WO2011044816A1 - Monitoring method and monitoring device for user equipment - Google Patents

Monitoring method and monitoring device for user equipment Download PDF

Info

Publication number
WO2011044816A1
WO2011044816A1 PCT/CN2010/077168 CN2010077168W WO2011044816A1 WO 2011044816 A1 WO2011044816 A1 WO 2011044816A1 CN 2010077168 W CN2010077168 W CN 2010077168W WO 2011044816 A1 WO2011044816 A1 WO 2011044816A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
information
network element
mobility management
management network
Prior art date
Application number
PCT/CN2010/077168
Other languages
French (fr)
Chinese (zh)
Inventor
朱春晖
宗在峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011044816A1 publication Critical patent/WO2011044816A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data

Definitions

  • the present invention relates to the field of mobile communications technologies, and in particular, to a monitoring method and a monitoring device for a user equipment. Background technique
  • the 3GPP wireless core network includes a General Packet Radio Service (GPRS) network, a System Architecture Evolution (SAE) network, and a Universal Mobile Telecommunications System (UMTS).
  • the SAE may also be referred to as an Evolved Packet System (EPS).
  • EPS Evolved Packet System
  • 1 is a schematic diagram of a network in which a user equipment accesses an MTC Server through a SAE and/or a UMTS according to the prior art.
  • FIG. 1 shows an emergency in which a user equipment (User Equipment, UE for short) accesses an IMS through SAE and/or UMTS.
  • the main network element involved in the call where the solid line indicates signaling and the dotted line indicates the user's IP channel.
  • the UE When accessed through UMTS, the UE can also be referred to as an MS (Mobile Station).
  • MS Mobile Station
  • the primary network elements involved in the UE accessing the Machine Type Communication Server (MTC Server) through the SAE and/or UMTS include: the network element of the SAE network part, and the network of the UMTS network part. Yuan and MTC Server.
  • the UE may be referred to as an MTC Device (MTC device).
  • MTC device MTC Device
  • the network element of the SAE network part is used to provide bearer management and mobility management.
  • the network elements of the SAE network part include: an enhanced wireless base station (eNodeB), mobility Management entity (Mobility Management Entity, ⁇ for short), and user plane data processing network element (SAE GW); SAE GW includes Packet Data Network Gateway (P-GW) and monthly service gateway ( Serving GW, referred to as S-GW);
  • the MME is responsible for managing and storing the context of the UE (eg, UE identity/user identity, mobility management state, user security parameters, etc.), assigning a temporary identity to the user, when the UE is camped on When tracking a region or a network, it is responsible for authenticating the UE.
  • the eNodeB access is also called Long Term Evolution (LTE) access.
  • the P-GW is a mobility anchor in the SAE system. It is a border gateway between the SAE and the Packet Data Network (PDN). It is responsible for PDN access and forwarding data between the SAE and the PDN.
  • PDN Packet Data Network
  • the UMTS network is mainly supported by the 3GPP radio access network (GSM EDGE Radio Access Network/UMTS Terrestrial Radio Access Network, referred to as GERAN/UTRAN, collectively called RAN), Serving GPRS Support Node (SGSN), and Gateway GPRS support.
  • the node (Gateway GPRS Support Node, GGSN for short) is composed.
  • a UE is also referred to as a mobile station (Mobile Station, abbreviated as MS).
  • MS mobile Station
  • user equipment deployed in an unattended outdoor area may be stolen or illegally used.
  • the mobility management network element of the core network such as the MME or UMTS network in the SAE network.
  • the SGSN lacks the monitoring function for the user equipment, so the user equipment has security problems.
  • a monitoring method of a user equipment is provided.
  • the monitoring method of the user equipment according to the present invention includes: the mobility management network element of the core network receives the access information of the user equipment; the mobility management network element receives the subscription information of the user equipment saved by the mobile user management database; the mobility management network element The access information is compared with the subscription information to monitor the user equipment.
  • the mobility management network element compares the access information of the user equipment with the subscription information, the mobility management network element detects the monitoring event of the user equipment, and the method further includes: the mobility management network element The user equipment access is denied, and/or the monitoring event is recorded, and/or the monitoring event is reported.
  • the foregoing access information includes at least one of: an International Mobile Subscriber Identity (IMSI) of the user equipment, an identifier of the user equipment (MEID), location information of the user equipment (eg, Cell ID), and capabilities of the user equipment ( Feature ) information.
  • the foregoing subscription information includes at least one of the following: an IMSI and a MEID of the user equipment.
  • the mobility management network element detects a monitoring event of the user equipment when at least one of the following monitoring results is negative: the mobility management network element monitors whether the IMSI and the MEID in the access information meet the subscription information. The binding relationship between the IMSI and the MEID; the mobility management network element monitors whether the location in the access information (such as the Cell ID) is consistent with the location in the subscription information (such as the Cell ID); the mobility management network element monitors the access information. Whether the capability information of the user equipment is consistent with the capability information of the user equipment in the subscription information.
  • the capability information of the user equipment includes: access capability information of the user equipment.
  • the receiving, by the mobility management network element, the access information of the user equipment includes: the mobility management network element receiving the attach request initiated by the user equipment, and acquiring the access information carried in the attach request.
  • the mobility management network element includes: a mobility management entity; and the mobile user management database includes: a home subscriber server of the user equipment.
  • the mobility management network element includes: a serving GPRS support node; and the mobile subscriber management database comprises: a home location register of the user equipment.
  • a monitoring device for a user equipment is provided.
  • the monitoring device of the user equipment includes: an access information receiving module, a subscription information receiving module, and a monitoring module, wherein the access information receiving module is configured to receive access information reported by the user equipment when requesting access;
  • the information receiving module is configured to receive the subscription information of the user equipment saved by the mobile user management database, and the monitoring module is configured to monitor the user equipment according to the access information received by the access information receiving module and the subscription information received by the subscription information receiving module. , detecting the monitoring event of the user equipment.
  • the foregoing apparatus further includes: a sending module, configured to report a monitoring event of the user equipment when the monitoring module detects that a monitoring event of the user equipment occurs.
  • the mobility management network element monitors the user equipment by comparing the access information of the user equipment and the subscription information of the user equipment saved by the mobile user management database, thereby solving the existence of the user terminal in the actual application. Security issue.
  • FIG. 2 is a flowchart of a monitoring method of a user equipment according to an embodiment of the present invention
  • FIG. 4 is a flow chart according to Embodiment 2 of the present invention
  • FIG. 5 is a flowchart according to Embodiment 3 of the present invention
  • FIG. 6 is a monitoring device of a user equipment according to an embodiment of the present invention
  • Schematic the mobility management network element of the core network receives the access information reported by the user terminal during the access and the subscription information of the user equipment saved by the mobile user management database, and compares the monitoring access information by comparing the foregoing And signing information, monitoring the monitoring events of the user terminal.
  • the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
  • Step 202 A mobility management network element of a core network receives a user equipment.
  • Access information in a specific implementation process, the user equipment may initiate to the mobility management network element when requesting access An attach request, where the attach request carries the access information of the user equipment, where the access information of the UE may include, but is not limited to, at least one of the following: a user identifier (eg, an IMSI of the user equipment), the user equipment identifier (MEID) ), the capabilities of the user equipment (eg supporting LTE access or supporting UTRAN access).
  • the base station may report the access information of the UE to the mobility management network element.
  • the foregoing attach request may be forwarded by the access network element.
  • the location information of the user equipment may be added to the access information (for example, the cell identifier Cell ID currently camped by the user equipment).
  • the mobility management network element receives the subscription information of the user equipment saved by the mobile user management database.
