WO2011150869A1 - 一种ims网络中合法监听的布控方法及系统 - Google Patents

一种ims网络中合法监听的布控方法及系统 Download PDF

Info

Publication number
WO2011150869A1
WO2011150869A1 PCT/CN2011/075330 CN2011075330W WO2011150869A1 WO 2011150869 A1 WO2011150869 A1 WO 2011150869A1 CN 2011075330 W CN2011075330 W CN 2011075330W WO 2011150869 A1 WO2011150869 A1 WO 2011150869A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
hss
admf
monitored user
monitored
Prior art date
Application number
PCT/CN2011/075330
Other languages
English (en)
French (fr)
Inventor
刘小军
盛国平
刘晓峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011150869A1 publication Critical patent/WO2011150869A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/80Arrangements enabling lawful interception [LI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/10Mobility data transfer between location register and external networks

Definitions

  • the present invention relates to an IMS network, and in particular, to a method and system for controlling lawful interception in an IMS network. Background technique
  • IP Multimedia Core Network Subsystem is a next-generation network standard defined by the 3rd Generation Partnership Project (3GPP). Its distinctive feature is the use of Session Initial Protocol (Session Initial Protocol). , SIP) system, communication and access independent, with separation of service control functions and bearer capabilities, separation of call and service, separation of applications and services, separation of services and networks, and integration of mobile networks and Internet services.
  • Session Initial Protocol Session Initial Protocol
  • the main functional entities in IMS include Call Session Control Function (CSCF) for user registration, session control and other functions, Home Subscriber Server (HSS) that centrally manages user subscription data, and various types of services.
  • Application Server (AS) for business logic control functions.
  • functional entities such as Interconnection Border Control Function (IBCF) and Subscription Locator Function (SLF) are involved in the session.
  • the CSCF is divided into a proxy CSCF (Proxy-CSCF, P-CSCF), a query CSCF (Interrogating-CSCF, I-CSCF), and a service CSCF (Serving-CSCF, S-CSCF) according to the role, and the session is logically completed. Different functions such as routing can be physically separated or combined.
  • the user accesses the IMS through the current local P-CSCF, and queries through the I-CSCF route to complete the session and service triggering functions to the S-CSCF where the user belongs.
  • IMS is an access-independent network, regardless of whether the user is on a fixed or mobile network. Access the IMS network to experience the same business.
  • SIP is the basic signaling control protocol of the IMS network and is one of the multimedia communication system framework protocols developed by the Internet Engineering Task Force (IETF). The SIP is used to initiate, modify, and terminate the control layer protocol of the multimedia session, and cooperates with the multimedia streaming protocol to complete session control and media negotiation in the IMS network.
  • IETF Internet Engineering Task Force
  • the registration process is similar to the registration of users of the Global System for Mobile Communication (GSM). Register your location at the time of registration and notify CSCF to prepare for the call, such as downloading business information.
  • GSM Global System for Mobile Communication
  • An IMS user can have multiple public identities. By registering one of the identities, other identities are automatically registered. All the IDs of a user are stored in the HSS, and the CSCF downloads multiple public identities from the HSS when the user registers.
  • UML Unified Modeling Language
  • URI SIP Uniform Resource Identifier
  • TEL URL Telephone Universal Resource Locator
  • the SIP URI is the network address identifier used in the SIP protocol.
  • SIP: tobas@homel.fr which is characterized by a SIP representation in front of the Internet address.
  • a URL is a short string used to identify a page on the Internet. Users can browse the site by entering the URL of the site in the address bar of the (World Wide Web, "Web") browser. So the URL is actually the computer address of a resource.
  • the resources mentioned here can be documents, files or programs.
  • the Tel URL is a public identifier of the type of telephone number specified by Request for Comment (RFC).
  • Lawful interception as a regulatory requirement in various countries, is one of the essential functions of the IMS system.
  • the main functional entities for lawful interception are: Law Enforcement Monitoring Facility (LEMF), which is used to set, maintain, and control all listening events.
  • the Administration Function (ADMF) is responsible for interacting with LEMF through HI1 to complete the monitoring management.
  • the configuration function (Delivery Function, DF) is used to report the monitoring signaling to HI2.
  • the ADMF and DF functional entities can be implemented in a single physical device or distributed across multiple physical devices. In this paper, the two are assumed to be one.
  • Interface 1 (Handover Interface Port 1 , HI1 ) is mainly responsible for management and maintenance information
  • Interface 2 (Handover Interface Prot 2, HI2) is mainly responsible for reporting signaling messages and event messages to the monitoring center
  • Interface 3 (Handover Interface Prot 3 , ⁇ 3 ) It is mainly responsible for reporting the user's media information to the monitoring center.
  • the XI interface is responsible for management and maintenance information.
  • the X2 interface is used for CSCF, AS reporting signaling messages and event messages.
  • FIG. 2 shows a schematic diagram of the lawful interception implementation framework in the IMS network.
  • ADMF will download the control information of the target user to CSCF and AS.
  • CSCF and AS are responsible for monitoring and reporting data.
  • FIG. 3 The monitoring and monitoring process is shown in Figure 3, including:
  • Step 301 The LEMF monitors an IMS user and notifies the ADMF through the HI1 interface. Steps 302 and 303, the ADMF is controlled to the AS and the CSCF through the XI interface.
  • Step 304 The IMS user initiates a registration request.
