WO2012089050A1 - Interception apparatus, interception method, and system - Google Patents

Interception apparatus, interception method, and system Download PDF

Info

Publication number
WO2012089050A1
WO2012089050A1 PCT/CN2011/084318 CN2011084318W WO2012089050A1 WO 2012089050 A1 WO2012089050 A1 WO 2012089050A1 CN 2011084318 W CN2011084318 W CN 2011084318W WO 2012089050 A1 WO2012089050 A1 WO 2012089050A1
Authority
WO
WIPO (PCT)
Prior art keywords
monitoring
interception
data
request message
gateway
Prior art date
Application number
PCT/CN2011/084318
Other languages
French (fr)
Chinese (zh)
Inventor
刘庄
王宏磊
曹广传
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2012089050A1 publication Critical patent/WO2012089050A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/43Billing software details
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/47Fraud detection or prevention means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/62Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP based on trigger specification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls

Definitions

  • the embodiments of the present invention relate to communication technologies, and in particular, to a monitoring device, a monitoring method, and a system. Background technique
  • Lawful interception means that the national security agency monitors the communication process of a certain user according to the law.
  • the lawful interception of the circuit domain generally adopts a network structure conforming to the 3GPPETSI interception protocol.
  • the monitoring function is implemented by signaling interaction between a lawful interception gateway (LIG) and a network element (NE).
  • LIG lawful interception gateway
  • NE network element
  • the LIG receives the monitoring data, and stores the monitoring data in a local database; the monitoring data can be used to control the monitored user. Then, the LIG sets the monitoring data to the NE, and the monitoring data is locally stored by the NE. Then, the NE can monitor the controlled user according to the stored monitoring data, and report the monitoring information to the LIG.
  • the NE side needs to store the monitoring data to trigger the monitoring service, which causes the leakage of the monitoring data stored on the NE side. It may be backed up, and the user's monitoring data is highly confidential information, and does not allow any form of disclosure. Therefore, the current monitoring method has great security risks.
  • An embodiment of the present invention provides a monitoring method, including: acquiring, when monitoring a communication service performed by a terminal, a user identifier corresponding to the communication service; Sending a monitoring data request message to the monitoring gateway, where the monitoring data request message includes the user identifier, to trigger the monitoring gateway to perform a monitoring service according to the monitoring data request message.
  • the embodiment of the present invention provides a monitoring method, including: receiving a monitoring data request message sent by a monitoring device, where the monitoring data request message includes a user identifier corresponding to the communication service; and performing a monitoring service according to the monitoring data request message.
  • the embodiment of the present invention provides a monitoring device, including: a monitoring module, configured to acquire a user identifier corresponding to the communication service when monitoring a communication service performed by the terminal; and a requesting module, configured to send a monitoring data request message to the monitoring gateway And the intercepting data request message includes the user identifier, to trigger the intercepting gateway to perform a monitoring service according to the intercept data request message.
  • An embodiment of the present invention provides a monitoring gateway, including: a second receiving module, configured to receive a monitoring data request message sent by a monitoring device, where the monitoring data request message includes a user identifier corresponding to a communication service; and a reporting module, configured to The intercept data request message performs a listening service.
  • the embodiment of the present invention provides a monitoring system, including: the monitoring device provided by the embodiment of the present invention, the monitoring gateway provided by the embodiment of the present invention, and the monitoring center; the monitoring center is configured to receive the reporting by the monitoring gateway Monitor information.
  • the monitoring device, the monitoring method, and the system in the embodiment of the present invention send a monitoring data request message to the LIG through the NE to query whether the user identifier is monitored, and the NE monitors according to the monitoring data returned by the LIG, so that the NE side can no longer store the user.
  • the monitoring data solves the problem of the risk of intercepting data leakage on the NE side, and ensures the security of the user listening data.
  • FIG. 1 is a schematic structural diagram of an application system of an embodiment of a monitoring method according to the present invention
  • Embodiment 1 of a monitoring method according to the present invention is a schematic flowchart of Embodiment 1 of a monitoring method according to the present invention
  • Embodiment 3 is a schematic flowchart of Embodiment 2 of a monitoring method according to the present invention.
  • Embodiment 4 is a schematic flowchart of Embodiment 3 of a monitoring method according to the present invention.
  • FIG. 5 is a schematic diagram of signaling of Embodiment 4 of a monitoring method according to the present invention.
  • Embodiment 5 is a schematic signaling diagram of Embodiment 5 of a monitoring method according to the present invention.
  • Embodiment 7 is a schematic signaling diagram of Embodiment 6 of a monitoring method according to the present invention.
  • Embodiment 8 is a schematic signaling diagram of Embodiment 7 of a monitoring method according to the present invention.
  • Embodiment 8 of a monitoring method according to the present invention is a schematic signaling diagram of Embodiment 8 of a monitoring method according to the present invention.
  • Embodiment 9 is a schematic signaling diagram of Embodiment 9 of a monitoring method according to the present invention.
  • FIG. 11 is a schematic structural diagram of an embodiment of a monitoring device according to the present invention.
  • FIG. 12 is a schematic structural diagram of an embodiment of a monitoring gateway according to the present invention.
  • FIG. 13 is a schematic structural diagram of an embodiment of a monitoring system according to the present invention. detailed description
  • the main technical solution of the embodiment of the present invention is that the monitoring data of the user is stored only on the LIG side, and the monitoring data related to the monitoring service is pre-stored on the NE side; when the NE side receives the communication service letter of the user When the information is sent, the monitoring data request message is sent to the LIG side to check whether the terminal user identifier corresponding to the communication service is monitored.
  • FIG. 1 is a schematic diagram of an application system architecture of an embodiment of a monitoring method according to the present invention.
  • the monitoring system may include a Law Enforcement Monitoring Facility (LEMF) 11, LIG12, and NE13.
  • the LIG 12 may include a Management Function (ADMF) 14 and a Data Transfer Entity (DF), which may in turn include two logical entities, DF15 and DF16.
  • DF15 is used to transmit the interception information at the signaling level
  • DF16 is used to transmit the interception information at the media level.
  • the entities of LEMF11 and LIG12 communicate through three communication interfaces: H11, H12 and H13
  • the entities of LIG12 and NE13 communicate through three communication interfaces X1, X2 and X3.
  • the LEMF1 1 can input the related information of the monitored user to the LIG12 through the H11 interface, and the LIG12 can send a monitoring command to the NE13 through the X1 interface.
  • the interception information reported by the NE to the LIG may include the interception information at the signaling level and the media level.
  • the interception information at the signaling level is Interception Related Information (IRI), which may include the user's power on, power off, and location update. , call and other activities; media-level monitoring information that is listening to communication content (Communication Content, referred to as: CC), can contain voice and video information.
  • IRI Interception Related Information
  • CC Media-level monitoring information that is listening to communication content
  • CC Communication Content
  • the X2 interface is used for the NE13 to report the IRI data to the LIG12
  • the X3 interface is used for the NE13 to report the CC data such as the voice/video call content to the LIG.
  • Embodiment 1 2 is a schematic flowchart of the first embodiment of the monitoring method of the present invention.
  • the method may be performed by the NE.
  • the monitoring method in this embodiment may include the following steps: Step 201: When monitoring the communication performed by the terminal Obtaining a user identifier corresponding to the communication service when the service is performed;
  • the NE monitors the communication service performed by the terminal.
  • the communication service may be a call service received by the NE, or a user location registration and power on/off operation processed by the NE, and a short message transmission service acquired by the NE.
  • Step 202 Send a monitoring data request message to the monitoring gateway, where the monitoring data request message includes the user identifier, to trigger the monitoring gateway to perform a monitoring service according to the monitoring data request message.
  • the NE sends a listen data request message to the LIG to trigger the LIG to perform the monitoring service according to the intercept data request message.
  • the LIG may query the monitoring data corresponding to the user identifier stored on the user side according to the user identifier carried in the monitoring data request message, and send the monitoring data to the NE; the NE may communicate according to the monitoring data.
  • the service listens to obtain the interception information.
  • the NE may also carry the signaling information, such as the short message content and the user number, in the interception data request message reported to the LIG, so that the LI G determines that the type of the intercepted data is the signaling layer monitoring information, which may be The interception information is directly reported to the interception center in the signaling information of the interception data request message, thereby saving the signaling load between the NE and the LIG.
  • the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can not pre-store the user's monitoring data before the monitoring, for example, not in the disk, database, and file on the NE side.
  • Embodiment 2 3 is a schematic flowchart of the second embodiment of the monitoring method of the present invention. The embodiment is based on the first embodiment, and further describes the operation of the NE after sending the interception data request message. As shown in FIG. 3, the method may include the following steps. Step 301: When monitoring the communication service performed by the terminal, acquiring the user identifier corresponding to the communication service; wherein, in addition to the user identifier corresponding to the communication service, the NE may also monitor the communication service performed by the terminal. According to different types of communication services, the corresponding service information is separately obtained.
  • Step 302 Send a monitoring data request message to the monitoring gateway.
  • the monitoring data request message includes the user identifier, to trigger the monitoring gateway to perform a monitoring service according to the monitoring data request message.
  • the NE may perform the step.
  • the service information obtained in 301 is carried in the intercept data request message and sent to the LIG.
  • the NE may start a timer, and determine whether the monitoring data response message returned by the LIG is received within the set duration. If not, the communication service may continue to be performed, and the monitoring of the service is not performed; if yes, the NE may receive the monitoring data response message returned by the LIG, and the NE may continue to perform steps 304-306.
  • Step 304 Receive a listening data response message returned by the monitoring gateway, where the monitoring data response message includes monitoring data.
  • Step 305 Listening to the communication service according to the interception data, acquiring the interception information, and reporting the interception information to the interception gateway.
  • Step 306 Clear the interception data stored in the memory.
  • the intercepted data temporarily stored in the memory may be cleared after the monitoring information is reported.
  • the step 303 is not performed, but the step is performed in the following step: The NE receives the interception data response message returned by the LIG. If the message is empty, the LIG side does not have the monitoring data corresponding to the user identifier, and the The communication service is monitored, and the communication service is continued. If the message includes the monitoring data corresponding to the user identifier, step 305 is continued.
  • the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, and the NE performs monitoring according to the monitoring data returned by the LIG, so that the NE side can no longer store the user's monitoring data, for example,
  • the user does not store any user's monitoring data in the disk, database, and file on the NE side, which solves the problem of the risk of monitoring data leakage on the NE side, ensuring the security of the user listening data; and, by setting a timer, the NE can be made to each The situation can be processed in time to improve the processing efficiency of the monitoring service.
  • FIG. 4 is a schematic flowchart of Embodiment 3 of the monitoring method of the present invention.
  • the method may be performed by the LIG.
  • the monitoring method in this embodiment may include the following steps: Step 401: The receiving monitoring device sends a listening data request message, where the intercept data request message includes a user identifier corresponding to the communication service;
  • the LIG receives the interception data request message sent by the NE, and the message carries the user identifier acquired by the NE when monitoring the communication service of the terminal.
  • Step 402 When it is determined that the monitoring data corresponding to the user identifier exists according to the user identifier, the interception information corresponding to the user identifier is obtained and reported to the monitoring center. Specifically, the LIG may query, according to the user identifier in the interception data request message, whether the monitoring data corresponding to the user identifier is stored in the local database.
  • the LIG may return a monitoring data response message to the listening device, where the monitoring data response message includes the monitoring data corresponding to the user identifier; and receiving the monitoring The monitoring information obtained by the device listening to the communication service according to the interception data. If the interception data is not stored, it indicates that the terminal is not monitored, and the LIG may return a listen data response message to the NE, and the intercept data response message is empty, or may not respond to the NE. Further, if the LIG determines that the type of the interception data is the signaling layer interception information, the interception information may be obtained from the interception data request message. Specifically, the interception data request message received by the LIG carries signaling information.
  • the signaling information carried in the intercept data request message may include the user number of the originating user, the short message content, the location information of the originating user, and the like.
  • the LIG may obtain the interception information from the interception data request message, and the interception information may include, for example, a user number and a short message content to report the information to the monitoring center.
  • the monitoring data request message sent by the NE is received, and the monitoring data is returned to the NE for monitoring, so that the NE side can no longer store the user's monitoring data, for example, the disk, the database, and the file that are not on the NE side.
  • FIG. 5 is a schematic diagram of signaling according to Embodiment 4 of the monitoring method of the present invention.
  • the monitoring method in this embodiment may include the following steps: Step 501:
  • the NE acquires a user identifier of the terminal user, where the user The identifier can be a subscriber number.
  • an end user of a CDMA network can pass There are three types of numbers as the user ID of the end user, namely, Electronic Serial Number (ESN), International Mobile Subscriber Identity (IMSI), and Mobile Directory Number (Mobile).
  • ESN Electronic Serial Number
  • IMSI International Mobile Subscriber Identity
  • Mobile Directory Number Mobile Directory Number
  • the communication service performed by the terminal user may be, for example, a call service accepted by the NE, or a user location registration and power on/off operation processed by the NE, and a short message transmission service acquired by the NE.
  • Step 502 The NE sends a interception data request message to the interception gateway LIG.
  • the NE may send a interception data request message (Check LI Request message) to the LIG, and carry the acquired user identifier in the interception data request message.
  • Check LI Request message For example, the ESN, IMSI, and MDN numbers and their number types may be included in the interception data request message, and the type of communication service received by the NE is a call service.
  • the NE may start a timer, which may set a waiting time for the LI G to return a response to the monitoring data request message.
  • the set duration is not too long, and is preferably controlled at a level of one hundred milliseconds so as not to be perceived by the user. Moreover, by setting a timer, the NE can be processed in time for various situations, and the processing efficiency of the monitoring service is improved.
  • Step 503 The LIG queries whether the user identifier is monitored.
  • the LIG After receiving the interception data request message sent by the NE, the LIG queries whether the monitoring data corresponding to the user identifier carried in the interception data request message is stored in the database on the own side. If the interception data corresponding to the user identifier exists, it indicates that the terminal user corresponding to the user identifier needs to be monitored. At this point, you can continue to perform step 504 or step 506; otherwise, you can continue to perform In step 504, or LIG may not respond to the NE. Step 504: The LIG returns a monitoring data response message to the NE.
  • the LIG may return a Listening Data Response message (Check LI Response message) to the NE, and carry the monitoring data corresponding to the user identifier, where the monitoring data is used to be monitored.
  • the user performs control.
  • the interception data may include a user number (such as an MDN number) that needs to be set to be monitored, and set an attribute of the interception data to monitor signaling level information, where the signaling level information is IRI data, which may include the user's booting. Or, shutdown, call, etc.; or, the attribute of the monitoring data may be set to media level information, and the media level information, that is, CC data, may include voice and video information, etc., as communication content.
  • Step 505 The NE monitors the interception information corresponding to the interception data, and reports the interception information to the LIG.
  • the NE may temporarily store the interception data in the memory, and trigger the monitoring of the interception information corresponding to the interception data, and the obtained The monitoring information is reported to the LIG.
  • the interception information may include IRI data and CC data.
  • the NE may not perform this step in the following two cases, that is, the monitoring information is not reported. For example, after receiving the monitoring data response message returned by the LIG after the timer is set, the NE discards the monitoring trigger and continues the communication service of the terminal user; or the listening data response message received by the NE is empty. Then stop waiting for the timer to continue the communication service of the end user.
  • Step 506 The LIG reports the monitoring information corresponding to the user identifier to the monitoring center. After receiving the monitoring information reported by the NE, the LIG can transmit the monitoring information to the monitoring center LEA (the LEA is LEMF). In addition, in step 503, the LIG queries the user identifier carried in the interception data request message sent by the NE to be monitored, and the interception data attribute corresponding to the user identifier is the interception signaling layer information; After step 503, the interception information is directly obtained by the signaling information in the interception data request message and reported to the interception center without performing steps 504 and 505, which can reduce the signaling load between the NE and the LIG.
  • the LIG queries the user identifier carried in the interception data request message sent by the NE to be monitored, and the interception data attribute corresponding to the user identifier is the interception signaling layer information; After step 503, the interception information is directly obtained by the signaling information in the interception data request message and reported to the interception center without performing steps 504 and 50
  • the NE can clear the monitoring data of the user that is temporarily stored in the memory and is acquired by the LIG, so as to ensure the security of the user to monitor the data to the greatest extent.
  • the above message may be encrypted by using an encryption algorithm such as DES/AES, for example, AES256 with high algorithm strength may be used for encryption. To ensure the security of the interception data transmission.
  • the NE may be a communication device such as a mobile switching center (MSC), a home location register (HLR), a call session control function (CSCF), and a serving GPRS support node (SGSN).
