WO2018137171A1 - Data processing method and communication system for lawful interception - Google Patents

Data processing method and communication system for lawful interception Download PDF

Info

Publication number
WO2018137171A1
WO2018137171A1 PCT/CN2017/072594 CN2017072594W WO2018137171A1 WO 2018137171 A1 WO2018137171 A1 WO 2018137171A1 CN 2017072594 W CN2017072594 W CN 2017072594W WO 2018137171 A1 WO2018137171 A1 WO 2018137171A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
entity
user plane
distribution function
control plane
Prior art date
Application number
PCT/CN2017/072594
Other languages
French (fr)
Chinese (zh)
Inventor
聂胜贤
周润泽
陈中平
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2017/072594 priority Critical patent/WO2018137171A1/en
Publication of WO2018137171A1 publication Critical patent/WO2018137171A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application relates to the field of lawful interception, and in particular, to a data processing method and a communication system for lawful interception.
  • Lawful interception refers to the law enforcement behavior of the law enforcement agencies (LEA) that are approved by the corresponding authorized authorities to monitor the public communication network communication services according to relevant national laws and public communication network industry norms.
  • LEA law enforcement agencies
  • the control plane entity In a communication architecture in which the control plane entity and the user plane entity are separated, when a user needs to be monitored, the user plane entity needs to frequently report the packet header information for lawful interception to the control plane entity through the Sx interface.
  • the interface between the control plane entity and the user plane entity in addition to carrying the information related to the lawful interception, bears other services, and the frequent reporting of the lawful interception related information will result in an interface between the user plane entity and the control plane entity.
  • the burden is too heavy.
  • the present application provides a data processing method and a communication system for lawful interception, which can reduce the interface burden between the user plane entity and the control plane entity.
  • the present application provides a data processing method for lawful interception, the method comprising:
  • the monitoring function of the control plane entity is activated by the management function entity, and after the monitoring function of the control plane entity is activated, the control plane entity sends the monitoring management information to the user plane entity, and correspondingly, the user plane
  • the entity receives the monitoring management information sent by the control plane entity, where the monitoring management information includes the destination address information of the user plane information in the packet data header event for legal interception, where the destination address information is the address of the second distribution function entity, and the user plane entity
  • the user plane information in the packet header event is sent to the second distribution function entity according to the destination address information.
  • the control plane entity generates control plane information in the packet header event based on the context and transmits control plane information in the packet header event to the first distribution function entity.
  • the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
  • the snoop management information also includes associated information.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the user plane information in the packet data header event and the control plane information in the packet data header event carry associated information, and the association information is used to associate user plane information and packet data in the information associated packet header event. Control surface information in the header event.
  • implementation of the present application can be further improved by associating the user plane information in the packet header event with the control plane information in the packet header event.
  • the second distribution function entity after the second distribution function entity receives the user plane information in the packet header event sent by the user plane entity, the second distribution function entity sends the user plane information in the packet header event to the law enforcement interception device; After the distribution function entity receives the control plane information in the packet header event sent by the control plane entity, the first distribution The function entity sends the control plane information in the packet data header event to the law enforcement interception device; after the law enforcement interception device acquires the user plane information in the packet data header event and the control plane information in the packet data header event, the packet data header may be associated according to the association information. User plane information in the event and control plane information in the packet header event.
  • the second distribution function entity after the second distribution function entity receives the user plane information in the packet header event, the second distribution function entity sends the user plane information in the packet header event to the first distribution function entity; the first distribution function After the entity acquires the user plane information in the packet data header event and the control plane information in the packet data header event, the user plane information in the packet header event and the control plane information in the packet header event may be associated according to the association information.
  • the network element of the user plane information in the associated packet data header event and the control plane information in the packet header event can be the law enforcement interception device or the first distribution function entity, which enriches the implementation manner of the embodiment of the present invention.
  • the control plane entity before the control plane entity sends the monitoring management information to the user plane entity, the control plane entity receives the first monitoring activation message sent by the management function entity, and the first monitoring activation message is used to activate the monitoring function of the control plane entity. It is also used to instruct the control plane entity to listen to packet header events.
  • the second distribution function entity receives the second monitoring activation message sent by the management function entity, and the second monitoring activation message is used to activate the second distribution function.
  • the intercepting function of the entity is further configured to instruct the second distribution function entity to forward the user plane information in the packet data header event sent by the user plane entity.
  • the first distribution function entity before the control plane entity sends the monitoring management information to the user plane entity, the first distribution function entity receives a third monitoring activation message sent by the management function entity, and the third monitoring activation message is used to activate the first distribution function.
  • the listening function of the entity is further configured to instruct the first distribution function entity to associate the user plane information in the packet data header event with the control plane information in the packet data header event.
  • the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content, and the monitoring management information is further used to activate the data backup function of the user plane entity, and receive the control plane on the user plane entity.
  • the user plane entity After the interception management information sent by the entity, the user plane entity sends the communication content to the second distribution function entity.
  • the present application further provides a communication system, where the system includes a user plane entity and a control plane entity, wherein the user plane entity is configured to receive the monitoring management information sent by the control plane entity, and the monitoring management information includes: The destination address information of the user plane information in the packet header event, and the user plane information in the packet header event sent to the second distribution function entity according to the destination address information.
  • the control plane entity is configured to generate control plane information in the packet header event based on the context and to send control plane information in the packet header event to the first distribution function entity.
  • the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
  • the snoop management information also includes associated information.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the user plane information in the packet data header event and the control plane information in the packet header event carry associated information, and the association information is used to associate user plane information and packet header events in the packet header event.
  • the system also includes a second distribution function entity and a first distribution function entity and law enforcement Listening to the device, wherein the second distribution function entity is configured to send the user plane information in the packet data header event to the law enforcement interception device; the first distribution function entity is configured to send the control plane information in the packet data header event to the law enforcement interception device; The listening device is configured to associate the user plane information in the packet data header event with the control plane information in the packet header event according to the association information.
  • the system further includes a second distribution function entity and a first distribution function entity, wherein the second distribution function is configured to send the user plane information in the packet data header event to the first distribution function entity;
  • the distribution function entity is configured to associate the user plane information in the packet header event and the control plane information in the packet header event according to the association information.
  • the network element of the user plane information in the associated packet data header event and the control plane information in the packet header event can be the law enforcement interception device or the first distribution function entity, which enriches the implementation manner of the embodiment of the present invention.
  • control plane entity is further configured to receive a first monitoring activation message sent by the management function entity, where the first monitoring activation message is used to activate the monitoring function of the control plane entity, and is further used to instruct the control plane entity to listen to the packet data. Head event.
  • the second distribution function entity is further configured to receive a second monitoring message sent by the management function entity, where the second monitoring activation message is used to activate the monitoring function of the second distribution function entity, and is further used to indicate the second The distribution function entity forwards the user plane information in the packet header event sent by the user plane entity.
  • the first distribution function is further configured to receive a third monitoring activation message sent by the management function entity, where the third monitoring activation message is used to activate the monitoring function of the first distribution function entity, and is also used to indicate the first distribution.
  • the functional entity associates the user plane information in the packet header event with the control plane information in the packet header event.
  • the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content
  • the monitoring management information is also used to activate the data backup function of the user plane entity, and the user plane entity receives the monitoring. After the management information, the user plane entity further sends the communication content to the second distribution function entity.
  • the application further provides a data processing method for lawful interception, the method comprising:
  • the user plane entity receives the monitoring management information sent by the control plane entity, and the monitoring management information includes the destination address information of the user plane information in the packet data header event for legal interception, where the destination address information is the address of the first distribution function entity, and the user
  • the polygon entity sends the user plane information in the packet header event to the first distribution function entity according to the destination address information.
  • the control plane entity generates control plane information in the packet header event based on the context and transmits control plane information in the packet header event to the first distribution function entity.
  • the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
  • the snoop management information also includes associated information.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the user plane information in the packet data header event and the control plane information in the packet header event carry associated information, and the association information is used to associate user plane information and packet header events in the packet header event.
  • implementation of the present application can be further improved by associating the user plane information in the packet header event with the control plane information in the packet header event.
  • the first distribution function entity after the first distribution function entity receives the user plane information in the packet header event and the control plane information in the packet header event, the first distribution function entity associates the user in the packet header event according to the association information. Control surface information in face information and packet header events.
  • the control plane entity before the control plane entity sends the monitoring management information to the user plane entity, the control plane entity receives the first monitoring activation message sent by the management function entity, where the first monitoring activation message is used to instruct the control plane entity to listen to the packet data. Head event.
  • the first distribution function entity receives a third monitoring activation message sent by the management function entity, and the third monitoring activation message is used to indicate the first distribution function.
  • the entity associates the user plane information in the packet header event and the control plane information in the packet header event.
  • the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content
  • the monitoring management information is further used to activate the data backup function of the user plane entity, and receive the control plane on the user plane entity.
  • the user plane entity further sends the communication content to the second distribution function entity.
  • the application further provides a communication system, where the system includes a user plane entity and a control plane entity, wherein the user plane entity is configured to receive the monitoring management information sent by the control plane entity, and the monitoring management information includes: The destination address information of the user plane information in the packet data header event, the destination address information is an address of the first distribution function entity, and the user plane entity is further configured to send the packet data header event to the first distribution function entity according to the destination address information.
  • the control plane entity is configured to generate control plane information in the packet header event according to the context and send control plane information in the packet header event to the first distribution function entity.
  • the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
  • the snoop management information also includes associated information.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the user plane information in the packet data header event and the control plane information in the packet header event carry associated information, and the association information is used to associate user plane information and packet header events in the packet header event.
  • implementation of the present application can be further improved by associating the user plane information in the packet header event with the control plane information in the packet header event.
  • the system further includes a first distribution function entity for associating user plane information in the packet header event and control plane information in the packet header event based on the association information.
  • control plane entity is further configured to receive a first interception activation message sent by the management function entity, where the first interception activation message is used to instruct the control plane entity to listen to the packet data header event.
  • the first distribution function entity is further configured to receive a third interception activation message sent by the management function entity, where the third interception activation message is used to indicate that the first distribution function entity associates the user plane information in the packet data header event. And control plane information in packet header events.
  • the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content, and the monitoring management information is also used to activate the data backup function of the user plane entity, and the user plane entity is also used for The communication content is sent to the second distribution function entity.
  • the application further provides a data processing method for lawful interception, the method comprising:
  • the user plane entity receives the interception management information sent by the control plane entity, and the interception management information includes destination address information and associated information of the user plane information in the packet data header event for legal interception, where the destination address information is the second distribution function entity
  • the address or the address of the third distribution function entity the user plane entity sends the user plane information in the packet data header event to the second distribution function entity or the third distribution function entity according to the destination address information, wherein the user in the packet data header event
  • the face information carries the associated information, and the associated information is used to associate the user plane information in the packet header event with the control plane information in the packet header event.
  • the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the monitoring management information is used to activate the data backup function of the user plane entity.
  • the user plane entity After receiving the monitoring management information sent by the control plane entity, the user plane entity further includes the user plane entity sending the communication content to the second distribution function entity.
  • the present application further provides a data processing method for lawful interception, the method comprising:
  • the control plane entity sends the monitoring management information to the user plane entity, where the monitoring management information includes destination address information and associated information of the user plane information in the packet data header event for legal interception, and the destination address information is the address of the second distribution function entity. Or the address of the third distribution function entity.
  • the control plane entity generates control plane information in the packet data header event according to the context, and sends control plane information in the packet data header event to the first distribution function entity, where the control plane information in the packet data header event carries the association information, where The association information is used to associate the user plane information in the packet header event with the control plane information in the packet header event.
  • the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the control plane entity before the control plane entity sends the monitoring management information to the user plane entity, the control plane entity receives the first monitoring activation message sent by the management function entity, where the first monitoring activation message is used to instruct the control plane entity to listen to the packet data. Head event.
  • the first snoop activation message is specifically used to instruct the control plane entity to listen to packet header events and communication content for lawful interception.
  • the application further provides a data processing method for lawful interception, the method comprising:
  • the law enforcement intercepting device receives the control plane information in the packet data header event sent by the first distribution function entity, wherein the control plane information in the packet data header event carries the associated information.
  • the law enforcement intercepting device receives the user plane information in the packet data header event sent by the second distribution function entity, where the user plane information in the packet data header event carries the associated information.