  • the mobility management network element sends a request for acquiring the subscription data to the mobile user management database, which may be sent by sending a location update request.
  • the user identifier (IMSI) of the user equipment is required to be carried in the request.
  • the user management database determines the subscription information of the user equipment according to the IMSI in the request, where
  • the subscription information may include, but is not limited to, at least one of the following: location information of the user equipment (such as the cell ID of the camping cell), a binding relationship between the user identifier and the user equipment identifier (IMSI binding MEID), and the capability of the user equipment. (For example, the device only has UTRAN access capability.)
  • Step 206 The mobility management network element compares the foregoing access information with the foregoing subscription information, and monitors the user equipment, for example, monitoring whether the user equipment is illegally used. In a specific implementation process, the mobility management network element monitors through the following monitoring events. The user equipment determines that one of the following results is negative, the mobility management network element determines that the user equipment has a monitoring event (eg, is illegally used):
  • the mobility management network element monitors whether the IMSI and the MEID in the access information meet the binding relationship between the IMSI and the MEID in the subscription information;
  • the mobility management network element monitors whether location information (such as Cell ID) in the access information is consistent with location information (such as Cell ID) in the subscription information;
  • the mobility management network element monitors whether the capability information of the user equipment in the access information is consistent with the capability information of the user equipment in the subscription information. If the monitoring event of the user equipment is detected, the mobility management network element may perform one or any combination of the following operations: rejecting the user equipment access; recording that the user equipment is illegally used; to the application server (for example, MTC) Server) and/or information on the user management database that the user device is illegally used.
  • the application server for example, MTC
  • the user equipment is allowed to access. The following describes the monitoring method of the foregoing user equipment in detail by using a specific embodiment.
  • the MTC server is accessed through the SAE or the UMTS, but the method is not limited to the MTC application. Suitable for other applications.
  • the mobility management network element is the MME
  • the mobile user management database is the HSS (Home Subscriber Server)
  • the access network element is the eNodeB
  • the UE MTC Device
  • the SAE/UMTS the SAE/UMTS.
  • Step 3 is a flow chart according to the first embodiment of the present invention. As shown in Figure 3, the specific process includes the following steps (step 4: 301 - step 4) 310): Step 301: The user equipment initiates an attach request to the MME1/SGSN1, where the capability of the user equipment is supported, such as supporting LTE access, and the identity of the user, such as IMSI 1 and MEID 2. The message is forwarded by the eNodeB/RAN. The eNodeB/RAN sends the user's current cell identity, Cell ID1, to the MME1 in addition to the message.
  • the MME1 can directly send the identity request to the user.
  • Equipment which transmits a request to MME1 MEID2;
  • Step 303 The HSS/HLR sends a location update response to the MME1/SGSN1, where the user subscription information is carried, specifically, but not It is limited to: the location of the access point (such as CELL ID2, cell ID;), or the capability of the user equipment (the device has only UTRAN access capability), or the correspondence between the user identifier and the user equipment identifier (such as user identifier IMSI1 and user equipment identifier).
  • MEID1 the location of the access point
  • Step 304 The MME1/SGSN1 checks the user subscription information and the access information, and finds that there are inconsistencies, such as: different access point locations, and/or different user equipment capabilities, and/or user identifiers and user equipment identifiers.
  • Step 305 The user equipment accesses another MME2/SGSN2 , may be an MME change due to a change in location.
  • the user equipment initiates an attach request to the MME2/SGSN2.
  • Step 306 The MME2/SGSN2 initiates a location update request to the HSS/HLR, where the user identity is carried.
  • Step 307 After receiving the request, the HSS/HLR finds that the MME1/SGSN1 is currently registered as The user service, therefore, sends a deletion location to the MME1/SGSN1, including the user identity; Step 308, after receiving the deletion location message, the MME1/SGSN1 checks the monitoring event of the user equipment saved by the user according to the identity of the user (eg, the user equipment is Illegal use, therefore, send a delete location reply message to the HSS/HLR, the message also includes the monitoring event (such as the user equipment is illegally used); Step 309, the HSS/HLR records the above user equipment monitoring event (eg, the user equipment is If the user equipment is illegally used, the MME2/SGSN2 includes the above-mentioned monitoring event (such as the user equipment being illegally used); Step 310: The MME2/SGSN2 receives the above-mentioned monitoring event (if the user equipment is illegally used), Send an attach rejection message to the user device.
  • the MME2/SGSN2 After receiving the request, the
  • Embodiment 2 the UE (MTC Device) initially accesses the MME1/SGSN1 through the SAE/UMTS, and then accesses the MME2/SGSN2. Unlike the first embodiment, the MME1/SGSN1 detects a monitoring event (eg, the user equipment is Immediately notify the HSS/HLR after illegal use.
  • a monitoring event eg, the user equipment is Immediately notify the HSS/HLR after illegal use.
  • 4 is a flowchart according to Embodiment 2 of the present invention. As shown in FIG.
  • Step 4 the specific process includes the following steps (Step 4: 401 - Step 4: 410): wherein, Steps 401-404 and Step 301- Step 304: MME1/SGSN1 initiates a clearing of the user equipment to the HSS according to a monitoring event (such as the user equipment is illegally used), the message includes the foregoing monitoring event (such as the user equipment is illegally used), and the user identity: IMSI Step 406:
  • the HSS/HLR records the monitoring event (such as the user equipment is illegally used), and sends a clear user equipment reply to the MME1/SGSN1;
  • Steps 407-408 are the same as steps 305-306;
  • Step 409 the HSS/HLR according to itself
  • the saved monitoring event (such as the user equipment is illegally used), sends an update location reply to the MME2, which includes the above monitoring event (such as the user equipment is illegally used);
  • Step 410 the MME2/SGSN2 according to the received monitoring event (such as the user) The device
  • FIG. 5 is a flowchart of Embodiment 3 of the present invention. As shown in FIG.
  • Step 501 in the first embodiment and the second embodiment, when MME/ After detecting the monitoring event (if the user equipment is illegally used), the HSS or the SGSN/HLR sends a monitoring event (such as an alarm message that the user equipment is illegally used) to the MTC Server, where the identity of the user equipment, such as an IMSI, is included; Step 502: After receiving the foregoing alarm message, the MTC Server replies to the sender with a confirmation of receipt.
  • a monitoring device of a user equipment is also provided, and the device may be disposed in a mobility management network element of a core network, or may be separately configured.
  • the device includes: an access information receiving module 61, a contract information receiving module 62, and a monitoring module 63.
  • the access information receiving module 61 is configured to receive the access information of the user equipment, for example, the access information may be reported by the user equipment when requesting access, or may be reported by the base station; the subscription information receiving module 62.
  • the subscription information is used to receive the user equipment saved by the mobile user management database.
  • the monitoring module 63 is configured to monitor the user according to the access information received by the access information receiving module 61 and the subscription information received by the subscription information receiving module 62.
  • the device detects the occurrence of a monitoring event (for example, a user device is illegally used).
  • a monitoring event for example, a user device is illegally used.
  • the device may monitor whether the UE is illegally used according to the description of the foregoing method embodiment.
  • the monitoring module 63 can monitor (1), whether the IMSI and the MEID in the access information meet the binding relationship between the IMSI and the MEID in the subscription information; (2) location information in the access information (such as the Cell ID).
  • the foregoing apparatus may further include: a sending module 64, configured to report a monitoring event (such as information that the user equipment is illegally used) when the monitoring module 63 detects that a monitoring event occurs (eg, the user equipment is illegally used).
  • a monitoring event such as information that the user equipment is illegally used
  • the mobility management network element monitors the user terminal by detecting the access information reported by the user terminal during the access and the subscription information of the user equipment saved in the mobile user management database.
  • the monitoring event occurs, and if the monitoring event occurs, the user equipment is denied access, thereby preventing the user equipment from being stolen or illegally used, thereby solving the security problem existing in the actual application of the user terminal.