  • Steps 305, 306, and 307 the CSCF determines whether the IMS user is monitored. If it is monitored, the CSCF reports the signaling message and the event message to the ADMF through the X2 interface, and the ADMF forwards the message to the LEMF; otherwise, the CSCF does not report the X2 event to the ADMF.
  • Step 308 the CSCF returns a registration response.
  • Step 309 the CSCF initiates a third party registration request instead of the IMS user.
  • Steps 310, 311, and 312 the AS determines whether the IMS user is monitored, and if it is monitored, The AS reports the signaling message and event message to the ADMF through the X2 interface, and the ADMF forwards it to the LEMF. Otherwise, the AS does not report the X2 event to the ADMF.
  • Step 313 the AS returns a registration response.
  • the CSCF and the AS cannot obtain all the public identities of the user, such as the unregistered scenario of the user, or the AS that performs the identity regularization only according to the local rules. If ADMF only controls a public identity and the user initiates a service with other public identifiers, the CSCF and the AS cannot determine that the user is being monitored and cannot report signaling messages and event messages, which may cause the interception data to be missing.
  • Zhang San According to the public identification identity table of Zhang San shown in Figure 4, Zhang San has two identifiers: "SIP: Zhang San @XX Company" and "Tel: +862552877431".
  • the main purpose of the present invention is to provide a method and system for controlling the lawful interception of an IMS network, and implement lawful interception and control when the CSCF or AS does not have a complete list of users.
  • a method for controlling the lawful interception in an IMS network including:
  • ADMF will notify the monitored user of the HSS signed by the monitored user
  • the HSS queries the user identifier information of the monitored user, where the user identifier information includes the complete identifier of the monitored user.
  • the ADMF performs the control according to the user identification information returned by the HSS; or the HSS performs the control according to the user identification information.
  • the method further includes: The LEMF notifies the monitored user to the ADMF through a listening interface.
  • the ADMF notifies the monitored user to the HSS subscribed by the monitored user through the XI interface, the Diameter interface or the private interface.
  • the user identification information further includes one or any combination of the following:
  • the ADMF is controlled according to the user identifier information returned by the HSS, and specifically includes:
  • the ADMF carries the complete identifier of the monitored user in the user identification information, and performs control on the CSCF and the AS managed by the ADMF; or
  • the CSCF and the AS registered by the monitored user are deployed.
  • the HSS performs the control according to the user identification information
  • the method includes: the HSS carrying the complete identifier of the monitored user in the user identification information, and performing control on the CSCF and the AS managed by the HSS.
  • the CSCF and the AS registered by the monitored user are deployed.
  • carrying the complete identifier of the monitored user specifically:
  • the ADMF or the HSS carries the complete identifier of the monitored user by one control;
  • the ADMF or the HSS performs multiple control, and carries the identifier of the monitored user in each deployment control. After multiple deployments, the set of identifiers of the monitored user carried is the integrity of the monitored user. logo.
  • the present invention also provides a control system for lawful interception in an IMS network, including: an ADMF and an HSS signed by a monitored user;
  • the ADMF is configured to notify the monitored user to the HSS
  • the HSS is configured to locally query the user identification information of the monitored user;
  • the user identification information includes a complete identifier of the monitored user;
  • the ADMF or the HSS is further configured to perform control according to the user identification information.
  • the ADMF notifies the monitored user to the HSS via an XI interface, a Diameter interface or a private interface.
  • the user identification information further includes one or any combination of the following:
  • the monitored user registration status, the CSCF and the AS address registered by the monitored user It can be seen that in the technical solution of the present invention, the complete identification list of the user is obtained through the HSS.
  • the HSS or ADMF uses a complete list of identifiers to improve the monitoring efficiency and accuracy of CSCF and AS, and makes the monitoring data reported by CSCF and AS more complete.
  • Figure 1 is a schematic diagram of a UML model of a user's public identity in 3GPP;
  • FIG. 2 is a schematic diagram of a prior art listening network architecture
  • FIG. 3 is a flow chart of the prior art monitoring and monitoring
  • Figure 4 is a schematic diagram of the identity of the public identity
  • FIG. 5 is a schematic diagram of a listening network architecture of the present invention.
  • FIG. 6 is a flow chart of monitoring and monitoring by ADMF according to the present invention.
  • FIG. 7 is a flow chart of monitoring and monitoring by the HSS of the present invention. detailed description
  • the implementation process of the law enforcement monitoring method in the IMS network is as follows:
  • the ADMF After the LEMF notifies the monitored user to the ADMF, the ADMF notifies the monitored user of the HSS subscribed by the monitored user; the HSS queries the user identification information of the monitored user; and finally the ADMF performs the user identification information returned by the HSS.
  • the control, or the HSS directly performs the control according to the user identification information.
  • ADMF can be extended through the XI interface, Diameter interface or any other custom
  • the private interface notifies the monitored user to the HSS.
  • SIP URI can be used for notification: "SIP: Zhang San @XX Company”.