  • MSC mobile switching center
  • HLR home location register
  • CSCF call session control function
  • SGSN serving GPRS support node
  • the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, and the NE monitors according to the monitoring data returned by the LIG, so that the NE side can no longer monitor the monitoring data of the pre-storage user.
  • the user does not store any user's listening data in the disk, database, and file on the NE side, which solves the problem of the risk of monitoring data leakage on the NE side, and ensures the security of the user listening data.
  • FIG. 6 is a schematic diagram of signaling according to Embodiment 5 of the monitoring method of the present invention.
  • This embodiment uses a location registration and a switching machine flow as an example to describe the monitoring method of the present invention.
  • the supervisor of this embodiment The listening method may include the following steps: Step 601: The NE receives a location registration and a switch request of the user. Step 602: The NE sends a monitoring data request message to the LIG.
  • the NE After processing the user's location registration or power on/off operation, the NE can obtain the user identifier, for example, all the numbers of the user. At this time, the NE may send a monitoring data request message to the LIG, and carry all the numbers of the user, and the service type of the current service, for example, for location registration and power on/off service; The user location information can be carried, and when the service is the switch, the service type can be carried; in addition, the NE information can be carried. Step 603: The LIG returns a monitoring data response message to the NE.
  • the LIG queries the database on its own side. If there is monitoring data corresponding to the user number, it indicates that the user is being monitored. At this point, the LIG can return a listening data response message to the NE and carry the intercepted data it has queried.
  • the interception data may include the user number being monitored and the type of information that needs to be monitored.
  • the query result of the LIG is that the subscriber number is not monitored, the intercepted data response message that is empty may be returned to the NE.
  • Step 604 The NE reports the monitoring information to the LIG.
  • the NE can monitor the monitoring information corresponding to the monitoring data and report it to the LIG. For example, if the type of the information to be monitored is IRI information, the NE can report the monitoring event (IRI-REPORT) to the LIG, that is, report the location registration and the user activity information of the switch. Step 605: The LIG forwards the monitoring information reported by the NE to the monitoring center LEA.
  • the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, and the NE performs monitoring according to the monitoring data returned by the LIG, so that the NE side can The user's monitoring data is no longer stored, which solves the problem of the risk of monitoring data leakage on the NE side, and ensures the security of the user listening data.
  • FIG. 7 is a schematic diagram of signaling according to Embodiment 6 of the monitoring method of the present invention.
  • steps 701 to 702 of the monitoring method of the embodiment are the same as the first two steps of the fifth embodiment.
  • the method may include the following steps: Step 701: The NE receives a location registration and a switch request of the user. Step 702: The NE sends a monitoring data request message to the LIG.
  • the NE After processing the user's location registration or power on/off operation, the NE can obtain the user identifier, for example, all the numbers of the user. At this time, the NE may send a monitoring data request message to the LIG, and carry all the numbers of the user in the message, and the call type of the current service, for example, location registration and power on/off. In addition, user location information, NE information, and the like can also be carried. Step 703: The LIG reports the monitoring information to the LEA.
  • the LIG After receiving the interception data request message of the NE, the LIG queries whether the user number is monitored. If the subscriber number is monitored and the required interception data attribute is IRI information, the LIG determines that the type of call carried in the interception data request message is a location registration and a switch request. At this time, the LIG can directly construct the X2 channel message and report it to the LEA, and does not need to return a response to the NE. The foregoing processing manner can prevent the NE from acquiring the interception data and then reporting the interception event to the LIG for redundant processing, but directly reporting the LIG, thereby reducing the signaling load between the NE and the LIG.
  • the NE side when the NE side is not aware, the monitoring of the user is completed, and the NE side does not need to receive and store the user's monitoring data, thereby ensuring the security of the user listening data.
  • the LIG query result is that the user number is not monitored, the LIG may not send a channel message, or may not return a response to the NE, or may return an empty intercept data response message to the NE.
  • the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can no longer store the user's monitoring data, and the problem of the risk of monitoring data leakage on the NE side is solved, and the problem is ensured.
  • FIG. 8 is a schematic diagram of signaling of Embodiment 7 of the monitoring method of the present invention.
  • This embodiment uses a call flow as an example to describe the monitoring method of the present invention.
  • the monitoring method of this embodiment may include the following steps: Step 801: The NE receives a call request of the terminal user.
  • the call may be a relay incoming call, or may be a mobile origination call.
  • the NE obtains all the number information of the calling party and the called party. For example, the mobile subscriber has three numbers, ESN, IMSI, and MDN. All three numbers can be set to listen. The NE can only send these three numbers to the LIG. Listening to the data request message, and carrying all the user numbers it has obtained, and the type of service received. In addition, while transmitting the above-mentioned listening data request message, the NE may start a timer, which may set a time to wait for the LIG to return a response to the listening data request message. In a specific implementation, the set duration is not too long, and is preferably controlled at a level of one hundred milliseconds so as not to be perceived by the user.
  • Step 803 The LIG queries whether the user identifier is monitored. After receiving the interception data request message sent by the NE, the LIG queries whether the monitoring data corresponding to the user identifier carried in the interception data request message is stored in the database on the own side. If the interception data corresponding to the user identifier exists, it indicates that the terminal user corresponding to the user identifier needs to be monitored. At this point, step 804 can continue; otherwise, step 808 can be performed. Step 804: The LIG returns a monitoring data response message to the NE.
  • the LIG can return a monitoring data response message to the NE, and carry the intercepted data of the query in the message.
  • the monitoring data may include a user number (such as an MDN number) that needs to be set to monitor, and set an attribute of the listening data.
  • the interception data may be required to monitor signaling layer information, where the signaling layer information, that is, IRI data, may include a user's startup, shutdown, call, and the like; or the interception data may also be requested as media layer information.
  • Media level information that is, CC data, may include voice and video information.
  • step 805 and step 806 may be continued; if the information attribute of the interception data required to be monitored is CC data, step 807 may be performed.
  • Step 805 The NE monitors the interception information corresponding to the interception data, and reports the interception information to the LIG.
  • the NE may temporarily store the interception data in the memory, and trigger the monitoring of the interception information corresponding to the interception data, and report to the LIG.
  • the event IRI data is monitored; and the timer is stopped, and the basic call flow is continued.
  • Step 806 The LIG reports the IRI monitoring information to the monitoring center.
  • Step 807 The NE establishes a voice monitoring channel to the LEA. After receiving the monitoring data response message returned by the LIG, the NE establishes a voice monitoring channel to the LEA if it is determined that the user's monitoring data has voice monitoring.
  • the voice interception channel may be established by the NE according to the voice interception number connection carried in the intercept data response message returned by the LIG.
  • Step 808 The LIG returns an empty message to the NE.
  • the LIG queries the database on its own side. If the user number is not monitored, it can return a listening data response message to the NE, and the message is an empty message. At this time, after receiving the monitoring data response message, the NE determines that there is no monitoring data of the calling party and the called party, and then stops waiting for the timer to continue, and continues the basic call flow. In this embodiment, after the call is normally ended, the interception event and the voice have been reported normally, the NE can clear the interception data acquired by the LIG for the current call, and the user continues to request the interception data from the LIG to ensure the NE side to listen. The security of the data.
  • the above message may be encrypted by using an encryption algorithm such as DES/AES, for example, AES256 with high algorithm strength may be used for encryption.
  • DES/AES for example, AES256 with high algorithm strength
  • the LIG may report directly to the LEA as described in the third embodiment, instead of The response is returned to the NE to reduce the signaling load between the NE and the LIG.
  • FIG. 9 is a schematic diagram of signaling of Embodiment 8 of the monitoring method of the present invention. This embodiment uses a short message originating process as an example to describe the monitoring method of the present invention. As shown in FIG.
  • the monitoring method of this embodiment may include the following steps: Step 901: The NE receives a short message originating service request of the user. Step 902: The NE forwards the user short message to the MC (short message center). Step 903: The MC successfully sends the short message, and returns the processing to the NE. The result is a response; Step 904: The NE sends a listen data request message to the LIG.
  • the NE may send a monitoring data request message to the LIG, and carry all the number information, the called number, and the call type of the short message originating user, and may also carry the short message. Send the user's location information, short message content and other information. Step 905, the LIG will report to the monitoring center;
  • the LIG checks whether all the numbers of the originating user of the short message are monitored. If the information attribute of the intercepted data and the information to be monitored is IRI data, the LIG also determines that the call type sent by the NE is a short message service. The LIG can directly construct X2 channel messages and report them to the LEA. At the same time, the LIG also determines whether the called number is being monitored. If the called number is also monitored and the IRI data is required to be monitored, the LIG can directly construct the X2 channel message and report it to the LEA without returning a response to the NE.
  • the foregoing processing manner can prevent the NE from acquiring the interception data and then reporting the interception event to the LIG for redundant processing, but directly reporting the LIG, thereby reducing the signaling load between the NE and the LIG.
  • the NE side when the NE side is not aware, the monitoring of the user is completed, and the NE side does not need to receive and store the user's monitoring data, thereby ensuring the security of the user listening data.
  • the LIG may not report the monitoring information to the LEA, and does not return a response to the NE.
  • the LIG may send the monitoring data to the NE, and then send the monitoring back to the NE, as described in the fourth embodiment, when the LIG needs to be monitored, and the information attribute that is required to be monitored in the monitoring data is the IRI data. Information is reported.
  • the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can no longer store the user's monitoring data, and solves the problem that the NE side has the risk of monitoring data leakage. The security of the user listening data.
  • FIG. 10 is a schematic diagram of signaling according to Embodiment 9 of the monitoring method of the present invention.
  • the short message termination procedure is taken as an example to describe the monitoring method of the present invention.
  • the monitoring method in this embodiment may include the following steps: Step 1001: The MC (short message center) sends a short message request to the NE, and requests the NE to send the short message to the user to send the short message. Step 1002: Sending a short message success, and returning a short message response to the MC; Step 1003: The NE sends a monitoring data request message to the LIG;
  • the NE may send a monitoring data request message to the LIG, and carry the short message to receive all the number information of the user, the short message calling number and the call type, and may also carry the short message. Receive information such as the user's location information, short message content, and the like. Step 1004, the LIG will report to the monitoring center;
  • the LIG checks whether all the numbers of the short message receiving user are monitored. If the information attribute that is required to be monitored in the listening data is IRI data, the LIG also determines that the call type sent by the NE is a short message service, then, at this time, LIG The X2 channel message can be directly reported to the LEA. At the same time, the LIG also determines whether the calling number is being monitored. If the calling number is also monitored and the IRI data is required to be monitored, the LIG can directly construct the X2 channel message and report it to the LEA without returning a response to the NE.
  • the foregoing processing manner can prevent the NE from acquiring the interception data and then reporting the interception event to the LIG for redundant processing, but directly reporting the LIG, thereby reducing the signaling load between the NE and the LIG.
  • the NE side when the NE side is not aware, the monitoring of the user is completed, and the NE side does not need to receive and store the user's monitoring data, thereby ensuring the security of the user listening data.
  • the LIG may not report the monitoring information to the LEA, and does not return a response to the NE.
  • the LIG may send the monitoring data to the NE, and then send the monitoring back to the NE, as described in the seventh embodiment, when the LIG needs to be monitored, and the information attribute that is required to be monitored in the monitoring data is the IRI data. Information is reported.
  • the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can no longer store the user's monitoring data, and solves the problem that the NE side has the risk of monitoring data leakage. The security of the user listening data.
  • FIG. 11 is a schematic structural diagram of an embodiment of a monitoring device according to the present invention.
  • the monitoring device of this embodiment may be used to perform a monitoring method according to any embodiment of the present invention.
  • the listening device may be an NE, and may specifically be a communication device such as a Mobile Switching Center (MSC), a Home Location Register (HLR), a Call Session Control Function (CSCF), and a Serving GPRS Support Node (SGSN).
  • MSC Mobile Switching Center
  • HLR Home Location Register
  • CSCF Call Session Control Function
  • SGSN Serving GPRS Support Node
  • the monitoring device of the present embodiment may include a monitoring module 21 and a requesting module 22; wherein the monitoring module 21 may obtain the user identifier of the terminal user and the communication service performed by the terminal user;
  • the monitoring data request message may be sent to the monitoring gateway LIG, where the monitoring data request message includes the user identifier obtained by the monitoring module 21 and the service type of the communication service.
  • the listening device of this embodiment may further include a first receiving module 23 and a listening module.
  • the first receiving module 23 may receive the monitoring data response message returned by the LIG, where the monitoring data response message includes the monitoring data corresponding to the user identifier, and the monitoring module 24 may perform the monitoring information corresponding to the monitoring data. The monitoring is performed, and the monitoring information is reported to the LIG.
  • the monitoring device of this embodiment may further include a clearing module 25, a timing module 26, and The judging module 27 is configured to: after the monitoring information is reported to the LIG, clear the monitoring data stored in the memory; the timing module 26 may set a duration of waiting for the listening data response message and perform The judging module 27 can be configured to instruct the listening module 24 to give up monitoring when the listening data response message returned by the LIG is not received after the set time of the timing module 26 is passed.
  • FIG. 12 is a schematic structural diagram of an embodiment of a monitoring gateway according to the present invention.
  • the monitoring gateway of this embodiment may be used to perform a monitoring method according to any embodiment of the present invention.
  • the monitoring gateway of this embodiment may include a second receiving module 31 and a reporting module 32.
  • the second receiving module 31 may receive a listening data request message sent by the monitoring device, and a service type of the communication service.
  • the monitoring module 32 may report the monitoring information corresponding to the user identifier to the monitoring center when the user identifier needs to be monitored.
  • the intercepting gateway of the embodiment may further include a querying module 34, and the querying module 34 may query whether the monitoring data corresponding to the user identifier exists locally when the second receiving module 31 receives the intercepting data request message.
  • the reporting module 32 of the monitoring gateway of this embodiment may further include a response module 33 and a processing module 35.
  • the response module 33 may, when the query result of the query module 34 is YES, return a monitoring data response message to the listening device, where the monitoring data response message includes monitoring data corresponding to the user identifier;
  • the receiving module 31 is further configured to receive the monitoring information that is returned by the monitoring device and that is corresponding to the monitoring data.
  • the processing module 35 can query the result of the query module 34. If yes, the received monitoring information corresponding to the service type in the received monitoring data request message is reported to the monitoring center.
  • the intercepting gateway of the embodiment may further include a sending module 36, where the sending module 36 may determine that the user identifier does not need to be monitored when the query result of the query module 34 is negative, and then return a monitoring to the listening device.
  • FIG. 13 is a schematic structural diagram of an embodiment of a monitoring system according to the present invention.
  • the monitoring system of this embodiment may be used to perform a monitoring method according to any embodiment of the present invention. As shown in FIG. 13 , the monitoring system may include a monitoring device 41, a monitoring gateway 42 and a monitoring center 43.
  • the monitoring device 41 may be the monitoring device according to the seventh embodiment of the present invention, which may be Communication equipment such as a switching center (MSC), a home location register (HLR), a call session control function (CSCF), and a serving GPRS support node (SGSN).
  • the monitoring gateway 42 can be the monitoring gateway described in Embodiment 8 of the present invention.
  • the interception center 43 can send the interception data to the interception gateway 42 and receive the interception information reported by the interception gateway 42.
  • the monitoring device by setting the monitoring device and the monitoring gateway, the monitoring device sends a request to the monitoring gateway to query whether the user number is monitored, and the monitoring gateway sends the monitoring data to the monitoring device, so that the NE side can no longer store the user.
  • Listening to the data solves the problem of the risk of intercepting data leakage on the NE side, ensuring the security of the user listening data.
  • a person skilled in the art can understand that all or part of the steps of implementing the foregoing method embodiments may be completed by using hardware related to the program instructions, and the foregoing program may be stored in a computer readable memory.
  • the storage medium when the program is executed, the steps including the foregoing method embodiments are performed; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Embodiments of the present invention provide an interception apparatus, an interception method, and a system. The interception method comprises: when a communication service implemented at a terminal is detected, acquiring a user identifier corresponding to the communication service; and sending an interception data request message to an interception gateway, the interception data request message comprising the user identifier and a service type of the communication service, so as to trigger the inception gateway to perform service interception according to the interception data request message. For the interception apparatus, interception method, and system according to the embodiments of the present invention, an NE sends an interception data request message to an LIG to query whether a user identifier is intercepted, and the NE performs interception according to interception data returned by the LIG, so that the NE side no longer needs to store interception data of a user and solves the problem of the leakage risk of interception data at the NE side, thereby guaranteeing the safety of the interception data of the user.