Abstract

The present invention discloses a monitoring method and monitoring device for a user equipment. The monitoring method for the user equipment includes the following steps: a mobility management network element of a core network receives access information of the user equipment; the mobility management network element receives the subscription information of said user equipment stored in a mobile user management database; the mobility management network element compares said access information with said subscription information, and monitors said user equipment. The invention enables the user terminal to resolve the security problem existing in actual application.

Description

用户设备的监控方法及监控装置 技术领域 本发明涉及移动通信技术领域, 尤其涉及一种用户设备的监控方法及监 控装置。 背景技术  TECHNICAL FIELD The present invention relates to the field of mobile communications technologies, and in particular, to a monitoring method and a monitoring device for a user equipment. Background technique
3GPP无线核心网包括通用无线分组业务 ( General Packet Radio Service, 简称为 GPRS ) 网络、 系统长期演进( System Architecture Evolution , 简称为 SAE )网络、通用移动通信系统 ( Universal Mobile Telecommunications System, 简称为 UMTS ), 其中, SAE 也可以称为演进的分组系统 ( Evolved Packet System, 简称为 EPS )。 图 1是根据现有技术的用户设备通过 SAE和 /或 UMTS接入 MTC Server 的网络示意图, 图 1示出了用户设备( User Equipment, 简称为 UE )通过 SAE 和 /或 UMTS接入 IMS的紧急呼叫所涉及的主要网元, 其中, 实线表示信令, 虚线表示用户的 IP通道。 通过 UMTS接入时, UE 又可称为 MS ( Mobile Station, 移动台)。 如图 1 所示, UE 通过 SAE 和 /或 UMTS 接入机器类型通信服务器 ( Machine Type Communication Server, 简称为 MTC Server ) 所涉及的主要 网元包括: SAE网络部分的网元、 UMTS网络部分的网元以及 MTC Server。 这时 UE又可称为 MTC Device ( MTC设备 )„ 其中, SAE网络部分的网元用于提供承载管理和移动性管理。 SAE网络 部分的网元包括: 增强的无线基站 (eNodeB )、 移动性管理实体 ( Mobility Management Entity , 简称为 ΜΜΕ )、 以及用户面数据路由处理网元 ( SAE GW ); SAE GW包括分组数据网网关 ( Packet Data Network Gateway, 简称 为 P-GW ) 和月艮务网关 (Serving GW, 简称为 S-GW ); MME负责管理和存 储 UE的上下文 (例如, UE标识 /用户标识、 移动性管理^ I 态、 用户安全参 数等), 为用户分配临时标识, 当 UE 驻扎在跟踪区域或者网络时, 负责对 UE进行鉴权。 eNodeB接入又称为长期演进 ( Long Term Evolution, 简称为 LTE )接入。 P-GW是 SAE系统内的移动锚点, 是 SAE与分组数据网络( Packet Data Network, 简称为 PDN ) 的边界网关, 负责 PDN的接入、 在 SAE与 PDN间 转发数据等功能。 The 3GPP wireless core network includes a General Packet Radio Service (GPRS) network, a System Architecture Evolution (SAE) network, and a Universal Mobile Telecommunications System (UMTS). The SAE may also be referred to as an Evolved Packet System (EPS). 1 is a schematic diagram of a network in which a user equipment accesses an MTC Server through a SAE and/or a UMTS according to the prior art. FIG. 1 shows an emergency in which a user equipment (User Equipment, UE for short) accesses an IMS through SAE and/or UMTS. The main network element involved in the call, where the solid line indicates signaling and the dotted line indicates the user's IP channel. When accessed through UMTS, the UE can also be referred to as an MS (Mobile Station). As shown in Figure 1, the primary network elements involved in the UE accessing the Machine Type Communication Server (MTC Server) through the SAE and/or UMTS include: the network element of the SAE network part, and the network of the UMTS network part. Yuan and MTC Server. At this time, the UE may be referred to as an MTC Device (MTC device). The network element of the SAE network part is used to provide bearer management and mobility management. The network elements of the SAE network part include: an enhanced wireless base station (eNodeB), mobility Management entity (Mobility Management Entity, 简称 for short), and user plane data processing network element (SAE GW); SAE GW includes Packet Data Network Gateway (P-GW) and monthly service gateway ( Serving GW, referred to as S-GW); The MME is responsible for managing and storing the context of the UE (eg, UE identity/user identity, mobility management state, user security parameters, etc.), assigning a temporary identity to the user, when the UE is camped on When tracking a region or a network, it is responsible for authenticating the UE. The eNodeB access is also called Long Term Evolution (LTE) access. The P-GW is a mobility anchor in the SAE system. It is a border gateway between the SAE and the Packet Data Network (PDN). It is responsible for PDN access and forwarding data between the SAE and the PDN.
UMTS 网络主要由 3GPP 无线接入网络 ( GSM EDGE Radio Access Network/UMTS Terrestrial Radio Access Network, 简称为 GERAN/UTRAN, 统称 RAN )、 服务 GPRS 支持节点 (Serving GPRS Support Node, 简称为 SGSN )、 网关 GPRS支持节点( Gateway GPRS Support Node, 简称为 GGSN ) 构成。 在 UMTS中, UE也被称为移动台 ( Mobile Station, 简称为 MS )。 在实际应用中, 部署在户外无人看管的区域的用户设备, 可能被盗或被 非法使用, 但是现有技术中, 核心网的移动性管理网元, 例如 SAE网络中的 MME或 UMTS 网络中的 SGSN, 缺少对用户设备的监控功能, 因此用户设 备存在安全性问题。 发明内容 有鉴于此, 本发明提供了一种用户设备的监控方案, 用以解决现有技术 中, 核心网的移动性管理网元缺少对用户设备进行监控的问题。 根据本发明的一个方面, 提供了一种用户设备的监控方法。 根据本发明的用户设备的监控方法包括: 核心网的移动性管理网元接收 用户设备的接入信息; 移动性管理网元接收移动用户管理数据库保存的用户 设备的签约信息; 移动性管理网元将接入信息与签约信息进行比较, 监控用 户设备。 进一步地, 在所述移动性管理网元比较用户设备的接入信息与签约信息 不一致的情况下, 移动性管理网元检测到该用户设备的监控事件, 上述方法 还包括: 移动性管理网元拒绝用户设备接入, 和 /或, 记录该监控事件, 和 / 或上报该监控事件。 优选地, 上述接入信息包括以下至少之一: 用户设备的国际移动用户识 别码(IMSI )、 用户设备的标识(MEID )、 用户设备的位置信息 (例如, Cell ID )、 用户设备的能力 ( feature )信息。 优选地, 上述签约信息包括以下至少之一: 用户设备的 IMSI 与 MEID 的绑定关系, 用户设备的位置信息 (如 Cell ID )、 用户设备的能力信息。 优选地, 移动性管理网元在以下监控结果至少之一为否的情况下, 检测 到该用户设备的监控事件:移动性管理网元监控接入信息中的 IMSI和 MEID 是否符合签约信息中的 IMSI与 MEID的绑定关系; 移动性管理网元监控接 入信息中的位置 (如 Cell ID ) 与签约信息中的位置 (如 Cell ID ) 是否一致; 移动性管理网元监控接入信息中的用户设备的能力信息与签约信息中的用户 设备的能力信息是否一致。 优选地, 上述用户设备的能力信息包括: 用户设备的接入能力信息。 进一步地, 移动性管理网元接收用户设备的接入信息包括: 移动性管理 网元接收用户设备发起的附着请求, 获取附着请求中携带的所述接入信息。 优选地, 上述移动性管理网元包括: 移动性管理实体; 上述移动用户管 理数据库包括: 用户设备的归属用户服务器。 优选地, 上述移动性管理网元包括: 服务 GPRS支持节点; 移动用户管 理数据库包括: 用户设备的归属位置寄存器。 根据本发明的另一个方面, 提供了一种用户设备的监控装置。 根据本发明的用户设备的监控装置包括: 接入信息接收模块、 签约信息 接收模块以及监控模块, 其中, 接入信息接收模块, 用于接收用户设备在请 求接入时上报的接入信息; 签约信息接收模块, 用于接收移动用户管理数据 库保存的用户设备的签约信息; 监控模块, 用于根据接入信息接收模块接收 到的接入信息以及签约信息接收模块接收到的签约信息, 监控用户设备, 检 测该用户设备的监控事件。 进一步地, 上述装置还包括: 发送模块, 用于在监控模块检测到用户设 备的监控事件发生的情况下, 上报用户设备的监控事件。 通过本发明的上述至少一个方案, 移动性管理网元通过比较用户设备的 接入信息以及移动用户管理数据库保存的用户设备的签约信息, 监控用户设 备, 从而解决了用户终端在实际应用中存在的安全性问题。 本发明的其它特征和优点将在随后的说明书中阐述, 并且, 部分地从说 明书中变得显而易见, 或者通过实施本发明而了解。 本发明的目的和其他优 点可通过在所写的说明书、 权利要求书、 以及附图中所特别指出的结构来实 现和获得。 附图说明 附图用来提供对本发明的进一步理解, 并且构成说明书的一部分, 与本 发明的实施例一起用于解释本发明, 并不构成对本发明的限制。 在附图中: 图 1是根据现有技术的用户设备通过 SAE和 /或 UMTS接入 MTC Server 的网络示意图; 图 2是根据本发明实施例的用户设备的监控方法流程图; 图 3是根据本发明实施例一的流程图; 图 4是根据本发明实施例二的流程图; 图 5是根据本发明实施例三的流程图; 图 6是根据本发明实施例的用户设备的监控装置的结构示意图。 具体实施方式 在本发明实施例中, 核心网的移动性管理网元接收用户终端在接入时上 报的接入信息以及移动用户管理数据库保存的用户设备的签约信息, 通过比 较上述监控接入信息及签约信息, 监控用户终端的监控事件。 在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。 以下结合附图对本发明的优选实施例进行说明, 应当理解, 此处所描述 的优选实施例仅用于说明和解释本发明, 并不用于限定本发明。 根据本发明实施例, 首先提供了一种用户设备的监控方法。 图 2是根据本发明实施例的用户设备的监控方法流程图, 如图 2所示, 该方法包括以下流程 (步骤 202 -步骤 206 ): 步骤 202、 核心网的移动性管理网元接收用户设备的接入信息; 在具体实施过程中, 用户设备可以在请求接入时, 向移动管理网元发起 附着请求, 该附着请求中携带用户设备的接入信息, 其中, UE 的接入信息 可以但不限于包括以下至少之一: 用户标识 (例如, 该用户设备的 IMSI )、 该用户设备标识 (MEID )、 该用户设备的能力 (例如支持 LTE 接入或支持 UTRAN接入)。 或者, 也可以由基站将 UE的接入信息上报给移动性管理网 元。 此外, 上述附着请求可以通过接入网元转发, 在转发的过程中, 可以在 接入信息中增加该用户设备的位置信息 (例如, 该用户设备当前驻留的小区 标识 Cell ID )„ 步骤 204、 移动性管理网元接收移动用户管理数据库保存的用户设备的 签约信息; 在具体的实施过程中, 移动性管理网元向移动用户管理数据库发送获取 签约数据的请求, 可以通过发送位置更新请求来实现, 在该请求中需要携带 上述用户设备的用户识别码 ( IMSI )。 用户管理数据库接收到获取签约数据的请求后, 才艮据该请求中的 IMSI, 确定上述用户设备的签约信息, 其中, 签约信息可以但不限于包括以下至少 之一: 上述用户设备的位置信息 (如驻留小区标识 Cell ID ), 用户标识与用 户设备标识的绑定关系 (IMSI绑定 MEID ), 上述用户设备的能力 (例如该 设备只具备 UTRAN接入能力)。 步骤 206、 移动性管理网元将上述接入信息与上述签约信息进行比较, 监控上述用户设备, 例如, 监控该用户设备是否被非法使用。 