  • the HSS can query the user identification information related to the user locally, and the most important is to query the user's complete identification list. You can also query the user registration status, CSCF, AS and other information registered by the user.
  • the HSS sends the queried user identification information to ADMF.
  • the control network element ADMF or HSS carries the user's complete identification list for control.
  • the user's complete identification list can be controlled by one deployment control, or it can be controlled by multiple times, and one or more identifiers are carried each time, so that the complete identification list can be completed after multiple deployments are completed. It is also possible to control only the CSCF and AS registered by the user according to the CSCF and AS information registered by the user queried by the HSS.
  • the present invention also provides a control system for lawful interception in an IMS network, which mainly includes an ADFS and an HSS subscribed by the monitored user; wherein, the ADMF is used to notify the monitored user of the HSS;
  • the HSS is configured to locally query the user identification information of the monitored user; ADMF or the
  • the HSS is further configured to perform control according to the user identification information.
  • FIG. 5 shows a schematic diagram of a preferred embodiment of a listening network architecture of the present invention.
  • ADMF and HSS use the XI interface to query user identification information or control.
  • ADMF will carry the control information of the complete identification list to CSCF, AS.
  • CSCF and AS are responsible for monitoring and reporting The data.
  • FIG. 6 is a flow diagram showing a preferred embodiment of the method of the present invention for control by ADMF.
  • the ADMF queries the HSS to obtain the user identification information, including the user registration status, the user's complete identification list, the CSCF registered by the user, and the AS address.
  • Step 601 LEMF is controlled by the HI1 interface, such as "SIP: Zhang San @XX Company".
  • the query step can be divided into: ADMF will notify the HSS of the monitored user. For example, by "SIP: Zhang San @XX Company" notice.
  • the HSS then queries the user identification information of the user locally, including at least the complete identification list of the user.
  • Step 603 The HSS returns user identification information, including a user registration status, a complete identification list of the user, a CSCF registered by the user, an AS address, and the like.
  • Steps 604, 605 ADMF broadcasts data to CSCF and AS, and carries a complete list of user identities.
  • This embodiment is implemented by carrying a complete list of users in a single control.
  • step 604 "SIP: Zhang San @XX Company” and “Tel:+862552877431” are carried at the same time.
  • ADMF can also be distributed multiple times, carrying only one logo at a time.
  • step 604 can be divided into two steps: the first installation control identifier "SIP: Zhang San @XX company", and the second installation control identifier "Tel: +862552877431".
  • Step 606 the user Zhang San initiates a registration request with "Tel: +862552877431".
  • Steps 607, 608, 609, CSCF judges that "Tel: +862552877431" is monitored, reports signaling messages and event messages to ADMF, and ADMF forwards the monitoring data to LEMF.
  • Step 610 the CSCF returns a registration response.
  • Step 611 the CSCF initiates a third party registration request instead of the user "Tel: +862552877431".
  • Steps 612, 613, and 614 the AS judges that "Tel: +862552877431" is monitored, reports the signaling message and the event message to the ADMF, and the ADMF forwards the monitoring data to the LEMF.
  • step 615 the AS returns a registration response.
  • the above process is described in terms of registration services, and the processes for other services are similar.
  • the ADMF query HSS can also be implemented by the Diameter interface or other private interfaces.
  • FIG. 7 is a flow chart showing a preferred embodiment of the method of the present invention for routing by HSS.
  • the ADMF is directly controlled to the HSS, and is controlled by the HSS for CSCF and AS.
  • the HSS is equivalent to the deployment proxy server of the IMS network.
  • the HSS queries the user identification information according to the control request of the ADMF, and then controls the CSCF and the AS to carry the complete identification list.
  • Step 701 LEMF is controlled by the HI1 interface, such as "SIP: Zhang San @XX company”.
  • Steps 703, 704 the HSS queries the local user identification information, and obtains the user identification information, where at least the user's complete identification list is included. Then carry the complete user ID to the CSCF, AS control.
  • This embodiment is implemented by carrying the user complete identification list in a single control.
  • step 703 carrying "SIP: Zhang San @XX company” and “Tel: +862552877431”
  • formulate HSS can also be distributed multiple times, each time only Carrying an identifier.
  • step 703 can be divided into two steps: the first installation control identifier "SIP: Zhang San @XX company", and the second installation control identifier "Tel: +862552877431".
  • Step 705 the user Zhang San initiates a registration request with "Tel: +862552877431".
  • Steps 706, 707, 708, CSCF judges that "Tel: +862552877431" is monitored, reports signaling messages and event messages to ADMF, and ADMF forwards the monitoring data to LEMF.
  • step 709 the CSCF returns a registration response.
  • step 720 the CSCF initiates a third party registration request in place of the user "Tel: +862552877431".
  • Step 724 the AS returns a registration response.
  • the technical solution of the present invention is used to perform lawful interception and control in the IMS network. It can effectively improve the accuracy of the CSCF and AS monitoring matching, report more complete monitoring data, and more effectively meet the needs of operators and law enforcement agencies.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Technology Law (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供了一种IMS网络中合法监听的布控方法及系统,在LEMF将被监听用户通知给ADMF后,ADMF将被监听用户通知给被监听用户所签约的HSS;HSS查询所述被监听用户的用户标识信息;最后ADMF根据HSS返回的所述用户标识信息进行布控,或者HSS直接根据所述用户标识信息进行布控。通过本发明的技术方案,提高CSCF和AS的监听匹配效率和准确性,使得CSCF和AS上报的监听数据更完整。

