WO2012097727A1 - Method and communication system for monitoring terminal - Google Patents

Method and communication system for monitoring terminal Download PDF

Info

Publication number
WO2012097727A1
WO2012097727A1 PCT/CN2012/070489 CN2012070489W WO2012097727A1 WO 2012097727 A1 WO2012097727 A1 WO 2012097727A1 CN 2012070489 W CN2012070489 W CN 2012070489W WO 2012097727 A1 WO2012097727 A1 WO 2012097727A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
monitoring
data
service
user access
Prior art date
Application number
PCT/CN2012/070489
Other languages
French (fr)
Chinese (zh)
Inventor
张勇
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2012097727A1 publication Critical patent/WO2012097727A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • H04M3/2281Call monitoring, e.g. for law enforcement purposes; Call tracing; Detection or prevention of malicious calls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/304Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting circuit switched data communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/80Arrangements enabling lawful interception [LI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/08Testing, supervising or monitoring using real traffic

Definitions

  • the present invention relates to communication technologies, and in particular, to a method and a communication system for monitoring a terminal.
  • Legitimate monitoring is the ability of the mobile communication system to provide the LEA with the communication content and the Intercept Related Information (IRI) of the monitoring terminal for the benefit of the Law Enforcement Agency (LEA).
  • the terminal can be a mobile phone, a data card, an access point (AP) device, and the like.
  • the monitoring related logical entity includes various network nodes, such as a Mobile Switching Center (MSC) and a General Packet Radio Service Support Node (GSN).
  • the GSN includes a GPRS GPRS Support Node (hereinafter referred to as SGSN) and a Gateway GPRS Support Node (hereinafter referred to as GGSN).
  • the communication network also includes a Management Function (hereinafter referred to as ADMF). ).
  • the MSC or the GSN can only monitor the signaling or communication content entering the MSC or the GSN.
  • the solution cannot be monitored in the wireless connection.
  • the devices on the ingress side cannot be monitored for signaling or communication content that only passes through the radio access network device.
  • the present invention provides a method and a communication system for monitoring a terminal to achieve the purpose of LEA monitoring various types of communication services of the terminal.
  • the present invention provides a method for monitoring a terminal, including:
  • the user access device receives control signaling sent by the management entity; the control signaling includes The identity of the terminal to be monitored;
  • the user access device acquires monitoring data of the terminal according to the control signaling to implement monitoring of the communication service of the terminal.
  • the present invention further provides a communication system, including: a management entity and a user access device; the user access device receives control signaling sent by the management entity; and the control signaling includes an identifier of the terminal that needs to be monitored; Obtaining monitoring data of the terminal according to the control signaling to implement monitoring of the communication service of the terminal.
  • the present embodiment solves the problem that the communication data and signaling data that fail to pass the core network cannot be monitored in the prior art by transmitting control signaling to the access gateway and monitoring the terminal through the user access device, and satisfies the LEA.
  • FIG. 1 is a flowchart of a method for monitoring a terminal according to an embodiment of the present invention
  • FIG. 1b is a schematic diagram of sending control signaling according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of a CS service for a local exchange of a terminal according to an embodiment of the present invention
  • FIG. 1 is a schematic diagram of a scenario for monitoring PS domain data according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a communication system according to another embodiment of the present invention.
  • UMTS includes the following services: Normal Circuit Switched Domain (Circuit) SwitchedDomain, hereinafter referred to as CS) service, locally switched CS service, normal packet switched domain (PS) service, and Gi port service in the PS domain.
  • Circuit Circuit Switched Domain
  • PS packet switched domain
  • Gi port service in the PS domain.
  • the normal CS service transmission path is: UE-AP-rauter (router)-AG-MSC; because the MSC passes, the communication system can monitor the normal CS service through the MSC.
  • the transmission path of the normal PS service is UE-AP-router-AG-GSN (SGSN or GGSN), and since the GSN is passed, the communication system can monitor the normal PS service through the GSN.
  • UE-AP-router-AG-GSN SGSN or GGSN
  • the transmission path of the Gi port service in the PS domain is the UE-AG-router-Internet Protocol (IP) network.
  • IP Internet Protocol
  • the transmission path of the locally exchanged CS service is UE-router-AG-router-UE. According to the prior art scheme, monitoring cannot be performed because the MSC and the GSN are not passed.
  • the communication system is used, and according to the prior art scheme, the communication system can only monitor normal CS services and normal PS services. For the rest of the business, since it does not pass through the MSC and GSN, it cannot be monitored. If the communication data of the terminal is encrypted, since the encryption process is transmitted to the AG, it cannot be monitored by the MSC or GSN.
  • the present embodiment provides a monitoring terminal based on the above-described communication system structure.
  • the legally monitored ADMF can directly or indirectly monitor wireless access devices such as terminals and UMTS APs, and the monitoring granularity can only monitor a specified UMTS AP or terminal.
  • the communication data of the AP that has only passed through the UMTS can be monitored. Since the communication data passing through the AP can be monitored and the communication between the users is encrypted, the encryption process occurs on the AG, and the communication data can be monitored on the AP.
  • the method for monitoring the terminal in this embodiment is as follows:
  • Step 11 The user access device receives control signaling sent by the ADMF, where the control signaling includes an identifier of the terminal that needs to be monitored.
  • the user access device includes an AP and an AG.
  • the control signaling related to the monitoring terminal needs to be sent to the AG and the AP.
  • the control signaling includes the identifier of the terminal that is legally monitored by the LEA, such as the International Mobile Subscriber Identification Number (IMSI) of the terminal and the Mobile Subscriber International ISDN/PSTN number.
  • IMSI International Mobile Subscriber Identification Number
  • MSISDN MSISDN
  • the control information related to the terminal to be monitored is sent to the AG through ADMF.
  • the following two methods are available:
  • the control information related to the terminal to be monitored is sent to the AG through the ADMF. See the schematic diagram of the transmission control signaling shown in Figure lb. The following two methods are available:
  • the control signaling of the terminal to be monitored is sent to the core network element by the ADMF, and the control signaling is sent to the AG by the core network element, where the core network element may be the MSC, the GSN, and the mobility management node (Mobility). Management Entity, hereinafter referred to as MME).
  • an interface between the ADMF and the AG is established in advance, and the ADMF sends the control signaling directly to the AG through the interface.
  • the AG can send the control signaling to the AP, so that the communication system can monitor various services of the user terminal through the AG or the AP.
  • Step 12 The user access device acquires monitoring data of the terminal according to the control signaling to implement monitoring of the communication service of the terminal.
  • the monitoring of the terminal may be performed in the following manners: 1.
  • the AG acquires monitoring data of the terminal according to the control signaling of the terminal, so as to implement monitoring of the communication service of the terminal; Or, the AG sends the control signaling of the terminal to the AP; the AP acquires the monitoring data of the terminal according to the control signaling of the terminal, so as to implement monitoring of the communication service of the terminal. .
  • the AP obtains the identity of the monitoring terminal according to the control signaling to determine which terminals need to be monitored.
  • various types of communication services can be monitored by the AG or the AP.
  • the user access device For the communication data of the CS service of the terminal, including the normal CS service and the communication data of the locally exchanged CS service, when the monitoring is performed, the user access device is connected according to the identifier of the terminal. After the received communication data and signaling data of the circuit switched domain service of the terminal are copied, the data is forwarded to a monitoring point (which may be an IP monitoring point of the LEA) or a general packet radio service technical support node GSN for monitoring.
  • a monitoring point which may be an IP monitoring point of the LEA
  • GSN general packet radio service technical support node
  • the AP obtains the identifier of the terminal according to the control signaling, and learns the terminal that needs to be monitored. Transmitting the received communication data and signaling data of the CS service of the terminal to the AG according to the identifier of the terminal, and then forwarding the communication data of the terminal to the IP monitoring point by the AG, or may also The AP directly copies the communication data and the signaling data and forwards it to the IP monitoring point, so that the LEA can monitor the terminal through the IP monitoring point.
  • the AP After receiving the indication of monitoring a terminal, if the corresponding terminal has a corresponding telephone or data service, the AP will copy the communication data and signaling data, and convert the copied data into an IP monitoring point to identify The format is transferred to the IP monitoring point after AG aggregation.