在具体实施过程中, 移动性管理网元通过以下监控事件, 监控上述用户 设备, 在确定以下结果之一为否时, 移动性管理网元确定该用户设备发生监 控事件 (例如, 被非法使用): The UMTS network is mainly supported by the 3GPP radio access network (GSM EDGE Radio Access Network/UMTS Terrestrial Radio Access Network, referred to as GERAN/UTRAN, collectively called RAN), Serving GPRS Support Node (SGSN), and Gateway GPRS support. The node (Gateway GPRS Support Node, GGSN for short) is composed. In UMTS, a UE is also referred to as a mobile station (Mobile Station, abbreviated as MS). In practical applications, user equipment deployed in an unattended outdoor area may be stolen or illegally used. However, in the prior art, the mobility management network element of the core network, such as the MME or UMTS network in the SAE network. The SGSN lacks the monitoring function for the user equipment, so the user equipment has security problems. SUMMARY OF THE INVENTION In view of the above, the present invention provides a monitoring solution for a user equipment, which is used to solve the problem that the mobility management network element of the core network lacks monitoring of the user equipment in the prior art. According to an aspect of the present invention, a monitoring method of a user equipment is provided. The monitoring method of the user equipment according to the present invention includes: the mobility management network element of the core network receives the access information of the user equipment; the mobility management network element receives the subscription information of the user equipment saved by the mobile user management database; the mobility management network element The access information is compared with the subscription information to monitor the user equipment. Further, if the mobility management network element compares the access information of the user equipment with the subscription information, the mobility management network element detects the monitoring event of the user equipment, and the method further includes: the mobility management network element The user equipment access is denied, and/or the monitoring event is recorded, and/or the monitoring event is reported. Preferably, the foregoing access information includes at least one of: an International Mobile Subscriber Identity (IMSI) of the user equipment, an identifier of the user equipment (MEID), location information of the user equipment (eg, Cell ID), and capabilities of the user equipment ( Feature ) information. Preferably, the foregoing subscription information includes at least one of the following: an IMSI and a MEID of the user equipment. Binding relationship, location information of the user equipment (such as Cell ID), and capability information of the user equipment. Preferably, the mobility management network element detects a monitoring event of the user equipment when at least one of the following monitoring results is negative: the mobility management network element monitors whether the IMSI and the MEID in the access information meet the subscription information. The binding relationship between the IMSI and the MEID; the mobility management network element monitors whether the location in the access information (such as the Cell ID) is consistent with the location in the subscription information (such as the Cell ID); the mobility management network element monitors the access information. Whether the capability information of the user equipment is consistent with the capability information of the user equipment in the subscription information. Preferably, the capability information of the user equipment includes: access capability information of the user equipment. Further, the receiving, by the mobility management network element, the access information of the user equipment includes: the mobility management network element receiving the attach request initiated by the user equipment, and acquiring the access information carried in the attach request. Preferably, the mobility management network element includes: a mobility management entity; and the mobile user management database includes: a home subscriber server of the user equipment. Preferably, the mobility management network element includes: a serving GPRS support node; and the mobile subscriber management database comprises: a home location register of the user equipment. According to another aspect of the present invention, a monitoring device for a user equipment is provided. The monitoring device of the user equipment according to the present invention includes: an access information receiving module, a subscription information receiving module, and a monitoring module, wherein the access information receiving module is configured to receive access information reported by the user equipment when requesting access; The information receiving module is configured to receive the subscription information of the user equipment saved by the mobile user management database, and the monitoring module is configured to monitor the user equipment according to the access information received by the access information receiving module and the subscription information received by the subscription information receiving module. , detecting the monitoring event of the user equipment. Further, the foregoing apparatus further includes: a sending module, configured to report a monitoring event of the user equipment when the monitoring module detects that a monitoring event of the user equipment occurs. With the above at least one solution of the present invention, the mobility management network element monitors the user equipment by comparing the access information of the user equipment and the subscription information of the user equipment saved by the mobile user management database, thereby solving the existence of the user terminal in the actual application. Security issue. Other features and advantages of the invention will be set forth in the description which follows, and The object and other advantages of the present invention The points may be realized and obtained by the structures specified in the written description, the claims, and the drawings. The drawings are intended to provide a further understanding of the invention, and are intended to be a part of the description of the invention. 1 is a schematic diagram of a network in which a user equipment accesses an MTC Server through SAE and/or UMTS according to the prior art; FIG. 2 is a flowchart of a monitoring method of a user equipment according to an embodiment of the present invention; FIG. 4 is a flow chart according to Embodiment 2 of the present invention; FIG. 5 is a flowchart according to Embodiment 3 of the present invention; FIG. 6 is a monitoring device of a user equipment according to an embodiment of the present invention; Schematic. In the embodiment of the present invention, the mobility management network element of the core network receives the access information reported by the user terminal during the access and the subscription information of the user equipment saved by the mobile user management database, and compares the monitoring access information by comparing the foregoing And signing information, monitoring the monitoring events of the user terminal. The embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The preferred embodiments of the present invention are described in the following with reference to the accompanying drawings, which are intended to illustrate and illustrate the invention. According to an embodiment of the present invention, a method for monitoring a user equipment is first provided. 