carries the interception data sent by the law enforcement agency side can be in the SIP message when the SIP message sent by the calling party arrives at the network access unit. The extension carries the monitoring information.
另外, 图 3所示的实施例是以请求消息携带监听信息为例的, 实际 应用中, 也可以利用响应消息来携带监听信息。  In addition, the embodiment shown in FIG. 3 is an example in which the request message carries the interception information. In an actual application, the response message may also be used to carry the interception information.
在图 3所示的过程中, 是由为监听对象服务的 S-CSCF在 SIP消息 中插入和删除监听信息的,具体实现时,还可以在与监听对象相关的 SIP 消息到达为监听对象服务的 LI-AS时, 由 LI-AS在 SIP消息中扩展携带 上监听信息。 In the process shown in FIG. 3, the S-CSCF serving the interception object inserts and deletes the interception information in the SIP message. In specific implementation, the SIP related to the interception object may also be used. When the message arrives at the LI-AS of the listening object service, the LI-AS extends the interception information in the SIP message.
同样,图 3仅示出 OIPAS接收到 SIP消息中携带的监听信息上报 IRI 的过程, 事实上当携带监听信息的消息发送到信任域内的 I-CSCF、 S-CSCF、 AS、 BGCF、 MGCF、 媒体网关、 MRFP等网络实体时, 这些 网络实体都可以根据监听信息上报 IRI到 DF。  Similarly, FIG. 3 only shows the process in which the OIPAS receives the interception information carried in the SIP message and reports the IRI. In fact, the message carrying the interception information is sent to the I-CSCF, S-CSCF, AS, BGCF, MGCF, and media gateway in the trust domain. When a network entity such as MRFP is used, these network entities can report IRI to DF according to the interception information.
以上仅描述了在 SIP消息中携带合法监听信息进行传递的过程, 下 面描述具体如何在 SIP消息中携带监听信息。  The above describes only the process of carrying the legal interception information in the SIP message. The following describes how to carry the interception information in the SIP message.
首先, 描述所携带的监听信息。 在 SIP消息中所携带的监听信息包 括监听对象的标识, 该标识可以是 SIP统一资源标识符(URI )或者电 话(td )统一资源定位符(URL ), 也可以是描述消息中指定的某一方 或多方是否被监听的标志。 监听信息可以进一步包括执法机构或监听中 心的地址信息, 该地址信息给出当前接收 IRI和 /或 CC的地址, 可以是 一个可路由的 URI, 也可以是一个 IP地址, 当上报 IRI和 /或 CC时, 可 以根据监听信息中包括的执法机构或监听中心的地址信息, 上报至监听 信息中指定的 DF, 该地址信息可以是 DF2地址, 用来描述接收监听对 象 IRI的地址;也可以是 DF3地址,用来描述接收监听对象 CC的地址; 也可以是 DF2地址和 DF3地址的组合。 监听信息还可以进一步包括密 钥或证书, 密钥或证书是确认和接收 SIP消息中携带的监听信息的唯一 标志, 即只有当密钥或证书匹配时才确认监听信息正确和合法, 并接收 监听消息。 监听信息还可以进一步包括取消监听指示信息, 当 AS或其 它参与监听对象会话的实体在接收到消息中携带的监听信息时, 为避免 每次重复传递可以将监听信息保存在本地, 在这种情况下, 如果监听对 象被取消监听, 那么 AS或其它参与监听对象会话的实体根据监听信息 中的取消监听指示信息删除保存在本地的监听对象的监听信息。 上述监 听信息可以在任何 SIP消息中携带。 First, describe the interception information carried. The interception information carried in the SIP message includes an identifier of the interception object, and the identifier may be a SIP Uniform Resource Identifier (URI) or a telephone (td) Uniform Resource Locator (URL), or may be one of the specified parties in the description message. Or the flag of whether multiple parties are being monitored. The interception information may further include address information of the law enforcement agency or the interception center, the address information giving an address of the currently received IRI and/or CC, may be a routable URI, or an IP address, when reporting the IRI and/or The CC may be reported to the DF specified in the interception information according to the address information of the law enforcement agency or the interception center included in the interception information, and the address information may be a DF2 address, which is used to describe the address of the IRI receiving the interception object; or may be DF3 The address is used to describe the address of the receiving listening object CC; it can also be a combination of the DF2 address and the DF3 address. The interception information may further include a key or a certificate, and the key or the certificate is a unique identifier for confirming and receiving the interception information carried in the SIP message, that is, the interception information is confirmed to be correct and legal only when the key or the certificate matches, and the interception is received. Message. The interception information may further include canceling the interception indication information. When the AS or other entity participating in the interception object session receives the interception information carried in the message, the interception information may be saved locally in each case to avoid the repeated transmission. Next, if the interception object is unlisted, the AS or other entity participating in the interception object session deletes the interception information of the local monitor object according to the cancel monitor indication information in the interception information. The above supervision The listening message can be carried in any SIP message.
在一次会话过程中, 可以有一个以上的网元参与控制 CC的上 4艮, 如可以在拜访域上报 CC, 也可以在归属域上报 cc。 为了减少不同网元 的多次重复 CC上报, 从而避免媒体资源的浪费, 在将 CC上报给同一 DF3的前提下, 一般在一次会话过程中只进行一次 CC上报处理。 具体 的实现方式可以是如下两种:  During a session, more than one network element can participate in controlling the upper limit of the CC. For example, the CC can be reported in the visited domain, or cc can be reported in the home domain. In order to reduce the number of repeated CC reports of different network elements, so as to avoid waste of media resources, the CC reporting process is generally performed only once in a session, on the premise that the CC is reported to the same DF3. The specific implementation can be as follows:
方式一是在上述的监听信息中只携带上报 IRI的指示, 不携带或删 除掉上报 CC的指示, 或将上报 CC的指示设置为 "否"。 如在一次会话 中, P-CSCF知道用户在拜访域已经被上报了 CC, 则在其发出的 SIP消 息中只携带上报 IRI的指示, 或者将上报 CC的指示设置为否, 这样, 归属域的网元收到该 SIP消息后, 将不上报 CC。 当然, 在实际应用中, 并非仅限于拜访域上报后归属域不再上报, 对于相反的过程, 在归属域 上报后拜访域不再上报, 同样属于本发明的保护范围。 类似的, 还可以 在监听信息中只携带 DF2地址而不携带 DF3地址,或删除掉 DF3地址, 或将 DF3地址设置为无效等, 这样, 后续网元由于不知道 DF3地址, 或接收到的 DF3地址为无效, 就不能将 CC上报。  The first method is to carry only the indication for reporting the IRI in the above-mentioned monitoring information, and does not carry or delete the indication for reporting the CC, or set the indication for reporting the CC to "No". For example, in a session, the P-CSCF knows that the user has reported the CC in the visited domain, and only carries the indication of reporting the IRI in the SIP message sent by the P-CSCF, or sets the indication of reporting the CC to No, so that the home domain After receiving the SIP message, the NE will not report the CC. Of course, in the actual application, the home domain is not reported only after the domain is reported. For the reverse process, the domain is not reported after the home domain is reported, which is also within the protection scope of the present invention. Similarly, the DF2 address may be carried in the interception information without carrying the DF3 address, or the DF3 address may be deleted, or the DF3 address may be set to be invalid, etc., so that the subsequent network element does not know the DF3 address, or the received DF3. If the address is invalid, the CC cannot be reported.
方式二是在上述的监听信息中携带 CC上报完成指示, 指示本次会 话 CC上报已经完成。 进一步的, CC上报完成指示还可以包括完成 CC 上报的网元和 /或该 CC上报对应的 DF3地址。如在一次会话中, P-CSCF 知道用户在拜访域已经被上报了 CC ,则在发出的 SIP消息中携带 CC上 4艮完成指示, 以及对应的 DF3地址, 这样, 归属域的网元收到该 SIP消 息后, 将判断前面网元完成 CC上报对应的 DF3地址是否和本网元上报 CC对应的 DF3地址是否一致, 若相同, 则不再处理 CC上报; 若不相 同, 则向本网元对应的 DF3地址上报 CC。 比如当拜访域和归属域对应 的 DF3地址不一致时, 即使在拜访域已经上报了 CC, 归属域也要处理 CC上报。 The second method is to carry the CC report completion indication in the foregoing interception information, and indicate that the CC report has been completed in the current session. Further, the CC reporting completion indication may further include completing the network element reported by the CC and/or the corresponding DF3 address reported by the CC. For example, in a session, the P-CSCF knows that the user has reported the CC in the visited domain, and the SIP message sent in the sent SIP message carries the completion indication of the CC and the corresponding DF3 address, so that the network element of the home domain is received. After the SIP message, it is determined whether the DF3 address corresponding to the CC reported by the previous network element is consistent with the DF3 address corresponding to the CC reported by the local network element. If the same, the CC report is not processed; if not, the local network element is not processed. The corresponding DF3 address is reported to the CC. For example, when the DF3 address corresponding to the visited domain and the home domain is inconsistent, even if the CC has been reported in the visited domain, the home domain is processed. CC reported.
在 SIP消息中携带监听信息可以使用 SIP头域携带,也可以使用 SIP 消息体携带。 使用 SIP头域携带监听信息包括使用已有头域携带和扩展 SIP消息头域携带, 使用已有头域携带监听消息举例如下:  The interception information carried in the SIP message can be carried by the SIP header field or by the SIP message body. The use of the SIP header field to carry the interception information includes carrying and extending the SIP header field carrying the existing header field, and using the existing header field to carry the interception message is as follows:
SIP 头域 P-Charging-Function-Address 用于传递计费功能地址的分 配, S-CSCF在请求消息 Invite到达时在请求中加入该消息头,并在该消 息头中使用扩展参数携带监听信息, 例如, 用扩展参数 li-id携带监听对 象的标识 tom@home.com, 用扩展参数 delivery-function携带 DF地址 df2@lea.com,  The SIP header field P-Charging-Function-Address is used to transmit the allocation of the charging function address. The S-CSCF adds the message header to the request when the request message Invite arrives, and uses the extended parameter to carry the interception information in the message header. For example, use the extended parameter li-id to carry the identifier of the listener object tom@home.com, and use the extended parameter delivery-function to carry the DF address df2@lea.com,
P-Charging-Function- Address:  P-Charging-Function- Address:
li-id=tom@home.com; deli very-f unction=df 2 @ lea.com  Li-id=tom@home.com; deli very-f unction=df 2 @ lea.com
扩展 SIP消息头域携带监听信息举例如下:  An example of extending the SIP message header field to carry interception information is as follows:
P-LI: <sip:tom@home.com>; delivery- function=df2 @ lea.com  P-LI: <sip:tom@home.com>; delivery- function=df2 @ lea.com
该扩展 SIP 消息头域 P-LI 中携带表示监听对象的标识为 tom@home.com; DF地址为 df2@lea.com;  The extended SIP message header field P-LI carries the identifier indicating the listening object as tom@home.com; the DF address is df2@lea.com;
或,  Or,
P-LI: orig; delivery- function=df2 @ lea.com  P-LI: orig; delivery- function=df2 @ lea.com
上述 P-LI头域中携带的是监听对象标志 orig, 表示消息发送源即主 叫用户被监听, 而具体的监听对象就是消息发送源的标识, 可以取自 From头域或 P- Asserted-Identity头域等;  The P-LI header field carries the interception object identifier orig, indicating that the message sending source, that is, the calling user is monitored, and the specific listening object is the identifier of the message sending source, which can be taken from the From header field or P-Asserted-Identity. Head field, etc.
或,  Or,
P-LI: dest; delivery- function=df2 @ lea.com  P-LI: dest; delivery- function=df2 @ lea.com
上述 P-LI头域中携带的是监听对象标志 dest, 表示消息目的方即被 叫用户被监听, 而具体的监听对象就是消息目的方标识, 可以取自 Request-URI内容、 To头域、 P- Asserted-Identity头域或 P-Called-Party-ID 头域等。 The P-LI header field carries the interception object flag dest, indicating that the called party of the message is the listener, and the specific interception object is the message destination identifier, which can be taken from the Request-URI content, the To header field, and the P - Asserted-Identity header field or P-Called-Party-ID Header field, etc.