  • the IP monitoring point can identify the format corresponding to Voice over Internet Protocol (VOIP). Therefore, when the AP converts the copied data into a format that can be recognized by the IP monitoring point, the CS data can be used by default.
  • the voice signaling is converted into an application layer's Session Initiation Protocol (hereinafter referred to as SIP) signaling, and the communication data packet is converted into a VOIP format data packet. Enables the IP monitoring point to identify the data sent by the AP.
  • SIP Session Initiation Protocol
  • the communication between the terminal 1 and the terminal 2 is taken as an example.
  • FIG. 1c a schematic diagram of the CS service exchanged locally by the terminal is performed.
  • the service between the terminal 1 and the terminal 2 is a local exchange service, and the data stream does not pass through the MSC.
  • the AP copies the communication content between the terminal 1 and the terminal 2 according to the information such as the IMSI of the terminal to be monitored, and the AP converts the communication content between the terminal 1 and the terminal 2, and converts the converted communication content to AG, AG.
  • the converted content is sent to an IP monitoring point that can monitor the communication content.
  • the signaling data of the core network can be monitored through the IP monitoring point of the core network. After the localized signaling data or communication data is converted by the AP, it is sent to the AG, and the AG is aggregated and forwarded to the AG. IP monitoring point.
  • the normal PS service data and the service data of the Gi port in the PS domain are included.
  • the user access device acquires the identifier of the terminal according to the control signaling; and according to the identifier of the terminal, the received communication of the packet switched domain service of the terminal After the data is copied, it is forwarded to the IP monitoring point for monitoring; and after copying the signaling data of the terminal, it is forwarded to the GSN for monitoring.
  • the AP obtains the identifier of the terminal according to the control signaling, and learns the terminal that needs to be monitored. And after the received communication data of the PS service of the terminal is copied according to the identifier of the terminal, the communication data is forwarded to an IP monitoring point for monitoring. At the same time, the AP copies the signaling data of the terminal and sends it to the GSN, so that the LEA can monitor the signaling data of the terminal through the GSN.
  • Mode 2 is a schematic diagram of a scenario for monitoring PS domain data.
  • a channel between the AP and the GSN needs to be established.
  • the local Gi port function is enabled to establish a channel between the AP and the GSN. Since a channel is established between the AP and the GSN, the data of the local Gi port is not forwarded to the IP monitoring. Point, but copy the data of the local Gi port to the channel between the AP and the GSN, so that the LEA can monitor the data through the GSN.
  • the user access device When monitoring the service of the Gi interface in the PS domain, the user access device acquires the identifier of the terminal according to the control signaling; and according to the identifier of the terminal, the received PS domain of the terminal After the communication data of the service of the Gi port and the signaling data are copied, the data is forwarded to the channel between the access point device and the GSN, and monitored by the GSN.
  • the communication service of the terminal may also include the CS service and the PS service at the same time.
  • the function of copying and converting data can be implemented on the AG.
  • the method for monitoring the terminal is: the AP acquires the identifier of the terminal that needs to be monitored according to the control signaling; the AP sends the CS service communication data and signaling data of the terminal to the AG, and the AG exchanges the domain service.
  • the communication data and the signaling data are converted into communication data and signaling data of the PS type; and the converted communication data and signaling data are forwarded to the GSN, so that the LEA can be monitored by the GSN, and the communication service of the PS domain still uses the above
  • the monitoring method is monitored, thereby enabling simultaneous monitoring of the CS service and PS service of the terminal through the GSN in the communication system.
  • encryption is adopted for the communication service of two users. Since the encryption process occurs in the AG, when the terminal is monitored, if the AP replicates and forwards the communication data to the monitoring device, the following method can be used: AP After receiving the control signaling, the identifier of the terminal is obtained.
  • the received communication data and signaling data of the terminal before being encrypted are copied according to the identifier of the terminal, and then forwarded to the monitoring point for monitoring. If the AG replicates and forwards the communication data to the monitoring device, the following method may be adopted: after receiving the control signaling, the AG acquires the identifier of the terminal; according to the identifier of the terminal, the received terminal is not After the communication data and signaling data before encryption are copied, they are forwarded to the IP monitoring point for monitoring. This enables the communication system to monitor the communication traffic encrypted between users.
  • the present embodiment solves the problem that the communication data and signaling data that fail to pass the core network cannot be monitored in the prior art by transmitting control signaling to the access gateway and monitoring the terminal through the user access device, and satisfies the LEA.
  • the purpose of monitoring various types of communication services of the terminal are not limited to Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, and Wi-Fi Protectet Access, etc.
  • FIG. 2 is a communication system according to an embodiment of the present invention, including: a management entity 21 and a user access device 22, wherein the user access device 22 includes an access gateway and an access point device.
  • the user access device 22 receives the control signaling sent by the management entity; the control signaling includes the identifier of the terminal that needs to be monitored; and the monitoring data of the terminal is obtained according to the control signaling to implement the The communication service of the terminal is monitored.
  • the management entity 21 may send the control signaling including the terminal identifier in the following two manners: The management entity 21 sends the control signaling of the terminal to the core network element, and the core network element sends the control signaling Give the access gateway.
  • the management entity 21 sends the control signaling directly to the access gateway through an interface with the access gateway.
  • the access gateway may forward the control signaling to the access point device.
  • the communication service of the terminal to be monitored includes a circuit switched domain service; when performing monitoring, the user access device acquires the identifier of the terminal according to the control signaling; And identifying, by the identifier of the terminal, the received communication data and signaling data of the circuit switched domain service of the terminal, and forwarding the data to the monitoring point or the GSN for monitoring.
  • the communication service of the terminal to be monitored includes a normal packet switched domain service
  • the user access device obtains the identifier of the terminal according to the control signaling, and copies the received communication data of the packet switched domain service of the terminal according to the identifier of the terminal, and forwards the data. Monitoring to the monitoring point; and copying the signaling data of the terminal, and then forwarding to the GSN for monitoring.
  • the user access device acquires the identifier of the terminal according to the control signaling when performing the monitoring;
  • the identifier of the terminal is copied to the channel between the access point device and the GSN by the received communication data and the signaling data of the service of the Gi-switch in the packet exchange domain of the terminal, and is monitored by the GSN.
  • the access gateway acquires the identifier of the terminal according to the control signaling; and receives the identifier according to the identifier of the terminal. After the unencrypted communication data and signaling data of the terminal are copied, the terminal is forwarded to an IP monitoring point for monitoring.
  • the present embodiment solves the problem that the communication data and signaling data that fail to pass the core network cannot be monitored in the prior art by transmitting control signaling to the access gateway and monitoring the terminal through the user access device, and satisfies the LEA.
  • the purpose of monitoring various types of communication services of the terminal are not limited to Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, Wi-Fi, and Wi-Fi Protectet Access, etc.
  • modules in the device in the embodiment may be implemented in hardware or in software.
  • the devices are distributed in the device according to the embodiment, and the corresponding changes may be different from the embodiment. In one or more devices.
  • the modules of the above embodiments may be combined into one module, or may be further split into multiple sub-modules.
  • the foregoing program may be stored in a computer readable storage medium, and when executed, the program includes The foregoing steps of the method embodiment; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Abstract

Disclosed are a method and communication system for monitoring a terminal. The method includes: user access equipment receiving a control signalling sent from a management entity, with the control signalling including the identification of the terminal to be monitored; and the user access equipment obtaining the monitoring data of the terminal according to the control signalling so as to monitor the communication service of the terminal. By sending a control signalling to the user access equipment and monitoring the terminal by means of an access gateway or an access point device in the present embodiment, the problem in the prior art that the communication data and signalling data which fail to pass the core network cannot be monitored is solved, and the aim of allowing the Law Enforcement Agency (LEA) to monitor all kinds of communication services of the terminal is satisfied.