Description

监听设备、 监听方法和系统 技术领域  Monitoring device, monitoring method and system
本发明实施例涉及通信技术, 特别涉及一种监听设备、 监听方法和系统。 背景技术  The embodiments of the present invention relate to communication technologies, and in particular, to a monitoring device, a monitoring method, and a system. Background technique
合法监听是指国家安全机构依据法律, 对某个用户的通信过程进行监听。 电路域的合法监听一般采用符合 3GPPETSI监听协议的网络结构。 现有技术中, 通常可以通过合法监听网关( Lawf l Interception Gateway, 简称: LIG )和网元( Network Element, 简称: NE )之间进行信令交互实现监 听功能。 具体的, LIG接收监听数据, 并将监听数据存储到本地的数据库中; 该监听数据可以用于对被监听用户进行设控。 然后, LIG将监听数据设置到 NE中, 由 NE将该监听数据进行本地存储。 接着, NE可以根据其所存储的监 听数据对被控用户进行监听, 并向 LIG上报监听信息。 发明人在实现本发明的过程中,发现现有技术存在如下问题: 在目前的监 听方法中, NE侧需要对监听数据进行存储以便触发监听业务, 这样导致 NE 侧存储的监听数据存在泄漏的风险,有可能会被备份出来, 而用户的监听数据 属于高度机密的信息, 不允许任何形式的泄密, 因此, 目前的监听方法具有很 大的安全隐患。  Lawful interception means that the national security agency monitors the communication process of a certain user according to the law. The lawful interception of the circuit domain generally adopts a network structure conforming to the 3GPPETSI interception protocol. In the prior art, the monitoring function is implemented by signaling interaction between a lawful interception gateway (LIG) and a network element (NE). Specifically, the LIG receives the monitoring data, and stores the monitoring data in a local database; the monitoring data can be used to control the monitored user. Then, the LIG sets the monitoring data to the NE, and the monitoring data is locally stored by the NE. Then, the NE can monitor the controlled user according to the stored monitoring data, and report the monitoring information to the LIG. In the process of implementing the present invention, the inventor has found that the prior art has the following problems: In the current monitoring method, the NE side needs to store the monitoring data to trigger the monitoring service, which causes the leakage of the monitoring data stored on the NE side. It may be backed up, and the user's monitoring data is highly confidential information, and does not allow any form of disclosure. Therefore, the current monitoring method has great security risks.
发明内容 Summary of the invention
本发明实施例的目的是提供一种监听设备、 监听方法和系统, 以解决 NE 侧存在监听数据泄漏风险的问题, 保证用户监听数据的安全性。 本发明实施例提供一种监听方法, 包括: 当监测到终端进行的通信业务时, 获取所述通信业务对应的用户标识; 向监听网关发送监听数据请求消息 ,所述监听数据请求消息中包括所述用 户标识, 以触发所述监听网关根据所述监听数据请求消息进行监听业务。 本发明实施例提供一种监听方法, 包括: 接收监听设备发送的监听数据请求消息,所述监听数据请求消息中包括通 信业务对应的用户标识; 根据所述监听数据请求消息进行监听业务。 本发明实施例提供一种监听设备, 包括: 监测模块, 用于在监测到终端进行的通信业务时, 获取所述通信业务对应 的用户标识; 请求模块, 用于向监听网关发送监听数据请求消息, 所述监听数据请求消 息中包括所述用户标识,以触发所述监听网关根据所述监听数据请求消息进行 监听业务。 本发明实施例提供一种监听网关, 包括: 第二接收模块, 用于接收监听设备发送的监听数据请求消息, 所述监听数 据请求消息中包括通信业务对应的用户标识; 上报模块, 用于根据所述监听数据请求消息进行监听业务。 本发明实施例提供一种监听系统,包括:本发明实施例所提供的监听设备, 本发明实施例所提供的监听网关, 以及监听中心; 所述监听中心, 用于接收所 述监听网关上报的监听信息。 本发明实施例的监听设备、监听方法和系统,通过 NE向 LIG发送监听数据 请求消息以查询用户标识是否被监听,以及 NE根据 LIG返回的监听数据进行监 听等, 使得 NE侧可以不再存储用户的监听数据, 解决了 NE侧存在监听数据泄 漏风险的问题, 保证了用户监听数据的安全性。 附图说明 The purpose of the embodiments of the present invention is to provide a monitoring device, a monitoring method, and a system, to solve the problem of the risk of intercepting data leakage on the NE side, and to ensure the security of the user listening data. An embodiment of the present invention provides a monitoring method, including: acquiring, when monitoring a communication service performed by a terminal, a user identifier corresponding to the communication service; Sending a monitoring data request message to the monitoring gateway, where the monitoring data request message includes the user identifier, to trigger the monitoring gateway to perform a monitoring service according to the monitoring data request message. The embodiment of the present invention provides a monitoring method, including: receiving a monitoring data request message sent by a monitoring device, where the monitoring data request message includes a user identifier corresponding to the communication service; and performing a monitoring service according to the monitoring data request message. The embodiment of the present invention provides a monitoring device, including: a monitoring module, configured to acquire a user identifier corresponding to the communication service when monitoring a communication service performed by the terminal; and a requesting module, configured to send a monitoring data request message to the monitoring gateway And the intercepting data request message includes the user identifier, to trigger the intercepting gateway to perform a monitoring service according to the intercept data request message. An embodiment of the present invention provides a monitoring gateway, including: a second receiving module, configured to receive a monitoring data request message sent by a monitoring device, where the monitoring data request message includes a user identifier corresponding to a communication service; and a reporting module, configured to The intercept data request message performs a listening service. The embodiment of the present invention provides a monitoring system, including: the monitoring device provided by the embodiment of the present invention, the monitoring gateway provided by the embodiment of the present invention, and the monitoring center; the monitoring center is configured to receive the reporting by the monitoring gateway Monitor information. The monitoring device, the monitoring method, and the system in the embodiment of the present invention send a monitoring data request message to the LIG through the NE to query whether the user identifier is monitored, and the NE monitors according to the monitoring data returned by the LIG, so that the NE side can no longer store the user. The monitoring data solves the problem of the risk of intercepting data leakage on the NE side, and ensures the security of the user listening data. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施 例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地, 下面描 述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出 创造性劳动的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图 1为本发明监听方法实施例的应用系统架构示意图;  1 is a schematic structural diagram of an application system of an embodiment of a monitoring method according to the present invention;
图 2为本发明监听方法实施例一的流程示意图;  2 is a schematic flowchart of Embodiment 1 of a monitoring method according to the present invention;
图 3为本发明监听方法实施例二的流程示意图;  3 is a schematic flowchart of Embodiment 2 of a monitoring method according to the present invention;
图 4为本发明监听方法实施例三的流程示意图;  4 is a schematic flowchart of Embodiment 3 of a monitoring method according to the present invention;
图 5为本发明监听方法实施例四的信令示意图;  FIG. 5 is a schematic diagram of signaling of Embodiment 4 of a monitoring method according to the present invention;
图 6为本发明监听方法实施例五的信令示意图;  6 is a schematic signaling diagram of Embodiment 5 of a monitoring method according to the present invention;
图 7为本发明监听方法实施例六的信令示意图;  7 is a schematic signaling diagram of Embodiment 6 of a monitoring method according to the present invention;
图 8为本发明监听方法实施例七的信令示意图;  8 is a schematic signaling diagram of Embodiment 7 of a monitoring method according to the present invention;
图 9为本发明监听方法实施例八的信令示意图;  9 is a schematic signaling diagram of Embodiment 8 of a monitoring method according to the present invention;
图 10为本发明监听方法实施例九的信令示意图;  10 is a schematic signaling diagram of Embodiment 9 of a monitoring method according to the present invention;
图 11为本发明监听设备实施例的结构示意图;  11 is a schematic structural diagram of an embodiment of a monitoring device according to the present invention;
图 12为本发明监听网关实施例的结构示意图;  12 is a schematic structural diagram of an embodiment of a monitoring gateway according to the present invention;
图 13为本发明监听系统实施例的结构示意图。 具体实施方式  FIG. 13 is a schematic structural diagram of an embodiment of a monitoring system according to the present invention. detailed description
为使本发明的目的、技术方案和优点更加清楚, 下面将结合本发明实施例 中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描 述的实施例是本发明一部分实施例, 而不是全部的实施例。基于本发明中的实 施例 ,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他 实施例, 都属于本发明保护的范围。 本发明实施例的主要技术方案为, 仅在 LIG侧存储用户的监听数据, 而不 在 NE侧预存储与监听业务相关的监听数据; 当 NE侧接收到用户的通信业务信 息时, 向 LIG侧发送监听数据请求消息, 查询该通信业务对应的终端用户标识 是否被监听; 若用户标识被监听, LIG可以向 NE侧返回监听数据响应消息, 下 发相应的监听数据给 NE, 由 NE据此进行监听并将所得的监听信息上报至 LIG。 该方案使得 NE侧不再监听前预存储用户的监听数据, 保证了用户监听数据的 安全性。 下面通过附图和具体实施例, 对本发明的技术方案做进一步的详细描述。 为使得对本发明实施例的监听方法的理解更清晰,首先对该监听方法所应 用的系统架构进行简单说明。如图 1所示, 图 1为本发明监听方法实施例的应用 系统架构示意图, 该监听系统可以包括法律执行监控设备 ( Law Enforcement Monitoring Facility, 简称: LEMF ) 11、 LIG12和 NE13。 LIG12可以包括管理 功能实体( Administration Function,简称: ADMF )14和数据传输实体( Delivery Function, 简称: DF ) , 该 DF又可以包括 DF15和 DF16两种逻辑实体。 DF15 用于传递信令层面的监听信息, DF16用于传递媒体层面的监听信息。 其中, LEMF11和 LIG12的各实体之间通过 H11、 H12和 H13三种通信接口 进行通信, LIG12的各实体和 NE13之间通过 X1、 X2和 X3三种通信接口进行通 信。 具体的, LEMF1 1可以通过 H11接口向 LIG12录入被监听用户的相关信息, LIG12可以通过 X1接口向 NE13下发监听命令。 The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the accompanying drawings in the embodiments of the present invention. Some embodiments, rather than all of the embodiments, are invented. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention. The main technical solution of the embodiment of the present invention is that the monitoring data of the user is stored only on the LIG side, and the monitoring data related to the monitoring service is pre-stored on the NE side; when the NE side receives the communication service letter of the user When the information is sent, the monitoring data request message is sent to the LIG side to check whether the terminal user identifier corresponding to the communication service is monitored. If the user identifier is monitored, the LIG may return the monitoring data response message to the NE side, and send the corresponding monitoring data to the NE. The NE monitors accordingly and reports the obtained monitoring information to the LIG. The solution enables the NE side to no longer monitor the pre-stored user's monitoring data, thereby ensuring the security of the user listening data. The technical solution of the present invention will be further described in detail below through the accompanying drawings and specific embodiments. To make the understanding of the listening method of the embodiment of the present invention clearer, firstly, the system architecture to which the monitoring method is applied is briefly described. As shown in FIG. 1 , FIG. 1 is a schematic diagram of an application system architecture of an embodiment of a monitoring method according to the present invention. The monitoring system may include a Law Enforcement Monitoring Facility (LEMF) 11, LIG12, and NE13. The LIG 12 may include a Management Function (ADMF) 14 and a Data Transfer Entity (DF), which may in turn include two logical entities, DF15 and DF16. DF15 is used to transmit the interception information at the signaling level, and DF16 is used to transmit the interception information at the media level. Among them, the entities of LEMF11 and LIG12 communicate through three communication interfaces: H11, H12 and H13, and the entities of LIG12 and NE13 communicate through three communication interfaces X1, X2 and X3. Specifically, the LEMF1 1 can input the related information of the monitored user to the LIG12 through the H11 interface, and the LIG12 can send a monitoring command to the NE13 through the X1 interface.
NE上报给 LIG的监听信息可以包括信令层面和媒体层面的监听信息,该信 令层面的监听信息即监听相关信息( Interception Related Information, 简称: IRI ) , 可以包括用户的开机、 关机、 位置更新、 呼叫等活动; 媒体层面的监 听信息即监听通信内容( Communication Content, 简称: CC ) , 可以包含 语音和视频信息等。 X2接口用于 NE13向 LIG12上报监听 IRI数据, X3接口用于 NE13向 LIG上报语音 /视频通话内容等 CC数据。 LIG12可以通过 H12接口向 LEMF11上报 IRI数据, 通过 H13接口向 LEMF11上报 CC数据。 实施例一 图 2为本发明监听方法实施例一的流程示意图, 该方法可以是 NE所执行 的, 如图 2所示, 本实施例的监听方法可以包括以下步骤: 步骤 201、 当监测到终端进行的通信业务时, 获取所述通信业务对应的用 户标识; The interception information reported by the NE to the LIG may include the interception information at the signaling level and the media level. The interception information at the signaling level is Interception Related Information (IRI), which may include the user's power on, power off, and location update. , call and other activities; media-level monitoring information that is listening to communication content (Communication Content, referred to as: CC), can contain voice and video information. The X2 interface is used for the NE13 to report the IRI data to the LIG12, and the X3 interface is used for the NE13 to report the CC data such as the voice/video call content to the LIG. The LIG12 can report the IRI data to the LEMF11 through the H12 interface, and report the CC data to the LEMF11 through the H13 interface. Embodiment 1 2 is a schematic flowchart of the first embodiment of the monitoring method of the present invention. The method may be performed by the NE. As shown in FIG. 2, the monitoring method in this embodiment may include the following steps: Step 201: When monitoring the communication performed by the terminal Obtaining a user identifier corresponding to the communication service when the service is performed;
NE监测到终端进行的通信业务, 例如, 该通信业务可以为 NE接收的呼叫 业务, 或者为, NE处理的用户位置登记和开关机操作业务, 以及 NE获取到的 短消息发送业务等。 步骤 202、 向监听网关发送监听数据请求消息, 所述监听数据请求消息中 包括所述用户标识 ,以触发所述监听网关根据所述监听数据请求消息进行监听 业务。 The NE monitors the communication service performed by the terminal. For example, the communication service may be a call service received by the NE, or a user location registration and power on/off operation processed by the NE, and a short message transmission service acquired by the NE. Step 202: Send a monitoring data request message to the monitoring gateway, where the monitoring data request message includes the user identifier, to trigger the monitoring gateway to perform a monitoring service according to the monitoring data request message.
NE向 LIG发送监听数据请求消息, 以触发 LIG根据该监听数据请求消息进 行监听业务。 例如, LIG可以根据监听数据请求消息中所携带的用户标识, 查询到自身 侧所存储的与该用户标识对应的监听数据, 并将该监听数据下发至 NE; NE可 以根据该监听数据对通信业务进行监听获取监听信息。 或者, NE也可以在上报至 LIG的监听数据请求消息中携带信令信息,例如, 短消息内容和用户号码等; 以使得当 LI G判断得到监听数据的类型为信令层面 监听信息,可以由该监听数据请求消息的信令信息中直接获取监听信息上报至 监听中心, 从而节省减少 NE和 LIG之间的信令负荷。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听, 使得 NE侧可以不在监听前预存储用户的监听数据, 例如, 不 在 NE侧的磁盘、 数据库和文件中存储任何用户的监听数据, 解决了 NE侧存在 监听数据泄漏风险的问题, 保证了用户监听数据的安全性。 实施例二 图 3为本发明监听方法实施例二的流程示意图, 本实施例以实施例一为基 础, 进一步说明了 NE在发送监听数据请求消息之后的操作; 如图 3所示, 该方 法可以包括以下步骤: 步骤 301、 当监测到终端进行的通信业务时, 获取所述通信业务对应的用 户标识; 其中, 在获取通信业务对应的用户标识之外, NE在监测到终端进行的通 信业务时, 还可以根据不同类型的通信业务, 分别获取对应的业务信息。 例如,若通信业务为短消息业务,可以获取得到用户号码和短消息内容等; 若通信业务为位置登记和开关机业务, 可以获取得到用户位置信息、业务类型 等; 若通信业务为呼叫业务, 可以获取得到主叫号码和被叫号码信息等。 步骤 302、 向监听网关发送监听数据请求消息; 所述监听数据请求消息中包括所述用户标识,以触发所述监听网关根据所 述监听数据请求消息进行监听业务; 本步骤中, NE可以将步骤 301中所获得的业务信息携带在监听数据请求消 息中, 一并发送至 LIG。 步骤 303、 启动计时器开始计时; 具体的, NE在向 LIG发送监听数据请求消息之后, 可以启动计时器, 并判 断在设定时长内是否接收到 LIG返回的监听数据响应消息。 若否, 则可以继续执行所述通信业务, 不进行该业务的监听; 若是, 即 NE可能会收到 LIG返回的监听数据响应消息, 此时 NE即可以继续执行步骤 304-步骤 306。 步骤 304、 接收监听网关返回的监听数据响应消息; 该监听数据响应消息 中包括监听数据; 步骤 305、 根据所述监听数据对所述通信业务进行监听, 获取监听信息; 并将所述监听信息上报至所述监听网关; 步骤 306、 清除内存中存储的所述监听数据。 若 NE执行语音监听, 则可以在监听信息上报完成后, 清除内存中临时存 储的监听数据。 实际应用中, 也可以不执行步骤 303, 而是在步骤 304中具体执行: NE接 收 LIG返回的监听数据响应消息, 若该消息为空, 则表示 LIG侧不存在用户标 识对应的监听数据, 不对通信业务进行监听, 继续执行所述通信业务; 若该消 息中包括与所述用户标识对应的监听数据, 则继续执行步骤 305。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听, 以及 NE根据 LIG返回的监听数据进行监听等, 使得 NE侧可以 不再存储用户的监听数据, 例如, 不在 NE侧的磁盘、 数据库和文件中存储任 何用户的监听数据, 解决了 NE侧存在监听数据泄漏风险的问题, 保证了用户 监听数据的安全性; 并且, 通过设置计时器, 可以使得 NE对于各种情况能够 及时处理, 提高监听业务的处理效率。 