取消监听指示信息的示例如下:  An example of canceling the monitoring indication information is as follows:
P-LI: dest; cancel  P-LI: dest; cancel
上述 P-LI头域中携带的是监听对象标志 dest和取消监听指示的标志 cancel , 表示消息目的方被取消监听。  The above-mentioned P-LI header field carries the interception object flag dest and the cancel cancel indication flag cancel, indicating that the message destination is canceled.
密钥或证书的示例如下:  An example of a key or certificate is as follows:
P-LI: key= "6629fae49393a05397450978507c4efl"  P-LI: key= "6629fae49393a05397450978507c4efl"
上述 P-LI头域中携带的是监听信息的密钥或证书 key值, 参与监听 对象会话的实体接收到携带监听信息的消息后, 根据消息中携带的监听 信息的密钥或证书 key值, 按照事先约定的算法或者其它的方式, 确认 消息中携带的监听信息的正确性和合法性, 并根据监听信息进一步执行 本发明中描述的处理。  The key in the P-LI header field is the key of the interception information or the key value of the certificate. After the entity participating in the interception object receives the message carrying the interception information, the key or certificate key value of the interception information carried in the message is The correctness and legality of the interception information carried in the message are confirmed according to a previously agreed algorithm or other manner, and the processing described in the present invention is further performed according to the interception information.
使用 SIP消息体携带监听消息通常通过在 SIP消息体中插入一个包 括类型名称、 子类型名称、 所需参数和解码类型的多用途网络邮件扩展 ( MIME, Multipurpose Internet Mail Extensions )类型体来携带监听信息, 并且该监听信息可以用扩展标记语言 (XML )描述。  Using the SIP message body to carry the interception message usually carries the interception information by inserting a type of MIME (Multipurpose Internet Mail Extensions) type including a type name, a subtype name, a required parameter, and a decoding type in the SIP message body. And the interception information can be described in the Extended Markup Language (XML).
以上参见图 2和图 3详细描述了在 SIP消息中插入监听消息, 传递 给 AS或其它参与监听对象会话的网元, 并由 AS或其它参与监听对象 会话的网元上报 IRI的过程, 事实上, 参与监听对象会话的其它网络功 能实体, 并不总是以 SIP协议参与监听对象会话的, 例如 GPRS网关支 持节点 (GGSN, Gateway GPRS Support Node ), 边界网关功能(BGF, Border Gateway Function )、 包括住宅网关和接入网关的网关等, 都可以 通过在与监听对象相关的非 SIP协议消息中传递监听信息的方式获得监 听信息, 进而上报 IRI 和 /或 CC, 这些非 SIP协议消息可以是直径 ( Diameter ) 消息或 H.248消息或公共开放策略服务协议消息 ( COPS, Common Open Policy Service protocol )等。 Referring to FIG. 2 and FIG. 3, the process of inserting a snoop message into a SIP message, passing it to an AS or other network element participating in the interception object session, and reporting the IRI by the AS or other network element participating in the interception object session is actually described in detail. Other network function entities participating in the interception object session do not always participate in the interception object session in the SIP protocol, such as a GPRS Gateway Support Node (GGSN), a Border Gateway Function (BGF), including The gateway of the residential gateway and the access gateway can obtain the interception information by transmitting the interception information in the non-SIP protocol message related to the interception object, and then report the IRI and/or CC, and the non-SIP protocol messages can be diameters ( Diameter) message or H.248 message or public open policy service protocol message (COPS, Common Open Policy Service protocol).
事实上, 在图 2所示的网络结构中, 仅仅考虑了信令消息的传递, 对于终端在进行通话时的通话内容, 包括语音、 视频等媒体流, 根据终 端的类型不同,是分别通过 BGF、 GGSN或网关等功能实体接入网络的。 具体参见图 4, 图 4示出根据本发明实施例的涉及监听对象媒体流的合 法监听网络逻辑结构。 应用功能实体(AF ), 例如 P-CSCF, 或者互通边 界控制功能( IBCF, Interconnection Border Control Function ),或者 AGCF, 根据信令消息确定终端通话媒体流的大小, 并发送消息告知服务策略决 策功能( SPDF, Service Policy Decision Function )或策略决策功能( PDF, Policy Decision Function ), 由 SPDF或 PDF发送消息至 BGF、 GGSN或 网关, 给终端分配合适的带宽。 由于 BGF或者其它网关都是媒体网关 ( MG, Media Gateway )的一种, 在这里, 把 BGF、 网关等统称为媒体 网关。 AF与 SPDF或 PDF之间的接口协议为 Diameter协议,传递 Diameter 消息; SPDF与媒体网关之间的接口协议为 H.248协议, 传递 H.248消 息; PDF与 GGSN之间的接口协议为 COPS协议, 传递 COPS消息。  In fact, in the network structure shown in FIG. 2, only the transmission of signaling messages is considered, and the content of the call when the terminal is in a call, including media streams such as voice and video, is respectively passed through the BGF according to the type of the terminal. A functional entity such as a GGSN or a gateway accesses the network. Referring to FIG. 4, FIG. 4 illustrates a logical structure of a normal interception network involved in listening to an object media stream according to an embodiment of the present invention. An application function entity (AF), such as a P-CSCF, or an Interconnection Border Control Function (IBCF), or an AGCF, determines the size of the terminal call media stream according to the signaling message, and sends a message to notify the service policy decision function ( SPDF (Service Policy Decision Function) or Policy Decision Function (PDF), which sends a message to the BGF, GGSN or gateway by SPDF or PDF to allocate the appropriate bandwidth to the terminal. Since BGF or other gateways are all types of media gateways (MGs, Media Gateways), BGFs, gateways, etc. are collectively referred to as media gateways. The interface protocol between AF and SPDF or PDF is Diameter protocol, and the Diameter message is transmitted; the interface protocol between SPDF and media gateway is H.248 protocol, and H.248 message is transmitted; the interface protocol between PDF and GGSN is COPS protocol. , Pass the COPS message.