2 is a flowchart of a method for monitoring a user equipment according to an embodiment of the present invention. As shown in FIG. 2, the method includes the following process (step 202 - step 206): Step 202: A mobility management network element of a core network receives a user equipment. Access information; in a specific implementation process, the user equipment may initiate to the mobility management network element when requesting access An attach request, where the attach request carries the access information of the user equipment, where the access information of the UE may include, but is not limited to, at least one of the following: a user identifier (eg, an IMSI of the user equipment), the user equipment identifier (MEID) ), the capabilities of the user equipment (eg supporting LTE access or supporting UTRAN access). Alternatively, the base station may report the access information of the UE to the mobility management network element. In addition, the foregoing attach request may be forwarded by the access network element. In the process of forwarding, the location information of the user equipment may be added to the access information (for example, the cell identifier Cell ID currently camped by the user equipment). Step 204 The mobility management network element receives the subscription information of the user equipment saved by the mobile user management database. In a specific implementation process, the mobility management network element sends a request for acquiring the subscription data to the mobile user management database, which may be sent by sending a location update request. In the request, the user identifier (IMSI) of the user equipment is required to be carried in the request. After receiving the request for acquiring the subscription data, the user management database determines the subscription information of the user equipment according to the IMSI in the request, where The subscription information may include, but is not limited to, at least one of the following: location information of the user equipment (such as the cell ID of the camping cell), a binding relationship between the user identifier and the user equipment identifier (IMSI binding MEID), and the capability of the user equipment. (For example, the device only has UTRAN access capability.) Step 206, The mobility management network element compares the foregoing access information with the foregoing subscription information, and monitors the user equipment, for example, monitoring whether the user equipment is illegally used. In a specific implementation process, the mobility management network element monitors through the following monitoring events. The user equipment determines that one of the following results is negative, the mobility management network element determines that the user equipment has a monitoring event (eg, is illegally used):
( 1 )、 移动性管理网元监控接入信息中的 IMSI和 MEID是否符合签约 信息中的 IMSI与 MEID的绑定关系; (1) The mobility management network element monitors whether the IMSI and the MEID in the access information meet the binding relationship between the IMSI and the MEID in the subscription information;
( 2 )、 移动性管理网元监控接入信息中的位置信息(如 Cell ID )与签约 信息中的位置信息 (如 Cell ID ) 是否一致; (2) The mobility management network element monitors whether location information (such as Cell ID) in the access information is consistent with location information (such as Cell ID) in the subscription information;
( 3 )、 移动性管理网元监控接入信息中的用户设备的能力信息与签约信 息中的用户设备的能力信息是否一致。 如果检测到用户设备的监控事件时, 则移动性管理网元可以执行下列操 作之一或任意组合: 拒绝该用户设备接入; 记录该用户设备被非法使用; 向应用月艮务器 (例如 MTC Server ) 和 /或用户管理数据库上 4艮该用户设 备被非法使用的信息。 在具体的实施过程中, 执行步骤 206之后, 如果当前用户设备没有上述 监控事件发生时, 则允许该用户设备接入。 下面通过具体的实施例对上述用户设备的监控方法进行详细介绍, 需要 说明的是, 在以下实施例中, 通过 SAE或 UMTS接入 MTC Server, 但该方 法并不限于 MTC应用月艮务, 同样适用于其他应用月艮务。 在以下实施例中, 如果用户设备通过 SAE接入 MTC Server, 则移动性 管理网元为 MME, 移动用户管理数据库为 HSS (归属用户服务器), 接入网 元为 eNodeB; 如果用户设备通过 UMTS接入 MTC Server, 则移动性管理网 元为 SGSN, 移动用户管理数据库为 HLR (归属位置寄存器), 接入网元为 RAN„ 实施例一 在本实施例中, UE ( MTC Device ) 通过 SAE/UMTS 初始接入 MME1/SGSN1 , 之后又接入 MME2/SGSN2。 图 3是才艮据本发明实施例一的流程图, 如图 3所示, 具体流程包括以下 步骤 (步 4聚 301 -步 4聚 310 ): 步骤 301、 用户设备向 MME1/SGSN1 发起附着请求, 其中携带用户设 备的能力, 如支持 LTE接入, 以及用户的身份标识, 如 IMSI 1和 MEID2。 此外该消息是通过 eNodeB/RAN转发的, eNodeB/RAN会在该消息以外增加 用户当前的小区标识 Cell ID1 发给 MME1; 当用户没有在附着请求中携带 MEID2时, MME1可以直接发送身份请求给用户设备, 请求其发送 MEID2 给 MME1; 步骤 302、 MME1/SGSN1向 HSS/HLR发送位置更新请求, 其中携带用 户身份标识: IMSI; 步骤 303、 HSS/HLR向 MME1/SGSN1发送位置更新回复, 其中携带用 户签约信息, 具体可以是, 但不限于: 接入点位置 (如 CELL ID2, 小区标 识;), 或者用户设备的能力 (该设备只有 UTRAN接入能力), 或者用户标识 与用户设备标识的对应关系 (如用户标识 IMSI1和用户设备标识 MEID1 ); 步骤 304、 MME1/SGSN1检查用户签约信息与接入信息, 发现有不一致 的地方, 如: 接入点位置不同, 和 /或用户设备能力不同, 和 /或用户标识与 用户设备标识的对应关系不同 (签约 IMSI1 和 MEID1 , 但是实际接入时是 IMSI1 和 MEID2 ), 因此认为该设备发生监控事件 (例如, 用户设备被非法 使用), 记录下该监控事件 (如用户设备被非法使用), 发送附着拒绝消息给 用户设备; 步骤 305、 用户设备接入到另外一个 MME2/SGSN2 , 可以是由于位置改 变引起的 MME改变。 用户设备向 MME2/SGSN2发起附着请求; 步骤 306、 MME2/SGSN2向 HSS/HLR发起位置更新请求, 其中携带用 户身份; 步骤 307、 HSS/HLR收到上述请求后, 发现当前有 MME1/SGSN1注册 为该用户服务, 因此向 MME1/SGSN1发送删除位置, 其中包含用户身份; 步骤 308、 MME1/SGSN1收到上述删除位置消息后, 根据用户身份, 检 查自身保存的用户设备的监控事件 (如用户设备被非法使用 ), 因此向 HSS/HLR发送删除位置回复消息, 该消息同时包含有该监控事件(如用户设 备被非法使用); 步骤 309、 HSS/HLR记录下上述用户设备监控事件 (如用户设备被非法 使用), 向 MME2/SGSN2发送位置更新回复, 其中包含有上述监控事件(如 用户设备被非法使用); 步骤 310、 MME2/SGSN2根据接收到的上述监控事件(如用户设备被非 法使用), 发送附着拒绝消息给用户设备。 实施例二 在本实施例中, UE ( MTC Device ) 通过 SAE/UMTS 初始接入 MME1/SGSN1 , 之后又接入 MME2/SGSN2 , 与实施例一不同的是, MME1/SGSN1 检测到监控事件 (如用户设备被非法使用 ) 后, 立即通知 HSS/HLR。 图 4是才艮据本发明实施例二的流程图, 如图 4所示, 具体流程包括以下 步骤 (步 4聚 401 -步 4聚 410 ): 其中, 步一骤 401— 404与步骤 301— 304相同; 步骤 405、 MME1/SGSN1根据监控事件 (如用户设备被非法使用), 向 HSS发起清除用户设备, 该消息中包含上述监控事件(如用户设备被非法使 用), 以及用户身份标识: IMSI; 步骤 406、 HSS/HLR记录下该监控事件 (如用户设备被非法使用), 向 MME1/SGSN1发送清除用户设备回复; 步骤 407 - 408与步骤 305 - 306相同; 步骤 409、HSS/HLR根据自身保存的监控事件(如用户设备被非法使用), 向 MME2发送更新位置回复, 其中包含上述监控事件 (如用户设备被非法使 用); 步骤 410、 MME2/SGSN2根据接收到的上述监控事件(如用户设备被非 法使用), 向用户设备发送附着拒绝。 实施例三 在本实施例中, MME/HSS或者 SGSN/HLR检测到监控事件(如获知用 户设备被非法使用) 后, 通知 MTC Server。 图 5是根据本发明实施例三的流程图, 如图 5所示, 该流程包括以下步 骤 (步骤 501 -步骤 502 ): 步骤 501、在第一实施例和第二实施例中,当 MME/HSS或者 SGSN/HLR 检测到监控事件 (如知道该用户设备被非法使用) 后, 向 MTC Server发送 监控事件(如用户设备被非法使用告警消息), 其中包含该用户设备的身份标 识, 如 IMSI; 步骤 502、 MTC Server接受到上述告警消息后, 向发送方回复接收确认。 根据本发明实施例, 还提供了一种用户设备的监控装置, 该装置可以设 置在核心网的移动性管理网元中, 也可以单独设置。 图 6是根据本发明实施例的用户设备的监控装置的结构示意图。 如图 6 所示, 该装置包括: 接入信息接收模块 61、 签约信息接收模块 62以及监控 模块 63。 其中, 接入信息接收模块 61 , 用于接收用户设备的接入信息, 例 如, 该接入信息可以是用户设备在在请求接入时上报的, 也可以是由基站上 报的; 签约信息接收模块 62 , 用于接收移动用户管理数据库保存的用户设备 的签约信息; 监控模块 63 , 用于根据接入信息接收模块 61接收到的接入信 息以及签约信息接收模块 62 接收到的签约信息, 监控用户设备, 检测监控 事件 (例如, 用户设备被非法使用) 的发生。 在具体实施过程中, 该装置可以按照上述方法实施例的描述, 监控 UE 是否被非法使用。 例如, 监控模块 63可以通过监控( 1 )、接入信息中的 IMSI 和 MEID是否符合签约信息中的 IMSI与 MEID的绑定关系; ( 2 )、 接入信息 中的位置信息(如 Cell ID )与签约信息中的位置信息(如 Cell ID )是否一致; ( 3 )、 接入信息中的用户设备的能力信息与签约信息中的用户设备的能力信 息是否一致, 来监控 UE, 如果上述之一的结果为否, 则监控模块 63确定监 控事件发生。 优选地, 上述装置还可以包括: 发送模块 64 , 用于在监控模块 63检测 到监控事件发生 (如用户设备被非法使用) 的情况下, 上报监控事件 (如用 户设备被非法使用的信息)。 如上所述, 借助本发明实施例提供的技术方案, 移动性管理网元通过比 较用户终端在接入时上报的接入信息以及移动用户管理数据库保存的用户设 备的签约信息, 监控用户终端, 检测监控事件的发生, 如果监控事件发生则 拒绝该用户设备接入, 从而防止了用户设备被盗或者被非法使用, 解决了用 户终端在实际应用中存在的安全性问题。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的 ^"神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。 (3) The mobility management network element monitors whether the capability information of the user equipment in the access information is consistent with the capability information of the user equipment in the subscription information. If the monitoring event of the user equipment is detected, the mobility management network element may perform one or any combination of the following operations: rejecting the user equipment access; recording that the user equipment is illegally used; to the application server (for example, MTC) Server) and/or information on the user management database that the user device is illegally used. In a specific implementation process, after performing step 206, if the current user equipment does not have the above monitoring event, the user equipment is allowed to access. The following describes the monitoring method of the foregoing user equipment in detail by using a specific embodiment. It should be noted that, in the following embodiments, the MTC server is accessed through the SAE or the UMTS, but the method is not limited to the MTC application. Suitable for other applications. In the following embodiment, if the user equipment accesses the MTC Server through the SAE, the mobility management network element is the MME, the mobile user management database is the HSS (Home Subscriber Server), and the access network element is the eNodeB; if the user equipment is connected through the UMTS In the MTC Server, the mobility management network element is the SGSN, the mobile user management database is the HLR (Home Location Register), and the access network element is RAN. Embodiment 1 In this embodiment, the UE (MTC Device) passes the SAE/UMTS. The initial access to the MME1/SGSN1, and then the access to the MME2/SGSN2. Figure 3 is a flow chart according to the first embodiment of the present invention. As shown in Figure 3, the specific process includes the following steps (step 4: 301 - step 4) 310): Step 301: The user equipment initiates an attach request to the MME1/SGSN1, where the capability of the user equipment is supported, such as supporting LTE access, and the identity of the user, such as IMSI 1 and MEID 2. The message is forwarded by the eNodeB/RAN. The eNodeB/RAN sends the user's current cell identity, Cell ID1, to the MME1 in addition to the message. When the user does not carry the MEID2 in the attach request, the MME1 can directly send the identity request to the user. Equipment, which transmits a request to MME1 MEID2; Step 302: The MME1/SGSN1 sends a location update request to the HSS/HLR, where the user identity identifier is carried: IMSI. Step 303: The HSS/HLR sends a location update response to the MME1/SGSN1, where the user subscription information is carried, specifically, but not It is limited to: the location of the access point (such as CELL ID2, cell ID;), or the capability of the user equipment (the device has only UTRAN access capability), or the correspondence between the user identifier and the user equipment identifier (such as user identifier IMSI1 and user equipment identifier). MEID1); Step 304: The MME1/SGSN1 checks the user subscription information and the access information, and finds that there are inconsistencies, such as: different access point locations, and/or different user equipment capabilities, and/or user identifiers and user equipment identifiers. The corresponding relationship is different (signaling IMSI1 and MEID1, but the actual access is IMSI1 and MEID2), so it is considered that the device has a monitoring event (for example, the user device is illegally used), and the monitoring event is recorded (if the user device is illegally used) Sending an attach reject message to the user equipment; Step 305: The user equipment accesses another MME2/SGSN2 , may be an MME change due to a change in location. The user equipment initiates an attach request to the MME2/SGSN2. Step 306: The MME2/SGSN2 initiates a location update request to the HSS/HLR, where the user identity is carried. Step 307: After receiving the request, the HSS/HLR finds that the MME1/SGSN1 is currently registered as The user service, therefore, sends a deletion location to the MME1/SGSN1, including the user identity; Step 308, after receiving the deletion location message, the MME1/SGSN1 checks the monitoring event of the user equipment saved by the user according to the identity of the user (eg, the user equipment is Illegal use, therefore, send a delete location reply message to the HSS/HLR, the message also includes the monitoring event (such as the user equipment is illegally used); Step 309, the HSS/HLR records the above user equipment monitoring event (eg, the user equipment is If the user equipment is illegally used, the MME2/SGSN2 includes the above-mentioned monitoring event (such as the user equipment being illegally used); Step 310: The MME2/SGSN2 receives the above-mentioned monitoring event (if the user equipment is illegally used), Send an attach rejection message to the user device. Embodiment 2 In this embodiment, the UE (MTC Device) initially accesses the MME1/SGSN1 through the SAE/UMTS, and then accesses the MME2/SGSN2. Unlike the first embodiment, the MME1/SGSN1 detects a monitoring event (eg, the user equipment is Immediately notify the HSS/HLR after illegal use. 4 is a flowchart according to Embodiment 2 of the present invention. As shown in FIG. 4, the specific process includes the following steps (Step 4: 401 - Step 4: 410): wherein, Steps 401-404 and Step 301- Step 304: MME1/SGSN1 initiates a clearing of the user equipment to the HSS according to a monitoring event (such as the user equipment is illegally used), the message includes the foregoing monitoring event (such as the user equipment is illegally used), and the user identity: IMSI Step 406: The HSS/HLR records the monitoring event (such as the user equipment is illegally used), and sends a clear user equipment reply to the MME1/SGSN1; Steps 407-408 are the same as steps 305-306; Step 409, the HSS/HLR according to itself The saved monitoring event (such as the user equipment is illegally used), sends an update location reply to the MME2, which includes the above monitoring event (such as the user equipment is illegally used); Step 410, the MME2/SGSN2 according to the received monitoring event (such as the user) The device is illegally used), and an attachment rejection is sent to the user equipment. Embodiment 3 In this embodiment, after the MME/HSS or SGSN/HLR detects a monitoring event (if it is known that the user equipment is illegally used), the MTC Server is notified. FIG. 5 is a flowchart of Embodiment 3 of the present invention. As shown in FIG. 5, the flow includes the following steps (Step 501 - Step 502): Step 501, in the first embodiment and the second embodiment, when MME/ After detecting the monitoring event (if the user equipment is illegally used), the HSS or the SGSN/HLR sends a monitoring event (such as an alarm message that the user equipment is illegally used) to the MTC Server, where the identity of the user equipment, such as an IMSI, is included; Step 502: After receiving the foregoing alarm message, the MTC Server replies to the sender with a confirmation of receipt. According to an embodiment of the present invention, a monitoring device of a user equipment is also provided, and the device may be disposed in a mobility management network element of a core network, or may be separately configured. FIG. 6 is a schematic structural diagram of a monitoring apparatus of a user equipment according to an embodiment of the present invention. As shown in FIG. 6, the device includes: an access information receiving module 61, a contract information receiving module 62, and a monitoring module 63. The access information receiving module 61 is configured to receive the access information of the user equipment, for example, the access information may be reported by the user equipment when requesting access, or may be reported by the base station; the subscription information receiving module 62. The subscription information is used to receive the user equipment saved by the mobile user management database. The monitoring module 63 is configured to monitor the user according to the access information received by the access information receiving module 61 and the subscription information received by the subscription information receiving module 62. The device detects the occurrence of a monitoring event (for example, a user device