实施例三 图 4为本发明监听方法实施例三的流程示意图, 该方法可以是 LIG所执行 的, 如图 4所示, 本实施例的监听方法可以包括以下步骤: 步骤 401、 接收监听设备发送的监听数据请求消息, 所述监听数据请求消 息中包括通信业务对应的用户标识; The NE sends a listen data request message to the LIG to trigger the LIG to perform the monitoring service according to the intercept data request message. For example, the LIG may query the monitoring data corresponding to the user identifier stored on the user side according to the user identifier carried in the monitoring data request message, and send the monitoring data to the NE; the NE may communicate according to the monitoring data. The service listens to obtain the interception information. Alternatively, the NE may also carry the signaling information, such as the short message content and the user number, in the interception data request message reported to the LIG, so that the LI G determines that the type of the intercepted data is the signaling layer monitoring information, which may be The interception information is directly reported to the interception center in the signaling information of the interception data request message, thereby saving the signaling load between the NE and the LIG. In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can not pre-store the user's monitoring data before the monitoring, for example, not in the disk, database, and file on the NE side. The storage of any user's monitoring data solves the problem of the risk of monitoring data leakage on the NE side, and ensures the security of the user listening data. Embodiment 2 3 is a schematic flowchart of the second embodiment of the monitoring method of the present invention. The embodiment is based on the first embodiment, and further describes the operation of the NE after sending the interception data request message. As shown in FIG. 3, the method may include the following steps. Step 301: When monitoring the communication service performed by the terminal, acquiring the user identifier corresponding to the communication service; wherein, in addition to the user identifier corresponding to the communication service, the NE may also monitor the communication service performed by the terminal. According to different types of communication services, the corresponding service information is separately obtained. For example, if the communication service is a short message service, the user number and the short message content can be obtained, and if the communication service is the location registration and the power on/off service, the user location information, the service type, and the like can be obtained; if the communication service is a call service, You can get the calling number and called number information. Step 302: Send a monitoring data request message to the monitoring gateway. The monitoring data request message includes the user identifier, to trigger the monitoring gateway to perform a monitoring service according to the monitoring data request message. In this step, the NE may perform the step. The service information obtained in 301 is carried in the intercept data request message and sent to the LIG. Step 303: Start the timer to start timing. Specifically, after sending the monitoring data request message to the LIG, the NE may start a timer, and determine whether the monitoring data response message returned by the LIG is received within the set duration. If not, the communication service may continue to be performed, and the monitoring of the service is not performed; if yes, the NE may receive the monitoring data response message returned by the LIG, and the NE may continue to perform steps 304-306. Step 304: Receive a listening data response message returned by the monitoring gateway, where the monitoring data response message includes monitoring data. Step 305: Listening to the communication service according to the interception data, acquiring the interception information, and reporting the interception information to the interception gateway. Step 306: Clear the interception data stored in the memory. If the NE performs voice monitoring, the intercepted data temporarily stored in the memory may be cleared after the monitoring information is reported. In the actual application, the step 303 is not performed, but the step is performed in the following step: The NE receives the interception data response message returned by the LIG. If the message is empty, the LIG side does not have the monitoring data corresponding to the user identifier, and the The communication service is monitored, and the communication service is continued. If the message includes the monitoring data corresponding to the user identifier, step 305 is continued. In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, and the NE performs monitoring according to the monitoring data returned by the LIG, so that the NE side can no longer store the user's monitoring data, for example, The user does not store any user's monitoring data in the disk, database, and file on the NE side, which solves the problem of the risk of monitoring data leakage on the NE side, ensuring the security of the user listening data; and, by setting a timer, the NE can be made to each The situation can be processed in time to improve the processing efficiency of the monitoring service. Embodiment 3 FIG. 4 is a schematic flowchart of Embodiment 3 of the monitoring method of the present invention. The method may be performed by the LIG. As shown in FIG. 4, the monitoring method in this embodiment may include the following steps: Step 401: The receiving monitoring device sends a listening data request message, where the intercept data request message includes a user identifier corresponding to the communication service;
LIG接收 NE发送的监听数据请求消息, 该消息中携带有 NE在监测到终端 的通信业务时获取到的用户标识。 步骤 402、 当根据所述用户标识判断出存在与所述用户标识对应的监听数 据时, 获取与所述用户标识对应的监听信息并上报至监听中心。 具体的, LIG可以根据监听数据请求消息中的用户标识, 查询本地数据库 中是否存储有与所述用户标识对应的监听数据。 若存储有该监听数据, 则表明该终端被监听, LIG可以向所述监听设备返 回监听数据响应消息 ,所述监听数据响应消息中包括与所述用户标识对应的监 听数据;并接收所述监听设备根据所述监听数据对所述通信业务进行监听而获 取到的监听信息。 若未存储该监听数据, 则表明该终端未被监听, LIG可以向 NE返回监听数 据响应消息, 所述监听数据响应消息为空, 或者, 也可以不向 NE响应。 进一步的, 若 LIG判断出所述监听数据的类型为信令层面监听信息, 则可 以由所述监听数据请求消息中获取监听信息。 具体的,此时 LIG所接收到的监听数据请求消息中携带有信令信息。例如, 当呼叫类型为短消息始发业务时 ,监听数据请求消息中所携带的信令信息可以 包括始发用户的用户号码、 短消息内容、 始发用户的位置信息等。 LIG可以由 该监听数据请求消息中获取监听信息,该监听信息例如可以包括用户号码和短 消息内容, 以将这些信息上报至监听中心。 本实施例的监听方法, 通过接收 NE发送的监听数据请求消息, 以及向 NE 返回监听数据进行监听等, 使得 NE侧可以不再存储用户的监听数据, 例如, 不在 NE侧的磁盘、 数据库和文件中存储任何用户的监听数据, 解决了 NE侧存 在监听数据泄漏风险的问题, 保证了用户监听数据的安全性。 实施例四 图 5为本发明监听方法实施例四的信令示意图,如图 5所示,本实施例的监 听方法可以包括以下步骤: 步骤 501、 NE获取到终端用户的用户标识; 其中, 用户标识可以为用户号码。 例如, CDMA网络的终端用户, 可以通 过三种类型的号码作为该终端用户的用户标识, 即为电子序列号 (Electronic Serial Number, 简称: ESN ) 、 国际移动用户号码 ( International Mobile Subscriber Identity, 简称: IMSI ) 以及移动号码簿号码 (Mobile Directory Number , 简称: MDN ) , ΝΕ (即监听设备)可以获取到上述的三种号码及 其对应的号码类型。 终端用户所进行的通信业务, 例如可以为, NE接受的呼叫业务, 或者为, NE处理的用户位置登记和开关机操作业务, 以及 NE获取到的短消息发送业务 等。 步骤 502、 NE向监听网关 LIG发送监听数据请求消息; The LIG receives the interception data request message sent by the NE, and the message carries the user identifier acquired by the NE when monitoring the communication service of the terminal. Step 402: When it is determined that the monitoring data corresponding to the user identifier exists according to the user identifier, the interception information corresponding to the user identifier is obtained and reported to the monitoring center. Specifically, the LIG may query, according to the user identifier in the interception data request message, whether the monitoring data corresponding to the user identifier is stored in the local database. If the monitoring data is stored, it indicates that the terminal is monitored, and the LIG may return a monitoring data response message to the listening device, where the monitoring data response message includes the monitoring data corresponding to the user identifier; and receiving the monitoring The monitoring information obtained by the device listening to the communication service according to the interception data. If the interception data is not stored, it indicates that the terminal is not monitored, and the LIG may return a listen data response message to the NE, and the intercept data response message is empty, or may not respond to the NE. Further, if the LIG determines that the type of the interception data is the signaling layer interception information, the interception information may be obtained from the interception data request message. Specifically, the interception data request message received by the LIG carries signaling information. For example, when the call type is a short message originating service, the signaling information carried in the intercept data request message may include the user number of the originating user, the short message content, the location information of the originating user, and the like. The LIG may obtain the interception information from the interception data request message, and the interception information may include, for example, a user number and a short message content to report the information to the monitoring center. In the monitoring method of the embodiment, the monitoring data request message sent by the NE is received, and the monitoring data is returned to the NE for monitoring, so that the NE side can no longer store the user's monitoring data, for example, the disk, the database, and the file that are not on the NE side. The storage of any user's monitoring data solves the problem of the risk of monitoring data leakage on the NE side, and ensures the security of the user's monitoring data. Embodiment 4 FIG. 5 is a schematic diagram of signaling according to Embodiment 4 of the monitoring method of the present invention. As shown in FIG. 5, the monitoring method in this embodiment may include the following steps: Step 501: The NE acquires a user identifier of the terminal user, where the user The identifier can be a subscriber number. For example, an end user of a CDMA network can pass There are three types of numbers as the user ID of the end user, namely, Electronic Serial Number (ESN), International Mobile Subscriber Identity (IMSI), and Mobile Directory Number (Mobile). Directory Number (MDN), ΝΕ (ie, the listening device) can obtain the above three numbers and their corresponding number types. The communication service performed by the terminal user may be, for example, a call service accepted by the NE, or a user location registration and power on/off operation processed by the NE, and a short message transmission service acquired by the NE. Step 502: The NE sends a interception data request message to the interception gateway LIG.
NE在获取到用户标识, 即完整的获取到上述的三种用户号码之后, 可以 向 LIG发送监听数据请求消息( Check LI Request 消息), 并在该监听数据请 求消息中携带其获取到的用户标识。 例如, 可以在监听数据请求消息中包括 ESN、 IMSI和 MDN三种号码及其 号码类型, 并且, 包括 NE接收到的通信业务类型为呼叫业务。 此外, 在发送上述的监听数据请求消息的同时, NE可以启动一计时器, 该计时器可以设定等待 LI G返回对监听数据请求消息的响应时间。具体实施中, 该设定时长不宜过长, 优选控制在百毫秒级别, 以对用户无感知。 并且, 通过 设置计时器, 可以使得 NE对于各种情况能够及时处理, 提高监听业务的处理 效率。 步骤 503、 LIG查询所述用户标识是否被监听; After obtaining the user identifier, that is, the NE obtains the above three user numbers, the NE may send a interception data request message (Check LI Request message) to the LIG, and carry the acquired user identifier in the interception data request message. . For example, the ESN, IMSI, and MDN numbers and their number types may be included in the interception data request message, and the type of communication service received by the NE is a call service. In addition, while transmitting the above-mentioned listening data request message, the NE may start a timer, which may set a waiting time for the LI G to return a response to the monitoring data request message. In a specific implementation, the set duration is not too long, and is preferably controlled at a level of one hundred milliseconds so as not to be perceived by the user. Moreover, by setting a timer, the NE can be processed in time for various situations, and the processing efficiency of the monitoring service is improved. Step 503: The LIG queries whether the user identifier is monitored.
LIG在接收到 NE发送的监听数据请求消息之后,查询自身侧的数据库中是 否存储有与该监听数据请求消息中携带的用户标识对应的监听数据。 若存在所述用户标识对应的监听数据 ,则表明该用户标识对应的终端用户 需要被监听。 此时, 可以继续执行步骤 504或者步骤 506; 否则, 可以继续执 行步骤 504, 或者 LIG也可以不向 NE回应。 步骤 504、 LIG向 NE返回监听数据响应消息; After receiving the interception data request message sent by the NE, the LIG queries whether the monitoring data corresponding to the user identifier carried in the interception data request message is stored in the database on the own side. If the interception data corresponding to the user identifier exists, it indicates that the terminal user corresponding to the user identifier needs to be monitored. At this point, you can continue to perform step 504 or step 506; otherwise, you can continue to perform In step 504, or LIG may not respond to the NE. Step 504: The LIG returns a monitoring data response message to the NE.
LIG在查询到用户标识需要被监听时, 可以向 NE返回监听数据响应消息 ( Check LI Response消息) , 并在该消息中携带与所述用户标识对应的监听 数据, 该监听数据用于对被监听用户进行设控。 例如,该监听数据中可以包括需要被设定监听的用户号码(如 MDN号码 ), 并且设定监听数据的属性为监听信令层面信息, 该信令层面信息即 IRI数据, 可以包括用户的开机、 关机、 呼叫等活动; 或者, 也可以设定监听数据的属性 为媒体层面信息, 该媒体层面信息即 CC数据, 可以包括语音和视频信息等, 为通信内容。 否则, 若 LIG查询到用户标识不需要被监听,也可以在该步骤中向 NE返回 监听数据响应消息, 用以通知 NE, 该用户标识不被监听。 例如, LIG可以使得 返回的监听数据响应消息为空。 步骤 505、 NE对所述监听数据对应的监听信息进行监听,并将监听信息上 报至 LIG; When the LIG needs to be queried, the LIG may return a Listening Data Response message (Check LI Response message) to the NE, and carry the monitoring data corresponding to the user identifier, where the monitoring data is used to be monitored. The user performs control. For example, the interception data may include a user number (such as an MDN number) that needs to be set to be monitored, and set an attribute of the interception data to monitor signaling level information, where the signaling level information is IRI data, which may include the user's booting. Or, shutdown, call, etc.; or, the attribute of the monitoring data may be set to media level information, and the media level information, that is, CC data, may include voice and video information, etc., as communication content. Otherwise, if the LIG query does not need to be monitored, the user may also return a listening data response message to the NE in this step to notify the NE that the user identifier is not being monitored. For example, LIG can make the returned listener data response message empty. Step 505: The NE monitors the interception information corresponding to the interception data, and reports the interception information to the LIG.
NE在接收到 LIG返回的监听数据响应消息之后,若该消息中携带有监听数 据, 则可以将该监听数据临时存储在内存中, 同时触发对监听数据对应的监听 信息的监听, 并将所得的监听信息上报至 LIG。 该监听信息可以包括 IRI数据和 CC数据。 或者, NE在如下的两种情况下也可以不执行本步骤, 即不进行监听信息 上报。 例如, NE在经过计时器设定的时长后, 未接收到 LIG返回的监听数据响 应消息时, 则放弃监听触发, 继续终端用户的通信业务; 或者, NE收到的监 听数据响应消息为空, 则停止等待计时器, 继续终端用户的通信业务。 步骤 506、 LIG将与用户标识对应的监听信息上报至监听中心。 LIG在接收到 NE上报的监听信息后, 可以将该监听信息传递至监听中心 LEA (该 LEA即为 LEMF ) 。 此外, 若在步骤 503中, LIG查询到 NE发送的监听数据请求消息中携带的 用户标识需要被监听, 并且, 与该用户标识对应的监听数据属性为监听信令层 面信息; 则 LIG可以在执行步骤 503之后, 直接由监听数据请求消息中的信令 信息获取监听信息并上报至监听中心, 而不必再执行步骤 504和 505, 这样可 以减少 N E和 L I G之间的信令负荷。 本实施例中, NE在通信业务正常结束, 且监听信息均已经上 之后, 可 以清除其内存中临时存储的由 LIG获取的用户的监听数据, 以最大程度保证用 户监听数据的安全性。 此外,为保证监听数据请求消息和监听数据响应消息中传输的监听数据等 不被窃取, 可以对上述消息采用 DES/AES等加密算法进行加密, 例如, 可以 采用算法强度较高的 AES256进行加密, 以保证监听数据传输上的安全性。 本 实施例中, NE可以为移动交换中心 (MSC ) 、 归属位置寄存器(HLR ) 、 呼 叫会话控制功能(CSCF )和服务 GPRS支持节点 ( SGSN )等通信设备。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听, 以及 NE根据 LIG返回的监听数据进行监听等, 使得 NE侧可以 不再监听前预存储用户的监听数据, 例如, 不在 NE侧的磁盘、 数据库和文件 中存储任何用户的监听数据, 解决了 NE侧存在监听数据泄漏风险的问题, 保 证了用户监听数据的安全性。 以下的实施例五至实施例九, 分别以监听呼叫业务、位置登记及开关机业 务以及短消息业务等为例, 对本发明实施例的监听方法的应用进行了说明。 实施例五 图 6为本发明监听方法实施例五的信令示意图, 本实施例是以位置登记及 开关机流程为例, 对本发明的监听方法进行说明。 如图 6所示, 本实施例的监 听方法可以包括以下步骤: 步骤 601、 NE接收用户的位置登记及开关机请求; 步骤 602、 NE向 LIG发送监听数据请求消息; After receiving the interception data response message returned by the LIG, if the message carries the interception data, the NE may temporarily store the interception data in the memory, and trigger the monitoring of the interception information corresponding to the interception data, and the obtained The monitoring information is reported to the LIG. The interception information may include IRI data and CC data. Alternatively, the NE may not perform this step in the following two cases, that is, the monitoring information is not reported. For example, after receiving the monitoring data response message returned by the LIG after the timer is set, the NE discards the monitoring trigger and continues the communication service of the terminal user; or the listening data response message received by the NE is empty. Then stop waiting for the timer to continue the communication service of the end user. Step 506: The LIG reports the monitoring information corresponding to the user identifier to the monitoring center. After receiving the monitoring information reported by the NE, the LIG can transmit the monitoring information to the monitoring center LEA (the LEA is LEMF). In addition, in step 503, the LIG queries the user identifier carried in the interception data request message sent by the NE to be monitored, and the interception data attribute corresponding to the user identifier is the interception signaling layer information; After step 503, the interception information is directly obtained by the signaling information in the interception data request message and reported to the interception center without performing steps 504 and 505, which can reduce the signaling load between the NE and the LIG. In this embodiment, after the communication service is normally terminated, and the interception information is already on, the NE can clear the monitoring data of the user that is temporarily stored in the memory and is acquired by the LIG, so as to ensure the security of the user to monitor the data to the greatest extent. In addition, in order to ensure that the interception data transmission message and the interception data transmission message transmitted in the interception data response message are not stolen, the above message may be encrypted by using an encryption algorithm such as DES/AES, for example, AES256 with high algorithm strength may be used for encryption. To ensure the security of the interception data transmission. In this embodiment, the NE may be a communication device such as a mobile switching center (MSC), a home location register (HLR), a call session control function (CSCF), and a serving GPRS support node (SGSN). In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, and the NE monitors according to the monitoring data returned by the LIG, so that the NE side can no longer monitor the monitoring data of the pre-storage user. For example, the user does not store any user's listening data in the disk, database, and file on the NE side, which solves the problem of the risk of monitoring data leakage on the NE side, and ensures the security of the user listening data. In the following Embodiments 5 to 9, the application of the monitoring method in the embodiment of the present invention is described by taking the monitoring call service, the location registration, the power on/off service, and the short message service as examples. Embodiment 5 FIG. 6 is a schematic diagram of signaling according to Embodiment 5 of the monitoring method of the present invention. This embodiment uses a location registration and a switching machine flow as an example to describe the monitoring method of the present invention. As shown in FIG. 6, the supervisor of this embodiment The listening method may include the following steps: Step 601: The NE receives a location registration and a switch request of the user. Step 602: The NE sends a monitoring data request message to the LIG.