在这种情况下, AF在发送给 SPDF或 PDF的 Diameter消息中扩展 携带监听信息将监听信息传递给 SPDF或 PDF, 进一步由 SPDF或 PDF 在 H.248消息或 COPS消息中扩展携带监听信息发送给 BGF、 GGSN或 网关, BGF、 GGSN或网关对监听对象进行监听, 由于终端通话的媒体 流经过 BGF、 GGSN或网关,所以 BGF、 GGSN或网关不仅可以上 IRI 还可以上报 CC。 此外, 类似地, 对于通过 AGCF接入的终端, 可以由 AGCF在与网关交互时, 在 H.248消息中携带监听信息给网关, 网关根 据 H.248消息中的监听信息, 上报 IRI和 /或 CC给 DF。 因此, 在这里, 与监听对象相关的消息包括 Diameter消息、 H.248消息和 COPS消息, 参与监听对象会话的网络功能实体为 BGF、 GGSN或网关。 MRFP也可 以通过扩展携带监听信息的 H.248消息获得监听信息。 例如, 当监听对 象的会话需要使用 MRFP上的资源时,媒体资源功能控制器 MRFC通过 H.248消息将监听信息传递给 MRFP, MRFP根据 H.248消息中的监听 信息, 上报 IRI和 /或 CC给 DF。 In this case, the AF extends the carrying information in the Diameter message sent to the SPDF or PDF to transmit the monitoring information to the SPDF or PDF, and further expands the carrying information in the H.248 message or the COPS message by the SPDF or the PDF. The BGF, the GGSN, or the gateway, the BGF, the GGSN, or the gateway monitors the intercepted object. Since the media stream of the terminal call passes through the BGF, the GGSN, or the gateway, the BGF, the GGSN, or the gateway can not only report the IRI but also report the CC. In addition, similarly, for the terminal accessed through the AGCF, the AGCF can carry the interception information to the gateway in the H.248 message when interacting with the gateway, and the gateway reports the IRI and/or according to the interception information in the H.248 message. CC to DF. Therefore, the message related to the interception object includes a Diameter message, an H.248 message, and a COPS message, and the network function entity participating in the interception object session is a BGF, a GGSN, or a gateway. MRFP is also available The interception information is obtained by extending the H.248 message carrying the interception information. For example, when the session of the interception object needs to use the resource on the MRFP, the media resource function controller MRFC transmits the interception information to the MRFP through the H.248 message, and the MRFP reports the IRI and/or CC according to the interception information in the H.248 message. Give DF.
从以上描述可以看到, 监听信息可以进一步包括上报 IRI和 /或 CC 的指示, 表明当前监听是否需要上报 IRI和 /或 CC; 还可以进一步包括 DF地址, DF地址包括 DF2地址和 DF3地址,分别对应上报 IRI的地址 和上报 CC的地址, DF2地址和 DF3地址都可以是 URI, 也可以是 IP 地址。  As can be seen from the above description, the interception information may further include an indication of reporting the IRI and/or the CC, indicating whether the current monitoring needs to report the IRI and/or the CC; and further including a DF address, the DF address including the DF2 address and the DF3 address, respectively Corresponding to the address of the reported IRI and the address of the CC, the DF2 address and the DF3 address can both be URIs or IP addresses.
具体地, 在 H.248消息中扩展携带监听信息的举例如下:  Specifically, an example of extending the interception information in the H.248 message is as follows:
要扩展携带监听信息, 需要定义监听信息包, 这里定义的监听信息 包中包括监听信息包标识(ID )和属性, 属性包括: 监听对象标识, 还 可以进一步包括 DF2地址和 /或 DF3地址, 上报 IRI和 /或 CC的指示、 密钥或证书、 取消监听指示信息等。 其中, 监听对象标识用来描述监听 对象的用户身份标识, 可以是 SIP URI, 也可以是 td URL; DF2地址用 来描述监听对象 IRI输出的地址, 可以是 URI, 也可以是 IP地址; DF3 地址用来描述监听对象 CC输出的地址,可以是 URI,也可以是 IP地址。  To extend the carrying of the interception information, the interception information packet needs to be defined. The interception information packet defined here includes the interception information packet identifier (ID) and the attribute, and the attributes include: the interception object identifier, and may further include a DF2 address and/or a DF3 address, and report IRI and/or CC indication, key or certificate, canceled listening indication information, etc. The listening object identifier is used to describe the user identity of the listening object, which may be a SIP URI or a td URL. The DF2 address is used to describe the address of the IRI output of the listening object, which may be a URI or an IP address; DF3 address The address used to describe the output of the listening object CC, which can be either a URI or an IP address.
在 Diameter消息中扩展携带监听信息,可以通过扩展 Diameter的属 性值对(AVP ), 使其在会话过程中携带监听信息来实现。 AVP 包括属 性名、 属性码、 属性值的类型, 具体的 AVP格式中可以包含监听对象标 识、 DF2地址和 /或 DF3地址等。  The extension carrying the interception information in the Diameter message can be implemented by extending the Diameter attribute value pair (AVP) to carry the interception information during the session. The AVP includes the attribute name, attribute code, and attribute value type. The specific AVP format can include the listener object identifier, the DF2 address, and/or the DF3 address.
在 COPS消息中扩展携带监听信息, 可以通过扩展 3GPP为 PDF与 GGSN 之间的 Go 接口定义的策略信息库 (PIB , Policy Information Base ), 例如, 定义监听信息为 COPS 专有对象, 包括监听对象标识、 DF2地址和 /或 DF3地址等。监听信息专有对象在 PDF发送给 GGSN的 消息中携带。 To extend the carrying of the interception information in the COPS message, the 3GPP can be extended to the Policy Information Base (PIB) defined by the Go interface between the PDF and the GGSN. For example, the interception information is defined as a COPS proprietary object, including the interception object identifier. , DF2 address and / or DF3 address, etc. Listening to information specific objects are sent to the GGSN in PDF Carry in the message.
可以看到, 在 SIP消息、 Diameter消息、 H.248消息、 COPS消息中 传递的监听信息的内容是一致的, 不同之处仅在于消息的格式不同。  It can be seen that the contents of the interception information transmitted in the SIP message, the Diameter message, the H.248 message, and the COPS message are the same, except that the format of the message is different.
本发明实施例在参与监听对象会话的网络功能实体中设置用于传递 合法监听消息的装置, 该装置包括如下模块:  The embodiment of the present invention sets an apparatus for transmitting a lawful interception message in a network function entity participating in a listening object session, and the apparatus includes the following modules:
监听信息解析模块, 用于从所述网络功能实体接收的与监听对象有 关的消息中解析出监听信息, 并将所述监听信息发送至监听模块;  a monitoring information parsing module, configured to parse out the interception information from the message related to the interception object received by the network function entity, and send the interception information to the monitoring module;