Description

监控终端的方法和通信系统  Method and communication system for monitoring terminal
技术领域 本发明涉及通信技术, 特别涉及一种监控终端的方法和通信系统。 TECHNICAL FIELD The present invention relates to communication technologies, and in particular, to a method and a communication system for monitoring a terminal.
背景技术 Background technique
合法监控是移动通信系统为了法律执行机构( Law Enforcement Agency, 以 下简称 LEA ) 的利益, 而向 LEA提供的监控终端的通信内容和监控相关信息 ( Intercept Related Information, 以下简称 IRI )的能力, 监控的终端可以为手机、 数据卡、 接入点 (Access Point, 以下简称 AP )设备等。  Legitimate monitoring is the ability of the mobile communication system to provide the LEA with the communication content and the Intercept Related Information (IRI) of the monitoring terminal for the benefit of the Law Enforcement Agency (LEA). The terminal can be a mobile phone, a data card, an access point (AP) device, and the like.
在通信移动网络中, 与监控相关的逻辑实体包含各种网络节点如移动交换 中心 (Mobile Switching Center, 以下简称 MSC)、 通用分组无线服务技术支持节 点 (General Packet Radio Service Support Node, 以下简称 GSN ), GSN包括 GPRS 月良务支持节点 ( Serving GPRS Support Node, 以下简称 SGSN )和网关 GPRS支 持节点( Gateway GPRS Support Node, 以下简称 GGSN 此外, 该通信网络中 还包括管理实体( Administration Function , 以下简称 ADMF )。  In the communication mobile network, the monitoring related logical entity includes various network nodes, such as a Mobile Switching Center (MSC) and a General Packet Radio Service Support Node (GSN). The GSN includes a GPRS GPRS Support Node (hereinafter referred to as SGSN) and a Gateway GPRS Support Node (hereinafter referred to as GGSN). In addition, the communication network also includes a Management Function (hereinafter referred to as ADMF). ).
现有技术的技术方案中, 只能把 ADMF的监控指示下发给 MSC或 GSN等 核心网元设备 而 MSC或 GSN只能监控进入 MSC或 GSN的信令或通信内容 该方案无法监控在无线接入侧的设备, 且对那些只经过无线接入网设备的信令 或通信内容就无法进行监控。  In the prior art technical solution, only the monitoring indication of the ADMF can be sent to the core network element device such as the MSC or the GSN, and the MSC or the GSN can only monitor the signaling or communication content entering the MSC or the GSN. The solution cannot be monitored in the wireless connection. The devices on the ingress side cannot be monitored for signaling or communication content that only passes through the radio access network device.
发明内容 Summary of the invention
本发明提供了一种监控终端的方法和通信系统, 以实现 LEA对终端的各种 类型的通信业务进行监控的目的。  The present invention provides a method and a communication system for monitoring a terminal to achieve the purpose of LEA monitoring various types of communication services of the terminal.
本发明提供了一种监控终端的方法, 包括:  The present invention provides a method for monitoring a terminal, including:
用户接入设备接收来自管理实体发送的控制信令; 所述控制信令中包括需 要监控的终端的标识; The user access device receives control signaling sent by the management entity; the control signaling includes The identity of the terminal to be monitored;
所述用户接入设备根据所述控制信令, 获取所述终端的监控数据以实现对 所述终端的通信业务进行监控。  The user access device acquires monitoring data of the terminal according to the control signaling to implement monitoring of the communication service of the terminal.
本发明还提供了一种通信系统, 包括: 管理实体和用户接入设备; 所迷用户接入设备接收来自管理实体发送的控制信令; 所述控制信令中包 括需要监控的终端的标识; 根据所述控制信令, 获取所述终端的监控数据以实 现对所述终端的通信业务进行监控。  The present invention further provides a communication system, including: a management entity and a user access device; the user access device receives control signaling sent by the management entity; and the control signaling includes an identifier of the terminal that needs to be monitored; Obtaining monitoring data of the terminal according to the control signaling to implement monitoring of the communication service of the terminal.
本实施例通过向接入网关下发控制信令 , 并通过用户接入设备进行终端的 监控, 解决了现有技术中无法监控未通过核心网的通信数据和信令数据的问 题, 满足了 LEA对终端的各种类型的通信业务进行监控的目的。 附图说明  The present embodiment solves the problem that the communication data and signaling data that fail to pass the core network cannot be monitored in the prior art by transmitting control signaling to the access gateway and monitoring the terminal through the user access device, and satisfies the LEA. The purpose of monitoring various types of communication services of the terminal. DRAWINGS
图 la为本发明一实施例提供的监控终端的方法流程图;  FIG. 1 is a flowchart of a method for monitoring a terminal according to an embodiment of the present invention;
图 lb为本发明一实施例提供的发送控制信令的示意图;  FIG. 1b is a schematic diagram of sending control signaling according to an embodiment of the present invention;
图 lc为本发明一实施例提供的终端进行本地交换的 CS业务的示意图; 图 Id为本发明一实施例提供的监控 PS域数据的场景示意图;  FIG. 1 is a schematic diagram of a CS service for a local exchange of a terminal according to an embodiment of the present invention; FIG. 1 is a schematic diagram of a scenario for monitoring PS domain data according to an embodiment of the present invention;
图 2为本发明另一实施例提供通信系统的结构示意图。  FIG. 2 is a schematic structural diagram of a communication system according to another embodiment of the present invention.
具体实施方式 detailed description
为使本发明实施例的目的、 技术方案和优点更加清楚, 下面将结合本发明 实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是全部的实施例。 基于本发明中 的实施例 , 本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其 它实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
支持合法监控的通用移动通信系统 ( Universal Mobile Telecommunications Universal Mobile Telecommunications System that supports lawful monitoring ( Universal Mobile Telecommunications
System , 以下筒称 UMTS)中, 包括以下业务: 正常电路交换域 ( Circuit SwitchedDomain, 以下简称 CS ) 业务、 本地交换的 CS业务、 正常分组交换域 ( Packet SwitchedDomain, 以下简称 PS ) 业务和 PS域中的 Gi口业务。 System, hereinafter referred to as UMTS), includes the following services: Normal Circuit Switched Domain (Circuit) SwitchedDomain, hereinafter referred to as CS) service, locally switched CS service, normal packet switched domain (PS) service, and Gi port service in the PS domain.
该通信系统中, 正常的 CS 业务传输途径是: UE-AP-rauter (路由器) -AG-MSC; 由于经过了 MSC, 由此该通信系统能够通过 MSC对正常的 CS业 务进行监控。  In the communication system, the normal CS service transmission path is: UE-AP-rauter (router)-AG-MSC; because the MSC passes, the communication system can monitor the normal CS service through the MSC.
正常的 PS业务的传输途径是 UE-AP-router-AG-GSN(SGSN或 GGSN), 由 于经过了 GSN, 由此该通信系统能够通过 GSN对正常的 PS业务进行监控。  The transmission path of the normal PS service is UE-AP-router-AG-GSN (SGSN or GGSN), and since the GSN is passed, the communication system can monitor the normal PS service through the GSN.
PS 域中的 Gi 口业务的传输途径是 UE- AG-router-互联网协议 (Internet Protocol, 以下简称 IP )网络, 按照现有技术的方案, 由于未经过 MSC和 GSN, 不能进行监控。  The transmission path of the Gi port service in the PS domain is the UE-AG-router-Internet Protocol (IP) network. According to the prior art scheme, the monitoring cannot be performed because the MSC and the GSN are not passed.
本地交换的 CS业务的传输途径是 UE-router-AG-router-UE , 按照现有技术 的方案, 由于未经过 MSC和 GSN, 不能进行监控。  The transmission path of the locally exchanged CS service is UE-router-AG-router-UE. According to the prior art scheme, monitoring cannot be performed because the MSC and the GSN are not passed.
由上述结束可以看出, 釆用该通信系统, 按照现有技术的方案, 该通信系 统只能监控正常的 CS业务和正常的 PS业务。 而对于其余业务, 由于没有经过 MSC和 GSN, 因此不能进行监控。 如果终端的通信数据经过加密, 则由于加密 的过程是传输到 AG进行的, 因此, 也不能采用 MSC或 GSN进行监控。  As can be seen from the above end, the communication system is used, and according to the prior art scheme, the communication system can only monitor normal CS services and normal PS services. For the rest of the business, since it does not pass through the MSC and GSN, it cannot be monitored. If the communication data of the terminal is encrypted, since the encryption process is transmitted to the AG, it cannot be monitored by the MSC or GSN.