NE在处理完成用户的位置登记或开关机操作后,可以获取得到用户标识, 例如, 用户的所有号码。 此时, NE可以向 LIG发送监听数据请求消息, 并在该 消息中携带用户的所有号码, 以及本次业务的业务类型, 例如, 为位置登记及 开关机业务; 当为位置登记业务时, 还可以携带用户位置信息, 当为开关机业 务时, 可以携带业务类型; 此外, 还可以携带 NE信息等。 步骤 603、 LIG向 NE返回监听数据响应消息; After processing the user's location registration or power on/off operation, the NE can obtain the user identifier, for example, all the numbers of the user. At this time, the NE may send a monitoring data request message to the LIG, and carry all the numbers of the user, and the service type of the current service, for example, for location registration and power on/off service; The user location information can be carried, and when the service is the switch, the service type can be carried; in addition, the NE information can be carried. Step 603: The LIG returns a monitoring data response message to the NE.
LIG查询自身侧的数据库, 如果存在所述用户号码对应的监听数据, 则表 明该用户被监听。 此时, LIG可以向 NE返回监听数据响应消息, 并携带其查询 到的监听数据。该监听数据中可以包括被监听的用户号码以及所需要监听的信 息类型。 此外, 若 LIG的查询结果为该用户号码未被监听, 则可以向 NE返回为空的 监听数据响应消息。 步骤 604、 NE向 LIG上报监听信息; The LIG queries the database on its own side. If there is monitoring data corresponding to the user number, it indicates that the user is being monitored. At this point, the LIG can return a listening data response message to the NE and carry the intercepted data it has queried. The interception data may include the user number being monitored and the type of information that needs to be monitored. In addition, if the query result of the LIG is that the subscriber number is not monitored, the intercepted data response message that is empty may be returned to the NE. Step 604: The NE reports the monitoring information to the LIG.
N E在获取到 LI G返回的监听数据后,可以对监听数据对应的监听信息进行 监听, 并上报至 LIG。 例如, 该监听数据中标明所监听的信息类型为 IRI信息, 则 NE可以上报监听事件(IRI-REPORT )给 LIG, 即上报位置登记及开关机的 用户活动信息。 步骤 605、 LIG转发 NE上报的监听信息至监听中心 LEA。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听, 以及 NE根据 LIG返回的监听数据进行监听等, 使得 NE侧可以 不再存储用户的监听数据, 解决了 NE侧存在监听数据泄漏风险的问题, 保证 了用户监听数据的安全性。 实施例六 图 7为本发明监听方法实施例六的信令示意图, 本实施例仍然是以位置登 记及开关机流程为例进行说明,是在实施例二的基础上进行了流程的优化, LIG 在接收到 NE的监听数据请求消息后, 直接上报监听信息至 LEA, 而不需要向 NE返回响应, 从而减少了 NE和 LIG之间的信令负荷。 如图 7所示, 本实施例的监听方法的步骤 701-步骤 702与实施例五的前两 步相同, 具体的, 可以包括以下步骤: 步骤 701、 NE接收用户的位置登记及开关机请求; 步骤 702、 NE向 LIG发送监听数据请求消息; After obtaining the monitoring data returned by the LI G, the NE can monitor the monitoring information corresponding to the monitoring data and report it to the LIG. For example, if the type of the information to be monitored is IRI information, the NE can report the monitoring event (IRI-REPORT) to the LIG, that is, report the location registration and the user activity information of the switch. Step 605: The LIG forwards the monitoring information reported by the NE to the monitoring center LEA. In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, and the NE performs monitoring according to the monitoring data returned by the LIG, so that the NE side can The user's monitoring data is no longer stored, which solves the problem of the risk of monitoring data leakage on the NE side, and ensures the security of the user listening data. Embodiment 6 FIG. 7 is a schematic diagram of signaling according to Embodiment 6 of the monitoring method of the present invention. This embodiment is still described by taking the location registration and the power on/off process as an example, and the process is optimized based on the second embodiment, LIG After receiving the listening data request message of the NE, the monitoring information is directly reported to the LEA without returning a response to the NE, thereby reducing the signaling load between the NE and the LIG. As shown in FIG. 7 , steps 701 to 702 of the monitoring method of the embodiment are the same as the first two steps of the fifth embodiment. Specifically, the method may include the following steps: Step 701: The NE receives a location registration and a switch request of the user. Step 702: The NE sends a monitoring data request message to the LIG.
NE在处理完成用户的位置登记或开关机操作后,可以获取得到用户标识, 例如, 用户的所有号码。 此时, NE可以向 LIG发送监听数据请求消息, 并在该 消息中携带用户的所有号码, 以及本次业务的呼叫类型, 例如, 为位置登记及 开关机业务。 此外, 还可以携带用户位置信息和 NE信息等。 步骤 703、 LIG向 LEA上报监听信息。 After processing the user's location registration or power on/off operation, the NE can obtain the user identifier, for example, all the numbers of the user. At this time, the NE may send a monitoring data request message to the LIG, and carry all the numbers of the user in the message, and the call type of the current service, for example, location registration and power on/off. In addition, user location information, NE information, and the like can also be carried. Step 703: The LIG reports the monitoring information to the LEA.
LIG在接收到 NE的监听数据请求消息之后,查询其中的用户号码是否被监 听。 如果该用户号码被监听, 并且所要求的监听数据属性为 IRI信息, 同时, L I G判断监听数据请求消息中所携带的呼叫类型为位置登记及开关机请求。 此 时, LIG可以直接构造 X2通道消息上报至 LEA, 不需要给 NE返回响应。 上述处理方式可以避免 NE获取监听数据后再上报监听事件给 LIG的多余 处理, 而是由 LIG直接上报, 减少了 NE和 LIG之间的信令负荷。 而且, 在这种 情况下, 在 NE侧无感知的情况下即完成了对用户的监听, NE侧也不需要接收 和存储用户的监听数据, 保证了用户监听数据的安全性。 此外, LIG的查询结果为该用户号码未被监听, 则 LIG可以不上^艮 2通道 消息, 或者, 可以不给 NE返回响应, 或者, 也可以向 NE返回为空的监听数据 响应消息。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听, 使得 NE侧可以不再存储用户的监听数据, 解决了 NE侧存在监 听数据泄漏风险的问题, 保证了用户监听数据的安全性。 实施例七 图 8为本发明监听方法实施例七的信令示意图, 本实施例是以呼叫流程为 例, 对本发明的监听方法进行说明。 如图 8所示, 本实施例的监听方法可以包 括以下步骤: 步骤 801、 NE接收终端用户的呼叫请求; 例如, 该呼叫可以是中继入局呼叫, 或者也可以为移动始呼。 步骤 802、 NE向 LIG发送监听数据请求消息; After receiving the interception data request message of the NE, the LIG queries whether the user number is monitored. If the subscriber number is monitored and the required interception data attribute is IRI information, the LIG determines that the type of call carried in the interception data request message is a location registration and a switch request. At this time, the LIG can directly construct the X2 channel message and report it to the LEA, and does not need to return a response to the NE. The foregoing processing manner can prevent the NE from acquiring the interception data and then reporting the interception event to the LIG for redundant processing, but directly reporting the LIG, thereby reducing the signaling load between the NE and the LIG. Moreover, in this case, when the NE side is not aware, the monitoring of the user is completed, and the NE side does not need to receive and store the user's monitoring data, thereby ensuring the security of the user listening data. In addition, if the LIG query result is that the user number is not monitored, the LIG may not send a channel message, or may not return a response to the NE, or may return an empty intercept data response message to the NE. In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can no longer store the user's monitoring data, and the problem of the risk of monitoring data leakage on the NE side is solved, and the problem is ensured. The security of the user listening for data. Embodiment 7 FIG. 8 is a schematic diagram of signaling of Embodiment 7 of the monitoring method of the present invention. This embodiment uses a call flow as an example to describe the monitoring method of the present invention. As shown in FIG. 8, the monitoring method of this embodiment may include the following steps: Step 801: The NE receives a call request of the terminal user. For example, the call may be a relay incoming call, or may be a mobile origination call. Step 802: The NE sends a monitoring data request message to the LIG.
NE获取到主被叫的所有号码信息, 例如, 移动用户有三种号码, ESN、 IMSI、 MDN, 这三种号码都可以被设定监听, NE只有完整获取这三种号码, 才可以向 LIG发送监听数据请求消息, 并在该消息中携带其获取到的所有用户 号码, 以及接收到的业务类型。 此外, 在发送上述的监听数据请求消息的同时, NE可以启动一计时器, 该计时器可以设定等待 LIG返回对监听数据请求消息的响应的时间。 具体实施 中, 该设定时长不宜过长, 优选控制在百毫秒级别, 以对用户无感知。 并且, 通过设置计时器, 可以使得 NE对于各种情况能够及时处理, 提高监听业务的 处理效率。 步骤 803、 LIG查询所述用户标识是否被监听; LIG在接收到 NE发送的监听数据请求消息之后,查询自身侧的数据库中是 否存储有与该监听数据请求消息中携带的用户标识对应的监听数据。 若存在所述用户标识对应的监听数据 ,则表明该用户标识对应的终端用户 需要被监听。 此时, 可以继续执行步骤 804; 否则, 可以执行步骤 808。 步骤 804、 LIG向 NE返回监听数据响应消息; The NE obtains all the number information of the calling party and the called party. For example, the mobile subscriber has three numbers, ESN, IMSI, and MDN. All three numbers can be set to listen. The NE can only send these three numbers to the LIG. Listening to the data request message, and carrying all the user numbers it has obtained, and the type of service received. In addition, while transmitting the above-mentioned listening data request message, the NE may start a timer, which may set a time to wait for the LIG to return a response to the listening data request message. In a specific implementation, the set duration is not too long, and is preferably controlled at a level of one hundred milliseconds so as not to be perceived by the user. Moreover, by setting a timer, the NE can be processed in time for various situations, and the processing efficiency of the monitoring service is improved. Step 803: The LIG queries whether the user identifier is monitored. After receiving the interception data request message sent by the NE, the LIG queries whether the monitoring data corresponding to the user identifier carried in the interception data request message is stored in the database on the own side. If the interception data corresponding to the user identifier exists, it indicates that the terminal user corresponding to the user identifier needs to be monitored. At this point, step 804 can continue; otherwise, step 808 can be performed. Step 804: The LIG returns a monitoring data response message to the NE.
LIG在查询到用户标识需要被监听,且呼叫类型为呼叫业务时, 可以向 NE 返回监听数据响应消息, 并在该消息中携带其查询到的监听数据。 例如,该监听数据中可以包括需要被设定监听的用户号码(如 MDN号码 ), 并且设定监听数据的属性。具体的,该监听数据可以要求为监听信令层面信息, 该信令层面信息即 IRI数据, 可以包括用户的开机、 关机、 呼叫等活动; 或者, 该监听数据也可以要求为媒体层面信息, 该媒体层面信息即 CC数据, 可以包 括语音和视频信息等。 若监听数据中要求监听的信息属性为 IRI数据, 则可以继续执行步骤 805 和步骤 806; 若监听数据中要求监听的信息属性为 CC数据, 则可以执行步骤 807。 步骤 805、 NE对所述监听数据对应的监听信息进行监听,并将监听信息上 报至 LIG; When the LIG needs to be monitored, and the call type is call service, the LIG can return a monitoring data response message to the NE, and carry the intercepted data of the query in the message. For example, the monitoring data may include a user number (such as an MDN number) that needs to be set to monitor, and set an attribute of the listening data. Specifically, the interception data may be required to monitor signaling layer information, where the signaling layer information, that is, IRI data, may include a user's startup, shutdown, call, and the like; or the interception data may also be requested as media layer information. Media level information, that is, CC data, may include voice and video information. If the information attribute of the interception data to be monitored is IRI data, step 805 and step 806 may be continued; if the information attribute of the interception data required to be monitored is CC data, step 807 may be performed. Step 805: The NE monitors the interception information corresponding to the interception data, and reports the interception information to the LIG.
NE在接收到 LIG返回的监听数据响应消息之后,若该消息中携带有监听数 据, 则可以将该监听数据临时存储在内存中, 同时触发对监听数据对应的监听 信息的监听, 并向 LIG上报监听事件 IRI数据; 且停止计时器的计时, 继续进行 基本呼叫流程。 步骤 806、 LIG将 IRI监听信息上报至监听中心; 步骤 807、 NE建立到 LEA的语音监听通道; NE在接收到 LIG返回的监听数据响应消息之后,若判断用户的监听数据存 在语音监听, 则建立到 LEA的语音监听通道。 该语音监听通道可以是 NE根据 LIG返回的监听数据响应消息中携带的语音监听号码连接建立的。 步骤 808、 LIG向 NE返回空消息。 After receiving the interception data response message returned by the LIG, if the message carries the interception data, the NE may temporarily store the interception data in the memory, and trigger the monitoring of the interception information corresponding to the interception data, and report to the LIG. The event IRI data is monitored; and the timer is stopped, and the basic call flow is continued. Step 806: The LIG reports the IRI monitoring information to the monitoring center. Step 807: The NE establishes a voice monitoring channel to the LEA. After receiving the monitoring data response message returned by the LIG, the NE establishes a voice monitoring channel to the LEA if it is determined that the user's monitoring data has voice monitoring. The voice interception channel may be established by the NE according to the voice interception number connection carried in the intercept data response message returned by the LIG. Step 808: The LIG returns an empty message to the NE.
LIG查询其自身侧的数据库, 若用户号码未被监听, 则可以向 NE返回监听 数据响应消息, 该消息为空消息。 此时, NE接收到该监听数据响应消息之后, 判断没有主被叫的监听数据, 则可以停止等待计时器计时, 继续进行基本的呼 叫流程。 本实施例中, 在呼叫正常结束, 监听事件和语音均已经正常上报后, NE 可以清除本次呼叫由 LIG获取的监听数据, 用户下次呼叫再继续从 LIG请求监 听数据, 以保证 NE侧监听数据的安全性。 此外,为保证监听数据请求消息和监听数据响应消息中传输的监听数据等 不被窃取, 可以对上述消息采用 DES/AES等加密算法进行加密, 例如, 可以 采用算法强度较高的 AES256进行加密, 以保证监听数据传输上的安全性。 进一步的, 本实施例中, 当 LIG查询得到用户号码需要被监听, 且监听数 据中要求监听的信息属性为 IRI数据时, LIG也可以如实施例三中所述, 直接向 LEA上报, 而不再向 NE返回响应, 以减少 NE和 LIG之间的信令负荷。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听, 以及 NE根据 LIG返回的监听数据进行监听等, 使得 NE侧可以 不再存储用户的监听数据, 解决了 NE侧存在监听数据泄漏风险的问题, 保证 了用户监听数据的安全性。 实施例八 图 9为本发明监听方法实施例八的信令示意图, 本实施例是以短消息始发 流程为例, 对本发明的监听方法进行说明。 如图 9所示, 本实施例的监听方法 可以包括以下步骤: 步骤 901、 NE接收用户的短消息始发业务请求; 步骤 902、 NE将用户短消息转发给 MC (短消息中心) ; 步骤 903、 MC成功发送短消息, 并向 NE返回处理结果响应; 步骤 904、 NE向 LIG发送监听数据请求消息; The LIG queries the database on its own side. If the user number is not monitored, it can return a listening data response message to the NE, and the message is an empty message. At this time, after receiving the monitoring data response message, the NE determines that there is no monitoring data of the calling party and the called party, and then stops waiting for the timer to continue, and continues the basic call flow. In this embodiment, after the call is normally ended, the interception event and the voice have been reported normally, the NE can clear the interception data acquired by the LIG for the current call, and the user continues to request the interception data from the LIG to ensure the NE side to listen. The security of the data. In addition, in order to ensure that the interception data transmission message and the interception data transmission message transmitted in the interception data response message are not stolen, the above message may be encrypted by using an encryption algorithm such as DES/AES, for example, AES256 with high algorithm strength may be used for encryption. To ensure the security of the interception data transmission. Further, in this embodiment, when the LIG query obtains that the user number needs to be monitored, and the information attribute of the interception data to be monitored is IRI data, the LIG may report directly to the LEA as described in the third embodiment, instead of The response is returned to the NE to reduce the signaling load between the NE and the LIG. In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, and the NE monitors the monitoring data returned by the LIG, so that the NE side can no longer store the user's monitoring data, and the solution is solved. The NE side has the problem of monitoring the risk of data leakage, which ensures the security of the user listening data. Embodiment 8 FIG. 9 is a schematic diagram of signaling of Embodiment 8 of the monitoring method of the present invention. This embodiment uses a short message originating process as an example to describe the monitoring method of the present invention. As shown in FIG. 9, the monitoring method of this embodiment The method may include the following steps: Step 901: The NE receives a short message originating service request of the user. Step 902: The NE forwards the user short message to the MC (short message center). Step 903: The MC successfully sends the short message, and returns the processing to the NE. The result is a response; Step 904: The NE sends a listen data request message to the LIG.