监听模块, 用于根据所述监听信息对监听对象进行监听, 产生 IRI 和 /或 CC;  a monitoring module, configured to monitor the monitoring object according to the monitoring information, to generate an IRI and/or CC;
上报模块, 用于将所述监听模块产生的 IRI和 /或 CC上报。  The reporting module is configured to report the IRI and/or CC generated by the monitoring module.
所述与监听对象相关的消息为 SIP消息时, 所述参与监听对象会话 的网络功能实体为 AS、 I-CSCF、 IBCF、 BGCF、 MGCF、 媒体网关或 When the message related to the interception object is a SIP message, the network function entity participating in the interception object session is an AS, an I-CSCF, an IBCF, a BGCF, an MGCF, a media gateway, or
MRFP; MRFP;
所述与监听对象相关的消息为 Diameter消息时, 所述网络功能实体 为 SPDF或 PDF;  When the message related to the interception object is a Diameter message, the network function entity is SPDF or PDF;
所述与监听对象相关的消息为 H.248消息时, 所述网络功能实体为 媒体网关或 MRFP;  When the message related to the interception object is an H.248 message, the network function entity is a media gateway or an MRFP;
所述与监听对象相关的消息为 COPS消息时, 所述网络功能实体为 GGSN。  When the message related to the interception object is a COPS message, the network function entity is a GGSN.
该装置还可以进一步包括:  The device may further comprise:
监听信息删除模块, 用于当所述网络功能实体将所述与监听对象相 关的消息对外发送之前, 判断是否要发送到非信任域实体, 若是, 则删 除所述与监听对象有关的消息中的监听信息。  a monitoring information deleting module, configured to: before the network function entity sends the message related to the intercepting object to the untrusted domain entity, if yes, delete the message related to the intercepting object Monitor information.
若所述监听信息中包含上报 CC的指示和 /或 DF3地址,该装置进一 步包括: CC上报指示设置模块, 用于删除所述监听信息中的上报 CC 的指 示、 将上报 CC的指示设置为否、 在监听信息中删除 DF3地址、 或者将 DF3地址设置为无效; If the interception information includes an indication of reporting a CC and/or a DF3 address, the apparatus further includes: The CC reporting indication setting module is configured to delete the indication of reporting the CC in the monitoring information, set the indication of reporting the CC to No, delete the DF3 address in the monitoring information, or set the DF3 address to be invalid;
CC 上报指示判断模块, 用于根据所述监听信息解析模块解析得到 的监听信息, 判断该监听消息是否符合如下任一种情况:  The CC reporting indication determining module is configured to determine, according to the interception information parsed by the interception information parsing module, whether the intercepted message meets any of the following conditions:
无上报 CC的指示、 上报 CC的指示为否, 无 DF3地址或者 DF3地 址为无效, 若是, 则向所述上报模块发送不上报 CC的指示。  If the indication of the CC is not reported, the indication of the CC is no, the DF3 address or the DF3 address is invalid. If yes, the indication is not sent to the reporting module.
或者, 所述 CC上报指示设置模块和 CC上报指示判断模块实现如 下功能:  Alternatively, the CC reporting indication setting module and the CC reporting indication determining module implement the following functions:
所述 CC上报指示判断模块用于根据所述监听信息解析模块解析得 到的监听信息, 判断该监听消息中是否 CC上报完成指示设置为是, 若 是, 则向所述上报模块发送不上报 CC 的指示; 若否, 则通知所述 CC 上报指示设置模块将所述 CC上报完成指示设置为是;  The CC report indication determining module is configured to determine, according to the interception information parsed by the interception information parsing module, whether the CC report completion indication is set to Yes in the snoop message, and if yes, send an indication that the CC is not reported to the reporting module. If not, notifying the CC reporting indication setting module to set the CC reporting completion indication to Yes;
所述 CC上报指示设置模块用于根据所述 CC上报指示模块的通知, 将监听消息中的 CC上报完成指示设置为是。  The CC report indication setting module is configured to set the CC report completion indication in the interception message to Yes according to the notification of the CC report indication module.
以上参照附图结合具体实施例描述了本发明传递合法监听信息的过 程, 从以上描述可以看到, 本发明实施例在与监听对象相关的消息中扩 展携带监听信息, 在发送消息的同时传递监听消息给参与监听对象会话 的网络功能实体, 使得网络功能实体可以根据传递来的监听信息对监听 对象进行监听, 向执法机构侧上报 IRI和 /或 CC。 因此, 这种方法可以 降低数据泄密的可能性, 同时减轻执法机构侧的工作负担。; 另外, 由 于在与监听对象相关的消息发往不执行监听的网络功能实体时, 删除与 监听对象相关的消息中携带的监听信息, 所以监听信息被泄密的可能性 降低, 提高了监听的安全性。  The process of transmitting the lawful interception information of the present invention is described above with reference to the accompanying drawings in conjunction with the specific embodiments. It can be seen from the above description that the embodiment of the present invention extends the carrying of the interception information in the message related to the interception object, and transmits the interception while transmitting the message. The message is sent to the network function entity participating in the listening object session, so that the network function entity can listen to the monitoring object according to the transmitted monitoring information, and report the IRI and/or CC to the law enforcement agency side. Therefore, this approach can reduce the likelihood of data breaches while reducing the burden on the law enforcement agency side. In addition, since the message related to the interception object is sent to the network function entity that does not perform the interception, the interception information carried in the message related to the interception object is deleted, so that the possibility that the interception information is leaked is reduced, and the security of the monitoring is improved. Sex.
以上是对本发明具体实施例的说明, 在具体的实施过程中可对本发 明的方法进行适当的改进,以适应具体情况的具体需要。 因此可以理解, 根据本发明的具体实施方式只是起示范作用, 并不用以限制本发明的保 护范围。 The above is a description of a specific embodiment of the present invention, and the present invention can be used in the specific implementation process. The method of Ming is appropriately modified to suit the specific needs of the specific situation. Therefore, it is to be understood that the specific embodiments of the present invention are not intended to limit the scope of the invention.