为使得能够对正常 CS业务、 本地交换的 CS业务、 PS域中的 Gi口业务和 正常 PS业务都能进行监控, 本实施例在基于上述的通信系统结构的基础上, 提 供了一种监控终端的方法。 以实现以下的技术目的: 合法监控的 ADMF可以直 接或间接的监控终端和 UMTS AP等无线接入设备,且监控的粒度上可以做到只 监控某个指定的 UMTS AP或终端。可以监控原本只经过 UMTS的 AP的通信数 据, 由于可以监控经过 AP的通信数据, 用户之间的通信进行了加密时, 加密过 程发生在 AG上, 在 AP上就能够对其通信数据进行监控。  In order to enable monitoring of the normal CS service, the locally exchanged CS service, the Gi interface service in the PS domain, and the normal PS service, the present embodiment provides a monitoring terminal based on the above-described communication system structure. Methods. To achieve the following technical purposes: The legally monitored ADMF can directly or indirectly monitor wireless access devices such as terminals and UMTS APs, and the monitoring granularity can only monitor a specified UMTS AP or terminal. The communication data of the AP that has only passed through the UMTS can be monitored. Since the communication data passing through the AP can be monitored and the communication between the users is encrypted, the encryption process occurs on the AG, and the communication data can be monitored on the AP.
如图 la所示, 本实施例的监控终端的方法如下:  As shown in FIG. la, the method for monitoring the terminal in this embodiment is as follows:
步骤 11、 用户接入设备接收来自 ADMF发送的控制信令; 所述控制信令中 包括需要监控的终端的标识;  Step 11: The user access device receives control signaling sent by the ADMF, where the control signaling includes an identifier of the terminal that needs to be monitored.
本实施例中, 用户接入设备包括 AP和 AG。 为使得通信系统能够支持 LEA 的合法监控, 需要把将该监控终端相关的控制信令发送给 AG和 AP。 该控制信 令包括 LEA 需要的合法监控的终端的标识如该终端的国际移动用户识别码 ( International Mobile Subscriber Identification Number, 以下简称 IMSI)和移动用 户综合业务数字网号码( Mobile Subscriber International ISDN/PSTN number, 以 下简称 MSISDN )等信息, 通过该控制信令, 其他网元设备如 MSC、 GSN等设 备就能够获知需要对哪些终端进行监控。 In this embodiment, the user access device includes an AP and an AG. In order to enable the communication system to support LEA For the legal monitoring, the control signaling related to the monitoring terminal needs to be sent to the AG and the AP. The control signaling includes the identifier of the terminal that is legally monitored by the LEA, such as the International Mobile Subscriber Identification Number (IMSI) of the terminal and the Mobile Subscriber International ISDN/PSTN number. Information such as MSISDN (hereinafter referred to as MSISDN) can be used to monitor which terminals need to be monitored by other network element devices such as MSC and GSN.
通过 ADMF将需要监控的终端相关的控制信令发送给 AG, 可以采用以下 两种方式:  The control information related to the terminal to be monitored is sent to the AG through ADMF. The following two methods are available:
通过 ADMF将需要监控的终端相关的控制信令发送给 AG, 参见图 lb所示 为发送控制信令的示意图; , 可以采用以下两种方式:  The control information related to the terminal to be monitored is sent to the AG through the ADMF. See the schematic diagram of the transmission control signaling shown in Figure lb. The following two methods are available:
方式一, 通过 ADMF将需要监控的终端的控制信令发送给核心网元, 由核 心网元将所述控制信令发送给 AG, 其中, 核心网元可以为 MSC、 GSN, 移动 管理节点 ( Mobility Management Entity, 以下简称 MME ) 等设备。  In the first mode, the control signaling of the terminal to be monitored is sent to the core network element by the ADMF, and the control signaling is sent to the AG by the core network element, where the core network element may be the MSC, the GSN, and the mobility management node (Mobility). Management Entity, hereinafter referred to as MME).
方式二, 预先建立 ADMF与 AG之间的接口, 通过该接口, ADMF将控制 信令直接发送给 AG。 AG收到该控制信令后, 可以将该控制信令下发给 AP, 由此使得该通信系统可以通过 AG或 AP实现对用户终端的各种业务的监控。  In the second mode, an interface between the ADMF and the AG is established in advance, and the ADMF sends the control signaling directly to the AG through the interface. After receiving the control signaling, the AG can send the control signaling to the AP, so that the communication system can monitor various services of the user terminal through the AG or the AP.
步驟 12、 所述用户接入设备根据所述控制信令, 获取所述终端的监控数据 以实现对所述终端的通信业务进行监控。  Step 12: The user access device acquires monitoring data of the terminal according to the control signaling to implement monitoring of the communication service of the terminal.
在本实施例中, 对终端进行监控可以采用以下两种方式: 1、 所述 AG根据 所述终端的控制信令, 获取所述终端的监控数据以实现对所述终端的通信业务 进行监控; 或, 2、 所迷 AG将所述终端的控制信令下发给 AP; 所述 AP根据所 述终端的控制信令, 获取所述终端的监控数据以实现对所述终端的通信业务进 行监控。  In this embodiment, the monitoring of the terminal may be performed in the following manners: 1. The AG acquires monitoring data of the terminal according to the control signaling of the terminal, so as to implement monitoring of the communication service of the terminal; Or, the AG sends the control signaling of the terminal to the AP; the AP acquires the monitoring data of the terminal according to the control signaling of the terminal, so as to implement monitoring of the communication service of the terminal. .
AP 根据控制信令, 获取监控终端的标识, 以确定需要对哪些终端进行监 控。 在本实施例中, 可以通过 AG或该 AP对各种类型的通信业务进行监控。  The AP obtains the identity of the monitoring terminal according to the control signaling to determine which terminals need to be monitored. In this embodiment, various types of communication services can be monitored by the AG or the AP.
对于所述终端的 CS业务的通信数据, 包括正常 CS业务、 本地交换的 CS 业务的通信数据, 进行监控时, 所述用户接入设备根据所述终端的标识, 将接 收到的所述终端的电路交换域业务的通信数据和信令数据复制后, 转发至监控 点 (可以为 LEA的 IP监控点)或通用分组无线服务技术支持节点 GSN以进行 监控。 具体方式如下: For the communication data of the CS service of the terminal, including the normal CS service and the communication data of the locally exchanged CS service, when the monitoring is performed, the user access device is connected according to the identifier of the terminal. After the received communication data and signaling data of the circuit switched domain service of the terminal are copied, the data is forwarded to a monitoring point (which may be an IP monitoring point of the LEA) or a general packet radio service technical support node GSN for monitoring. The specific method is as follows:
AP根据所述控制信令, 获取终端的标识, 获知需要监控的终端。 根据所述 终端的标识, 将接收到的该终端的 CS业务的通信数据和信令数据进行复制后转 发至 AG, 然后可以 AG把该终端的通信数据转发给 IP监控点, 或者也可以由 该 AP直接将通信数据和信令数据进行复制后转发至 IP监控点, 由此使得 LEA 可以通过该 IP监控点对该终端进行监控。  The AP obtains the identifier of the terminal according to the control signaling, and learns the terminal that needs to be monitored. Transmitting the received communication data and signaling data of the CS service of the terminal to the AG according to the identifier of the terminal, and then forwarding the communication data of the terminal to the IP monitoring point by the AG, or may also The AP directly copies the communication data and the signaling data and forwards it to the IP monitoring point, so that the LEA can monitor the terminal through the IP monitoring point.
AP 收到监控某个终端的指示后, 如果对应的终端有相应的电话或数据业 务, AP会将该通信数据和信令数据复制一份, 并把复制后的数据转换成 IP监 控点可以识别的格式, 经 AG汇聚后转给 IP监控点。  After receiving the indication of monitoring a terminal, if the corresponding terminal has a corresponding telephone or data service, the AP will copy the communication data and signaling data, and convert the copied data into an IP monitoring point to identify The format is transferred to the IP monitoring point after AG aggregation.