  • the law enforcement interception device associates the control plane information in the packet header event with the user plane information in the packet header event according to the association information.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the law enforcement interception device receives the communication content sent by the second distribution function entity, wherein The communication content carries the associated information, and the law enforcement interception device associates the control plane information in the packet header event, the user plane information in the packet header event, and the communication content according to the association information.
  • the application further provides a data processing method for lawful interception, the method comprising:
  • the first distribution function entity receives control plane information in a packet header event sent by the control plane entity, wherein the control plane information in the packet header event carries the association information.
  • the first distribution function entity receives the user plane information in the packet data header event sent by the second distribution function entity or the user plane entity, where the user plane information in the packet data header event carries the association information.
  • the first distribution function entity associates the control plane information in the packet header event with the user plane information in the packet header event according to the association information.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the first distribution function entity before the first distribution function entity receives the user plane information in the packet header event and the control plane information in the packet header event, the first distribution function entity receives the third intercept activation sent by the management function entity.
  • the third monitoring activation message is used to activate the listening function of the first distribution function entity, and is further configured to instruct the first distribution function entity to associate the user plane information in the packet data header event with the control plane information in the packet data header event.
  • the application further provides a data processing method for lawful interception, the method comprising:
  • the second distribution function entity receives the user plane information in the packet data header event sent by the user plane entity, where the user plane information in the packet data header event carries the association information.
  • the second distribution function entity sends the user plane information in the packet header event to the law enforcement interception device or the first distribution function entity, so that the law enforcement interception device or the first distribution function entity associates the user plane information in the packet header event according to the association information.
  • control plane information in packet header events are examples of packet header events.
  • the associated information includes a correlation identifier or correlation coefficient or sequence.
  • the second distribution function entity before the second distribution function entity receives the user plane information in the packet data header event sent by the user plane entity, the second distribution function entity receives the second interception activation message sent by the management function entity, and the second interception The activation message is used to activate the listening function of the second distribution function entity, and is further configured to instruct the second distribution function entity to forward the user plane information in the packet data header event sent by the user plane entity.
  • the second distribution function entity receives the communication content sent by the user plane entity, wherein the communication content carries the association information. The second distribution function entity then sends the communication content to the law enforcement interception device.
  • the present application provides a user plane entity having a function of implementing user plane entity behavior in the above method example.
  • the functions may be implemented by hardware or by corresponding software implemented by hardware.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the structure of the user plane entity includes a processor and a communication interface configured to support the user plane entity to perform the corresponding functions in the above methods.
  • the communication interface is configured to support communication between the user plane entity and the control plane entity, the first distribution function entity, or the second distribution function entity.
  • the user plane entity may further include a memory for coupling with the processor, which stores program instructions and data necessary for the user plane entity.
  • the present application provides a control plane entity having the function of implementing the behavior of a control plane entity in the above method examples.
  • the functions may be implemented by hardware or by corresponding software implemented by hardware.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the structure of the control plane entity includes a processor and a communication interface, and the processor is configured Set to support the control plane entity to perform the corresponding functions in the above methods.
  • the communication interface is configured to support communication between the control plane entity and the user plane entity, the first distribution function entity, or the management function entity.
  • the control plane entity may further comprise a memory for coupling with the processor, which stores program instructions and data necessary for the control plane entity.
  • the present application provides a law enforcement interception device having a function of implementing the behavior of a law enforcement listening device in the above method example.
  • the functions may be implemented by hardware or by corresponding software implemented by hardware.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the structure of the law enforcement interception device includes a processor and a communication interface configured to support the law enforcement listening device to perform the corresponding functions in the above methods.
  • the communication interface is for supporting communication between the law enforcement interception device and the management function entity, the first distribution function entity, or the second distribution function entity.
  • the law enforcement listening device can also include a memory for coupling with the processor that holds program instructions and data necessary for the law enforcement listening device.
  • the present application provides a first distribution function entity having a function of implementing the behavior of a first distribution function entity in the above method example.
  • the functions may be implemented by hardware or by corresponding software implemented by hardware.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the first distribution function entity includes a processor and a communication interface configured to support the first distribution function entity to perform a corresponding function in the above method.
  • the communication interface is configured to support communication between the first distribution function entity and the management function entity, the second distribution function entity, the control plane entity, the law enforcement interception device, or the user plane entity.
  • the first distribution function entity may further include a memory for coupling with the processor, which stores program instructions and data necessary for the law enforcement listening device.
  • the present application provides a second distribution function entity having a function of implementing the behavior of the second distribution function entity in the above method example.
  • the functions may be implemented by hardware or by corresponding software implemented by hardware.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the structure of the second distribution function entity includes a processor and a communication interface, the processor being configured to support the second distribution function entity to perform a corresponding function in the above method.
  • the communication interface is configured to support communication between the second distribution function entity and the management function entity, the first distribution function entity, the law enforcement interception device, or the user plane entity.
  • the second distribution function entity may further include a memory for coupling with the processor, which stores program instructions and data necessary for the law enforcement listening device.
  • Yet another aspect of the present application provides a computer readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the methods described in the above aspects.
  • the user plane entity receives the interception management information sent by the control plane entity, and the interception management information includes the destination address information of the user plane information in the packet data header event for legal interception, and the control plane entity generates the context information according to the context.
  • the control plane information in the packet header event is grouped, and the control plane information in the packet header event is sent to the first distribution function entity.
  • the user plane entity sends the user plane information in the packet header event to the second distribution function entity according to the destination address information. It can be seen that the user plane entity no longer sends the user plane information in the packet header event to the control plane entity, thereby reducing the interface burden between the user plane entity and the control plane entity.
  • FIG. 1 is a schematic diagram of a possible network architecture provided by the present application.
  • FIG. 2 is a schematic diagram of another possible network architecture provided by the present application.
  • FIG. 3 is a schematic diagram of another possible network architecture provided by the present application.
  • FIG. 4 is a schematic diagram of communication of a data processing method for lawful interception provided by the present application.
  • FIG. 5 is a schematic diagram of communication of another data processing method for lawful interception provided by the present application.
  • FIG. 6 is a schematic diagram of communication of another data processing method for lawful interception provided by the present application.
  • FIG. 7A is a schematic block diagram of a user plane entity provided by the present application.
  • FIG. 7B is a schematic structural diagram of a user plane entity provided by the present application.
  • FIG. 8A is a schematic block diagram of a control plane entity provided by the present application.
  • 8B is a schematic structural diagram of a control plane entity provided by the present application.
  • 9A is a schematic block diagram of a law enforcement listening device provided by the present application.
  • 9B is a schematic structural diagram of a law enforcement listening device provided by the present application.
  • FIG. 10A is a schematic block diagram of a first distribution function entity provided by the present application.
  • FIG. 10B is a schematic structural diagram of a first distribution function entity provided by the present application.
  • 11A is a schematic block diagram of a second distribution function entity provided by the present application.
  • FIG. 11B is a schematic structural diagram of a second distribution function entity provided by the present application.
  • Lawful interception refers to the law enforcement behavior of the law enforcement agencies (LEA) that are approved by the corresponding authorized authorities to monitor the public communication network communication services according to relevant national laws and public communication network industry norms.
  • the Intercept Related Information (IRI) in lawful interception includes Packet Data Header Information.
  • the interception related information in the lawful interception may further include other events in the lawful interception generated by the control plane entity.
  • the packet data header event includes a packet data header report event and a packet data summary report event.
  • the packet data header event includes control plane information in the packet data header event and user plane information in the packet data header event, and the control plane information generated by the control plane entity is a packet event, and may also be referred to as a first event.
  • the packet data header reporting event in the first event includes but is not limited to event type (Event Type), location information (Location Information) and the like, and the packet data statistical reporting event in the first event includes but is not limited to logical function information (Logical Function) Information), User Address Information (UE Address Info) and other information.
  • the user plane information generated by the user plane entity is a packet data header event, It may also be referred to as a second event, and the packet data header reporting event in the second event includes, but is not limited to, a destination port number, a packet size, and the like, and the packet data is reported in the second event. Events include, but are not limited to, source IP address, destination IP address, and the like. This article uses the same description for the above nouns and will not be described again.
  • FIG. 1 is a schematic diagram of a possible network architecture provided by the present application.
  • the network architecture shown in FIG. 1 mainly includes the following network elements:
  • the Control Plane (CP) entity mainly manages and controls the user plane entity, and issues rules for the user plane.
  • the control plane entity sends the monitoring management information to the user plane entity, and sends the control plane information in the packet data header event to the first distribution function entity.
  • User Plane (UP) entity mainly used for data forwarding, and accepts management of control plane entities.
  • the user plane entity does not send the user plane information in the packet data header event of the lawful interception to the control plane entity, but sends the information to the second distribution function entity, and the user plane entity may also be the second distribution function.
  • the entity provides the communication content of the monitored target, such as the content of the data portion of the data packet.
  • the first distribution function entity the first distribution function entity is the DF2 in FIG. 1 , and is mainly used to distribute the Intercept Related Information (IRI).
  • the first distribution function entity receives Control plane information in the packet header event sent by the control plane entity.
  • the second distribution function entity the second distribution function entity is DF3 in FIG. 1, and is mainly used for distributing communication content, for example, the content of the data part in the data packet.
  • the second distribution function entity is further configured to receive and forward the user plane information in the packet data header event sent by the user plane entity.
  • the Law Enforcement Monitoring Facility can receive the lawful interception related information of the first distribution function entity and the communication content delivered by the second distribution function entity, and associate the lawful interception related message with the communication content.
  • the law enforcement interception device can also associate the user plane information in the packet header event with the control plane information in the packet header event.
  • An Administration Function (ADMF) entity is mainly used for receiving control of the law enforcement interception device, and activating the monitoring function of the control plane entity, the first distribution function entity, and the second distribution function entity.
  • ADMF Administration Function
  • FIG. 4 uses FIG. 1 as a network architecture.
  • a possible data processing method in this embodiment of the present application includes:
  • the law enforcement interception device sends a fourth monitoring activation message to the management function entity.
  • the management function entity receives the fourth monitoring activation message sent by the law enforcement interception device. After the law enforcement interception device determines the monitored target, the fourth monitoring activation message is sent to the management function entity, and the fourth monitoring activation message is used to notify the management function entity to start monitoring the monitored target.
  • the management function entity sends a third interception activation message to the first distribution function entity.
  • the first distribution function entity receives the third monitoring activation message sent by the management function entity.
  • the third listener activation message is used to activate the listening function of the first distribution function entity.
  • the management function entity sends a second interception activation message to the second distribution function entity.
  • the second distribution function entity receives the second monitoring activation message sent by the management function entity.
  • the second snoop activation message is used to activate the snooping function of the second distribution function entity.
  • the second monitoring activation message is further used to indicate the first
  • the second distribution function forwards the user plane information in the packet header event sent by the user plane entity to the law enforcement interception device.
  • the management function entity sends a first interception activation message to the control plane entity.
  • control plane entity receives the first interception activation message sent by the management function entity.
  • the first listener activation message is used to activate the listening function of the control plane entity.
  • the first interception activation message is further used to instruct the control plane entity to listen to the packet data header event.
  • the control plane entity sends the monitoring management information to the user plane entity.
  • the user plane entity receives the monitoring management information sent by the control plane entity.
  • the monitoring management information includes the destination address information of the user plane information in the packet data header event for the lawful interception, and is used to indicate that the user entity sends the user plane information in the packet data header event to the destination address, in this embodiment.
  • the destination address information is an address of the second distribution function entity. Specifically, the destination address may be included in a Forwarding Action Rule (FAR).
  • FAR Forwarding Action Rule
  • the monitoring management information may further include association information, including but not limited to related identifiers or correlation coefficients or sequences, etc., which may be used to control user plane information in the packet data header event and control in the packet data header event.
  • association information including but not limited to related identifiers or correlation coefficients or sequences, etc., which may be used to control user plane information in the packet data header event and control in the packet data header event.
  • the association information is a correlation number in the control plane information in the packet data header event
  • the control plane entity may include the correlation coefficient in the intercept management information and send the information to the user plane entity.
  • the user plane information in the packet header event of the user plane entity can carry the same correlation coefficient.
  • the association information of the user plane information in the packet header event is the same as the association information in the packet header event.
  • different associations may also be used.