Claims

权利要求书 Claim
1、 一种传递合法监听信息的方法, 其特征在于, 该方法包括: 参与监听对象会话的网络功能实体接收到携带监听信息的与监听对 象相关的消息; A method for transmitting legal interception information, the method comprising: the network function entity participating in the interception object session receiving a message related to the interception object carrying the interception information;
网络功能实体根据收到的监听信息对监听对象进行监听, 并向执法 机构侧上报监听相关信息 IRI和 /或通信内容 CC。  The network function entity monitors the interception object according to the received interception information, and reports the interception related information IRI and/or the communication content CC to the law enforcement agency side.
2、根据权利要求 1所述的方法, 其特征在于, 所述与监听对象相关 的消息为会话初始化协议 SIP消息。  The method according to claim 1, wherein the message related to the interception object is a Session Initiation Protocol SIP message.
3、根据权利要求 2所述的方法, 其特征在于, 所述网络功能实体为 应用服务器 AS、 问询呼叫会话控制功能 I-CSCF、 互通边界控制功能 IBCF、 出口网关控制功能 BGCF、媒体网关控制功能 MGCF、媒体网关、 媒体资源功能处理器 MRFP之一或任意组合。  The method according to claim 2, wherein the network function entity is an application server AS, an inquiry call session control function I-CSCF, an interworking boundary control function IBCF, an egress gateway control function BGCF, and a media gateway control. One or any combination of the function MGCF, the media gateway, the media resource function processor MRFP.
4、根据权利要求 2所述的方法, 其特征在于, 所述网络功能实体接 收到与监听对象相关的、 携带监听信息的消息之前, 进一步包括:  The method according to claim 2, wherein before the network function entity receives the message related to the interception object and carrying the interception information, the method further includes:
服务呼叫会话控制功能 S-CSCF在与监听对象相关的 SIP消息中携 带监听信息, 并将所述 SIP消息发送至所述网络功能实体;  The service call session control function S-CSCF carries the interception information in the SIP message related to the interception object, and sends the SIP message to the network function entity;
或者, S-CSCF将与监听对象相关的 SIP消息发送给合法监听业务应 用服务器 LI-AS , LI-AS 在 SIP 消息中携带上监听信息, 再发送给 S-CSCF; 所述 S - CSCF将所述 SIP消息发送至所述网络功能实体。  Alternatively, the S-CSCF sends the SIP message related to the interception object to the lawful interception service application server LI-AS, and the LI-AS carries the interception information in the SIP message, and then sends the interception information to the S-CSCF; the S-CSCF will The SIP message is sent to the network function entity.
5、根据权利要求 4所述的方法, 其特征在于, 当监听对象为主叫方 时, 所述在与监听对象相关的消息中携带监听信息包括:  The method according to claim 4, wherein when the interception object is the calling party, the carrying the interception information in the message related to the interception object includes:
网络接入单元在与监听对象相关的 SIP消息中携带监听信息。  The network access unit carries the interception information in the SIP message related to the interception object.
6、 根据权利要求 2所述的方法, 其特征在于, 该方法进一步包括: 在将所述 SIP消息发往非信任域网络实体之前, 删除 SIP消息中携 带的监听信息。 The method according to claim 2, wherein the method further comprises: deleting the SIP message before sending the SIP message to the untrusted domain network entity With monitoring information.
7、根据权利要求 6所述的方法, 其特征在于, 所述删除 SIP消息中 携带的监听信息的实体包括网络接入单元、 S-CSCF、 I-CSCF、 IBCF、 BGCF或 MGCF。  The method according to claim 6, wherein the entity for deleting the interception information carried in the SIP message comprises a network access unit, an S-CSCF, an I-CSCF, an IBCF, a BGCF or an MGCF.
8、 根据权利要求 2至 7任一项所述的方法, 其特征在于, 所述在 SIP消息中携带监听信息包括:  The method according to any one of claims 2 to 7, wherein the carrying the interception information in the SIP message comprises:
利用 SIP头域携带监听信息或利用 SIP消息体携带监听信息。  The SIP header field carries the interception information or uses the SIP message body to carry the interception information.
9、根据权利要求 1所述的方法, 其特征在于, 所述与监听对象相关 的消息包括直径 Diameter消息、 或 H.248消息、 或公共开放策略服务协 议消息 COPS消息。  The method according to claim 1, wherein the message related to the interception object comprises a Diameter Diameter message, or an H.248 message, or a public open policy service protocol message COPS message.
10、 根据权利要求 9所述的方法, 其特征在于, 所述与监听对象相 关的消息为 Diameter 消息时, 所述网络功能实体为服务策略决策功能 SPDF或策略决策功能 PDF;  The method according to claim 9, wherein, when the message related to the interception object is a Diameter message, the network function entity is a service policy decision function SPDF or a policy decision function PDF;
所述与监听对象相关的消息为 H.248消息时, 所述网络功能实体为 媒体网关或 MRFP;  When the message related to the interception object is an H.248 message, the network function entity is a media gateway or an MRFP;
所述与监听对象相关的消息为 COPS消息时, 所述网络功能实体为 GPRS网关支持节点 GGSN。  When the message related to the interception object is a COPS message, the network function entity is a GPRS gateway support node GGSN.
11、 根据权利要求 9所述的方法, 其特征在于, 所述在与监听对象 相关的消息中携带监听信息包括:  The method according to claim 9, wherein the carrying the interception information in the message related to the interception object comprises:
所述与监听对象相关的消息为 Diameter消息时, 应用功能 AF实体 在 Diameter消息中携带监听信息发送给服务策略决策功能 SPDF或策略 决策功能 PDF;  When the message related to the interception object is a Diameter message, the application function AF entity carries the interception information in the Diameter message and sends it to the service policy decision function SPDF or the policy decision function PDF;
所述与监听对象相关的消息为 H.248消息时, SPDF或 PDF或 MGCF 在 H.248消息中携带监听信息发送给媒体网关, 或者, 媒体资源功能控 制器 MRFC在 H.248消息中携带监听信息发送给 MRFP; 所述与监听对象相关的消息为 COPS消息时, PDF在 COPS消息中 携带监听信息发送给 GGSN。 When the message related to the interception object is an H.248 message, the SPDF or the PDF or the MGCF carries the interception information to the media gateway in the H.248 message, or the media resource function controller MRFC carries the interception in the H.248 message. Information is sent to the MRFP; When the message related to the interception object is a COPS message, the PDF carries the interception information in the COPS message and sends the information to the GGSN.
12、 根据权利要求 11所述的方法, 其特征在于, 所述应用功能实体 为代理呼叫会话控制功能实体 P-CSCF或互通边界控制功能实体 IBCF 或接入网关控制功能 AGCF。  The method according to claim 11, wherein the application function entity is a proxy call session control function entity P-CSCF or an interworking boundary control function entity IBCF or an access gateway control function AGCF.
13、根据权利要求 1至 7、 9至 11任一项所述的方法, 其特征在于, 所述监听信息包括: 监听对象的标识。  The method according to any one of claims 1 to 7, 9 to 11, wherein the interception information comprises: an identifier of a listening object.
14、根据权利要求 13所述的方法, 其特征在于, 所述监听对象的标 识由 SIP统一资源标识符、 电话统一资源定位符、 一方或多方被监听的 标志之一或任意组合构成。  The method according to claim 13, wherein the identifier of the interception object is composed of one or a combination of a SIP uniform resource identifier, a telephone uniform resource locator, and one or more monitored symbols.
15、根据权利要求 13所述的方法, 其特征在于, 所述监听信息进一 步包括:  The method according to claim 13, wherein the monitoring information further comprises:
上报 IRI和 /或 CC的指示、 转交功能实体 DF地址、 密钥或证书、 取消监听指示之一或任意组合。  Report an IRI and/or CC indication, forward a functional entity DF address, a key or certificate, cancel one of the listening instructions, or any combination.
16、 根据权利要求 15所述的方法, 其特征在于, 所述 DF地址包括 DF2地址和 /或 DF3地址。  16. The method of claim 15, wherein the DF address comprises a DF2 address and/or a DF3 address.
17、根据权利要求 15所述的方法, 其特征在于, 所述网络功能实体 上报 CC进一步包括:  The method according to claim 15, wherein the reporting, by the network function entity, the CC further comprises:
所述网络功能实体向执法机构侧上报 CC后, 指示后续的网络功能 实体不必再次上报所述 CC。  After the network function entity reports the CC to the law enforcement agency, it indicates that the subsequent network function entity does not need to report the CC again.
18、根据权利要求 17所述的方法, 其特征在于, 所述指示后续网络 功能实体不必再次上报 CC的方法包括:  The method according to claim 17, wherein the method for indicating that the subsequent network function entity does not need to report the CC again includes:
所述网络功能实体在监听信息中删除上报 CC 的指示、 将上报 CC 的指示设置为否、 在监听信息中删除 DF3地址、 或者将 DF3地址设置 为无效; 则所述后续网络功能实体接收到所述监听信息后, 不再上报 CC。The network function entity deletes the indication of reporting the CC in the interception information, sets the indication of reporting the CC to No, deletes the DF3 address in the interception information, or sets the DF3 address to be invalid; Then, after receiving the interception information, the subsequent network function entity does not report the CC.
19、根据权利要求 17所述的方法, 其特征在于, 所述指示后续网络 功能实体不必再次上报 CC的方法包括; The method according to claim 17, wherein the method for indicating that the subsequent network function entity does not need to report the CC again includes:
所述网络功能实体将监听信息中的 CC上报完成指示设置为是; 则 所述后续网络功能实体接收到所述监听信息后, 不再上报 CC。  The network function entity sets the CC report completion indication in the interception information to be YES; and the subsequent network function entity does not report the CC after receiving the interception information.
20、 根据权利要求 19所述的方法, 其特征在于, 所述 CC上报完成  The method according to claim 19, wherein the CC reporting is completed.
21、 一种传递合法监听消息的装置, 其特征在于, 该装置设置于参 与监听对象会话的网络功能实体中, 并包括如下模块: An apparatus for transmitting a lawful interception message, wherein the apparatus is disposed in a network function entity participating in a listening object session, and includes the following modules:
监听信息解析模块, 用于从所述网络功能实体接收的与监听对象有 关的消息中解析出监听信息, 并将所述监听信息发送至监听模块;  a monitoring information parsing module, configured to parse out the interception information from the message related to the interception object received by the network function entity, and send the interception information to the monitoring module;
监听模块, 用于根据所述监听信息对监听对象进行监听, 产生 IRI 和 /或 CC;  a monitoring module, configured to monitor the monitoring object according to the monitoring information, to generate an IRI and/or CC;
上报模块, 用于将所述监听模块产生的 IRI和 /或 CC上报。  The reporting module is configured to report the IRI and/or CC generated by the monitoring module.
22、根据权利要求 21所述的装置, 其特征在于, 所述与监听对象相 关的消息为 SIP消息时, 所述参与监听对象会话的网络功能实体为 AS、 I-CSCF、 IBCF、 BGCF、 MGCF、 媒体网关或 MRFP;  The device according to claim 21, wherein, when the message related to the interception object is a SIP message, the network function entities participating in the interception object session are AS, I-CSCF, IBCF, BGCF, MGCF , media gateway or MRFP;
所述与监听对象相关的消息为 Diameter消息时, 所述网络功能实体 为 SPDF或 PDF;  When the message related to the interception object is a Diameter message, the network function entity is SPDF or PDF;
所述与监听对象相关的消息为 H.248消息时, 所述网络功能实体为 媒体网关或 MRFP;  When the message related to the interception object is an H.248 message, the network function entity is a media gateway or an MRFP;
所述与监听对象相关的消息为 COPS消息时, 所述网络功能实体为 GGSN。  When the message related to the interception object is a COPS message, the network function entity is a GGSN.
23、根据权利要求 21所述的装置,其特征在于,该装置进一步包括: 监听信息删除模块, 用于当所述网络功能实体将所述与监听对象相 关的消息对外发送之前, 判断是否要发送到非信任域实体, 若是, 则删 除所述与监听对象有关的消息中的监听信息。 The device according to claim 21, further comprising: a monitoring information deleting module, configured to: when the network function entity compares the listening object Before the off message is sent out, it is judged whether it is to be sent to the untrusted domain entity, and if so, the interception information in the message related to the interception object is deleted.
24、 根据权利要求 21、 22或 23所述的装置, 其特征在于, 所述监 听信息中包含上报 CC的指示和 /或 DF3地址, 该装置进一步包括:  The device according to claim 21, 22 or 23, wherein the monitoring information includes an indication of reporting CC and/or a DF3 address, the device further comprising:
CC上报指示设置模块, 用于删除所述监听信息中的上报 CC 的指 示、 将上报 CC的指示设置为否、 在监听信息中删除 DF3地址、 或者将 DF3地址设置为无效。  The CC report indication setting module is configured to delete the indication of reporting the CC in the monitoring information, set the indication of reporting the CC to No, delete the DF3 address in the monitoring information, or set the DF3 address to be invalid.
25、根据权利要求 24所述的装置,其特征在于,该装置进一步包括: CC 上报指示判断模块, 用于根据所述监听信息解析模块解析得到的监 听信息, 判断该监听消息是否符合如下任一种情况:  The device according to claim 24, further comprising: a CC report indication determining module, configured to determine, according to the interception information parsed by the interception information parsing module, whether the snoop message conforms to any of the following Situation:
无上报 CC的指示、 上报 CC的指示为否, 无 DF3地址或者 DF3地 址为无效, 若是, 则向所述上报模块发送不上报 CC的指示。  If the indication of the CC is not reported, the indication of the CC is no, the DF3 address or the DF3 address is invalid. If yes, the indication is not sent to the reporting module.
26、 根据权利要求 21、 22或 23所述的装置, 其特征在于, 该装置 进一步包括 CC上报指示设置模块和 CC上报指示判断模块,  The device according to claim 21, 22 or 23, wherein the device further comprises a CC reporting indication setting module and a CC reporting indication determining module,
所述 CC上报指示判断模块, 用于根据所述监听信息解析模块解析 得到的监听信息, 判断该监听消息中是否 CC上报完成指示设置为是, 若是, 则向所述上报模块发送不上报 CC的指示; 若否, 则通知所述 CC 上报指示设置模块将所述 CC上报完成指示设置为是;  The CC report indication determining module is configured to determine, according to the interception information parsed by the interception information parsing module, whether the CC report completion indication is set to Yes in the snoop message, and if yes, send the CC that does not report to the reporting module. Instructing, if not, notifying the CC reporting indication setting module to set the CC reporting completion indication to Yes;
所述 CC上报指示设置模块用于根据所述 CC上报指示模块的通知, 将监听消息中的 CC上报完成指示设置为是。  The CC report indication setting module is configured to set the CC report completion indication in the interception message to Yes according to the notification of the CC report indication module.
PCT/CN2007/070216 2006-07-18 2007-07-02 Method and device for transmitting legal intercepting information WO2008011819A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200610103317 2006-07-18
CN200610103317.3 2006-07-18
CN200710084874.X 2007-02-16
CN 200710084874 CN100512161C (en) 2006-07-18 2007-02-16 Method for transmitting legal monitoring information