一般情况下, IP监控点可以识别网絡电话( Voice over Internet Protocol, 以 下简称 VOIP )对应的格式, 所以 AP将复制的数据转换成 IP监控点可以识别的 格式时, 可以默认的采用将 CS 数据的语音信令转换成应用层的信令控制协议 ( Session Initiation Protocol, 以下简称 SIP)信令, 将通信数据包转换成 VOIP格 式数据包的方式。 使得 IP监控点能够识别 AP发送的数据。  In general, the IP monitoring point can identify the format corresponding to Voice over Internet Protocol (VOIP). Therefore, when the AP converts the copied data into a format that can be recognized by the IP monitoring point, the CS data can be used by default. The voice signaling is converted into an application layer's Session Initiation Protocol (hereinafter referred to as SIP) signaling, and the communication data packet is converted into a VOIP format data packet. Enables the IP monitoring point to identify the data sent by the AP.
以监控终端 1与终端 2之间的通信为例进行说明, 参见图 lc为终端进行本 地交换的 CS业务的示意图, 终端 1与终端 2之间的业务属本地交换业务, 数据 流不经过 MSC。 AP根据需要监控的终端的 IMSI等信息, 发现有需要监控的通 信内容时, AP把终端 1与终端 2之间的通信内容复制一份并做相应的转换, 转 换后的通信内容汇聚 AG, AG把转化后的内容发给可以监控通信内容的 IP监控 点。  The communication between the terminal 1 and the terminal 2 is taken as an example. Referring to FIG. 1c, a schematic diagram of the CS service exchanged locally by the terminal is performed. The service between the terminal 1 and the terminal 2 is a local exchange service, and the data stream does not pass through the MSC. The AP copies the communication content between the terminal 1 and the terminal 2 according to the information such as the IMSI of the terminal to be monitored, and the AP converts the communication content between the terminal 1 and the terminal 2, and converts the converted communication content to AG, AG. The converted content is sent to an IP monitoring point that can monitor the communication content.
参见图 lc所示, 经过核心网的信令数据, 可以通过核心网的 IP监控点进行 监控; 在本地交换的信令数据或通信数据经过 AP的转换后, 发给 AG, AG汇 聚后转发给 IP监控点。  As shown in Figure lc, the signaling data of the core network can be monitored through the IP monitoring point of the core network. After the localized signaling data or communication data is converted by the AP, it is sent to the AG, and the AG is aggregated and forwarded to the AG. IP monitoring point.
监控终端的 PS业务数据时, 包括正常 PS业务数据和 PS域中 Gi口的业务 数据。 对正常 PS业务数据进行监控时, 所述用户接入设备根据所述控制信令, 获 取所述终端的标识; 根据所述终端的标识, 将接收到的所述终端的分组交换域 业务的通信数据复制后, 转发至 IP监控点进行监控; 并复制所述终端的信令数 据后, 转发至 GSN以进行监控。 When monitoring the PS service data of the terminal, the normal PS service data and the service data of the Gi port in the PS domain are included. When monitoring the normal PS service data, the user access device acquires the identifier of the terminal according to the control signaling; and according to the identifier of the terminal, the received communication of the packet switched domain service of the terminal After the data is copied, it is forwarded to the IP monitoring point for monitoring; and after copying the signaling data of the terminal, it is forwarded to the GSN for monitoring.
对正常 PS业务进行监控具体可以采用以下两种方式:  The following two methods can be used to monitor the normal PS service:
方式一, AP根据控制信令, 获取终端的标识, 获知需要监控的终端。 根据 所述终端的标识, 将接收到的该终端的 PS业务的通信数据进行复制后, 将这些 通信数据转发给 IP监控点进行监控。 同时, AP将终端的信令数据进行复制后, 发送给 GSN, 由此 LEA可以通过 GSN对终端的信令数据进行监控。  In the first manner, the AP obtains the identifier of the terminal according to the control signaling, and learns the terminal that needs to be monitored. And after the received communication data of the PS service of the terminal is copied according to the identifier of the terminal, the communication data is forwarded to an IP monitoring point for monitoring. At the same time, the AP copies the signaling data of the terminal and sends it to the GSN, so that the LEA can monitor the signaling data of the terminal through the GSN.
方式二, 参见图 Id所示为监控 PS域数据的场景示意图, 结合图 Id进行说 明, 本方式中, 需要建立 AP与 GSN之间的通道。 当需要监控该终端的 Gi口的 数据时, 会开启本地 Gi口功能以建立 AP与 GSN之间的通道, 由于 AP与 GSN 之间建立了通道, 则本地 Gi口的数据不再转发给 IP监控点, 而是把本地 Gi口 的数据复制一份转发到 AP与 GSN之间的通道上, 由此 LEA可以通过 GSN对 数据进行监控。  Mode 2, as shown in Figure Id, is a schematic diagram of a scenario for monitoring PS domain data. Referring to Figure Id, in this mode, a channel between the AP and the GSN needs to be established. When the data of the Gi port of the terminal needs to be monitored, the local Gi port function is enabled to establish a channel between the AP and the GSN. Since a channel is established between the AP and the GSN, the data of the local Gi port is not forwarded to the IP monitoring. Point, but copy the data of the local Gi port to the channel between the AP and the GSN, so that the LEA can monitor the data through the GSN.
对 PS域中 Gi口的业务进行监控时, 所述用户接入设备根据所述控制信令, 获取所述终端的标识; 根据所述终端的标识, 将接收到的所述终端的 PS 域中 Gi口的业务的通信数据以及信令数据复制后, 转发至接入点设备与 GSN之间的 通道上, 通过所述 GSN监控。  When monitoring the service of the Gi interface in the PS domain, the user access device acquires the identifier of the terminal according to the control signaling; and according to the identifier of the terminal, the received PS domain of the terminal After the communication data of the service of the Gi port and the signaling data are copied, the data is forwarded to the channel between the access point device and the GSN, and monitored by the GSN.
此外, 终端的通信业务还有可能是同时包括 CS业务和 PS业务, 此时可以 将数据复制、 转换的功能在 AG上实现。 此时, 监控终端的方法为: AP根据所 述控制信令, 获取需要监控的终端的标识; AP将该终端的 CS业务通信数据和 信令数据发送给 AG, AG将该电路交换域业务的通信数据和信令数据转换为 PS 类型的通信数据和信令数据; 并将转换后的通信数据和信令数据转发至 GSN, 使得 LEA可以通过 GSN进行监控, 而 PS域的通信业务仍采用上述的监控方法 进行监控, 由此使得在该通信系统中能够通过 GSN同时监控该终端的 CS业务 和 PS业务。 对于两个用户的通信业务采用了加密的情况, 由于加密过程发生在 AG中, 由此在对终端进行监控时, 若通过 AP复制并向监控设备转发通信数据, 则可釆 用以下方法: AP收到该控制信令后, 获取所述终端的标识; 根据所述终端的标 识, 将接收到的所述终端的未加密前的通信数据和信令数据复制后, 转发至监 控点进行监控。 若通过 AG复制并向监控设备转发通信数据, 则可采用以下方 法: AG收到该控制信令后, 获取所述终端的标识; 根据所述终端的标识, 将接 收到的所述终端的未加密前的通信数据和信令数据复制后, 转发至 IP监控点进 行监控。 由此使得通信系统能够对用户间加密的通信业务也能够进行监控。 In addition, the communication service of the terminal may also include the CS service and the PS service at the same time. At this time, the function of copying and converting data can be implemented on the AG. In this case, the method for monitoring the terminal is: the AP acquires the identifier of the terminal that needs to be monitored according to the control signaling; the AP sends the CS service communication data and signaling data of the terminal to the AG, and the AG exchanges the domain service. The communication data and the signaling data are converted into communication data and signaling data of the PS type; and the converted communication data and signaling data are forwarded to the GSN, so that the LEA can be monitored by the GSN, and the communication service of the PS domain still uses the above The monitoring method is monitored, thereby enabling simultaneous monitoring of the CS service and PS service of the terminal through the GSN in the communication system. For the communication service of two users, encryption is adopted. Since the encryption process occurs in the AG, when the terminal is monitored, if the AP replicates and forwards the communication data to the monitoring device, the following method can be used: AP After receiving the control signaling, the identifier of the terminal is obtained. The received communication data and signaling data of the terminal before being encrypted are copied according to the identifier of the terminal, and then forwarded to the monitoring point for monitoring. If the AG replicates and forwards the communication data to the monitoring device, the following method may be adopted: after receiving the control signaling, the AG acquires the identifier of the terminal; according to the identifier of the terminal, the received terminal is not After the communication data and signaling data before encryption are copied, they are forwarded to the IP monitoring point for monitoring. This enables the communication system to monitor the communication traffic encrypted between users.