Description

一种 IMS网络中合法监听的布控方法及系统 技术领域
本发明涉及 IMS网络, 尤其涉及一种 IMS网络中合法监听的布控方法 及系统。 背景技术
IP多媒体子系统( IP Multimedia Core Network Subsystem, IMS )是第 三代合作伙伴组织( 3rd Generation Partnership Project, 3GPP )定义的下一 代网络标准, 它的显著特点是釆用了会话初始协议( Session Initial Protocol, SIP )体系, 通信与接入无关, 具备业务控制功能与承载能力分离, 呼叫与 业务分离, 应用与服务分离, 业务与网络分离, 以及移动网与因特网业务 融合等多种能力。
IMS 中主要的功能实体包括用于用户注册、 会话控制等功能的呼叫会 话控制功能(Call Session Control Function, CSCF )、 集中管理用户签约数 据的归属用户服务器( Home Subscriber Server, HSS )和提供各种业务逻辑 控制功能的应用服务器 (Application Server, AS )。 另外在会话过程中还涉 及互连边界控制功能( Interconnection Border Control Function, IBCF )、 签 约定位器功能( Subscription Locator Function, SLF )等功能实体。其中 CSCF 又根据角 色分为代理 CSCF ( Proxy-CSCF , P-CSCF )、 查询 CSCF ( Interrogating-CSCF, I-CSCF )、 服务 CSCF ( Serving-CSCF, S-CSCF ) 等类型, 在逻辑上完成会话路由等不同的功能, 在物理上分离也可以合一。 用户通过当前所在地 P-CSCF接入 IMS , 经 I-CSCF路由查询, 到用户归属 地 S-CSCF完成会话和业务触发等功能。
IMS 是与接入无关的网络, 无论用户通过固网或者移动网络, 都能够 接入 IMS网络体验相同的业务。 SIP是 IMS网络的基本信令控制协议, 是 互联网工程任务组 ( Internet Engineering Task Force, IETF )制定的多媒体 通信系统框架协议之一。 SIP用于发起、修改和终止多媒体会话的控制层协 议, 和多媒体流协议配合, 共同完成 IMS网络中的会话控制和媒体协商。
IMS 用户发起业务之前, 需要进行注册。 注册过程类似全球移动通信 系统 ( Global System for mobile Communication, GSM )用户的注册。 在注 册时登记自己的位置, 并且通知 CSCF做好呼叫准备, 如下载业务信息等。
一个 IMS用户可以有多个公有标识, 通过注册其中一个标识, 其他标 识会自动注册。 一个用户的所有标识保存在 HSS中, CSCF在用户注册时 从 HSS下载多个公有标识。 在 3GPP协议 29.228中, 公有标识的统一建模 语言 ( Unified Modeling Language, UML )如图 1所示。
最常用例子是用户有一个 SIP 统一资源标识 ( Uniform Resource Identifier, URI ),并且有一个电话号码类型的统一资源定位标识( Telephone Universal Resource Locator, Tel URL )。
具体地说, SIP URI 是 SIP 协议中使用的网络地址标识。 如 SIP: tobas@homel.fr, 其特征是在 Internet网址前面加上 SIP表示。 而 URL是 Internet上用来标识某个信息页所用的一个短的字符串。用户只要在(World Wide Web, 简称 "Web" )浏览器的地址栏内输入站点的 URL, 就可以浏览 这个站点。 因此 URL实际就是某个资源的计算机地址。 这里所说的资源可 以是文档、文件或是程序。其中, Tel URL是请求评论( Request for Comment, RFC )规定的电话号码类型的公有标识。
合法监听作为各个国家的管制需求, 是 IMS系统必备功能之一。 目前 第三代合作伙伴组织和欧洲电信标准化协会 ( Europe Telecommunications Standards Institute, ETSI ) 都对 IMS网络的合法监听制定相应的规范, 要 求 CSCF和 AS将监听对象的所有 SIP消息作为信令面信息输出。 合法监听的主要功能实体有: 合法监听设备 ( Law Enforcement Monitoring Facility, LEMF ), 用于设置、 维护、 控制所有监听事件; 管理 功能(Administration Function, ADMF ), 负责通过 HI1与 LEMF交互, 完 成监听管理配置; 传输功能(Delivery Function, DF ), 用于向 HI2上报监 听信令。 ADMF与 DF功能实体可以在单个物理设备中实现, 也可以分布 在多个物理设备中实现, 本文中假定二者合一。
LEMF与 ADMF、 DF之间有三个监听接口 ( Handover Interface , HI )。 接口 1 ( Handover Interface Port 1 , HI1 )主要负责管理和维护信息; 接口 2 ( Handover Interface Prot 2, HI2 )主要负责向监听中心上报信令消息和事 件消息; 接口 3 ( Handover Interface Prot 3 , ΗΙ3 )主要负责向监听中心上报 用户面媒体信息。
ADMF与 CSCF、 AS之间有 XI、 X2接口, XI接口负责管理和维护信 息, X2接口用于 CSCF、 AS上报信令消息和事件消息。
图 2给出了 IMS网络中合法监听实现框架的示意图。 ADMF将目标用 户的布控信息下到 CSCF、 AS。 CSCF和 AS负责监听, 并将数据上报。
布控监听流程如图 3所示, 包括:
步骤 301 , LEMF监控某个 IMS用户, 通过 HI1接口通知 ADMF。 步骤 302、 303 , ADMF通过 XI接口向 AS、 CSCF布控。
步骤 304 , 该 IMS用户发起注册请求。
步骤 305、 306、 307, CSCF判断该 IMS用户是否被监听,如果被监听, CSCF通过 X2接口上报信令消息和事件消息给 ADMF, ADMF再转发给 LEMF; 否则 CSCF不上报 X2事件到 ADMF。
步骤 308, CSCF返回注册响应。
步骤 309, CSCF代替 IMS用户发起第三方注册请求。
步骤 310、 311、 312, AS判断该 IMS用户是否被监听, 如果被监听, AS 通过 X2接口上报信令消息和事件消息给 ADMF, ADMF再转发给 LEMF; 否则 AS不上报 X2事件到 ADMF。
步骤 313 , AS返回注册响应。
根据现有技术方案, 在部分业务场景中, CSCF和 AS无法获取用户的 所有公有标识, 如用户未注册场景, 或只根据本地规则进行标识规整的 AS 等。 如果 ADMF只布控某个公有标识, 而用户以其他公有标识发起业务, CSCF和 AS无法判断出该用户被监听, 无法上报信令消息和事件消息, 会 造成监听数据缺失。 例如: 根据图 4所示的张三的公共标识身份表, 张三 有 "SIP: 张三 @XX公司", "Tel:+862552877431" 两个标识。 如果在图 3 所述的布控监听流程中, ADMF只布控 "SIP: 张三 @XX公司", 而 "张三" 以 "Tel:+862552877431"发起业务, 如果 CSCF和 AS上没有完整的标识列 表时, 无法判断出 "Tel:+862552877431" 被监听, 从而无法上报监听数据。 发明内容
有鉴于此, 本发明的主要目的在于提供一种 IMS网络合法监听的布控 方法及系统, 在 CSCF或 AS没有用户的完整标识列表时, 实现合法监听布 控。
为达到上述目的, 本发明的技术方案是这样实现的:
一种 IMS网络中合法监听的布控方法, 包括:
ADMF将被监听用户通知给所述被监听用户所签约的 HSS;
所述 HSS查询所述被监听用户的用户标识信息; 其中, 所述用户标识 信息中包括所述被监听用户的完整标识;
所述 ADMF根据所述 HSS返回的所述用户标识信息进行布控; 或者 所述 HSS根据所述用户标识信息进行布控。
优选地,所述 ADMF将被监听用户通知给所述被监听用户所签约的 HSS 之前, 所述方法还包括: LEMF通过监听接口将所述被监听用户通知给所述 ADMF。 优选地, 所述 ADMF通过 XI接口、 Diameter接口或私有接口将被监 听用户通知给所述被监听用户所签约的 HSS。
优选地, 所述用户标识信息还包括以下之一或任意组合:
所述被监听用户注册状态、所述被监听用户所注册的 CSCF和 AS地址。 优选地,所述 ADMF根据所述 HSS返回的所述用户标识信息进行布控, 具体包括:
所述 HSS向所述 ADMF返回所述用户标识信息;
所述 ADMF携带所述用户标识信息中的所述被监听用户的完整标识, 向所述 ADMF所管理的 CSCF及 AS进行布控; 或者,
向所述被监听用户所注册的 CSCF及 AS进行布控。
优选地, 所述 HSS根据所述用户标识信息进行布控, 具体包括: 所述 HSS携带所述用户标识信息中的所述被监听用户的完整标识, 向 所述 HSS所管理的 CSCF及 AS进行布控; 或者,
向所述被监听用户所注册的 CSCF及 AS进行布控。
优选地, 携带所述被监听用户的完整标识, 具体指:
所述 ADMF或所述 HSS通过一次布控,携带所述被监听用户的完整标 识; 或者,
所述 ADMF或所述 HSS进行多次布控, 在每次布控中,携带被监听用 户的标识, 多次布控后, 所携带的所述被监听用户的标识的集合为所述被 监听用户的完整标识。
基于上述方法, 本发明还提出一种 IMS网络中合法监听的布控系统, 包括: ADMF和被监听用户所签约的 HSS; 其中,
所述 ADMF, 用于将被监听用户通知给所述 HSS;
所述 HSS , 用于在本地查询所述被监听用户的用户标识信息; 其中, 所述用户标识信息中包括所述被监听用户的完整标识;
所述 ADMF或者所述 HSS还用于根据所述用户标识信息进行布控。 优选地, 所述 ADMF通过 XI接口、 Diameter接口或私有接口将被监 听用户通知给所述 HSS。
优选地, 所述用户标识信息还包括以下一种或任意组合:
所述被监听用户注册状态、所述被监听用户所注册的 CSCF和 AS地址。 由此可见,本发明的技术方案中,通过 HSS获取用户的完整标识列表。 再由 HSS或 ADMF使用完整的标识列表进行布控, 提高 CSCF和 AS的监 听匹配效率和准确性, 使得 CSCF和 AS上报的监听数据更完整。 附图说明
图 1为 3GPP 中用户公有标识的 UML模型示意图;
图 2为现有技术的监听网络架构示意图;
图 3为现有技术的布控监听流程图;
图 4为公有标识身份示意图;
图 5为本发明的监听网络架构示意图;
图 6为本发明的通过 ADMF进行监听布控的流程图;
图 7为本发明的通过 HSS进行监听布控的流程图。 具体实施方式
IMS网络中合法监听的布控方法的实施流程为:
在 LEMF将被监听用户通知给 ADMF后, ADMF将被监听用户通知 给被监听用户所签约的 HSS; HSS查询所述被监听用户的用户标识信息; 最后 ADMF根据 HSS返回的所述用户标识信息进行布控, 或者 HSS直接 根据所述用户标识信息进行布控。
ADMF可以通过扩展的 XI接口、 Diameter接口或者其它任何自定义的 私有接口 ,将被监听用户通知给 HSS。通知时可以使用例如 SIP URI: "SIP: 张三 @XX公司"。
HSS 可以在本地查询与该用户相关的用户标识信息, 最主要的是查询 用户的完整标识列表。 还可以查询用户注册状态、 用户所注册的 CSCF、 AS等信息。