  • Information, such as control plane entities and user plane entities, can each generate associated information according to preset rules, which is not limited here.
  • the control plane entity sends control plane information in the packet data header event to the first distribution function entity.
  • the first distribution function entity receives control plane information in a packet header event sent by the control plane entity.
  • control plane entity generates the control plane information in the packet data header event according to the context, and the control plane entity may also generate other events in the legal listener other than the packet data header event, and simultaneously or in other steps.
  • the first distribution function entity sends the other event.
  • the other events include bearer activation, bearer modification, bearer deactivation, tracking area update, user equipment (UE) requesting packet data network (PDN) connection, or UE requesting PDN disconnection. There is no limit here.
  • the first distribution function entity sends control plane information in the packet data header event to the law enforcement interception device.
  • the law enforcement interception device receives control plane information in a packet header event sent by the first distribution function entity.
  • the first distribution function entity may send the same to the law enforcement interception device at the same time or in other steps. Other events.
  • the user plane entity sends the user plane information in the packet data header event to the second distribution function entity.
  • the second distribution function entity receives the user plane information in the packet header event sent by the user plane entity.
  • the information generated by the user plane entity other than the user plane information in the packet header event includes using the Usage Report information, the DPI Reporting information, and the downlink data detection reporting information.
  • the application starts reporting information and the application terminates reporting information, etc., and the user entity can be based on the control.
  • the reporting rule (Usage reporting rule, URR) is reported to the control plane entity, and is not mentioned here.
  • steps 406 and 408 there is no order of execution between steps 406 and 408. In some possible implementations, the execution may also be performed in other orders.
  • the second distribution function entity sends the user plane information in the packet data header event to the law enforcement interception device.
  • the law enforcement interception device receives the user plane information in the packet header event sent by the second distribution function entity.
  • the law enforcement interception device monitors the target user according to the control plane information in the packet data header event and the user plane information in the packet data header event.
  • the law enforcement interception device may associate the control plane information in the packet data header event with the user plane information in the packet data header event according to the association information to form a complete packet data header event, thereby monitoring the target user.
  • the law enforcement interception device can also associate the control plane information in the packet header event, the user plane information in the packet header event, and the other events to form a complete interception related information IRI.
  • the law enforcement interception device may also associate the control plane information in the packet data header event with the user plane information in the packet data header event according to other preset rules, which is not limited herein.
  • the first interception activation message is further used to indicate that the control plane entity listens to the packet data header event and the communication content.
  • the monitoring management information is also used to activate the data backup function of the user plane entity.
  • the user plane entity After receiving the monitoring management information of the control plane entity, the user plane entity further includes: the user plane entity sends the communication content to the second sub-function entity, the communication content carries the association information, and the second distribution function entity sends the communication content to the law enforcement interception device, Step 410 is specifically that the law enforcement interception device associates the control plane information in the packet header event, the user plane information in the packet header event, and the communication content according to the association information or other preset rules.
  • step 410 may also associate the other event, packet header event with the law enforcement interception device according to the associated information or other preset rules. Control plane information, user plane information, and communication content in packet header events.
  • the user plane entity does not send the user plane information in the packet header event to the control plane entity, which reduces the interface burden between the user plane entity and the control plane entity, and the embodiment can retain the existing network. Architecture, no need to add additional interfaces.
  • FIG. 2 is a schematic diagram of a possible network architecture provided by the present application.
  • the network architecture shown in FIG. 2 mainly includes the following network elements:
  • the control plane entity mainly manages and controls the user plane entity, and issues rules for the user plane.
  • the control plane entity sends the monitoring management information to the user plane entity, and sends the control plane information in the packet data header event to the first distribution function entity.
  • the user plane entity is mainly used for data forwarding and accepts the management of the control plane entity.
  • the user plane entity does not send the user plane information in the packet data header event of the lawful interception to the control plane entity, but sends the information to the second distribution function entity, and the user plane entity may also be the second distribution function.
  • the entity provides the communication content of the monitored target, such as the content of the data portion of the data packet.
  • the first distribution function entity the first distribution function entity is DF2 in FIG. 2, and is mainly used for distributing legal interception related information.
  • the first distribution function entity receives the control plane information in the packet data header event sent by the control plane entity, and receives the user plane information in the packet data header event sent by the second distribution function entity.
  • the first distribution function entity and the second distribution function entity are connected through an F23 interface.
  • the second distribution function entity, the second distribution function entity is the DF3 in FIG. 2, and is mainly used to distribute the communication content.
  • the second distribution function entity is further configured to receive and forward the packet data header sent by the user plane entity. User face information in the event.
  • the first distribution function entity and the second distribution function entity are connected through an F23 interface.
  • the law enforcement interception device can receive the lawful interception related information of the first distribution function entity and the communication content delivered by the second distribution function entity, and associate the lawful interception related message with the communication content.
  • the management function entity is mainly used for receiving the control of the law enforcement interception device, and the monitoring function of the control plane entity, the first distribution function entity and the second distribution function entity.
  • FIG. 5 uses FIG. 2 as a network architecture.
  • Another possible data processing method in this embodiment of the present application includes:
  • the law enforcement interception device sends a fourth monitoring activation message to the management function entity.
  • Step 501 is similar to step 401 of FIG. 4 and will not be described again.
  • the management function entity sends a third interception activation message to the first distribution function entity.
  • Step 502 is similar to step 402 of FIG. 4 and will not be described again.
  • the third interception activation message is used to instruct the first distribution function entity to associate the user plane information in the packet data header event with the control in the packet data header event, in addition to the monitoring function for activating the first distribution function entity. Information.
  • the management function entity sends a second interception activation message to the second distribution function entity.
  • the second distribution function entity receives the second monitoring activation message sent by the management function entity.
  • the second interception activation message is used to instruct the second distribution function to forward the user plane information in the packet data header event sent by the user plane entity to the first distribution function, in addition to the monitoring function of the second distribution function entity.
  • the management function entity sends a first interception activation message to the control plane entity.
  • Step 504 is similar to step 404 of FIG. 4 and will not be described again.
  • the control plane entity sends the monitoring management information to the user plane entity.
  • Step 505 is similar to step 405 of FIG. 4 and will not be described again.
  • the control plane entity sends control plane information in the packet data header event to the first distribution function entity.
  • Step 506 is similar to step 406 of FIG. 4 and will not be described again.
  • the user plane entity sends the user plane information in the packet data header event to the second distribution function entity.
  • the second distribution function entity receives the user plane information in the packet header event sent by the user plane entity.
  • the information generated by the user plane entity other than the user plane information in the packet header event includes using the Usage Report information, the DPI Reporting information, and the downlink data detection reporting information.
  • the application entity may report the report information and the application termination report information, and the user plane entity may report the report rule sent by the control plane entity to the control plane entity.
  • the second distribution function entity sends the user plane information in the packet data header event to the first distribution function entity.
  • the first distribution function entity receives the user plane information in the packet data header event sent by the second distribution function entity.
  • the data transmission may be performed by adding an F23 interface between the first distribution function entity and the second distribution function entity.
  • the first distribution function entity associates control plane information in the data header event with user plane information in the packet header event.
  • the first distribution function entity may associate the control plane information in the packet data header event with the user plane information in the packet header event packet header event according to the association information to form a complete packet header event.
  • the first distribution function entity may also associate the control plane information in the packet data header event with the user plane information in the packet data header event according to other preset rules, which is not limited herein.
  • the control plane entity may simultaneously send the first distribution function to the first distribution function in step 506.
  • the first distribution function entity may associate the control plane information in the packet header event, the user plane information in the packet header event packet header event, and the other event according to the association information or other preset rules. Form a complete monitoring related information IRI.
  • the first distribution function entity sends a packet data header event to the law enforcement interception device.
  • the law enforcement interception device receives the packet data header event sent by the first distribution function.
  • step 510 may also send the interception related information IRI to the law enforcement interception device for the first distribution function entity.
  • the first interception activation message is further used to instruct the control plane entity to listen to the packet data header event and the communication content.
  • the monitoring management information is also used to activate the data backup function of the user plane entity.
  • the user plane entity After receiving the monitoring management information of the control plane entity, the user plane entity further includes: the user plane entity sends the communication content to the second sub-function entity, the communication content carries the association information, and the second distribution function entity sends the communication content to the law enforcement interception device, After step 510, the law enforcement interception device is further included to associate the IRI and the communication content according to the associated information or other preset rules.
  • the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which reduces the interface burden between the user plane entity and the control plane entity, and in this embodiment, the law enforcement interception device Less changes.
  • FIG. 3 is a schematic diagram of a possible network architecture provided by the present application.
  • the network architecture shown in FIG. 3 mainly includes the following network elements:
  • the control plane entity mainly manages and controls the user plane entity, and issues rules for the user plane.
  • the control plane entity sends the monitoring management information to the user plane entity, and sends the control plane information in the packet data header event to the first distribution function entity.
  • the user plane entity is mainly used for data forwarding and accepts the management of the control plane entity.
  • the user plane entity does not send the user plane information in the packet data header event of the lawful interception to the control plane entity, but sends the information to the first distribution function entity, and the user plane entity may also be the second distribution function.
  • the entity provides the communication content of the monitored target, such as the content of the data portion of the data packet.
  • the user plane entity and the first distribution function entity are connected through an X4 interface.
  • the first distribution function entity the first distribution function entity is the DF2 in FIG. 3, and is mainly used to distribute the lawful interception related information.
  • the first distribution function entity receives the packet data header event sent by the control plane entity. Control plane information, and user plane information in the packet header event sent by the user plane entity.
  • the first distribution function entity and the user plane entity are connected through an X4 interface.
  • the second distribution function entity, the second distribution function entity is DF3 in FIG. 3, and is mainly used for distributing communication content.
  • the law enforcement interception device can receive the lawful interception related information of the first distribution function entity and the communication content delivered by the second distribution function entity, and associate the lawful interception related message with the communication content.
  • the management function entity is mainly used for receiving the control of the law enforcement interception device, and the monitoring function of the control plane entity, the first distribution function entity and the second distribution function entity.
  • FIG. 6 uses FIG. 3 as a network architecture.
  • Another possible data processing method in this embodiment of the present application includes:
  • the law enforcement interception device sends a fourth monitoring activation message to the management function entity.
  • Step 601 is similar to step 501 of FIG. 5 and will not be described again.
  • the management function entity sends a third interception activation message to the first distribution function entity.
  • Step 602 is similar to step 502 of FIG. 5 and will not be described again.
  • the management function entity sends a second interception activation message to the second distribution function entity.
  • the second distribution function entity receives the second monitoring activation message sent by the management function entity.
  • the second snoop activation message is used to activate the snooping function of the second distribution function entity.
  • the management function entity sends a first interception activation message to the control plane entity.
  • Step 604 is similar to step 504 of FIG. 5 and will not be described again.
  • the control plane entity sends the monitoring management information to the user plane entity.
  • Step 605 is similar to step 505 of FIG. 5 and will not be described again.
  • the control plane entity sends control plane information in the packet data header event to the first distribution function entity.
  • Step 606 is similar to step 506 of FIG. 5 and will not be described again.
  • the user plane entity sends the user plane information in the packet data header event to the first distribution function entity.
  • the first distribution function entity receives the user plane information in the packet data header event sent by the user plane entity.
  • the data transmission may be performed by adding an X4 interface between the first distribution function entity and the user plane entity.
  • the information generated by the user plane entity other than the user plane information in the packet header event includes using the Usage Report information, the DPI Reporting information, and the downlink data detection reporting information.
  • the application entity may report the report information and the application termination report information, and the user plane entity may report the report rule sent by the control plane entity to the control plane entity.
  • the first distribution function associates control plane information in the data header event with user plane information in the packet header event.
  • Step 608 is similar to step 509 of FIG. 5 and will not be described again.
  • the first distribution function sends a packet data header event to the law enforcement interception device.
  • Step 609 is similar to step 510 of FIG. 5 and will not be described again.
  • the first interception activation message is further used to indicate that the control plane entity also listens to the packet data header event and the communication content.
  • the monitoring management information is also used to activate the data backup function of the user plane entity.
  • the user plane entity After receiving the monitoring management information of the control plane entity, the user plane entity further includes: the user plane entity sends the communication content to the second sub-function entity, the communication content carries the association information, and the second distribution function entity sends the communication content to the law enforcement interception device, Then, after step 609, the law enforcement interception device further associates the IRI and the communication content according to the associated information.