本实施例通过向接入网关下发控制信令, 并通过用户接入设备进行终端的 监控, 解决了现有技术中无法监控未通过核心网的通信数据和信令数据的问 题, 满足了 LEA对终端的各种类型的通信业务进行监控的目的。  The present embodiment solves the problem that the communication data and signaling data that fail to pass the core network cannot be monitored in the prior art by transmitting control signaling to the access gateway and monitoring the terminal through the user access device, and satisfies the LEA. The purpose of monitoring various types of communication services of the terminal.
参见图 2为本发明实施例提供的一种通信系统, 包括: 管理实体 21和用户 接入设备 22, 其中用户接入设备 22包括接入网关和接入点设备。  2 is a communication system according to an embodiment of the present invention, including: a management entity 21 and a user access device 22, wherein the user access device 22 includes an access gateway and an access point device.
所述用户接入设备 22接收来自管理实体发送的控制信令; 所述控制信令中 包括需要监控的终端的标识; 根据所述控制信令, 获取所述终端的监控数据以 实现对所述终端的通信业务进行监控。  The user access device 22 receives the control signaling sent by the management entity; the control signaling includes the identifier of the terminal that needs to be monitored; and the monitoring data of the terminal is obtained according to the control signaling to implement the The communication service of the terminal is monitored.
管理实体 21下发包含终端标识的控制信令时可以采用以下两种方式: 管理实体 21将所述终端的控制信令发送给核心网元, 由所述核心网元将所 述控制信令发送给接入网关。  The management entity 21 may send the control signaling including the terminal identifier in the following two manners: The management entity 21 sends the control signaling of the terminal to the core network element, and the core network element sends the control signaling Give the access gateway.
或者, 管理实体 21 通过与接入网关之间的接口, 将所述控制信令直接发 送给接入网关。  Alternatively, the management entity 21 sends the control signaling directly to the access gateway through an interface with the access gateway.
接入网关收到控制信令后, 可以将控制信令转发给接入点设备。  After receiving the control signaling, the access gateway may forward the control signaling to the access point device.
在本实施例中, 对于所述需要监控的终端的通信业务包括电路交换域业务 的情况; 在进行监控时, 所述用户接入设备根据所述控制信令, 获取所述终端 的标识; 根据所述终端的标识, 将接收到的所述终端的电路交换域业务的通信 数据和信令数据复制后, 转发至监控点或 GSN以进行监控。  In this embodiment, the communication service of the terminal to be monitored includes a circuit switched domain service; when performing monitoring, the user access device acquires the identifier of the terminal according to the control signaling; And identifying, by the identifier of the terminal, the received communication data and signaling data of the circuit switched domain service of the terminal, and forwarding the data to the monitoring point or the GSN for monitoring.
对于所述需要监控的终端的通信业务包括正常分组交换域业务的情况, 在 进行监控时; 所述用户接入设备根据所述控制信令, 获取所述终端的标识; 根 据所述终端的标识, 将接收到的所述终端的分组交换域业务的通信数据复制 后, 转发至监控点进行监控; 并复制所述终端的信令数据后, 转发至 GSN以进 行监控。 For the case where the communication service of the terminal to be monitored includes a normal packet switched domain service, The user access device obtains the identifier of the terminal according to the control signaling, and copies the received communication data of the packet switched domain service of the terminal according to the identifier of the terminal, and forwards the data. Monitoring to the monitoring point; and copying the signaling data of the terminal, and then forwarding to the GSN for monitoring.
对于所述需要监控的终端的通信业务包括分组交换域中 Gi 口的业务的情 况, 在进行监控时, 所述用户接入设备根据所述控制信令, 获取所述终端的标 识; 根据所述终端的标识, 将接收到的所述终端的分组交换域中 Gi口的业务的 通信数据以及信令数据复制后, 转发至接入点设备与 GSN之间的通道上, 通过 所述 GSN监控。  For the case where the communication service of the terminal to be monitored includes the service of the Gi port in the packet switching domain, the user access device acquires the identifier of the terminal according to the control signaling when performing the monitoring; The identifier of the terminal is copied to the channel between the access point device and the GSN by the received communication data and the signaling data of the service of the Gi-switch in the packet exchange domain of the terminal, and is monitored by the GSN.
此外, 若需要监控的终端的通信业务为加密的通信业务; 则进行监控时, 所述接入网关根据所述控制信令, 获取所述终端的标识; 根据所述终端的标识, 将接收到的所述终端的未加密前的通信数据和信令数据复制后, 转发至 IP监控 点进行监控。  In addition, if the communication service of the terminal to be monitored is an encrypted communication service, when the monitoring is performed, the access gateway acquires the identifier of the terminal according to the control signaling; and receives the identifier according to the identifier of the terminal. After the unencrypted communication data and signaling data of the terminal are copied, the terminal is forwarded to an IP monitoring point for monitoring.
本实施例通过向接入网关下发控制信令, 并通过用户接入设备进行终端的 监控, 解决了现有技术中无法监控未通过核心网的通信数据和信令数据的问 题, 满足了 LEA对终端的各种类型的通信业务进行监控的目的。  The present embodiment solves the problem that the communication data and signaling data that fail to pass the core network cannot be monitored in the prior art by transmitting control signaling to the access gateway and monitoring the terminal through the user access device, and satisfies the LEA. The purpose of monitoring various types of communication services of the terminal.
本领域普通技术人员可以理解: 附图只是一个实施例的示意图, 附图中的 模块或流程并不一定是实施本发明所必须的。  It will be understood by those of ordinary skill in the art that the drawings are only a schematic representation of one embodiment, and the modules or processes in the drawings are not necessarily required to practice the invention.
本领域普通技术人员可以理解: 实施例中的装置中的模块可以是硬件实现 也可以是软件实现, 按照实施例描述分布于实施例的装置中, 也可以进行相应 变化位于不同于本实施例的一个或多个装置中。 上述实施例的模块可以合并为 一个模块, 也可以进一步拆分成多个子模块。  A person skilled in the art can understand that the modules in the device in the embodiment may be implemented in hardware or in software. The devices are distributed in the device according to the embodiment, and the corresponding changes may be different from the embodiment. In one or more devices. The modules of the above embodiments may be combined into one module, or may be further split into multiple sub-modules.
上述本发明实施例序号仅仅为了描述, 不代表实施例的优劣。  The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步骤可 以通过程序指令相关硬件来完成, 前述的程序可以存储于一计算机可读取存储 介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述的存储介 质包括: ROM、 RAM, 磁碟或者光盘等各种可以存储程序代码的介质。 最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对其限 制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通技术人员 应当理解: 其依然可以对前述实施例所记载的技术方案进行修改, 或者对其中 部分技术特征进行等同替换; 而这些修改或者替换, 并不使相应技术方案的本 质脱离本发明实施例技术方案的精神和范围。 A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by program instruction related hardware, and the foregoing program may be stored in a computer readable storage medium, and when executed, the program includes The foregoing steps of the method embodiment; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk. It should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: The technical solutions described in the foregoing embodiments are modified, or the equivalents of the technical features are replaced by the equivalents of the technical solutions of the embodiments of the present invention.