is illegally used). In a specific implementation process, the device may monitor whether the UE is illegally used according to the description of the foregoing method embodiment. For example, the monitoring module 63 can monitor (1), whether the IMSI and the MEID in the access information meet the binding relationship between the IMSI and the MEID in the subscription information; (2) location information in the access information (such as the Cell ID). Whether the location information (such as the Cell ID) in the subscription information is consistent; (3) whether the capability information of the user equipment in the access information is consistent with the capability information of the user equipment in the subscription information, to monitor the UE, if one of the above If the result is no, the monitoring module 63 determines that a monitoring event has occurred. Preferably, the foregoing apparatus may further include: a sending module 64, configured to report a monitoring event (such as information that the user equipment is illegally used) when the monitoring module 63 detects that a monitoring event occurs (eg, the user equipment is illegally used). As described above, with the technical solution provided by the embodiment of the present invention, the mobility management network element monitors the user terminal by detecting the access information reported by the user terminal during the access and the subscription information of the user equipment saved in the mobile user management database. The monitoring event occurs, and if the monitoring event occurs, the user equipment is denied access, thereby preventing the user equipment from being stolen or illegally used, thereby solving the security problem existing in the actual application of the user terminal. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种用户设备的监控方法, 其特征在于, 包括: A method for monitoring a user equipment, comprising:
核心网的移动性管理网元接收用户设备的接入信息;  The mobility management network element of the core network receives the access information of the user equipment;
所述移动性管理网元接收移动用户管理数据库保存的所述用户设备 的签约信息;  Receiving, by the mobility management network element, subscription information of the user equipment saved by the mobile user management database;
所述移动性管理网元将所述接入信息与所述签约信息进行比较, 监 控所述用户设备。  The mobility management network element compares the access information with the subscription information to monitor the user equipment.
2. 根据权利要求 1所述的方法, 其特征在于, 在所述移动性管理网元比较 所述接入信息与签约信息不一致的情况下, 所述移动性管理网元检测到 所述用户设备的监控事件, 则所述方法还包括: The method according to claim 1, wherein, when the mobility management network element compares the access information with the subscription information, the mobility management network element detects the user equipment. The monitoring event, the method further includes:
所述移动性管理网元拒绝所述用户设备接入; 和 /或  The mobility management network element denying access to the user equipment; and/or
所述移动性管理网元记录所述监控事件; 和 /或  The mobility management network element records the monitoring event; and/or
所述移动性管理网元上 ~¾所述监控事件。  The mobility management network element monitors the event on the network.
3. 根据权利要求 2所述的方法, 其特征在于, 所述接入信息包括以下至少 之一: 所述用户设备的国际移动用户识别码 IMSI、 所述用户设备的标识 MEID、 所述用户设备的位置信息、 所述用户设备的能力信息。 The method according to claim 2, wherein the access information comprises at least one of: an international mobile subscriber identity IMSI of the user equipment, an identifier MEID of the user equipment, and the user equipment. Location information, capability information of the user equipment.
4. 根据权利要求 3所述的方法, 其特征在于, 所述签约信息包括以下至少 之一: 所述用户设备的 IMSI与 MEID的绑定关系、 所述用户设备的位 置信息、 所述用户设备的能力信息。 The method according to claim 3, wherein the subscription information comprises at least one of the following: a binding relationship between an IMSI and an MEID of the user equipment, location information of the user equipment, and the user equipment. Ability information.
5. 根据权利要求 4所述的方法, 其特征在于, 所述移动性管理网元在以下 监控结果至少之一为否的情况下,确定检测到所述用户设备的监控事件: 所述移动性管理网元监控所述接入信息中的 IMSI和 MEID是否符 合所述签约信息中的 IMSI与 MEID的绑定关系; The method according to claim 4, wherein the mobility management network element determines that a monitoring event of the user equipment is detected when at least one of the following monitoring results is negative: the mobility The management network element monitors whether the IMSI and the MEID in the access information meet the binding relationship between the IMSI and the MEID in the subscription information;
所述移动性管理网元监控所述接入信息中的位置信息与所述签约信 息中的位置信息是否一致;  The mobility management network element monitors whether location information in the access information is consistent with location information in the subscription information;
所述移动性管理网元监控所述接入信息中的用户设备的能力信息与 所述签约信息中的用户设备的能力信息是否一致。 The mobility management network element monitors whether the capability information of the user equipment in the access information is consistent with the capability information of the user equipment in the subscription information.
6. 根据权利要求 3至 5中任一项所述的方法, 其特征在于, 所述用户设备 的能力信息包括: 所述用户设备的接入能力信息。 The method according to any one of claims 3 to 5, wherein the capability information of the user equipment comprises: access capability information of the user equipment.
7. 根据权利要求 1至 5任一项所述的方法, 其特征在于, 所述移动性管理 网元接收用户设备的接入信息包括: The method according to any one of claims 1 to 5, wherein the receiving, by the mobility management network element, the access information of the user equipment comprises:
所述移动性管理网元接收所述用户设备发起的附着请求, 获取所述 附着请求中携带的所述接入信息。  The mobility management network element receives the attach request initiated by the user equipment, and obtains the access information carried in the attach request.
8. 根据权利要求 7所述的方法, 其特征在于, 8. The method of claim 7 wherein
所述移动性管理网元包括: 移动性管理实体;  The mobility management network element includes: a mobility management entity;
所述移动用户管理数据库包括: 所述用户设备的归属用户月艮务器。  The mobile subscriber management database includes: a home subscriber server of the user equipment.
9. 根据权利要求 7所述的方法, 其特征在于, 9. The method of claim 7 wherein:
所述移动性管理网元包括: 服务 GPRS支持节点;  The mobility management network element includes: a service GPRS support node;
所述移动用户管理数据库包括: 所述用户设备的归属位置寄存器。  The mobile subscriber management database includes: a home location register of the user equipment.
10. —种用户设备的监控装置, 其特征在于, 包括: 10. A monitoring device for a user equipment, comprising:
接入信息接收模块, 用于接收用户设备的接入信息;  An access information receiving module, configured to receive access information of the user equipment;
签约信息接收模块, 用于接收移动用户管理数据库保存的所述用户 设备的签约信息;  a subscription information receiving module, configured to receive subscription information of the user equipment saved by the mobile user management database;
监控模块, 用于根据所述接入信息接收模块接收到的所述接入信息 以及所述签约信息接收模块接收到的所述签约信息,监控所述用户设备, 检测所述用户设备的监控事件。  a monitoring module, configured to monitor the user equipment according to the access information received by the access information receiving module and the subscription information received by the subscription information receiving module, and detect a monitoring event of the user equipment .
11. 根据权利要求 10所述的装置, 其特征在于, 所述装置还包括: The device according to claim 10, wherein the device further comprises:
发送模块, 用于在所述监控模块检测到所述用户设备的监控事件发 生的情况下, 上报所述监控事件。  And a sending module, configured to report the monitoring event when the monitoring module detects that the monitoring event of the user equipment occurs.
PCT/CN2010/077168 2009-10-15 2010-09-20 Monitoring method and monitoring device for user equipment WO2011044816A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910179854.X 2009-10-15
CN200910179854.XA CN102045688B (en) 2009-10-15 2009-10-15 Detection method and device of illegal use of user equipment