  • the user plane entity does not send the user plane information in the packet header event to the control plane entity, which reduces the interface burden between the user plane entity and the control plane entity, and does not require the second distribution in this embodiment.
  • the function entity forwards the user plane information in the packet data header event to the first distribution function entity, and directly sends the user plane information in the packet data header event to the first distribution function by the user plane entity, thereby reducing signaling interaction.
  • each network element such as a user plane entity, a control plane entity, a law enforcement interception device, a first distribution function entity, a second distribution function entity, etc.
  • each network element such as a user plane entity, a control plane entity, a law enforcement interception device, a first distribution function entity, a second distribution function entity, etc.
  • each network element includes a hardware structure corresponding to performing each function and / or software module.
  • the present application can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.
  • the embodiment of the present application may perform a function module division on a user plane entity, a control plane entity, a law enforcement interception device, a first distribution function entity or a second distribution function entity according to the foregoing method example.
  • each function module may be divided according to each function.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present application is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • FIG. 7A shows a possible structural diagram of the user plane entity involved in the above embodiment.
  • the user plane entity 700 includes a processing module 702 and a communication module 703.
  • the processing module 702 is configured to perform control management on the actions of the user plane entity, for example, the processing module 702 is configured to support the user plane entity to perform the process performed by the user plane entity in FIG. 4 to FIG. 6, and/or used in the description herein. Other processes of technology.
  • the communication module 703 is configured to support communication between the user plane entity and the control plane entity, the second distribution function entity, or the first distribution function entity.
  • the user plane entity may further include a storage module 701 for storing program code and data of the user plane entity.
  • the processing module 702 can be a processor or a controller, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application-specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example including one or more microprocessors Combination, combination of DSP and microprocessor, etc.
  • the communication module 703 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces, such as an interface between a user plane entity and a control plane entity, a user plane entity, and a second distribution. Interfaces between functional entities, etc.
  • the storage module 701 can be a memory.
  • the processing module 702 is a processor
  • the communication module 703 is a communication interface
  • the storage module 701 is a memory
  • the user plane entity involved in the embodiment of the present application may be the user plane entity shown in FIG. 7B.
  • the user plane entity 710 includes a processor 712, a communication interface 713, and a memory 711.
  • the user plane entity 710 may further include a bus 714.
  • the communication interface 713, the processor 712, and the memory 711 may be connected to each other through a bus 714.
  • the bus 714 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (abbreviated). EISA) bus and so on.
  • PCI Peripheral Component Interconnect
  • EISA Extended Industry Standard Architecture
  • the bus 714 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 7B, but it does not mean that there is only one bus or one type of bus.
  • FIG. 8A shows a possible structural diagram of the control plane entity involved in the above embodiment.
  • the control plane entity 800 includes a processing module 802 and a communication module 803.
  • the processing module 802 is configured to control and manage the actions of the control plane entity, for example, the processing module 802 is configured to support the control plane entity to perform the process performed by the control plane entity in FIGS. 4-6, and/or for the techniques described herein Other processes.
  • the communication module 803 is configured to support communication between the control plane entity and the user plane entity, the first distribution function entity, or the management function entity.
  • the control plane entity may also include a storage module 801 for storing program code and data of the control plane entity.
  • the processing module 802 can be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA, or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
  • the communication module 803 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces, such as an interface between a control plane entity and a user plane entity, a control plane entity and a first distribution. Interfaces between functional entities, etc.
  • the storage module 801 can be a memory.
  • control plane entity involved in the embodiment of the present application may be the control plane entity shown in FIG. 8B.
  • the control plane entity 810 includes a processor 812, a communication interface 813, and a memory 811.
  • the control plane entity 810 can also include a bus 814.
  • the communication interface 813, the processor 812, and the memory 811 may be connected to each other through a bus 814; the bus 814 may be a PCI bus or an EISA bus or the like.
  • the bus 814 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 8B, but it does not mean that there is only one bus or one type of bus.
  • FIG. 9A is a schematic diagram showing a possible structure of the law enforcement listening device involved in the above embodiment.
  • the law enforcement interception device 900 includes a processing module 902 and a communication module 903.
  • the processing module 902 is configured to control and manage the actions of the law enforcement interception device, for example, the processing module 902 is configured to support the law enforcement interception device to perform the processes performed by the law enforcement listening device of FIGS. 4-6, and/or for the techniques described herein. Other processes.
  • the communication module 903 is configured to support communication between the law enforcement interception device and the second distribution function entity, the first distribution function entity, or the management function entity. Law enforcement monitoring equipment A storage module 901 can also be included for storing program code and data of the law enforcement listening device.
  • the processing module 902 can be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
  • the communication module 903 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name, and can include one or more interfaces, such as an interface between the law enforcement interception device and the user plane entity, the law enforcement interception device and the first distribution. Interfaces between functional entities, etc.
  • the storage module 901 can be a memory.
  • the law enforcement monitoring device involved in the embodiment of the present application may be the law enforcement listening device shown in FIG. 9B.
  • the law enforcement interception device 910 includes a processor 912, a communication interface 913, and a memory 911.
  • the law enforcement interception device 910 can also include a bus 914.
  • the communication interface 913, the processor 912, and the memory 911 may be connected to each other through a bus 914; the bus 914 may be a PCI bus or an EISA bus or the like.
  • the bus 914 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 9B, but it does not mean that there is only one bus or one type of bus.
  • FIG. 10A is a schematic diagram showing a possible structure of the first distribution function entity involved in the above embodiment.
  • the first distribution function entity 1000 includes a processing module 1002 and a communication module 1003.
  • the processing module 1002 is configured to control and manage the actions of the first distribution function entity.
  • the processing module 1002 is configured to support the first distribution function entity to perform the process performed by the first distribution function entity in FIG. 4 to FIG. 6, and/or Other processes of the techniques described herein.
  • the communication module 1003 is configured to support communication between the first distribution function entity and the second distribution function entity, the control plane entity, the user plane entity, the law enforcement interception device, or the management function entity.
  • the first distribution function entity may further include a storage module 1001 for storing program codes and data of the first distribution function entity.
  • the processing module 1002 may be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
  • the communication module 1003 may be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name, and may include one or more interfaces, such as an interface between the first distribution function entity and the control plane entity, and the first distribution function entity Interfaces with user plane entities, etc.
  • the storage module 1001 may be a memory.
  • the first distribution function entity involved in the embodiment of the present application may be the first distribution function entity shown in FIG. 10B.
  • the first distribution function entity 1010 includes a processor 1012, a communication interface 1013, and a memory 1011.
  • the first distribution function entity 1010 may further include a bus 1014.
  • the communication interface 1013, the processor 1012, and the memory 1011 may be connected to each other through a bus 1014; the bus 1014 may be a PCI bus or an EISA bus or the like.
  • the bus 1014 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 10B, but it does not mean that there is only one bus or one type of bus.
  • FIG. 11A is a schematic diagram showing a possible structure of a second distribution function entity involved in the above embodiment.
  • the second distribution function entity 1100 includes a processing module 1102 and a communication module 1103.
  • the processing module 1102 is configured to control and manage the actions of the second distribution function entity.
  • the processing module 1102 is configured to support the second distribution function entity to perform the process performed by the second distribution function entity in FIG. 4 to FIG. 6, and/or Other processes of the techniques described herein.
  • the communication module 1103 is configured to support communication between the second distribution function entity and the first distribution function entity, the user plane entity, the law enforcement interception device, or the management function entity.
  • the second distribution function entity may further include a storage module 1101 for storing program codes and data of the second distribution function entity.
  • the processing module 1102 can be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
  • the communication module 1103 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name, and can include one or more interfaces, such as an interface between the second distribution function entity and the control plane entity, and the second distribution function entity Interfaces with user plane entities, etc.
  • the storage module 1101 can be a memory.
  • the second distribution function entity involved in the embodiment of the present application may be the second distribution function entity shown in FIG. 11B.
  • the second distribution function entity 1110 includes a processor 1112, a communication interface 1113, and a memory 1111.
  • the second distribution function entity 1110 may further include a bus 1114.
  • the communication interface 1113, the processor 1112, and the memory 1111 may be connected to each other through a bus 1114; the bus 1114 may be a PCI bus or an EISA bus or the like.
  • the bus 1114 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 11B, but it does not mean that there is only one bus or one type of bus.
  • the management function entity involved in the embodiment of the present application may also have a structure similar to that of FIG. 7A or FIG. 7B, and may perform the behavior of the management function entity involved in the foregoing method example.
  • FIG. 7A or FIG. 7B The detailed introduction is not repeated here.
  • the steps of the method or algorithm described in connection with the disclosure of the embodiments of the present application may be implemented in a hardware manner, or may be implemented by a processor executing software instructions.
  • the software instructions may be composed of corresponding software modules, which may be stored in a random access memory (RAM), a flash memory, a read only memory (ROM), an erasable programmable read only memory ( Erasable Programmable ROM (EPROM), electrically erasable programmable read only memory (EEPROM), registers, hard disk, removable hard disk, compact disk read only (CD-ROM) or any other form of storage medium known in the art.
  • An exemplary storage medium is coupled to the processor to enable the processor to read information from, and write information to, the storage medium.
  • the storage medium can also be an integral part of the processor.
  • the processor and the storage medium can be located in an ASIC.
  • the ASIC can be located in a user plane entity, a control plane entity, a first distribution function entity, a second distribution function entity, or a law enforcement listening device.
  • the processor and the storage medium may also exist as discrete components in the user plane entity, the control plane entity, the first distribution function entity, the second distribution function entity, or the law enforcement interception device.
  • the computer program product includes one or more computer instructions. Loading and executing the computer on a computer
  • the program or function described in the embodiment of the present application is generated in whole or in part when the program is instructed.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • the computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.).
  • wire eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer readable storage medium can be any available media that can be stored by a computer or a data storage device such as a server, data center, or the like that includes one or more available media.
  • the usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a solid state disk (SSD)).

Abstract

Provided is a data processing method and a communication system for lawful interception. A user plane entity no longer sends user plane information in a packet data header event to a control plane entity, wherein same can reduce an interface burden between the user plane entity and the control plane entity. The method comprises: a user plane entity receiving interception management information sent by a control plane entity, wherein the interception management information comprises destination address information about user plane information in a packet data header event for lawful interception; the control plane entity generating control plane information in the packet data header event according to the context, and sending the control plane information in the packet data header event to a first distribution function entity; and the user plane entity sending the user plane information in the packet header event to a second distribution function entity according to the destination address information.

Description

一种用于合法监听的数据处理方法和通信系统Data processing method and communication system for lawful interception 技术领域Technical field
本申请涉及合法监听领域,尤其涉及一种用于合法监听的数据处理方法和通信系统。The present application relates to the field of lawful interception, and in particular, to a data processing method and a communication system for lawful interception.
背景技术Background technique
合法监听是指执法机构(LEA)经相应的授权机关批准,根据国家相关法律和公众通信网行业规范对公众通信网通信业务进行监听的执法行为。Lawful interception refers to the law enforcement behavior of the law enforcement agencies (LEA) that are approved by the corresponding authorized authorities to monitor the public communication network communication services according to relevant national laws and public communication network industry norms.
在控制面实体和用户面实体分离的通信架构中,当需要对某个用户进行监听的时候,用户面实体需要通过Sx接口频繁向控制面实体上报用于合法监听的分组数据头信息。然而,控制面实体与用户面实体之间的接口,除了承载合法监听相关的信息外,还要承担其他业务,合法监听相关信息的频繁上报,将导致用户面实体与控制面实体之间的接口负担太重。In a communication architecture in which the control plane entity and the user plane entity are separated, when a user needs to be monitored, the user plane entity needs to frequently report the packet header information for lawful interception to the control plane entity through the Sx interface. However, the interface between the control plane entity and the user plane entity, in addition to carrying the information related to the lawful interception, bears other services, and the frequent reporting of the lawful interception related information will result in an interface between the user plane entity and the control plane entity. The burden is too heavy.
发明内容Summary of the invention
本申请提供了一种用于合法监听的数据处理方法和通信系统,可以降低用户面实体与控制面实体之间的接口负担。The present application provides a data processing method and a communication system for lawful interception, which can reduce the interface burden between the user plane entity and the control plane entity.