Claims

权利要求书 Claim
1、 一种监控终端的方法, 其特征在于, 包括:  A method for monitoring a terminal, comprising:
用户接入设备接收来自管理实体发送的控制信令; 所述控制信令中包括需 要监控的终端的标识;  The user access device receives control signaling sent by the management entity; the control signaling includes an identifier of the terminal that needs to be monitored;
所述用户接入设备根据所述控制信令, 获取所述终端的监控数据以实现对 所述终端的通信业务进行监控。  The user access device acquires monitoring data of the terminal according to the control signaling to implement monitoring of the communication service of the terminal.
2、 根据权利要求 1所述的监控终端的方法, 其特征在于, 所述用户接入设 备包括接入点设备和接入网关。  2. The method of monitoring a terminal according to claim 1, wherein the user access device comprises an access point device and an access gateway.
3、 根据权利要求 1或 2所述的监控终端的方法, 其特征在于, 所述需要监 控的终端的通信业务包括电路交换域业务;  The method for monitoring a terminal according to claim 1 or 2, wherein the communication service of the terminal that needs to be monitored includes a circuit switched domain service;
所述用户接入设备根据所述控制信令, 获取所述终端的监控数据以实现对 所述终端的通信业务进行监控, 包括:  The user access device acquires monitoring data of the terminal according to the control signaling, so as to implement monitoring of the communication service of the terminal, including:
所述用户接入设备根据所述控制信令, 获取所述终端的标识;  Obtaining, by the user access device, an identifier of the terminal according to the control signaling;
所述用户接入设备根据所述终端的标识, 将接收到的所述终端的电路交换 域业务的通信数据和信令数据复制后, 转发至监控点或通用分组无线服务技术 支持节点 GSN以进行监控。  The user access device copies the received communication data and signaling data of the circuit switched domain service of the terminal according to the identifier of the terminal, and forwards the data to the monitoring point or the general packet radio service technical support node GSN. monitor.
4、 根据权利要求 1或 2所述的监控终端的方法, 其特征在于, 所述需要监 控的终端的通信业务包括正常分组交换域业务;  The method for monitoring a terminal according to claim 1 or 2, wherein the communication service of the terminal that needs to be monitored includes a normal packet switched domain service;
所述用户接入设备根据所述控制信令, 获取所述终端的监控数据以实现对 所述终端的通信业务进行监控, 包括:  The user access device acquires monitoring data of the terminal according to the control signaling, so as to implement monitoring of the communication service of the terminal, including:
所述用户接入设备根据所述控制信令, 获取所述终端的标识;  Obtaining, by the user access device, an identifier of the terminal according to the control signaling;
所述用户接入设备根据所述终端的标识, 将接收到的所述终端的分组交换 域业务的通信数据复制后, 转发至监控点进行监控; 并复制所述终端的信令数 据后, 转发至 GSN以进行监控。  The user access device copies the received communication data of the packet switched domain service of the terminal according to the identifier of the terminal, and then forwards the data to the monitoring point for monitoring; and after copying the signaling data of the terminal, forwarding Go to the GSN for monitoring.
5、 根据权利要求 2所述的监控终端的方法, 其特征在于, 所述需要监控的 终端的通信业务包括分组交换域中 Gi口的业务;  The method for monitoring a terminal according to claim 2, wherein the communication service of the terminal to be monitored includes a service of a Gi port in a packet switching domain;
所述用户接入设备根据所述控制信令, 获取所述终端的监控数据以实现对 所述终端的通信业务进行监控, 包括: The user access device acquires monitoring data of the terminal according to the control signaling to implement The communication service of the terminal is monitored, including:
所述用户接入设备根据所述控制信令, 获取所述终端的标识;  Obtaining, by the user access device, an identifier of the terminal according to the control signaling;
所述用户接入设备根据所述终端的标识 , 将接收到的所述终端的分组交换 域中 Gi 口的业务的通信数据以及信令数据复制后, 转发至接入点设备与 GSN 之间的通道上, 以通过所述 GSN监控。  Transmitting, by the user access device, the communication data and signaling data of the service of the Gi port in the packet switched domain of the terminal, according to the identifier of the terminal, and forwarding the data to the access point device and the GSN. On the channel, to monitor through the GSN.
6、 根据权利要求 2所述的监控终端的方法, 其特征在于, 所述需要监控的 终端的通信业务为加密的通信业务;  The method for monitoring a terminal according to claim 2, wherein the communication service of the terminal to be monitored is an encrypted communication service;
所述用户接入设备根据所述控制信令, 获取所述终端的监控数据以实现对 所述终端的通信业务进行监控, 包括:  The user access device acquires monitoring data of the terminal according to the control signaling, so as to implement monitoring of the communication service of the terminal, including:
所述接入网关根据所述控制信令, 获取所述终端的标识;  Obtaining, by the access gateway, an identifier of the terminal according to the control signaling;
所述接入网关根据所述终端的标识, 将接收到的所述终端的未加密前的通 信数据和信令数据复制后 , 转发至监控点以进行监控。  The access gateway copies the received communication data and signaling data before the encryption of the terminal according to the identifier of the terminal, and then forwards the data to the monitoring point for monitoring.
7、 一种用户接入设备, 其特征在于,  7. A user access device, characterized in that
所述用户接入设备用于接收来自所述管理实体发送的控制信令; 所述控制 信令中包括需要监控的终端的标识; 根据所述控制信令, 获取所述终端的监控 数据以实现对所述终端的通信业务进行监控。  The user access device is configured to receive control signaling sent by the management entity; the control signaling includes an identifier of a terminal that needs to be monitored; and acquiring, according to the control signaling, monitoring data of the terminal to implement Monitoring the communication service of the terminal.
8、 根据权利要求 7所述的用户接入设备, 其特征在于, 所述用户接入设备 包括接入点设备和接入网关。  The user access device according to claim 7, wherein the user access device comprises an access point device and an access gateway.
9、 根据权利要求 7或 8所述的用户接入设备, 其特征在于, 所述需要监控 的终端的通信业务包括电路交换域业务;  The user access device according to claim 7 or 8, wherein the communication service of the terminal to be monitored comprises a circuit switched domain service;
所述用户接入设备用于根据所述控制信令, 获取所述终端的标识; 根据所 述终端的标识, 将接收到的所述终端的电路交换域业务的通信数据和信令数据 复制后, 转发至监控点或通用分组无线服务技术支持节点 GSN以进行监控。  The user access device is configured to obtain an identifier of the terminal according to the control signaling, and copy the received communication data and signaling data of the circuit switched domain service of the terminal according to the identifier of the terminal. , forwarded to the monitoring point or the general packet radio service technical support node GSN for monitoring.
10、 根据权利要求 7或 8所述的用户接入设备, 其特征在于, 所述需要监 控的终端的通信业务包括正常分组交换域业务;  The user access device according to claim 7 or 8, wherein the communication service of the terminal that needs to be monitored includes a normal packet switched domain service;
所述用户接入设备用于根据所述控制信令, 获取所述终端的标识; 根据所 述终端的标识, 将接收到的所述终端的分组交换域业务的通信数据复制后, 转 发至监控点进行监 并复制所述终端的信令数据后, 转发至 GSN以进行监控。 The user access device is configured to obtain an identifier of the terminal according to the control signaling, and copy the received communication data of the packet switched domain service of the terminal according to the identifier of the terminal, and then forward to monitoring After monitoring and copying the signaling data of the terminal, the point is forwarded to the GSN for monitoring.
11、 根据权利要求 8 所述的用户接入设备, 其特征在于, 所述需要监控的 终端的通信业务包括分组交换域中 Gi口的业务; The user access device according to claim 8, wherein the communication service of the terminal to be monitored includes a service of a Gi port in the packet switching domain;
所述用户接入设备用于根据所述控制信令, 获取所述终端的标识; 根据所 述终端的标识, 将接收到的所述终端的分组交换域中 Gi口的业务的通信数据以 及信令数据复制后, 转发至接入点设备与 GSN之间的通道上, 以通过所述 GSN 监控。  The user access device is configured to obtain, according to the control signaling, an identifier of the terminal, and according to the identifier of the terminal, receive communication data and a service of a service of a Gi port in a packet switching domain of the terminal according to the identifier of the terminal. After the data is copied, it is forwarded to the channel between the access point device and the GSN for monitoring by the GSN.
12、 根据权利要求 8 所述的用户接入设备, 其特征在于, 所述需要监控的 终端的通信业务为加密的通信业务;  The user access device according to claim 8, wherein the communication service of the terminal to be monitored is an encrypted communication service;
所述接入网关用于根据所述控制信令, 获取所述终端的标识; 根据所述终 端的标识, 将接收到的所述终端的未加密前的通信数据和信令数据复制后, 转 发至监控点以进行监控。  The access gateway is configured to obtain an identifier of the terminal according to the control signaling, and copy the received communication data and signaling data before the encryption according to the identifier of the terminal, and forward the Go to the monitoring point for monitoring.
PCT/CN2012/070489 2011-01-19 2012-01-17 Method and communication system for monitoring terminal WO2012097727A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2011100217170A CN102123367A (en) 2011-01-19 2011-01-19 Method for monitoring terminal and communication system
CN201110021717.0 2011-01-19