NE在判断 MC成功发送了短消息之后,可以向 LIG发送监听数据请求消息, 并在该消息中携带短消息始发用户的所有号码信息、 被叫号码和呼叫类型等, 还可以携带短消息始发用户的位置信息、 短消息内容等信息。 步骤 905、 LIG将上报至监听中心; After determining that the MC successfully sends the short message, the NE may send a monitoring data request message to the LIG, and carry all the number information, the called number, and the call type of the short message originating user, and may also carry the short message. Send the user's location information, short message content and other information. Step 905, the LIG will report to the monitoring center;
LIG检查短消息始发用户的所有号码是否被监听, 如果被监听并且监听数 据中要求监听的信息属性为 IRI数据; 同时, LIG也判断得到 NE发送的呼叫类 型为短消息业务, 则此时, LIG可以直接构造 X2通道消息上报至 LEA。 同时, LIG也判断被叫号码是否被监听, 若被叫号码也被监听, 且要求监听 IRI数据, 则 LIG可以直接构造 X2通道消息上报至 LEA, 而不需要给 NE返回响应。 上述处理方式可以避免 NE获取监听数据后再上报监听事件给 LIG的多余 处理, 而是由 LIG直接上报, 减少了 NE和 LIG之间的信令负荷。 而且, 在这种 情况下, 在 NE侧无感知的情况下即完成了对用户的监听, NE侧也不需要接收 和存储用户的监听数据, 保证了用户监听数据的安全性。 本实施例中, 若 LIG检查得到主被叫用户的所有号码均不存在相应的监听 数据, 则 LIG可以不向 LEA上报监听信息, 且不向 NE返回响应。 此外, LIG在 查询到用户标识需要被监听, 且监听数据中要求监听的信息属性为 IRI数据时, 也可以按照实施例四中所述, 先向 NE下发监听数据, 再将 NE返回的监听信息 进行上报。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听等, 使得 NE侧可以不再存储用户的监听数据, 解决了 NE侧存在 监听数据泄漏风险的问题, 保证了用户监听数据的安全性。 实施例九 图 10为本发明监听方法实施例九的信令示意图,本实施例是以短消息终呼 流程为例, 对本发明的监听方法进行说明。 如图 10所示, 本实施例的监听方法 可以包括以下步骤: 步骤 1001、 MC (短消息中心)给 NE发送短消息请求, 请求 NE给短消息 接受用户下发短消息; 步骤 1002、 NE下发短消息成功, 并向 MC返回短消息响应; 步骤 1003、 NE向 LIG发送监听数据请求消息; The LIG checks whether all the numbers of the originating user of the short message are monitored. If the information attribute of the intercepted data and the information to be monitored is IRI data, the LIG also determines that the call type sent by the NE is a short message service. The LIG can directly construct X2 channel messages and report them to the LEA. At the same time, the LIG also determines whether the called number is being monitored. If the called number is also monitored and the IRI data is required to be monitored, the LIG can directly construct the X2 channel message and report it to the LEA without returning a response to the NE. The foregoing processing manner can prevent the NE from acquiring the interception data and then reporting the interception event to the LIG for redundant processing, but directly reporting the LIG, thereby reducing the signaling load between the NE and the LIG. Moreover, in this case, when the NE side is not aware, the monitoring of the user is completed, and the NE side does not need to receive and store the user's monitoring data, thereby ensuring the security of the user listening data. In this embodiment, if all the numbers of the calling and called users do not have corresponding monitoring data, the LIG may not report the monitoring information to the LEA, and does not return a response to the NE. In addition, the LIG may send the monitoring data to the NE, and then send the monitoring back to the NE, as described in the fourth embodiment, when the LIG needs to be monitored, and the information attribute that is required to be monitored in the monitoring data is the IRI data. Information is reported. In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can no longer store the user's monitoring data, and solves the problem that the NE side has the risk of monitoring data leakage. The security of the user listening data. Embodiment 9 FIG. 10 is a schematic diagram of signaling according to Embodiment 9 of the monitoring method of the present invention. In this embodiment, the short message termination procedure is taken as an example to describe the monitoring method of the present invention. As shown in FIG. 10, the monitoring method in this embodiment may include the following steps: Step 1001: The MC (short message center) sends a short message request to the NE, and requests the NE to send the short message to the user to send the short message. Step 1002: Sending a short message success, and returning a short message response to the MC; Step 1003: The NE sends a monitoring data request message to the LIG;
NE在判断成功下发了短消息之后, 可以向 LIG发送监听数据请求消息, 并 在该消息中携带短消息接收用户的所有号码信息、短消息主叫号码和呼叫类型 等, 还可以携带短消息接收用户的位置信息、 短消息内容等信息。 步骤 1004、 LIG将上报至监听中心; After determining that the short message is successfully sent, the NE may send a monitoring data request message to the LIG, and carry the short message to receive all the number information of the user, the short message calling number and the call type, and may also carry the short message. Receive information such as the user's location information, short message content, and the like. Step 1004, the LIG will report to the monitoring center;
LIG检查短消息接收用户的所有号码是否被监听, 如果被监听并且监听数 据中要求监听的信息属性为 IRI数据; 同时, LIG也判断得到 NE发送的呼叫类 型为短消息业务, 则此时, LIG可以直接构造 X2通道消息上报至 LEA。 同时, LIG也判断主叫号码是否被监听, 若主叫号码也被监听, 且要求监听 IRI数据, 则 LIG可以直接构造 X2通道消息上报至 LEA, 而不需要给 NE返回响应。 上述处理方式可以避免 NE获取监听数据后再上报监听事件给 LIG的多余 处理, 而是由 LIG直接上报, 减少了 NE和 LIG之间的信令负荷。 而且, 在这种 情况下, 在 NE侧无感知的情况下即完成了对用户的监听, NE侧也不需要接收 和存储用户的监听数据, 保证了用户监听数据的安全性。 本实施例中, 若 LIG检查得到主被叫用户的所有号码均不存在相应的监听 数据, 则 LIG可以不向 LEA上报监听信息, 且不向 NE返回响应。 此外, LIG在 查询到用户标识需要被监听, 且监听数据中要求监听的信息属性为 IRI数据时, 也可以按照实施例七中所述, 先向 NE下发监听数据, 再将 NE返回的监听信息 进行上报。 本实施例的监听方法,通过 NE向 LIG发送监听数据请求消息以查询用户标 识是否被监听等, 使得 NE侧可以不再存储用户的监听数据, 解决了 NE侧存在 监听数据泄漏风险的问题, 保证了用户监听数据的安全性。 实施例十 图 11为本发明监听设备实施例的结构示意图,本实施例的监听设备可以用 于执行本发明任意实施例的监听方法。 该监听设备可以为 NE , 具体可以为移 动交换中心(MSC )、 归属位置寄存器(HLR )、 呼叫会话控制功能(CSCF ) 和服务 GPRS支持节点 (SGSN )等通信设备。 如图 11所示, 本实施例的监听设备可以包括监测模块 21、 请求模块 22; 其中,监测模块 21可以获取到终端用户的用户标识, 以及所述终端用户所 进行的通信业务; 请求模块 22可以向监听网关 LIG发送监听数据请求消息, 所 述监听数据请求消息中包括监测模块 21获取得到的所述用户标识以及所述通 信业务的业务类型。 进一步的, 本实施例的监听设备还可以包括第一接收模块 23和监听模块The LIG checks whether all the numbers of the short message receiving user are monitored. If the information attribute that is required to be monitored in the listening data is IRI data, the LIG also determines that the call type sent by the NE is a short message service, then, at this time, LIG The X2 channel message can be directly reported to the LEA. At the same time, the LIG also determines whether the calling number is being monitored. If the calling number is also monitored and the IRI data is required to be monitored, the LIG can directly construct the X2 channel message and report it to the LEA without returning a response to the NE. The foregoing processing manner can prevent the NE from acquiring the interception data and then reporting the interception event to the LIG for redundant processing, but directly reporting the LIG, thereby reducing the signaling load between the NE and the LIG. Moreover, in this case, when the NE side is not aware, the monitoring of the user is completed, and the NE side does not need to receive and store the user's monitoring data, thereby ensuring the security of the user listening data. In this embodiment, if all the numbers of the calling and called users do not have corresponding monitoring data, the LIG may not report the monitoring information to the LEA, and does not return a response to the NE. In addition, the LIG may send the monitoring data to the NE, and then send the monitoring back to the NE, as described in the seventh embodiment, when the LIG needs to be monitored, and the information attribute that is required to be monitored in the monitoring data is the IRI data. Information is reported. In the monitoring method of the embodiment, the NE sends a monitoring data request message to the LIG to query whether the user identifier is monitored, so that the NE side can no longer store the user's monitoring data, and solves the problem that the NE side has the risk of monitoring data leakage. The security of the user listening data. Embodiment 10 FIG. 11 is a schematic structural diagram of an embodiment of a monitoring device according to the present invention. The monitoring device of this embodiment may be used to perform a monitoring method according to any embodiment of the present invention. The listening device may be an NE, and may specifically be a communication device such as a Mobile Switching Center (MSC), a Home Location Register (HLR), a Call Session Control Function (CSCF), and a Serving GPRS Support Node (SGSN). As shown in FIG. 11, the monitoring device of the present embodiment may include a monitoring module 21 and a requesting module 22; wherein the monitoring module 21 may obtain the user identifier of the terminal user and the communication service performed by the terminal user; The monitoring data request message may be sent to the monitoring gateway LIG, where the monitoring data request message includes the user identifier obtained by the monitoring module 21 and the service type of the communication service. Further, the listening device of this embodiment may further include a first receiving module 23 and a listening module.
24; 其中, 第一接收模块 23可以接收 LIG返回的监听数据响应消息, 所述监听 数据响应消息中包括与所述用户标识对应的监听数据;监听模块 24可以对所述 监听数据对应的监听信息进行监听, 并将所述监听信息上报至所述 LIG。 进一步的, 本实施例的监听设备还可以包括清除模块 25、 计时模块 26和 判断模块 27; 其中, 清除模块 25可以在将所述监听信息上报至所述 LIG之后, 清除内存 中存储的所述监听数据;计时模块 26可以设定等待所述监听数据响应消息的时 长并进行计时; 判断模块 27可以用于在经过所述计时模块 26的设定时长, 未 接收到所述 LIG返回的所述监听数据响应消息时, 指示所述监听模块 24放弃监 听。 本实施例的监听设备, 通过设置请求模块, 向 LIG发送监听数据请求消息 以查询用户标识是否被监听等, 使得 NE侧可以不再存储用户的监听数据, 解 决了 NE侧存在监听数据泄漏风险的问题, 保证了用户监听数据的安全性。 实施例十一 图 12为本发明监听网关实施例的结构示意图,本实施例的监听网关可以用 于执行本发明任意实施例的监听方法。如图 12所示,本实施例的监听网关可以 包括第二接收模块 31和上报模块 32; 其中, 第二接收模块 31 , 可以接收监听设备发送的监听数据请求消息, 所 通信业务的业务类型; 上^艮模块 32, 可以在所述用户标识需要被监听时, 将与 所述用户标识对应的监听信息上报至监听中心。 进一步的, 本实施例的监听网关还可以包括查询模块 34, 该查询模块 34 可以在第二接收模块 31接收到所述监听数据请求消息时,查询本地是否存在与 所述用户标识对应的监听数据。 本实施例的监听网关的上报模块 32还可以包括响应模块 33和处理模块 35。 其中, 该响应模块 33可以在所述查询模块 34的查询结果为是时, 向所述 监听设备返回监听数据响应消息,所述监听数据响应消息中包括与所述用户标 识对应的监听数据;第二接收模块 31还可以用于接收所述监听设备返回的与所 述监听数据对应的监听信息。 处理模块 35可以在所述查询模块 34的查询结果 为是时,将接收到的所述监听数据请求消息中的业务类型对应的监听信息上报 至所述监听中心。 进一步的, 本实施例的监听网关还可以包括发送模块 36, 该发送模块 36 可以在查询模块 34的查询结果为否时,判断所述用户标识不需要被监听,则向 所述监听设备返回监听数据响应消息, 所述监听数据响应消息为空。 本实施例的监听网关, 通过设置第二接收模块, 接收 ΝΕ发送的监听数据 请求消息等, 使得 ΝΕ侧可以不再存储用户的监听数据, 解决了 ΝΕ侧存在监听 数据泄漏风险的问题, 保证了用户监听数据的安全性。 实施例十二 图 13为本发明监听系统实施例的结构示意图,本实施例的监听系统可以用 于执行本发明任意实施例的监听方法。如图 13所示,该监听系统可以包括监听 设备 41、 监听网关 42和监听中心 43; 其中,监听设备 41可以为本发明实施例七所述的监听设备, 其可以为 ΝΕ, 具体可以为移动交换中心 (MSC ) 、 归属位置寄存器(HLR ) 、 呼叫会话控 制功能(CSCF )和服务 GPRS支持节点 (SGSN )等通信设备。 监听网关 42 可以为本发明实施例八所述的监听网关。 监听中心 43可以向监听网关 42发送监听数据, 并接收所述监听网关 42上 报的监听信息。 本实施例的监听系统,通过设置监听设备和监听网关, 由监听设备向监听 网关发送请求查询用户号码是否被监听,由监听网关向监听设备发送监听数据 等, 使得 NE侧可以不再存储用户的监听数据, 解决了 NE侧存在监听数据泄漏 风险的问题, 保证了用户监听数据的安全性。 本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可 以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存 储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述的存储 介质包括: ROM、 RAM, 磁碟或者光盘等各种可以存储程序代码的介质。 The first receiving module 23 may receive the monitoring data response message returned by the LIG, where the monitoring data response message includes the monitoring data corresponding to the user identifier, and the monitoring module 24 may perform the monitoring information corresponding to the monitoring data. The monitoring is performed, and the monitoring information is reported to the LIG. Further, the monitoring device of this embodiment may further include a clearing module 25, a timing module 26, and The judging module 27 is configured to: after the monitoring information is reported to the LIG, clear the monitoring data stored in the memory; the timing module 26 may set a duration of waiting for the listening data response message and perform The judging module 27 can be configured to instruct the listening module 24 to give up monitoring when the listening data response message returned by the LIG is not received after the set time of the timing module 26 is passed. The monitoring device of the embodiment sends a monitoring data request message to the LIG to query whether the user identifier is monitored, etc., so that the NE side can no longer store the user's monitoring data, and the NE side has the risk of monitoring data leakage. The problem is to ensure the security of the user listening data. Embodiment 11 FIG. 12 is a schematic structural diagram of an embodiment of a monitoring gateway according to the present invention. The monitoring gateway of this embodiment may be used to perform a monitoring method according to any embodiment of the present invention. As shown in FIG. 12, the monitoring gateway of this embodiment may include a second receiving module 31 and a reporting module 32. The second receiving module 31 may receive a listening data request message sent by the monitoring device, and a service type of the communication service. The monitoring module 32 may report the monitoring information corresponding to the user identifier to the monitoring center when the user identifier needs to be monitored. Further, the intercepting gateway of the embodiment may further include a querying module 34, and the querying module 34 may query whether the monitoring data corresponding to the user identifier exists locally when the second receiving module 31 receives the intercepting data request message. . The reporting module 32 of the monitoring gateway of this embodiment may further include a response module 33 and a processing module 35. The response module 33 may, when the query result of the query module 34 is YES, return a monitoring data response message to the listening device, where the monitoring data response message includes monitoring data corresponding to the user identifier; The receiving module 31 is further configured to receive the monitoring information that is returned by the monitoring device and that is corresponding to the monitoring data. The processing module 35 can query the result of the query module 34. If yes, the received monitoring information corresponding to the service type in the received monitoring data request message is reported to the monitoring center. Further, the intercepting gateway of the embodiment may further include a sending module 36, where the sending module 36 may determine that the user identifier does not need to be monitored when the query result of the query module 34 is negative, and then return a monitoring to the listening device. The data response message, the listen data response message is empty. The monitoring gateway of the embodiment, by setting the second receiving module, receives the monitoring data request message sent by the user, so that the monitoring data of the user can no longer be stored on the side, and the problem of the risk of monitoring data leakage on the side is solved, and the problem is ensured. The security of the user listening for data. Embodiment 12 FIG. 13 is a schematic structural diagram of an embodiment of a monitoring system according to the present invention. The monitoring system of this embodiment may be used to perform a monitoring method according to any embodiment of the present invention. As shown in FIG. 13 , the monitoring system may include a monitoring device 41, a monitoring gateway 42 and a monitoring center 43. The monitoring device 41 may be the monitoring device according to the seventh embodiment of the present invention, which may be Communication equipment such as a switching center (MSC), a home location register (HLR), a call session control function (CSCF), and a serving GPRS support node (SGSN). The monitoring gateway 42 can be the monitoring gateway described in Embodiment 8 of the present invention. The interception center 43 can send the interception data to the interception gateway 42 and receive the interception information reported by the interception gateway 42. In the monitoring system of this embodiment, by setting the monitoring device and the monitoring gateway, the monitoring device sends a request to the monitoring gateway to query whether the user number is monitored, and the monitoring gateway sends the monitoring data to the monitoring device, so that the NE side can no longer store the user. Listening to the data solves the problem of the risk of intercepting data leakage on the NE side, ensuring the security of the user listening data. A person skilled in the art can understand that all or part of the steps of implementing the foregoing method embodiments may be completed by using hardware related to the program instructions, and the foregoing program may be stored in a computer readable memory. In the storage medium, when the program is executed, the steps including the foregoing method embodiments are performed; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk or an optical disk.
最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对其限 制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通技术人员 应当理解: 其依然可以对前述各实施例所记载的技术方案进行修改, 或者对其 中部分技术特征进行等同替换; 而这些修改或者替换, 并不使相应技术方案的 本质脱离本发明各实施例技术方案的精神和范围。  It should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: The technical solutions described in the foregoing embodiments are modified, or some of the technical features are equivalently replaced. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