一方面,本申请提供了一种用于合法监听的数据处理方法,该方法包括:In one aspect, the present application provides a data processing method for lawful interception, the method comprising:
当执法监听设备确定被监听目标后,将通过管理功能实体激活控制面实体的监听功能,控制面实体的监听功能被激活后,控制面实体向用户面实体发送监听管理信息,相应地,用户面实体接收控制面实体发送的监听管理信息,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息,该目的地址信息为第二分发功能实体的地址,用户面实体根据目的地址信息,向第二分发功能实体发送分组数据头事件中的用户面信息。控制面实体根据上下文生成分组数据头事件中的控制面信息,并向第一分发功能实体发送分组数据头事件中的控制面信息。After the law enforcement interception device determines the monitored target, the monitoring function of the control plane entity is activated by the management function entity, and after the monitoring function of the control plane entity is activated, the control plane entity sends the monitoring management information to the user plane entity, and correspondingly, the user plane The entity receives the monitoring management information sent by the control plane entity, where the monitoring management information includes the destination address information of the user plane information in the packet data header event for legal interception, where the destination address information is the address of the second distribution function entity, and the user plane entity The user plane information in the packet header event is sent to the second distribution function entity according to the destination address information. The control plane entity generates control plane information in the packet header event based on the context and transmits control plane information in the packet header event to the first distribution function entity.
可见,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,可以降低用户面实体与控制面实体之间的接口负担。It can be seen that the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
在一个可能的设计中,监听管理信息还包括关联信息。In one possible design, the snoop management information also includes associated information.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,分组数据头事件中的用户面信息和分组数据头事件中的控制面信息中携带关联信息,关联信息用于关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, the user plane information in the packet data header event and the control plane information in the packet data header event carry associated information, and the association information is used to associate user plane information and packet data in the information associated packet header event. Control surface information in the header event.
可见,通过关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息,可以进一步完善本申请的实现方式。It can be seen that the implementation of the present application can be further improved by associating the user plane information in the packet header event with the control plane information in the packet header event.
在一个可能的设计中,第二分发功能实体接收用户面实体发送的分组数据头事件中的用户面信息之后,第二分发功能实体向执法监听设备发送分组数据头事件中的用户面信息;第一分发功能实体接收控制面实体发送的分组数据头事件中的控制面信息之后,第一分发 功能实体向执法监听设备发送分组数据头事件中的控制面信息;执法监听设备获取分组数据头事件中的用户面信息和分组数据头事件中的控制面信息后,可以根据关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, after the second distribution function entity receives the user plane information in the packet header event sent by the user plane entity, the second distribution function entity sends the user plane information in the packet header event to the law enforcement interception device; After the distribution function entity receives the control plane information in the packet header event sent by the control plane entity, the first distribution The function entity sends the control plane information in the packet data header event to the law enforcement interception device; after the law enforcement interception device acquires the user plane information in the packet data header event and the control plane information in the packet data header event, the packet data header may be associated according to the association information. User plane information in the event and control plane information in the packet header event.
在一个可能的设计中,第二分发功能实体接收分组数据头事件中的用户面信息之后,第二分发功能实体向第一分发功能实体发送分组数据头事件中的用户面信息;第一分发功能实体获取分组数据头事件中的用户面信息和分组数据头事件中的控制面信息后,可以根据关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, after the second distribution function entity receives the user plane information in the packet header event, the second distribution function entity sends the user plane information in the packet header event to the first distribution function entity; the first distribution function After the entity acquires the user plane information in the packet data header event and the control plane information in the packet data header event, the user plane information in the packet header event and the control plane information in the packet header event may be associated according to the association information.
可见,关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息的网元可以是执法监听设备或第一分发功能实体,丰富了本发明实施例的实现方式。It can be seen that the network element of the user plane information in the associated packet data header event and the control plane information in the packet header event can be the law enforcement interception device or the first distribution function entity, which enriches the implementation manner of the embodiment of the present invention.
在一个可能的设计中,在控制面实体向用户面实体发送监听管理信息之前,控制面实体接收管理功能实体发送的第一监听激活消息,第一监听激活消息用于激活控制面实体的监听功能,还用于指示控制面实体监听分组数据头事件。In a possible design, before the control plane entity sends the monitoring management information to the user plane entity, the control plane entity receives the first monitoring activation message sent by the management function entity, and the first monitoring activation message is used to activate the monitoring function of the control plane entity. It is also used to instruct the control plane entity to listen to packet header events.
在一个可能的设计中,在控制面实体向用户面实体发送监听管理信息之前,第二分发功能实体接收管理功能实体发送的第二监听激活消息,第二监听激活消息用于激活第二分发功能实体的监听功能,还用于指示第二分发功能实体转发用户面实体发送的分组数据头事件中的用户面信息。In a possible design, before the control plane entity sends the monitoring management information to the user plane entity, the second distribution function entity receives the second monitoring activation message sent by the management function entity, and the second monitoring activation message is used to activate the second distribution function. The intercepting function of the entity is further configured to instruct the second distribution function entity to forward the user plane information in the packet data header event sent by the user plane entity.
在一个可能的设计中,在控制面实体向用户面实体发送监听管理信息之前,第一分发功能实体接收管理功能实体发送的第三监听激活消息,第三监听激活消息用于激活第一分发功能实体的监听功能,还用于指示第一分发功能实体关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, before the control plane entity sends the monitoring management information to the user plane entity, the first distribution function entity receives a third monitoring activation message sent by the management function entity, and the third monitoring activation message is used to activate the first distribution function. The listening function of the entity is further configured to instruct the first distribution function entity to associate the user plane information in the packet data header event with the control plane information in the packet data header event.
在一个可能的设计中,第一监听激活消息具体用于指示控制面实体监听分组数据头事件和通信内容,监听管理信息还用于激活用户面实体的数据备份功能,在用户面实体接收控制面实体发送的监听管理信息之后,用户面实体向第二分发功能实体发送通信内容。In a possible design, the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content, and the monitoring management information is further used to activate the data backup function of the user plane entity, and receive the control plane on the user plane entity. After the interception management information sent by the entity, the user plane entity sends the communication content to the second distribution function entity.
另一方面,本申请还提供了一种通信系统,该系统包括用户面实体和控制面实体,其中,用户面实体用于接收控制面实体发送的监听管理信息,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息,以及用于根据目的地址信息,向第二分发功能实体发送分组数据头事件中的用户面信息。控制面实体用于根据上下文生成分组数据头事件中的控制面信息,以及用于向第一分发功能实体发送分组数据头事件中的控制面信息。In another aspect, the present application further provides a communication system, where the system includes a user plane entity and a control plane entity, wherein the user plane entity is configured to receive the monitoring management information sent by the control plane entity, and the monitoring management information includes: The destination address information of the user plane information in the packet header event, and the user plane information in the packet header event sent to the second distribution function entity according to the destination address information. The control plane entity is configured to generate control plane information in the packet header event based on the context and to send control plane information in the packet header event to the first distribution function entity.
可见,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,可以降低用户面实体与控制面实体之间的接口负担。It can be seen that the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
在一个可能的设计中,监听管理信息还包括关联信息。In one possible design, the snoop management information also includes associated information.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,分组数据头事件中的用户面信息和分组数据头事件中的控制面信息中携带关联信息,关联信息用于关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, the user plane information in the packet data header event and the control plane information in the packet header event carry associated information, and the association information is used to associate user plane information and packet header events in the packet header event. Control surface information in .
在一个可能的设计中,该系统还包括第二分发功能实体和第一分发功能实体和执法监 听设备,其中,第二分发功能实体用于向执法监听设备发送分组数据头事件中的用户面信息;第一分发功能实体用于向执法监听设备发送分组数据头事件中的控制面信息;执法监听设备用于根据关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In one possible design, the system also includes a second distribution function entity and a first distribution function entity and law enforcement Listening to the device, wherein the second distribution function entity is configured to send the user plane information in the packet data header event to the law enforcement interception device; the first distribution function entity is configured to send the control plane information in the packet data header event to the law enforcement interception device; The listening device is configured to associate the user plane information in the packet data header event with the control plane information in the packet header event according to the association information.
在一个可能的设计中,该系统还包括第二分发功能实体和第一分发功能实体,其中,第二分发功能用于向第一分发功能实体发送分组数据头事件中的用户面信息;第一分发功能实体用于根据关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, the system further includes a second distribution function entity and a first distribution function entity, wherein the second distribution function is configured to send the user plane information in the packet data header event to the first distribution function entity; The distribution function entity is configured to associate the user plane information in the packet header event and the control plane information in the packet header event according to the association information.
可见,关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息的网元可以是执法监听设备或第一分发功能实体,丰富了本发明实施例的实现方式。It can be seen that the network element of the user plane information in the associated packet data header event and the control plane information in the packet header event can be the law enforcement interception device or the first distribution function entity, which enriches the implementation manner of the embodiment of the present invention.
在一个可能的设计中,控制面实体还用于接收管理功能实体发送的第一监听激活消息,第一监听激活消息用于激活控制面实体的监听功能,还用于指示控制面实体监听分组数据头事件。In a possible design, the control plane entity is further configured to receive a first monitoring activation message sent by the management function entity, where the first monitoring activation message is used to activate the monitoring function of the control plane entity, and is further used to instruct the control plane entity to listen to the packet data. Head event.
在一个可能的设计中,第二分发功能实体还用于接收管理功能实体发送的第二监听激消息,第二监听激活消息用于激活第二分发功能实体的监听功能,还用于指示第二分发功能实体转发用户面实体发送的分组数据头事件中的用户面信息。In a possible design, the second distribution function entity is further configured to receive a second monitoring message sent by the management function entity, where the second monitoring activation message is used to activate the monitoring function of the second distribution function entity, and is further used to indicate the second The distribution function entity forwards the user plane information in the packet header event sent by the user plane entity.
在一个可能的设计中,第一分发功能还用于接收管理功能实体发送的第三监听激活消息,第三监听激活消息用于激活第一分发功能实体的监听功能,还用于指示第一分发功能实体关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, the first distribution function is further configured to receive a third monitoring activation message sent by the management function entity, where the third monitoring activation message is used to activate the monitoring function of the first distribution function entity, and is also used to indicate the first distribution. The functional entity associates the user plane information in the packet header event with the control plane information in the packet header event.
在一个可能的设计中,第一监听激活消息具体用于指示控制面实体监听分组数据头事件和通信内容,监听管理信息还用于激活用户面实体的数据备份功能,用户面实体在接收到监听管理信息后,还包括用户面实体向第二分发功能实体发送通信内容。In a possible design, the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content, and the monitoring management information is also used to activate the data backup function of the user plane entity, and the user plane entity receives the monitoring. After the management information, the user plane entity further sends the communication content to the second distribution function entity.
再一方面,本申请还提供了一种用于合法监听的数据处理方法,该方法包括:In a further aspect, the application further provides a data processing method for lawful interception, the method comprising:
用户面实体接收控制面实体发送的监听管理信息,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息,该目的地址信息为第一分发功能实体的地址,用户面实体根据目的地址信息,向第一分发功能实体发送分组数据头事件中的用户面信息。控制面实体根据上下文生成分组数据头事件中的控制面信息,并向第一分发功能实体发送分组数据头事件中的控制面信息。The user plane entity receives the monitoring management information sent by the control plane entity, and the monitoring management information includes the destination address information of the user plane information in the packet data header event for legal interception, where the destination address information is the address of the first distribution function entity, and the user The polygon entity sends the user plane information in the packet header event to the first distribution function entity according to the destination address information. The control plane entity generates control plane information in the packet header event based on the context and transmits control plane information in the packet header event to the first distribution function entity.
可见,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,可以降低用户面实体与控制面实体之间的接口负担。It can be seen that the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
在一个可能的设计中,监听管理信息还包括关联信息。In one possible design, the snoop management information also includes associated information.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,分组数据头事件中的用户面信息和分组数据头事件中的控制面信息中携带关联信息,关联信息用于关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, the user plane information in the packet data header event and the control plane information in the packet header event carry associated information, and the association information is used to associate user plane information and packet header events in the packet header event. Control surface information in .
可见,通过关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息,可以进一步完善本申请的实现方式。 It can be seen that the implementation of the present application can be further improved by associating the user plane information in the packet header event with the control plane information in the packet header event.