Publications (1)

Publication Number Publication Date
WO2012097727A1 true WO2012097727A1 (en) 2012-07-26

Family

ID=44251782

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/070489 WO2012097727A1 (en) 2011-01-19 2012-01-17 Method and communication system for monitoring terminal

Country Status (2)

Country Link
CN (1) CN102123367A (en)
WO (1) WO2012097727A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102394788A (en) * 2011-09-08 2012-03-28 薛亮 Method for equipment monitoring universal interface
CN104640094B (en) * 2015-02-25 2018-07-24 深圳酷派技术有限公司 A kind of cell accessing method, convergence terminal and access terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110719A (en) * 2007-08-24 2008-01-23 中兴通讯股份有限公司 Method and system for legally monitoring IP multimedia subsystem network
CN101110715A (en) * 2006-07-18 2008-01-23 华为技术有限公司 Method for transmitting legal monitoring information
WO2010076470A1 (en) * 2008-12-18 2010-07-08 Alcatel Lucent Adaptation system for a legal interception in different communication networks
CN101835132A (en) * 2010-04-21 2010-09-15 中兴通讯股份有限公司 Method and system for lawful monitoring and dispatching of IP multimedia subsystem domain

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119390A (en) * 2007-08-29 2008-02-06 杭州华三通信技术有限公司 Wireless terminal locating method, system and device
CN101594340B (en) * 2008-05-28 2012-07-04 上海贝尔阿尔卡特股份有限公司 Method and device for realizing internet lawful interception

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110715A (en) * 2006-07-18 2008-01-23 华为技术有限公司 Method for transmitting legal monitoring information
CN101110719A (en) * 2007-08-24 2008-01-23 中兴通讯股份有限公司 Method and system for legally monitoring IP multimedia subsystem network
WO2010076470A1 (en) * 2008-12-18 2010-07-08 Alcatel Lucent Adaptation system for a legal interception in different communication networks
CN101835132A (en) * 2010-04-21 2010-09-15 中兴通讯股份有限公司 Method and system for lawful monitoring and dispatching of IP multimedia subsystem domain

Also Published As

Publication number Publication date
CN102123367A (en) 2011-07-13

Similar Documents

Publication Publication Date Title
US7969968B2 (en) Lawful interception in wireline broadband networks
JP4673369B2 (en) Method and apparatus for providing correlation means in a hybrid communication network
JP3904142B2 (en) Common billing ID for communication network
TWI397287B (en) Method and system for providing information of related communication sessions in hybrid telecommunication networks
RU2435205C2 (en) Method for legal eavesdropping and apparatus for realising said method
US20080275988A1 (en) Method And System For Lawful Interception In Next Generation Networks
WO2006128365A1 (en) A method for obtaining the qos information of the session
US10320851B2 (en) Methods and devices for detecting and correlating data packet flows in a lawful interception system
WO2009127155A1 (en) Method for realizing local exchange, device and system thereof
JP2004088532A (en) Mobile communication system, method for controlling operation of the same, node to be used for the same and radio controller
WO2016103006A1 (en) Media performance monitoring and analysis
JP2012039219A (en) Mobile communication method and priority control node
WO2011095039A1 (en) Method, system and device for negotiating end-to-end session key
US10015664B2 (en) Service routing optimization
WO2013159623A1 (en) Method and device for instructing and implementing communication monitoring
WO2014173224A1 (en) Session association method, apparatus, and system
WO2010130136A1 (en) System for color ring back tone service and color ring back tone service shielding method
WO2012097727A1 (en) Method and communication system for monitoring terminal
CN113169884A (en) Removing application identifiers
US7764600B1 (en) Providing an alternative service application to obtain a communication service when the current service application is inhibited
WO2017157255A1 (en) Local breakout-based data interception method and device
US20240015512A1 (en) Content Filtering Support for Protocols with Encrypted Domain Name Server
WO2022008089A1 (en) User equipment tethering policy
JP5506703B2 (en) Communication system and mobility anchor
WO2009076846A1 (en) A processing method for emergency service call

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12736947

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12736947

Country of ref document: EP

Kind code of ref document: A1