权 利 要 求 书 Claim
1、 一种监听方法, 其特征在于, 包括: 当监测到终端进行的通信业务时, 获取所述通信业务对应的用户标识; 向监听网关发送监听数据请求消息 ,所述监听数据请求消息中包括所述用 户标识, 以触发所述监听网关根据所述监听数据请求消息进行监听业务。 A monitoring method, comprising: acquiring a user identifier corresponding to the communication service when monitoring a communication service performed by the terminal; and sending a monitoring data request message to the monitoring gateway, where the monitoring data request message is included The user identifier is used to trigger the interception gateway to perform a monitoring service according to the interception data request message.
2、根据权利要求 1所述的监听方法, 其特征在于, 所述触发所述监听网关 根据所述监听数据请求消息进行监听业务包括: 接收所述监听网关根据所述监听数据请求消息返回的监听数据响应消息, 所述监听数据响应消息中包括与所述用户标识对应的监听数据; 根据所述监听数据对所述通信业务进行监听, 获取监听信息, 并将所述监 听信息上报至所述监听网关。 The monitoring method according to claim 1, wherein the triggering the intercepting gateway to perform the monitoring service according to the intercepting data request message comprises: receiving the monitoring that the intercepting gateway returns according to the intercepting data request message a data response message, the interception data response message includes the interception data corresponding to the user identifier; the monitoring service is monitored according to the interception data, the interception information is acquired, and the interception information is reported to the monitor Gateway.
3、 根据权利要求 1或 2所述的监听方法, 其特征在于, 在所述将所述监听 信息上报至所述监听网关之后, 还包括: 清除内存中存储的所述监听数据。 The monitoring method according to claim 1 or 2, wherein after the reporting the monitoring information to the monitoring gateway, the method further comprises: clearing the monitoring data stored in the memory.
4、 根据权利要求 1-3任意一项所述的监听方法, 其特征在于, 所述监听数 据请求消息中还包括: 信令信息; 所述触发所述监听网关根据所述监听数据请求消息进行监听业务包括:所 述监听网关由所述信令信息中获取监听信息并上报至监听中心。 The monitoring method according to any one of claims 1 to 3, wherein the intercepting data request message further includes: signaling information; the triggering the intercepting gateway to perform according to the intercepting data request message The monitoring service includes: the monitoring gateway acquires the monitoring information from the signaling information and reports the information to the monitoring center.
5、根据权利要求 4所述的监听方法, 其特征在于, 所述监听数据请求消息 中还包括信令信息, 包括: 若呼叫类型为短消息业务, 则向所述监听网关发送监听数据请求消息, 并 将用户号码以及短消息内容设置在所述监听数据请求消息中; 或者, 若呼叫类型为位置登记业务, 则向所述监听网关发送监听数据请求消息, 并将用户位置信息设置在所述监听数据请求消息中; 或者, 若呼叫类型为开关机业务, 则向所述监听网关发送监听数据请求消息, 并 将业务类型设置在所述监听数据请求消息中; 或者, 若呼叫类型为呼叫业务, 则获取所述呼叫业务对应的主叫号码和被叫号 码, 向所述监听网关发送监听数据请求消息, 并将所述主叫号码和被叫号码均 设置在所述监听数据请求消息中。 The monitoring method according to claim 4, wherein the intercepting data request message further includes signaling information, including: if the call type is a short message service, sending a monitoring data request message to the listening gateway. And setting the user number and the short message content in the listening data request message; or If the call type is a location registration service, send a monitoring data request message to the intercepting gateway, and set the user location information in the intercept data request message; or, if the call type is a switch-on service, The gateway sends a listener data request message, and sets the service type in the intercept data request message; or, if the call type is a call service, acquires the calling number and the called number corresponding to the call service, to the monitoring The gateway sends a listen data request message, and sets the calling number and the called number in the intercept data request message.
6、根据权利要求 2所述的监听方法, 其特征在于, 所述监听网关根据所述 监听数据请求消息返回监听数据响应消息之前, 还包括: 所述监听网关根据所述用户标识查询本地是否存在所述用户标识对应的 监听数据, 且查询结果为是。 The monitoring method according to claim 2, wherein, before the listening gateway returns a monitoring data response message according to the monitoring data request message, the method further includes: the monitoring gateway querying whether the local presence exists according to the user identifier The user identifier corresponds to the interception data, and the query result is yes.
7、根据权利要求 2所述的监听方法, 其特征在于, 在所述向监听网关发送 监听数据请求消息之后, 还包括: 启动计时器,并判断在设定时长内是否接收到所述监听网关返回的所述监 听数据响应消息; 若否, 则执行所述通信业务。 The monitoring method according to claim 2, after the sending the monitoring data request message to the monitoring gateway, the method further includes: starting a timer, and determining whether the monitoring gateway is received within a set duration Returning the listening data response message; if not, executing the communication service.
8、根据权利要求 2所述的监听方法, 其特征在于, 在所述向监听网关发送 监听数据请求消息之后, 还包括: 接收所述监听网关返回的监听数据响应消息,当确定所述监听数据响应消 息为空时, 执行所述通信业务。 The monitoring method of claim 2, after the sending the monitoring data request message to the monitoring gateway, the method further comprising: receiving the monitoring data response message returned by the monitoring gateway, when determining the monitoring data When the response message is empty, the communication service is executed.
9、 一种监听方法, 其特征在于, 包括: 接收监听设备发送的监听数据请求消息,所述监听数据请求消息中包括通 信业务对应的用户标识; 根据所述监听数据请求消息进行监听业务。 A monitoring method, comprising: receiving a monitoring data request message sent by a monitoring device, wherein the monitoring data request message includes a user identifier corresponding to the communication service; and performing a monitoring service according to the monitoring data request message.
10、 根据权利要求 9所述的监听方法, 其特征在于, 所述根据所述监听数 据请求消息进行监听业务, 包括: 向所述监听设备返回监听数据响应消息,所述监听数据响应消息中包括与 所述用户标识对应的监听数据; 接收所述监听设备根据所述监听数据对所述通信业务进行监听而获取到 的监听信息。 The monitoring method according to claim 9, wherein the performing the monitoring service according to the monitoring data request message comprises: returning a monitoring data response message to the monitoring device, where the monitoring data response message includes The interception data corresponding to the user identifier; and the interception information obtained by the interception device to listen to the communication service according to the interception data.
11、 根据权利要求 10所述的监听方法, 其特征在于, 在向所述监听设备 返回监听数据响应消息之前, 还包括: 查询本地是否存在与所述用户标识对应的监听数据, 且查询结果为是。 The method of monitoring according to claim 10, further comprising: before the returning the monitoring data response message to the monitoring device, the method further comprising: querying whether the monitoring data corresponding to the user identifier exists locally, and the query result is Yes.
12、 根据权利要求 9所述的监听方法, 其特征在于, 所述监听数据请求消 息中还包括信令信息; 根据所述监听数据请求消息进行监听业务, 包括: 若判断出所述监听数据的类型为信令层面监听信息,则由所述监听数据请 求消息中的信令信息中获取监听信息。 The monitoring method according to claim 9, wherein the monitoring data request message further includes signaling information; and the monitoring service is performed according to the monitoring data request message, comprising: if the monitoring data is determined The type is the signaling layer interception information, and the interception information is obtained from the signaling information in the interception data request message.
13、 根据权利要求 9所述的监听方法, 其特征在于, 还包括: The method of monitoring according to claim 9, further comprising:
向所述监听设备返回监听数据响应消息, 所述监听数据响应消息为空。 Returning a listening data response message to the listening device, where the listening data response message is empty.
14、 一种监听设备, 其特征在于, 包括: 监测模块, 用于在监测到终端进行的通信业务时, 获取所述通信业务对应 的用户标识; 请求模块, 用于向监听网关发送监听数据请求消息, 所述监听数据请求消 息中包括所述用户标识,以触发所述监听网关根据所述监听数据请求消息进行 监听业务。 A monitoring device, comprising: a monitoring module, configured to acquire a user identifier corresponding to the communication service when monitoring a communication service performed by the terminal; and a requesting module, configured to send a monitoring data request to the monitoring gateway The message, the interception data request message includes the user identifier, to trigger the interception gateway to perform a monitoring service according to the intercept data request message.
15、 根据权利要求 14所述的监听设备, 其特征在于, 还包括: 第一接收模块,用于接收所述监听网关根据所述监听数据请求消息返回的 监听数据响应消息 ,所述监听数据响应消息中包括与所述用户标识对应的监听 数据; 监听模块, 用于根据所述监听数据对所述通信业务进行监听, 获取监听信 息; 并将所述监听信息上报至所述监听网关。 The listening device according to claim 14, further comprising: a first receiving module, configured to receive a listening data response message returned by the monitoring gateway according to the monitoring data request message, and the monitoring data response The message includes the interception data corresponding to the user identifier; the intercepting module is configured to listen to the communication service according to the interception data, obtain the interception information, and report the interception information to the interception gateway.
16、 根据权利要求 15所述的监听设备, 其特征在于, 还包括: 清除模块, 用于在将所述监听信息上报至所述监听网关之后, 清除内存中 存储的所述监听数据。 The listening device according to claim 15, further comprising: a clearing module, configured to: after the monitoring information is reported to the monitoring gateway, clear the monitoring data stored in the memory.
17、 根据权利要求 14所述的监听设备, 其特征在于, 还包括: 计时模块, 用于设定等待所述监听数据响应消息的时长, 并启动计时器进 行计时; 判断模块,还用于判断在经过所述计时模块的设定时长内是否接收到所述 监听网关返回的所述监听数据响应消息, 若否, 则指示执行所述通信业务。 The listening device according to claim 14, further comprising: a timing module, configured to set a duration of waiting for the listening data response message, and start a timer to perform timing; the determining module is further configured to determine Whether the listening data response message returned by the monitoring gateway is received within a set time period of the timing module, and if not, instructing execution of the communication service.
18、 一种监听网关, 其特征在于, 包括: 第二接收模块, 用于接收监听设备发送的监听数据请求消息, 所述监听数 据请求消息中包括通信业务对应的用户标识; 上报模块, 用于根据所述监听数据请求消息进行监听业务。 A monitoring gateway, comprising: a second receiving module, configured to receive a monitoring data request message sent by the monitoring device, where the monitoring data request message includes a user identifier corresponding to the communication service; and the reporting module is configured to: The monitoring service is performed according to the interception data request message.
19、 根据权利要求 18所述的监听网关, 其特征在于, 还包括: 查询模块, 用于在所述第二接收模块接收到所述监听数据请求消息时, 查 询本地是否存在与所述用户标识对应的监听数据。 The intercepting gateway according to claim 18, further comprising: a querying module, configured to: when the second receiving module receives the interception data request message, query whether the local presence and the user identifier Corresponding monitoring data.
20、 根据权利要求 19所述的监听网关, 其特征在于, 所述上报模块包括: 响应模块, 用于在所述查询模块的查询结果为是时, 向所述监听设备返回 监听数据响应消息 ,所述监听数据响应消息中包括与所述用户标识对应的监听 数据; 所述第二接收模块,还用于接收所述监听设备返回的根据所述监听数据对 所述通信业务进行监听而获取到的监听信息。 The monitoring gateway according to claim 19, wherein the reporting module comprises: a response module, configured to: when the query result of the query module is YES, return a monitoring data response message to the listening device, where the monitoring data response message includes monitoring data corresponding to the user identifier; The receiving module is further configured to receive the interception information that is obtained by the monitoring device and that is obtained by monitoring the communication service according to the interception data.
21、 根据权利要求 19所述的监听网关, 其特征在于, 所述上报模块包括: 处理模块, 用于在所述查询模块的查询结果为是时,且所述监听数据的类 型为信令层面监听信息时 , 由所述监听数据请求消息中获取监听信息。 The monitoring gateway according to claim 19, wherein the reporting module comprises: a processing module, configured to: when the query result of the query module is yes, and the type of the monitoring data is a signaling layer When the information is monitored, the interception information is obtained from the interception data request message.
22、 根据权利要求 19~21任一所述的监听网关, 其特征在于, 还包括: 发送模块, 用于在所述查询模块的查询结果为否时, 向所述监听设备返回 监听数据响应消息, 所述监听数据响应消息为空。 The monitoring gateway according to any one of claims 19 to 21, further comprising: a sending module, configured to: when the query result of the query module is negative, return a monitoring data response message to the listening device The listening data response message is empty.
23、 一种监听系统, 其特征在于, 包括: 权利要求 14-17任一所述的监听 设备, 权利要求 18-22任一所述的监听网关, 以及监听中心; 所述监听中心, 用于接收所述监听网关上报的监听信息。 A monitoring system, comprising: the monitoring device according to any one of claims 14-17, the monitoring gateway according to any one of claims 18-22, and a monitoring center; Receiving the interception information reported by the interception gateway.
PCT/CN2011/084318 2010-12-31 2011-12-21 Interception apparatus, interception method, and system WO2012089050A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2010106167787A CN102075926B (en) 2010-12-31 2010-12-31 Interception equipment, method and system
CN201010616778.7 2010-12-31