Publications (1)

Publication Number Publication Date
WO2011044816A1 true WO2011044816A1 (en) 2011-04-21

Family

ID=43875835

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/077168 WO2011044816A1 (en) 2009-10-15 2010-09-20 Monitoring method and monitoring device for user equipment

Country Status (2)

Country Link
CN (1) CN102045688B (en)
WO (1) WO2011044816A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102918878B (en) * 2011-05-31 2016-03-09 华为技术有限公司 File transmitting method and device
CN102857919B (en) * 2011-06-30 2019-08-30 中兴通讯股份有限公司 The triggering method and system of equipment for machine type communication
CN103891344B (en) * 2012-09-29 2018-12-14 华为技术有限公司 A kind of method, equipment and the system of multi-user Cooperation communication
CN103987041B (en) * 2014-05-07 2017-09-29 京信通信系统(中国)有限公司 A kind of Small Cell base station locations access restriction method, apparatus and system
CN110312305B (en) 2018-03-27 2021-12-31 华为技术有限公司 Method and device for determining position of terminal device
CN112954694B (en) * 2019-11-26 2023-05-05 上海华为技术有限公司 Subscription information processing method, device and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852595A (en) * 2005-12-02 2006-10-25 华为技术有限公司 Method for authent ation of access of wireless communication terminal
CN101043724A (en) * 2006-03-25 2007-09-26 中兴通讯股份有限公司 Method for detecting terminal embezzlement in personal handhold telephone system
US20080066157A1 (en) * 2006-08-25 2008-03-13 Qwest Communications International Inc. Detection of unauthorized wireless access points
CN101345673A (en) * 2008-05-21 2009-01-14 华为技术有限公司 Method for position validity detection, communication system, access equipment and top management network element

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102026180A (en) * 2009-09-15 2011-04-20 中国移动通信集团公司 M2M transmission control method, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852595A (en) * 2005-12-02 2006-10-25 华为技术有限公司 Method for authent ation of access of wireless communication terminal
CN101043724A (en) * 2006-03-25 2007-09-26 中兴通讯股份有限公司 Method for detecting terminal embezzlement in personal handhold telephone system
US20080066157A1 (en) * 2006-08-25 2008-03-13 Qwest Communications International Inc. Detection of unauthorized wireless access points
CN101345673A (en) * 2008-05-21 2009-01-14 华为技术有限公司 Method for position validity detection, communication system, access equipment and top management network element

Also Published As

Publication number Publication date
CN102045688A (en) 2011-05-04
CN102045688B (en) 2014-03-12

Similar Documents

Publication Publication Date Title
ES2927540T3 (en) Service gap control for a wireless device
EP2785125B1 (en) Method and system for determining accessibility of terminal group
US10474522B2 (en) Providing a network access failure cause value of a user equipment
EP2154859B1 (en) Method for idle mode signaling reduction and the system thereof
US8582503B2 (en) Method for indicating the bearer management of a serving gateway
EP3596985B1 (en) Method and apparatus for protection of privacy in paging of user equipment
US20120100823A1 (en) Method, system, network side device, and ue of managing csg membership
WO2011153750A1 (en) Method and system for synchronizing user data
EP2209279B1 (en) Method and system for processing a radio bearer under the idle mode signaling reduction (isr) mechanism
WO2011160308A1 (en) Method for processing network congestion, network device and network system
KR20110026464A (en) Method for supporting an emergency call in a mobile communication system
WO2011060709A1 (en) Method and device for checking binding relationship of international mobile subscriber identity and international mobile equipment identity
WO2011157189A2 (en) Method, device and system for reporting location
WO2011044816A1 (en) Monitoring method and monitoring device for user equipment
WO2013139235A1 (en) Paging method and device
WO2011063762A1 (en) Method, network equipment and user equipment for ensuring service connection
US9629179B2 (en) Method and device for processing local access connection
WO2009076814A1 (en) An updating method and device for pcc rule
WO2011023097A1 (en) Method, apparatus and system for access control
WO2012013103A1 (en) Method and system for reporting gateway identity
WO2012041156A1 (en) Network access method and device for mtc device
WO2012146093A1 (en) Method and system for realizing service processing
WO2017202342A1 (en) Method, device and system for reporting information
WO2013097337A1 (en) Network congestion control method and system
US20160344774A1 (en) Methods and nodes supporting lawful intercept

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10823046

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10823046

Country of ref document: EP

Kind code of ref document: A1