在一个可能的设计中,第一分发功能实体接收分组数据头事件中的用户面信息和分组数据头事件中的控制面信息之后,第一分发功能实体根据关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, after the first distribution function entity receives the user plane information in the packet header event and the control plane information in the packet header event, the first distribution function entity associates the user in the packet header event according to the association information. Control surface information in face information and packet header events.
在一个可能的设计中,在控制面实体向用户面实体发送监听管理信息之前,控制面实体接收管理功能实体发送的第一监听激活消息,第一监听激活消息用于指示控制面实体监听分组数据头事件。In a possible design, before the control plane entity sends the monitoring management information to the user plane entity, the control plane entity receives the first monitoring activation message sent by the management function entity, where the first monitoring activation message is used to instruct the control plane entity to listen to the packet data. Head event.
在一个可能的设计中,在控制面实体向用户面实体发送监听管理信息之前,第一分发功能实体接收管理功能实体发送的第三监听激活消息,第三监听激活消息用于指示第一分发功能实体关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, before the control plane entity sends the monitoring management information to the user plane entity, the first distribution function entity receives a third monitoring activation message sent by the management function entity, and the third monitoring activation message is used to indicate the first distribution function. The entity associates the user plane information in the packet header event and the control plane information in the packet header event.
在一个可能的设计中,第一监听激活消息具体用于指示控制面实体监听分组数据头事件和通信内容,监听管理信息还用于激活用户面实体的数据备份功能,在用户面实体接收控制面实体发送的监听管理信息之后,还包括用户面实体向第二分发功能实体发送通信内容。In a possible design, the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content, and the monitoring management information is further used to activate the data backup function of the user plane entity, and receive the control plane on the user plane entity. After the monitoring management information sent by the entity, the user plane entity further sends the communication content to the second distribution function entity.
再一方面,本申请还提供了一种通信系统,该系统包括用户面实体和控制面实体,其中,用户面实体用于接收控制面实体发送的监听管理信息,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息,该目的地址信息为第一分发功能实体的地址,用户面实体还用于根据目的地址信息,向第一分发功能实体发送分组数据头事件中的用户面信息。控制面实体用于根据上下文生成分组数据头事件中的控制面信息,并向第一分发功能实体发送分组数据头事件中的控制面信息。In another aspect, the application further provides a communication system, where the system includes a user plane entity and a control plane entity, wherein the user plane entity is configured to receive the monitoring management information sent by the control plane entity, and the monitoring management information includes: The destination address information of the user plane information in the packet data header event, the destination address information is an address of the first distribution function entity, and the user plane entity is further configured to send the packet data header event to the first distribution function entity according to the destination address information. User face information in . The control plane entity is configured to generate control plane information in the packet header event according to the context and send control plane information in the packet header event to the first distribution function entity.
可见,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,可以降低用户面实体与控制面实体之间的接口负担。It can be seen that the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
在一个可能的设计中,监听管理信息还包括关联信息。In one possible design, the snoop management information also includes associated information.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,分组数据头事件中的用户面信息和分组数据头事件中的控制面信息中携带关联信息,关联信息用于关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, the user plane information in the packet data header event and the control plane information in the packet header event carry associated information, and the association information is used to associate user plane information and packet header events in the packet header event. Control surface information in .
可见,通过关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息,可以进一步完善本申请的实现方式。It can be seen that the implementation of the present application can be further improved by associating the user plane information in the packet header event with the control plane information in the packet header event.
在一个可能的设计中,该系统还包括第一分发功能实体,第一分发功能实体用于根据关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In one possible design, the system further includes a first distribution function entity for associating user plane information in the packet header event and control plane information in the packet header event based on the association information.
在一个可能的设计中,控制面实体还用于接收管理功能实体发送的第一监听激活消息,第一监听激活消息用于指示控制面实体监听分组数据头事件。In a possible design, the control plane entity is further configured to receive a first interception activation message sent by the management function entity, where the first interception activation message is used to instruct the control plane entity to listen to the packet data header event.
在一个可能的设计中,第一分发功能实体还用于接收管理功能实体发送的第三监听激活消息,第三监听激活消息用于指示第一分发功能实体关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, the first distribution function entity is further configured to receive a third interception activation message sent by the management function entity, where the third interception activation message is used to indicate that the first distribution function entity associates the user plane information in the packet data header event. And control plane information in packet header events.
在一个可能的设计中,第一监听激活消息具体用于指示控制面实体监听分组数据头事件和通信内容,监听管理信息还用于激活用户面实体的数据备份功能,用户面实体还用于 向第二分发功能实体发送通信内容。In a possible design, the first monitoring activation message is specifically used to instruct the control plane entity to listen to the packet data header event and the communication content, and the monitoring management information is also used to activate the data backup function of the user plane entity, and the user plane entity is also used for The communication content is sent to the second distribution function entity.
再一方面,本申请还提供了一种用于合法监听的数据处理方法,该方法包括:In a further aspect, the application further provides a data processing method for lawful interception, the method comprising:
用户面实体接收控制面实体发送的监听管理信息,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息和关联信息,该目的地址信息为第二分发功能实体的地址或第三分发功能实体的地址,用户面实体根据目的地址信息,向第二分发功能实体或第三分发功能实体发送分组数据头事件中的用户面信息,其中,分组数据头事件中的用户面信息携带关联信息,关联信息用于关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。The user plane entity receives the interception management information sent by the control plane entity, and the interception management information includes destination address information and associated information of the user plane information in the packet data header event for legal interception, where the destination address information is the second distribution function entity The address or the address of the third distribution function entity, the user plane entity sends the user plane information in the packet data header event to the second distribution function entity or the third distribution function entity according to the destination address information, wherein the user in the packet data header event The face information carries the associated information, and the associated information is used to associate the user plane information in the packet header event with the control plane information in the packet header event.
可见,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,可以降低用户面实体与控制面实体之间的接口负担。It can be seen that the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,监听管理信息用于激活用户面实体的数据备份功能,用户面实体接收控制面实体发送的监听管理信息之后,还包括用户面实体向第二分发功能实体发送通信内容。In a possible design, the monitoring management information is used to activate the data backup function of the user plane entity. After receiving the monitoring management information sent by the control plane entity, the user plane entity further includes the user plane entity sending the communication content to the second distribution function entity.
另一方面,本申请还提供了一种用于合法监听的数据处理方法,该方法包括:In another aspect, the present application further provides a data processing method for lawful interception, the method comprising:
控制面实体向用户面实体发送监听管理信息,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息和关联信息,该目的地址信息为第二分发功能实体的地址或第三分发功能实体的地址。控制面实体根据上下文生成分组数据头事件中的控制面信息,并向第一分发功能实体发送分组数据头事件中的控制面信息,其中,分组数据头事件中的控制面信息携带关联信息,该关联信息用于关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。The control plane entity sends the monitoring management information to the user plane entity, where the monitoring management information includes destination address information and associated information of the user plane information in the packet data header event for legal interception, and the destination address information is the address of the second distribution function entity. Or the address of the third distribution function entity. The control plane entity generates control plane information in the packet data header event according to the context, and sends control plane information in the packet data header event to the first distribution function entity, where the control plane information in the packet data header event carries the association information, where The association information is used to associate the user plane information in the packet header event with the control plane information in the packet header event.
可见,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,可以降低用户面实体与控制面实体之间的接口负担。It can be seen that the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which can reduce the interface burden between the user plane entity and the control plane entity.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,在控制面实体向用户面实体发送监听管理信息之前,控制面实体接收管理功能实体发送的第一监听激活消息,第一监听激活消息用于指示控制面实体监听分组数据头事件。In a possible design, before the control plane entity sends the monitoring management information to the user plane entity, the control plane entity receives the first monitoring activation message sent by the management function entity, where the first monitoring activation message is used to instruct the control plane entity to listen to the packet data. Head event.
在一个可能的设计中,第一监听激活消息具体用于指示控制面实体监听用于合法监听的分组数据头事件和通信内容。In one possible design, the first snoop activation message is specifically used to instruct the control plane entity to listen to packet header events and communication content for lawful interception.
再一方面,本申请还提供了一种用于合法监听的数据处理方法,该方法包括:In a further aspect, the application further provides a data processing method for lawful interception, the method comprising:
执法监听设备接收第一分发功能实体发送的分组数据头事件中的控制面信息,其中,分组数据头事件中的控制面信息携带关联信息。执法监听设备接收第二分发功能实体发送的分组数据头事件中的用户面信息,其中,分组数据头事件中的用户面信息携带关联信息。执法监听设备根据关联信息关联分组数据头事件中的控制面信息和分组数据头事件中的用户面信息。The law enforcement intercepting device receives the control plane information in the packet data header event sent by the first distribution function entity, wherein the control plane information in the packet data header event carries the associated information. The law enforcement intercepting device receives the user plane information in the packet data header event sent by the second distribution function entity, where the user plane information in the packet data header event carries the associated information. The law enforcement interception device associates the control plane information in the packet header event with the user plane information in the packet header event according to the association information.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,执法监听设备接收第二分发功能实体发送的通信内容,其中, 通信内容携带关联信息,执法监听设备根据关联信息关联分组数据头事件中的控制面信息、分组数据头事件中的用户面信息和通信内容。In one possible design, the law enforcement interception device receives the communication content sent by the second distribution function entity, wherein The communication content carries the associated information, and the law enforcement interception device associates the control plane information in the packet header event, the user plane information in the packet header event, and the communication content according to the association information.
再一方面,本申请还提供了一种用于合法监听的数据处理方法,该方法包括:In a further aspect, the application further provides a data processing method for lawful interception, the method comprising:
第一分发功能实体接收控制面实体发送的分组数据头事件中的控制面信息,其中,分组数据头事件中的控制面信息携带关联信息。第一分发功能实体接收第二分发功能实体或用户面实体发送的分组数据头事件中的用户面信息,其中,分组数据头事件中的用户面信息携带关联信息。第一分发功能实体根据关联信息关联分组数据头事件中的控制面信息和分组数据头事件中的用户面信息。The first distribution function entity receives control plane information in a packet header event sent by the control plane entity, wherein the control plane information in the packet header event carries the association information. The first distribution function entity receives the user plane information in the packet data header event sent by the second distribution function entity or the user plane entity, where the user plane information in the packet data header event carries the association information. The first distribution function entity associates the control plane information in the packet header event with the user plane information in the packet header event according to the association information.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,在第一分发功能实体接收分组数据头事件中的用户面信息和分组数据头事件中的控制面信息之前,第一分发功能实体接收管理功能实体发送的第三监听激活消息,第三监听激活消息用于激活第一分发功能实体的监听功能,还用于指示第一分发功能实体关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。In a possible design, before the first distribution function entity receives the user plane information in the packet header event and the control plane information in the packet header event, the first distribution function entity receives the third intercept activation sent by the management function entity. The third monitoring activation message is used to activate the listening function of the first distribution function entity, and is further configured to instruct the first distribution function entity to associate the user plane information in the packet data header event with the control plane information in the packet data header event.
再一方面,本申请还提供了一种用于合法监听的数据处理方法,该方法包括:In a further aspect, the application further provides a data processing method for lawful interception, the method comprising:
第二分发功能实体接收用户面实体发送的分组数据头事件中的用户面信息,其中,分组数据头事件中的用户面信息携带关联信息。第二分发功能实体向执法监听设备或第一分发功能实体发送分组数据头事件中的用户面信息,以使得执法监听设备或第一分发功能实体根据关联信息关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。The second distribution function entity receives the user plane information in the packet data header event sent by the user plane entity, where the user plane information in the packet data header event carries the association information. The second distribution function entity sends the user plane information in the packet header event to the law enforcement interception device or the first distribution function entity, so that the law enforcement interception device or the first distribution function entity associates the user plane information in the packet header event according to the association information. And control plane information in packet header events.
在一个可能的设计中,关联信息包括相关标识或相关系数或序列。In one possible design, the associated information includes a correlation identifier or correlation coefficient or sequence.
在一个可能的设计中,在第二分发功能实体接收用户面实体发送的分组数据头事件中的用户面信息之前,第二分发功能实体接收管理功能实体发送的第二监听激活消息,第二监听激活消息用于激活第二分发功能实体的监听功能,还用于指示第二分发功能实体转发用户面实体发送的分组数据头事件中的用户面信息。In a possible design, before the second distribution function entity receives the user plane information in the packet data header event sent by the user plane entity, the second distribution function entity receives the second interception activation message sent by the management function entity, and the second interception The activation message is used to activate the listening function of the second distribution function entity, and is further configured to instruct the second distribution function entity to forward the user plane information in the packet data header event sent by the user plane entity.