Publications (1)

Publication Number Publication Date
WO2012089050A1 true WO2012089050A1 (en) 2012-07-05

Family

ID=44034239

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/084318 WO2012089050A1 (en) 2010-12-31 2011-12-21 Interception apparatus, interception method, and system

Country Status (2)

Country Link
CN (1) CN102075926B (en)
WO (1) WO2012089050A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075926B (en) * 2010-12-31 2013-08-28 华为技术有限公司 Interception equipment, method and system
WO2013097141A1 (en) * 2011-12-29 2013-07-04 华为技术有限公司 Data interception method, device and system
CN103051497B (en) * 2012-12-28 2016-04-13 华为技术有限公司 Business Stream mirror method and mirroring device
CN111490962A (en) * 2019-01-25 2020-08-04 华为技术有限公司 Monitoring method and network equipment
CN113127287B (en) * 2019-12-31 2024-05-10 北京车和家信息技术有限公司 Control method and device of processor and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141761A (en) * 2007-09-30 2008-03-12 华为技术有限公司 Monitoring method, system and device
CN101212356A (en) * 2006-12-31 2008-07-02 华为技术有限公司 Session border controller, home user server, communication system and listening method
CN101562810A (en) * 2009-05-13 2009-10-21 中兴通讯股份有限公司 Method and system for legally monitoring IP multimedia subsystem network
EP2267969A2 (en) * 2009-06-23 2010-12-29 Uniloc Usa, Inc. System and method for communicating with traffic signals and toll stations
CN102075926A (en) * 2010-12-31 2011-05-25 华为技术有限公司 Interception equipment, method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212356A (en) * 2006-12-31 2008-07-02 华为技术有限公司 Session border controller, home user server, communication system and listening method
CN101141761A (en) * 2007-09-30 2008-03-12 华为技术有限公司 Monitoring method, system and device
CN101562810A (en) * 2009-05-13 2009-10-21 中兴通讯股份有限公司 Method and system for legally monitoring IP multimedia subsystem network
EP2267969A2 (en) * 2009-06-23 2010-12-29 Uniloc Usa, Inc. System and method for communicating with traffic signals and toll stations
CN102075926A (en) * 2010-12-31 2011-05-25 华为技术有限公司 Interception equipment, method and system

Also Published As

Publication number Publication date
CN102075926A (en) 2011-05-25
CN102075926B (en) 2013-08-28

Similar Documents

Publication Publication Date Title
JP4912500B2 (en) Method, system and apparatus for processing circuit switched domain services in an evolved packet network
EP2785125B1 (en) Method and system for determining accessibility of terminal group
JP4708473B2 (en) Communication system, mobile device, incoming call control method
WO2012094982A1 (en) Access control method and device
US8837355B2 (en) Bearer processing method and mobile management device
WO2014110927A1 (en) Method, device and system for sending trigger message
US20200170066A1 (en) Session Processing Method in Wireless Communications and Terminal Device
WO2012089050A1 (en) Interception apparatus, interception method, and system
KR20160021262A (en) Conversion method for transmission mechanism, user equipment and base station
WO2014056353A1 (en) Method, device and system for automatically switching voice call services
WO2012025001A1 (en) Method and system for processing prior services
WO2017054190A1 (en) Voice communication method and device
WO2014047825A1 (en) Method, apparatus, entity and network device for controlling page
WO2009138002A1 (en) Method, system and apparatus for dropping back to voice call from video call
WO2012051961A1 (en) Service processing method and device
WO2011017967A1 (en) Service control point in intelligent network and method for intercepting call
TW200826708A (en) System and method for responding to a page during a communication restriction
WO2012051893A1 (en) Service processing method and device
WO2008106873A1 (en) A method, a system and a device for realizing register and communication of the personal handhold telephone terminal
CN110312221B (en) Call forwarding setting method, home location register and block chain network system
WO2008154843A1 (en) Method and equipment for relocation
WO2010028556A1 (en) Method for processing user debt, mobile management entity and network system
CN102123469B (en) Processing method and user equipment (UE) for circuit switched (CS) fallback service in evolved packet network
CN102577316B (en) Method, device and system of data interception
WO2012089046A1 (en) Method and device for monitoring roaming user

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11853751

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11853751

Country of ref document: EP

Kind code of ref document: A1