在后续布控时, 可以由 ADMF进行布控或者由 HSS进行布控。 若由 ADMF进行布控 , 则 HSS将查询到的用户标识信息发送给 ADMF。
布控时, 布控网元 ADMF或者 HSS, 携带用户的完整标识列表进行布 控。 可以通过一次布控就将用户完整标识列表布控下去, 也可以通过多次 布控, 每次携带一个或多个标识, 使得多次布控结束后可以将完整标识列 表布控完成即可。 也可以根据 HSS查询到的用户所注册的 CSCF、 AS信息, 仅对用户所注册 的 CSCF、 AS进行布控。
布控的具体过程与现有技术和协议相同, 在此不再赘述。
本发明还提供一种 IMS网络中合法监听的布控系统,主要包括 ADMF 和被监听用户所签约的 HSS; 其中, ADMF用于将被监听用户通知给 HSS;
HSS 用于在本地查询所述被监听用户的用户标识信息; ADMF 或者所述
HSS还用于根据所述用户标识信息进行布控。
系统的工作过程以及工作原理在方法部分已经进行了详细描述, 在此 不再赘述, 参照方法中相应部分的描述即可。
下面结合附图和具体实施例对本发明作进一步的说明。
图 5给出了本发明的一种监听网络架构的优选实施例的示意图。 ADMF 与 HSS使用 XI接口, 用于查询用户标识信息或者布控。 ADMF将携带完 整标识列表的布控信息下到 CSCF、 AS。 CSCF和 AS负责监听并上报监听 的数据。
图 6给出了本发明方法的一种通过 ADMF进行布控的优选实施例的流 程图。 ADMF收到 LEMF的布控请求后 ,向 HSS查询 ,获取用户标识信息 , 包括用户注册状态、 用户的完整标识列表、 用户注册的 CSCF、 AS地址等。
步骤 601 , LEMF通过 HI1接口布控, 如布控 "SIP:张三 @XX公司"。 步骤 602 , ADMF查询 HSS用户标识信息。
该查询步骤可以分为: ADMF将被监听用户通知给 HSS。例如通过" SIP: 张三 @XX公司" 通知。 然后 HSS在本地查询该用户的用户标识信息, 其 中至少包括用户的完整标识列表。
步骤 603 , HSS返回用户标识信息, 包括用户注册状态、 用户的完整标 识列表、 用户注册的 CSCF、 AS地址等。
步骤 604、 605 , ADMF布控数据到 CSCF和 AS , 携带完整的用户标识 列表。 本实施例是按照一次布控就携带用户完整标识列表实施的, 如步骤 604 中同时携带 "SIP: 张三 @XX公司" 和 "Tel:+862552877431"。 ADMF 也可以分多次布控, 每次只携带一个标识。 如本实施例中可以将步骤 604 分为两步: 第一次布控标识 "SIP: 张三 @XX 公司", 第二次布控标识 "Tel:+862552877431"。
步骤 606, 用户张三以 "Tel:+862552877431" 发起注册请求。
步骤 607、 608、 609 , CSCF判断 "Tel:+862552877431" 被监听, 上报 信令消息和事件消息到 ADMF, ADMF转发监听数据到 LEMF。
步骤 610, CSCF返回注册响应。
步骤 611 , CSCF代替用户 "Tel:+862552877431"发起第三方注册请求。 步骤 612、 613、 614, AS判断 "Tel:+862552877431" 被监听, 上报信 令消息和事件消息到 ADMF, ADMF转发监听数据到 LEMF。
步骤 615 , AS返回注册响应。 上述流程是按照注册业务来描述的, 对于其他业务的流程也是类似的。 其中 ADMF查询 HSS也可以 Diameter接口或者其他私有接口实现。
图 7给出了本发明方法的一种通过 HSS进行布控的优选实施例的流程 图。 ADMF直接布控到 HSS, 由 HSS对 CSCF、 AS布控。 HSS相当于 IMS 网络的布控代理服务器, HSS根据 ADMF的布控请求查询用户标识信息, 然后再对 CSCF和 AS布控, 携带完整的标识列表。
步骤 701 , LEMF通过 HI1接口布控, 如布控 "SIP:张三 @XX公司"。 步骤 702, ADMF通过 XI接口向 HSS布控,将被监听用户通知给 HSS。 例如通过布控 "SIP:张三 @XX公司", 将被监听用户通知给 HSS。
步骤 703、 704, HSS查询本地的用户标识信息, 获取用户标识信息, 其中至少包括用户的完整标识列表。 然后携带完整的用户标识向 CSCF、 AS布控。 本实施例是按照一次布控就携带用户完整标识列表实施的, 如步 骤 703中同时携带 "SIP: 张三 @XX公司" 和 "Tel:+862552877431"„ HSS 也可以分多次布控, 每次只携带一个标识。 如本实施例中可以将步骤 703 分为两步: 第一次布控标识 "SIP: 张三 @XX 公司", 第二次布控标识 "Tel:+862552877431"。
步骤 705 , 用户张三以 "Tel:+862552877431" 发起注册请求。
步骤 706、 707、 708 , CSCF判断 "Tel:+862552877431" 被监听, 上报 信令消息和事件消息到 ADMF, ADMF转发监听数据到 LEMF。
步骤 709, CSCF返回注册响应。
步骤 720, CSCF代替用户 "Tel:+862552877431"发起第三方注册请求。 步骤 721、 722、 723 , AS判断 "Tel:+862552877431" 被监听, 上报信 令消息和事件消息到 ADMF, ADMF转发监听数据到 LEMF。
步骤 724, AS返回注册响应。
综上所述, 釆用本发明的技术方案,在 IMS网络中进行合法监听布控, 能有效提高 CSCF和 AS的监听匹配的准确性, 上报更完整的监听数据, 更 有效地满足运营商和执法机构的需求。
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡在 本发明的精神和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包 含在本发明的保护范围之内。