在一个可能的设计中,第二分发功能实体接收用户面实体发送的通信内容,其中,通信内容携带关联信息。第二分发功能实体再向执法监听设备发送该通信内容。In one possible design, the second distribution function entity receives the communication content sent by the user plane entity, wherein the communication content carries the association information. The second distribution function entity then sends the communication content to the law enforcement interception device.
另一方面,本申请提供了一种用户面实体,该用户面实体具有实现上述方法示例中用户面实体行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。In another aspect, the present application provides a user plane entity having a function of implementing user plane entity behavior in the above method example. The functions may be implemented by hardware or by corresponding software implemented by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
在一个可能的设计中,用户面实体的结构中包括处理器和通信接口,所述处理器被配置为支持用户面实体执行上述方法中相应的功能。所述通信接口用于支持用户面实体与控制面实体、第一分发功能实体或第二分发功能实体之间的通信。进一步的,用户面实体还可以包括存储器,所述存储器用于与处理器耦合,其保存用户面实体必要的程序指令和数据。In one possible design, the structure of the user plane entity includes a processor and a communication interface configured to support the user plane entity to perform the corresponding functions in the above methods. The communication interface is configured to support communication between the user plane entity and the control plane entity, the first distribution function entity, or the second distribution function entity. Further, the user plane entity may further include a memory for coupling with the processor, which stores program instructions and data necessary for the user plane entity.
又一方面,本申请提供了一种控制面实体,该控制面实体具有实现上述方法示例中控制面实体行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。In still another aspect, the present application provides a control plane entity having the function of implementing the behavior of a control plane entity in the above method examples. The functions may be implemented by hardware or by corresponding software implemented by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
在一个可能的设计中,控制面实体的结构中包括处理器和通信接口,所述处理器被配 置为支持控制面实体执行上述方法中相应的功能。所述通信接口用于支持控制面实体与用户面实体、第一分发功能实体或管理功能实体之间的通信。进一步的,控制面实体还可以包括存储器,所述存储器用于与处理器耦合,其保存控制面实体必要的程序指令和数据。In one possible design, the structure of the control plane entity includes a processor and a communication interface, and the processor is configured Set to support the control plane entity to perform the corresponding functions in the above methods. The communication interface is configured to support communication between the control plane entity and the user plane entity, the first distribution function entity, or the management function entity. Further, the control plane entity may further comprise a memory for coupling with the processor, which stores program instructions and data necessary for the control plane entity.
再一方面,本申请提供了一种执法监听设备,该执法监听设备具有实现上述方法示例中执法监听设备行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。In still another aspect, the present application provides a law enforcement interception device having a function of implementing the behavior of a law enforcement listening device in the above method example. The functions may be implemented by hardware or by corresponding software implemented by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
在一个可能的设计中,执法监听设备的结构中包括处理器和通信接口,所述处理器被配置为支持执法监听设备执行上述方法中相应的功能。所述通信接口用于支持执法监听设备与管理功能实体、第一分发功能实体或第二分发功能实体之间的通信。进一步的,执法监听设备还可以包括存储器,所述存储器用于与处理器耦合,其保存执法监听设备必要的程序指令和数据。In one possible design, the structure of the law enforcement interception device includes a processor and a communication interface configured to support the law enforcement listening device to perform the corresponding functions in the above methods. The communication interface is for supporting communication between the law enforcement interception device and the management function entity, the first distribution function entity, or the second distribution function entity. Further, the law enforcement listening device can also include a memory for coupling with the processor that holds program instructions and data necessary for the law enforcement listening device.
再一方面,本申请提供了一种第一分发功能实体,该第一分发功能实体具有实现上述方法示例中第一分发功能实体行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。In still another aspect, the present application provides a first distribution function entity having a function of implementing the behavior of a first distribution function entity in the above method example. The functions may be implemented by hardware or by corresponding software implemented by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
在一个可能的设计中,第一分发功能实体的结构中包括处理器和通信接口,所述处理器被配置为支持第一分发功能实体执行上述方法中相应的功能。所述通信接口用于支持第一分发功能实体与管理功能实体、第二分发功能实体、控制面实体、执法监听设备或用户面实体之间的通信。进一步的,第一分发功能实体还可以包括存储器,所述存储器用于与处理器耦合,其保存执法监听设备必要的程序指令和数据。In one possible design, the first distribution function entity includes a processor and a communication interface configured to support the first distribution function entity to perform a corresponding function in the above method. The communication interface is configured to support communication between the first distribution function entity and the management function entity, the second distribution function entity, the control plane entity, the law enforcement interception device, or the user plane entity. Further, the first distribution function entity may further include a memory for coupling with the processor, which stores program instructions and data necessary for the law enforcement listening device.
再一方面,本申请提供了一种第二分发功能实体,该第二分发功能实体具有实现上述方法示例中第二分发功能实体行为的功能。所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。In still another aspect, the present application provides a second distribution function entity having a function of implementing the behavior of the second distribution function entity in the above method example. The functions may be implemented by hardware or by corresponding software implemented by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
在一个可能的设计中,第二分发功能实体的结构中包括处理器和通信接口,所述处理器被配置为支持第二分发功能实体执行上述方法中相应的功能。所述通信接口用于支持第二分发功能实体与管理功能实体、第一分发功能实体、执法监听设备或用户面实体之间的通信。进一步的,第二分发功能实体还可以包括存储器,所述存储器用于与处理器耦合,其保存执法监听设备必要的程序指令和数据。In one possible design, the structure of the second distribution function entity includes a processor and a communication interface, the processor being configured to support the second distribution function entity to perform a corresponding function in the above method. The communication interface is configured to support communication between the second distribution function entity and the management function entity, the first distribution function entity, the law enforcement interception device, or the user plane entity. Further, the second distribution function entity may further include a memory for coupling with the processor, which stores program instructions and data necessary for the law enforcement listening device.
本申请的又一方面提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行上述各方面所述的方法。Yet another aspect of the present application provides a computer readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the methods described in the above aspects.
本申请提供的技术方案中,用户面实体接收控制面实体发送的监听管理信息,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息,控制面实体根据上下文生成分组数据头事件中的控制面信息,并向第一分发功能实体发送分组数据头事件中的控制面信息。用户面实体根据目的地址信息,向第二分发功能实体发送分组数据头事件中的用户面信息。可见,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,减轻了用户面实体和控制面实体之间的接口负担。In the technical solution provided by the application, the user plane entity receives the interception management information sent by the control plane entity, and the interception management information includes the destination address information of the user plane information in the packet data header event for legal interception, and the control plane entity generates the context information according to the context. The control plane information in the packet header event is grouped, and the control plane information in the packet header event is sent to the first distribution function entity. The user plane entity sends the user plane information in the packet header event to the second distribution function entity according to the destination address information. It can be seen that the user plane entity no longer sends the user plane information in the packet header event to the control plane entity, thereby reducing the interface burden between the user plane entity and the control plane entity.
附图说明 DRAWINGS
图1为本申请提供的一种可能的网络架构的示意图;1 is a schematic diagram of a possible network architecture provided by the present application;
图2为本申请提供的另一种可能的网络架构的示意图;2 is a schematic diagram of another possible network architecture provided by the present application;
图3为本申请提供的另一种可能的网络架构的示意图;3 is a schematic diagram of another possible network architecture provided by the present application;
图4为本申请提供的一种用于合法监听的数据处理方法的通信示意图;4 is a schematic diagram of communication of a data processing method for lawful interception provided by the present application;
图5为本申请提供的又一种用于合法监听的数据处理方法的通信示意图;FIG. 5 is a schematic diagram of communication of another data processing method for lawful interception provided by the present application; FIG.
图6为本申请提供的又一种用于合法监听的数据处理方法的通信示意图;6 is a schematic diagram of communication of another data processing method for lawful interception provided by the present application;
图7A为本申请提供的一种用户面实体的示意性框图;7A is a schematic block diagram of a user plane entity provided by the present application;
图7B为本申请提供的一种用户面实体的结构示意图;7B is a schematic structural diagram of a user plane entity provided by the present application;
图8A为本申请提供的一种控制面实体的示意性框图;8A is a schematic block diagram of a control plane entity provided by the present application;
图8B为本申请提供的一种控制面实体的结构示意图;8B is a schematic structural diagram of a control plane entity provided by the present application;
图9A为本申请提供的一种执法监听设备的示意性框图;9A is a schematic block diagram of a law enforcement listening device provided by the present application;
图9B为本申请提供的一种执法监听设备的结构示意图;9B is a schematic structural diagram of a law enforcement listening device provided by the present application;
图10A为本申请提供的一种第一分发功能实体的示意性框图;FIG. 10A is a schematic block diagram of a first distribution function entity provided by the present application; FIG.
图10B为本申请提供的一种第一分发功能实体的结构示意图;FIG. 10B is a schematic structural diagram of a first distribution function entity provided by the present application; FIG.
图11A为本申请提供的一种第二分发功能实体的示意性框图;11A is a schematic block diagram of a second distribution function entity provided by the present application;
图11B为本申请提供的一种第二分发功能实体的结构示意图。FIG. 11B is a schematic structural diagram of a second distribution function entity provided by the present application.
具体实施方式detailed description
下面将结合本申请实施例的附图,对本申请实施例中的技术方案进行描述。The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings of the embodiments of the present application.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if present) in the specification and claims of the present application and the above figures are used to distinguish similar objects without having to use To describe a specific order or order. It is to be understood that the data so used may be interchanged where appropriate so that the embodiments described herein can be implemented in a sequence other than what is illustrated or described herein. In addition, the terms "comprises" and "comprises" and "the" and "the" are intended to cover a non-exclusive inclusion, for example, a process, method, system, product, or device that comprises a series of steps or units is not necessarily limited to Those steps or units may include other steps or units not explicitly listed or inherent to such processes, methods, products or devices.
合法监听是指执法机构(LEA)经相应的授权机关批准,根据国家相关法律和公众通信网行业规范对公众通信网通信业务进行监听的执法行为。合法监听中的监听相关信息(IRI,Intercept Related Information)包括分组数据头事件(Packet Data Header Information)。可选的,合法监听中的监听相关信息还可以包括控制面实体生成的合法监听中的其他事件。其中分组数据头事件包括分组数据头上报(packet data header report)事件和分组数据统计上报(packet data summary report)事件。分组数据头事件包括分组数据头事件中的控制面信息和分组数据头事件中的用户面信息,由控制面实体生成的为分组数据头事件中的控制面信息,也可以称为第一事件,第一事件中的分组数据头上报事件包括但不限于事件类型(Event Type)、位置信息(Location Information)等信息,第一事件中的分组数据统计上报事件包括但不限于逻辑功能信息(Logical Function Information)、用户设备地址信息(UE Address Info)等信息。由用户面实体生成的为分组数据头事件中的用户面信息, 也可以称为第二事件,第二事件中的分组数据头上报事件包括但不限于目的端口号(Destination Port Number)、数据包容量(Packet Size)等信息,第二事件中的分组数据统计上报事件包括但不限于源IP地址(Source IP Address)、目的IP地址(Destination IP Address)等信息。本文对于上述名词采用相同的描述,不再赘述。Lawful interception refers to the law enforcement behavior of the law enforcement agencies (LEA) that are approved by the corresponding authorized authorities to monitor the public communication network communication services according to relevant national laws and public communication network industry norms. The Intercept Related Information (IRI) in lawful interception includes Packet Data Header Information. Optionally, the interception related information in the lawful interception may further include other events in the lawful interception generated by the control plane entity. The packet data header event includes a packet data header report event and a packet data summary report event. The packet data header event includes control plane information in the packet data header event and user plane information in the packet data header event, and the control plane information generated by the control plane entity is a packet event, and may also be referred to as a first event. The packet data header reporting event in the first event includes but is not limited to event type (Event Type), location information (Location Information) and the like, and the packet data statistical reporting event in the first event includes but is not limited to logical function information (Logical Function) Information), User Address Information (UE Address Info) and other information. The user plane information generated by the user plane entity is a packet data header event, It may also be referred to as a second event, and the packet data header reporting event in the second event includes, but is not limited to, a destination port number, a packet size, and the like, and the packet data is reported in the second event. Events include, but are not limited to, source IP address, destination IP address, and the like. This article uses the same description for the above nouns and will not be described again.