Publications (1)

Publication Number Publication Date
WO2008011819A1 true WO2008011819A1 (en) 2008-01-31

Family

ID=38981149

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070216 WO2008011819A1 (en) 2006-07-18 2007-07-02 Method and device for transmitting legal intercepting information

Country Status (2)

Country Link
CN (1) CN100512161C (en)
WO (1) WO2008011819A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024083038A1 (en) * 2022-10-20 2024-04-25 维沃移动通信有限公司 Interception methods and apparatus, and related device

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222539B (en) * 2008-01-30 2012-02-29 中兴通讯股份有限公司 IP multimedia subsystem and its supplementary service monitoring method
CN101594340B (en) * 2008-05-28 2012-07-04 上海贝尔阿尔卡特股份有限公司 Method and device for realizing internet lawful interception
US20110099097A1 (en) * 2008-06-05 2011-04-28 Johan Svedberg Charging for services in a communication network
CN101835132A (en) * 2010-04-21 2010-09-15 中兴通讯股份有限公司 Method and system for lawful monitoring and dispatching of IP multimedia subsystem domain
CN102487520B (en) * 2010-12-02 2015-08-12 中兴通讯股份有限公司 Media content monitor method and device in IP Multimedia System
CN102487521B (en) * 2010-12-03 2016-06-08 中兴通讯股份有限公司 Media content monitor method and device in IP Multimedia System
CN102123367A (en) * 2011-01-19 2011-07-13 华为技术有限公司 Method for monitoring terminal and communication system
CN102204235B (en) * 2011-05-25 2015-03-11 华为技术有限公司 Monitoring method,monitoring system and safe diverter equipment
CN102843337B (en) * 2011-06-20 2017-07-14 中兴通讯股份有限公司 Media content monitor method and device in IP multimedia subsystem
KR101418698B1 (en) * 2014-02-03 2014-07-10 박상래 System, method and computer readable recording medium for controlling of wireless emergency bell
CN109257330B (en) * 2017-07-13 2020-12-08 华为技术有限公司 Legal monitoring method and related equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1361967A (en) * 1999-09-07 2002-07-31 诺基亚公司 Ordered delivery of intercepted data
CN1549621A (en) * 2003-05-22 2004-11-24 华为技术有限公司 Method for realizing legal monitoring
US20050058161A1 (en) * 2003-09-17 2005-03-17 Gennady Sorokopud Packet transport over General Packet Radio Service (GPRS) networks
CN1773967A (en) * 2004-11-08 2006-05-17 华为技术有限公司 Method for providing service to circuit field user via group field

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1361967A (en) * 1999-09-07 2002-07-31 诺基亚公司 Ordered delivery of intercepted data
CN1549621A (en) * 2003-05-22 2004-11-24 华为技术有限公司 Method for realizing legal monitoring
US20050058161A1 (en) * 2003-09-17 2005-03-17 Gennady Sorokopud Packet transport over General Packet Radio Service (GPRS) networks
CN1773967A (en) * 2004-11-08 2006-05-17 华为技术有限公司 Method for providing service to circuit field user via group field

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024083038A1 (en) * 2022-10-20 2024-04-25 维沃移动通信有限公司 Interception methods and apparatus, and related device

Also Published As

Publication number Publication date
CN101110715A (en) 2008-01-23
CN100512161C (en) 2009-07-08

Similar Documents

Publication Publication Date Title
WO2008011819A1 (en) Method and device for transmitting legal intercepting information
US8959238B2 (en) Systems, methods and computer program products for providing access to web services via device authentication in an IMS network
EP2522122B1 (en) Lawful call interception support in packet cable network
US9973541B2 (en) Lawful interception in an IP multimedia subsystem network
US7822407B2 (en) Method for selecting the authentication manner at the network side
EP1976186B1 (en) A method for realizing the legal listening in the next generation network and a system thereof
US20090271859A1 (en) Systems and methods for restricting event subscriptions through proxy-based filtering
JP2009531921A (en) System and method for carrying reliable network-supplied access network information in a session initiation protocol
US9628938B2 (en) Determination of IMS application server instance based on network information
Zhuang et al. Policy-based QoS architecture in the IP multimedia subsystem of UMTS
US9237587B2 (en) Method and system for implementing group message service based on converged service system
WO2006131072A1 (en) A method and apparatus for implementing the barring service
WO2007112642A1 (en) A method and device for implementing the user&#39;s multimedia identifier service
KR101287588B1 (en) Security System of the SIP base VoIP service
CN101521930B (en) Policy control method and system
JP5069353B2 (en) Method and apparatus for handling trust in an IP multimedia subsystem communication network
WO2007082435A1 (en) A system, method and network equipment for implementing the lawful interception in next generation network
WO2011150869A1 (en) Distributed control method and system for legally monitoring in ip multimedia core network subsystem (ims) network
WO2007056925A1 (en) A session control method and equipment in ims network
WO2008058472A1 (en) Method for achieving packet-based network service, system and database registered by users
EP4208995A1 (en) Methods and nodes for deactivating server name indication, sni, encryption in a telecommunication network
Baba et al. Web-IMS convergence architecture and prototype
WO2008092358A1 (en) A strategy performing method, system and network element
Neumann Privacy in Voice-Over-Ip Mitigating the Risks at Sip Intermediaries
WO2008049362A1 (en) User service data management system and sevice and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764145

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07764145

Country of ref document: EP

Kind code of ref document: A1