Claims

权利要求书
1、 一种 IMS网络中合法监听的布控方法, 其特征在于, 包括: 管理功能 ( ADMF )将被监听用户通知给所述被监听用户所签约的归属 用户服务器(HSS );
所述 HSS查询所述被监听用户的用户标识信息; 其中, 所述用户标识 信息中包括所述被监听用户的完整标识;
所述 ADMF根据所述 HSS返回的所述用户标识信息进行布控; 或者 所述 HSS根据所述用户标识信息进行布控。
2、 如权利要求 1所述的方法, 其特征在于, 所述 ADMF将被监听用 户通知给所述被监听用户所签约的 HSS之前, 所述方法还包括:
合法监听设备(LEMF )通过监听接口将所述被监听用户通知给所述 ADMF。
3、如权利要求 1所述的方法,其特征在于,所述 ADMF通过 XI接口、 Diameter接口或私有接口将被监听用户通知给所述被监听用户所签约的 HSS。
4、 如权利要求 1所述的方法, 其特征在于, 所述用户标识信息还包括 以下之一或任意组合:
所述被监听用户注册状态、 所述被监听用户所注册的呼叫会话控制功 能(CSCF )和应用服务器(AS )地址。
5、如权利要求 4所述的方法, 其特征在于, 所述 ADMF根据所述 HSS 返回的所述用户标识信息进行布控, 包括:
所述 HSS向所述 ADMF返回所述用户标识信息;
所述 ADMF携带所述用户标识信息中的所述被监听用户的完整标识, 向所述 ADMF所管理的 CSCF及 AS进行布控; 或者,
向所述被监听用户所注册的 CSCF及 AS进行布控。
6、如权利要求 4所述的方法, 其特征在于, 所述 HSS根据所述用户标 识信息进行布控, 包括:
所述 HSS携带所述用户标识信息中的所述被监听用户的完整标识, 向 所述 HSS所管理的 CSCF及 AS进行布控; 或者,
向所述被监听用户所注册的 CSCF及 AS进行布控。
7、 如权利要求 5或 6所述的方法, 其特征在于, 携带所述被监听用户 的完整标识, 指:
所述 ADMF或所述 HSS通过一次布控,携带所述被监听用户的完整标 识; 或者,
所述 ADMF或所述 HSS进行多次布控, 在每次布控中,携带被监听用 户的标识, 多次布控后, 所携带的所述被监听用户的标识的集合为所述被 监听用户的完整标识。
8、 一种 IMS网络中合法监听的布控系统, 其特征在于, 包括: ADMF 和被监听用户所签约的 HSS; 其中,
所述 ADMF, 用于将被监听用户通知给所述 HSS;
所述 HSS , 用于在本地查询所述被监听用户的用户标识信息; 其中, 所述用户标识信息中包括所述被监听用户的完整标识;
所述 ADMF或者所述 HSS还用于根据所述用户标识信息进行布控。
9、如权利要求 8所述的系统,其特征在于,所述 ADMF通过 XI接口、 Diameter接口或私有接口将被监听用户通知给所述 HSS。
10、 如权利要求 8所述的系统, 其特征在于, 所述用户标识信息还包 括以下一种或任意组合:
所述被监听用户注册状态、所述被监听用户所注册的 CSCF和 AS地址。
PCT/CN2011/075330 2010-06-03 2011-06-03 一种ims网络中合法监听的布控方法及系统 WO2011150869A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2010101914153A CN101883371A (zh) 2010-06-03 2010-06-03 一种ims网络中合法监听的布控方法及系统
CN201010191415.3 2010-06-03

Publications (1)

Publication Number Publication Date
WO2011150869A1 true WO2011150869A1 (zh) 2011-12-08

Family

ID=43055219

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/075330 WO2011150869A1 (zh) 2010-06-03 2011-06-03 一种ims网络中合法监听的布控方法及系统

Country Status (2)

Country Link
CN (1) CN101883371A (zh)
WO (1) WO2011150869A1 (zh)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883371A (zh) * 2010-06-03 2010-11-10 中兴通讯股份有限公司 一种ims网络中合法监听的布控方法及系统
CN110312248A (zh) * 2018-03-27 2019-10-08 北京盛世光明软件股份有限公司 一种移动数据通讯监听方法及装置
CN112003855B (zh) * 2020-08-20 2021-09-03 杭州诚智天扬科技有限公司 基于ims网络的隐私号码业务平台系统及其应用方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1983982A (zh) * 2005-12-13 2007-06-20 华为技术有限公司 一种下发监听数据的方法和系统
CN101237447A (zh) * 2007-01-29 2008-08-06 华为技术有限公司 策略执行方法、系统及网元
CN101325781A (zh) * 2007-06-15 2008-12-17 华为技术有限公司 一种合法监听方法、系统和网络设备
CN101883371A (zh) * 2010-06-03 2010-11-10 中兴通讯股份有限公司 一种ims网络中合法监听的布控方法及系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8400927B2 (en) * 2006-07-26 2013-03-19 Telefonaktiebolaget Lm Ericsson (Publ) Service based lawful interception

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1983982A (zh) * 2005-12-13 2007-06-20 华为技术有限公司 一种下发监听数据的方法和系统
CN101237447A (zh) * 2007-01-29 2008-08-06 华为技术有限公司 策略执行方法、系统及网元
CN101325781A (zh) * 2007-06-15 2008-12-17 华为技术有限公司 一种合法监听方法、系统和网络设备
CN101883371A (zh) * 2010-06-03 2010-11-10 中兴通讯股份有限公司 一种ims网络中合法监听的布控方法及系统

Also Published As

Publication number Publication date
CN101883371A (zh) 2010-11-10

Similar Documents

Publication Publication Date Title
US9973541B2 (en) Lawful interception in an IP multimedia subsystem network
EP2522122B1 (en) Lawful call interception support in packet cable network
CN101809961B (zh) Ip多媒体子系统网络中的故障恢复
WO2006136106A1 (fr) Procede et systeme d'authentification de terminal d'usager
CN101237447B (zh) 策略执行方法、系统及网元
WO2008011819A1 (fr) Procédé et dispositif permettant d'émettre des informations d'interception légales
TWI385969B (zh) Ip多媒體子系統上加值服務之合法監聽方法及系統
WO2008058486A1 (fr) Procédé d'enregistrement de groupe d'utilisateurs, procédé de mise à jour d'état, équipement de traitement, entité de réseau ims et système de communication
WO2009010017A1 (en) The implementing method and system for ue redirection service of sharing pui
WO2013163945A1 (zh) 一种机器类通信事件的上报方法及相应装置
WO2014114088A1 (zh) 一种ngn下实现宽带业务功能的方法及业务平台
TWI621342B (zh) System for dynamically identifying Next Generation Network (NGN)/IP Multimedia Subsystem (IMS) Voice over Internet Protocol (VoIP) calls and system in which the calling and called users are accommodated in the same Talk Edge Controller (SBC) and method thereof
WO2011150869A1 (zh) 一种ims网络中合法监听的布控方法及系统
EP2301232B1 (en) Lawful interception of bearer traffic
WO2007090320A1 (fr) Système d'identité d'utilisateur et procédé d'enregistrement et de configuration d'un service et d'un chemin
EP3086593B1 (en) Network entity and method for monitoring an ims-based service
EP3094059B1 (en) Routing voice over lte call invites in a terminating ims
WO2010127529A1 (zh) 一种ip多媒体子系统业务的建立方法及系统
WO2016050032A1 (zh) 用户注册处理方法、装置及系统
EP2634980B1 (en) Method and apparatus for intercepting media contents in ip multimedia subsystem
JP2010525623A (ja) 通信ネットワークにおいて使用する方法、および、装置
WO2012097727A1 (zh) 监控终端的方法和通信系统
WO2011032425A1 (zh) 呼叫等待业务中区别振铃的实现方法及系统
WO2009015584A1 (fr) Procédé, système et dispositif servant à réaliser un enregistrement d'un équipement utilisateur dans un réseau personnel
WO2008092358A1 (fr) Procédé de réalisation de stratégie, système et élément réseau

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11789248

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11789248

Country of ref document: EP

Kind code of ref document: A1