图1为本申请提供的一种可能的网络架构的示意图,图1所示的网络架构主要包括以下网元:FIG. 1 is a schematic diagram of a possible network architecture provided by the present application. The network architecture shown in FIG. 1 mainly includes the following network elements:
控制面(Control Plane,CP)实体,主要对用户面实体进行管理和控制,为用户面下发规则等。本申请实施例中,控制面实体向用户面实体发送监听管理信息,且向第一分发功能实体发送分组数据头事件中的控制面信息。The Control Plane (CP) entity mainly manages and controls the user plane entity, and issues rules for the user plane. In this embodiment of the present application, the control plane entity sends the monitoring management information to the user plane entity, and sends the control plane information in the packet data header event to the first distribution function entity.
用户面(User Plane,UP)实体,主要用于数据转发,接受控制面实体的管理。本申请实施例中,用户面实体不再将合法监听的分组数据头事件中的用户面信息发送到控制面实体,而是发送至第二分发功能实体,用户面实体还可以为第二分发功能实体提供被监听目标的通信内容,例如:数据包中的数据部分的内容。User Plane (UP) entity, mainly used for data forwarding, and accepts management of control plane entities. In the embodiment of the present application, the user plane entity does not send the user plane information in the packet data header event of the lawful interception to the control plane entity, but sends the information to the second distribution function entity, and the user plane entity may also be the second distribution function. The entity provides the communication content of the monitored target, such as the content of the data portion of the data packet.
第一分发功能(Delivery Function)实体,第一分发功能实体为图1中的DF2,主要用于分发合法监听相关信息(Intercept Related Information,IRI),本申请实施例中,第一分发功能实体接收控制面实体发送的分组数据头事件中的控制面信息。The first distribution function entity, the first distribution function entity is the DF2 in FIG. 1 , and is mainly used to distribute the Intercept Related Information (IRI). In the embodiment of the present application, the first distribution function entity receives Control plane information in the packet header event sent by the control plane entity.
第二分发功能实体,第二分发功能实体为图1中的DF3,主要用于分发通信内容,例如:数据包中的数据部分的内容。本申请实施例中,第二分发功能实体还用于接收并转发用户面实体发送的分组数据头事件中的用户面信息。The second distribution function entity, the second distribution function entity is DF3 in FIG. 1, and is mainly used for distributing communication content, for example, the content of the data part in the data packet. In the embodiment of the present application, the second distribution function entity is further configured to receive and forward the user plane information in the packet data header event sent by the user plane entity.
执法监听设备(Law Enforcement Monitoring Facility,LEMF),可以接收第一分发功能实体的合法监听相关信息和第二分发功能实体传递的通信内容,并将合法监听相关消息和通信内容关联起来,本申请实施例中,执法监听设备还可以关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。The Law Enforcement Monitoring Facility (LEMF) can receive the lawful interception related information of the first distribution function entity and the communication content delivered by the second distribution function entity, and associate the lawful interception related message with the communication content. In an example, the law enforcement interception device can also associate the user plane information in the packet header event with the control plane information in the packet header event.
管理功能(Administration Function,ADMF)实体,主要用于接收执法监听设备的控制,激活控制面实体、第一分发功能实体和第二分发功能实体的监听功能。An Administration Function (ADMF) entity is mainly used for receiving control of the law enforcement interception device, and activating the monitoring function of the control plane entity, the first distribution function entity, and the second distribution function entity.
请参阅图4,图4所示的实施例以图1作为网络架构,本申请实施例的一个可能的数据处理方法包括:Referring to FIG. 4, the embodiment shown in FIG. 4 uses FIG. 1 as a network architecture. A possible data processing method in this embodiment of the present application includes:
401、执法监听设备向管理功能实体发送第四监听激活消息。401. The law enforcement interception device sends a fourth monitoring activation message to the management function entity.
相应地,管理功能实体接收执法监听设备发送的第四监听激活消息。当执法监听设备确定被监听目标后,向管理功能实体发送第四监听激活消息,第四监听激活消息用于通知管理功能实体开启对被监听目标的监听。Correspondingly, the management function entity receives the fourth monitoring activation message sent by the law enforcement interception device. After the law enforcement interception device determines the monitored target, the fourth monitoring activation message is sent to the management function entity, and the fourth monitoring activation message is used to notify the management function entity to start monitoring the monitored target.
402、管理功能实体向第一分发功能实体发送第三监听激活消息。402. The management function entity sends a third interception activation message to the first distribution function entity.
相应地,第一分发功能实体接收管理功能实体发送的第三监听激活消息。第三监听激活消息用于激活第一分发功能实体的监听功能。Correspondingly, the first distribution function entity receives the third monitoring activation message sent by the management function entity. The third listener activation message is used to activate the listening function of the first distribution function entity.
403、管理功能实体向第二分发功能实体发送第二监听激活消息。403. The management function entity sends a second interception activation message to the second distribution function entity.
相应地,第二分发功能实体接收管理功能实体发送的第二监听激活消息。第二监听激活消息用于激活第二分发功能实体的监听功能。可选的,第二监听激活消息还用于指示第 二分发功能向执法监听设备转发用户面实体发送的分组数据头事件中的用户面信息。Correspondingly, the second distribution function entity receives the second monitoring activation message sent by the management function entity. The second snoop activation message is used to activate the snooping function of the second distribution function entity. Optionally, the second monitoring activation message is further used to indicate the first The second distribution function forwards the user plane information in the packet header event sent by the user plane entity to the law enforcement interception device.
404、管理功能实体向控制面实体发送第一监听激活消息。404. The management function entity sends a first interception activation message to the control plane entity.
相应地,控制面实体接收管理功能实体发送的第一监听激活消息。第一监听激活消息用于激活控制面实体的监听功能。可选的,第一监听激活消息还用于指示控制面实体监听分组数据头事件。Correspondingly, the control plane entity receives the first interception activation message sent by the management function entity. The first listener activation message is used to activate the listening function of the control plane entity. Optionally, the first interception activation message is further used to instruct the control plane entity to listen to the packet data header event.
405、控制面实体向用户面实体发送监听管理信息。405. The control plane entity sends the monitoring management information to the user plane entity.
相应地,用户面实体接收控制面实体发送的监听管理信息。其中,监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息,用于指示用户实体将分组数据头事件中的用户面信息发送至该目的地址,本实施例中,该目的地址信息为第二分发功能实体的地址。具体地,该目的地址可以包括于转发规则(Forwarding Action Rule,FAR)中。Correspondingly, the user plane entity receives the monitoring management information sent by the control plane entity. The monitoring management information includes the destination address information of the user plane information in the packet data header event for the lawful interception, and is used to indicate that the user entity sends the user plane information in the packet data header event to the destination address, in this embodiment. The destination address information is an address of the second distribution function entity. Specifically, the destination address may be included in a Forwarding Action Rule (FAR).
可选的,监听管理信息还可以包括关联信息,该关联信息包括但不限于相关标识或者相关系数或序列等,可以用于关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。Optionally, the monitoring management information may further include association information, including but not limited to related identifiers or correlation coefficients or sequences, etc., which may be used to control user plane information in the packet data header event and control in the packet data header event. Information.
在一种可能的实现方式中,关联信息为分组数据头事件中的控制面信息中的相关系数(correlation number),控制面实体可以将该相关系数包括于监听管理信息中发送至用户面实体,从而使用户面实体的分组数据头事件中的用户面信息可以携带相同的相关系数。上述关联信息为相关系数的示例中,分组数据头事件中的用户面信息与分组数据头事件中的控制面信息的关联信息是相同的,在一些可能的实现方式中,也可以使用不同的关联信息,例如控制面实体和用户面实体可以根据预置的规则各自生成关联信息,此处不做太多限定。In a possible implementation manner, the association information is a correlation number in the control plane information in the packet data header event, and the control plane entity may include the correlation coefficient in the intercept management information and send the information to the user plane entity. Thereby, the user plane information in the packet header event of the user plane entity can carry the same correlation coefficient. In the example in which the association information is a correlation coefficient, the association information of the user plane information in the packet header event is the same as the association information in the packet header event. In some possible implementations, different associations may also be used. Information, such as control plane entities and user plane entities, can each generate associated information according to preset rules, which is not limited here.
406、控制面实体向第一分发功能实体发送分组数据头事件中的控制面信息。406. The control plane entity sends control plane information in the packet data header event to the first distribution function entity.
相应地,第一分发功能实体接收控制面实体发送的分组数据头事件中的控制面信息。Correspondingly, the first distribution function entity receives control plane information in a packet header event sent by the control plane entity.
需要说明的是,控制面实体根据上下文生成分组数据头事件中的控制面信息,同时,控制面实体还可以生成合法监听中除分组数据头事件以外的其他事件,并同时或在其他步骤中向第一分发功能实体发送该其他事件。具体地,该其他事件包括承载激活,承载修改,承载去激活,跟踪区更新,用户设备(User Equipment,UE)请求分组数据网(Packet Data Network,PDN)连接或UE请求PDN去连接等事件,此处不做太多限定。It should be noted that the control plane entity generates the control plane information in the packet data header event according to the context, and the control plane entity may also generate other events in the legal listener other than the packet data header event, and simultaneously or in other steps. The first distribution function entity sends the other event. Specifically, the other events include bearer activation, bearer modification, bearer deactivation, tracking area update, user equipment (UE) requesting packet data network (PDN) connection, or UE requesting PDN disconnection. There is no limit here.
407、第一分发功能实体向执法监听设备发送分组数据头事件中的控制面信息。407. The first distribution function entity sends control plane information in the packet data header event to the law enforcement interception device.
相应地,执法监听设备接收第一分发功能实体发送的分组数据头事件中的控制面信息。Correspondingly, the law enforcement interception device receives control plane information in a packet header event sent by the first distribution function entity.
需要说明的是,若第一分发功能实体已获取控制面实体发送的合法监听中除分组数据头事件以外的其他事件,则第一分发功能实体可以同时或在其他步骤中向执法监听设备发送该其他事件。It should be noted that, if the first distribution function entity has acquired other events in the lawful interception sent by the control plane entity other than the packet header event, the first distribution function entity may send the same to the law enforcement interception device at the same time or in other steps. Other events.
408、用户面实体向第二分发功能实体发送分组数据头事件中的用户面信息。408. The user plane entity sends the user plane information in the packet data header event to the second distribution function entity.
相应地,第二分发功能实体接收用户面实体发送的分组数据头事件中的用户面信息。Correspondingly, the second distribution function entity receives the user plane information in the packet header event sent by the user plane entity.
需要说明的是,用户面实体生成的除分组数据头事件中的用户面信息以外的其他信息,包括使用上报(Usage Report)信息、深度报文检测上报(DPI Reporting)信息、下行数据检测上报信息、应用开始上报信息和应用终止上报信息等,用户面实体可以根据控制面实 体发送的上报规则(Usage reporting rule,URR)上报给控制面实体,此处不再赘述。It should be noted that the information generated by the user plane entity other than the user plane information in the packet header event includes using the Usage Report information, the DPI Reporting information, and the downlink data detection reporting information. The application starts reporting information and the application terminates reporting information, etc., and the user entity can be based on the control. The reporting rule (Usage reporting rule, URR) is reported to the control plane entity, and is not mentioned here.
可选的,步骤406和408之间不存在执行的先后顺序,在一些可能的实现方式中,也可以按照其他顺序执行。Optionally, there is no order of execution between steps 406 and 408. In some possible implementations, the execution may also be performed in other orders.
409、第二分发功能实体向执法监听设备发送分组数据头事件中的用户面信息。409. The second distribution function entity sends the user plane information in the packet data header event to the law enforcement interception device.
相应地,执法监听设备接收第二分发功能实体发送的分组数据头事件中的用户面信息。Correspondingly, the law enforcement interception device receives the user plane information in the packet header event sent by the second distribution function entity.
410、执法监听设备根据分组数据头事件中的控制面信息和分组数据头事件中的用户面信息对目标用户进行监听。410. The law enforcement interception device monitors the target user according to the control plane information in the packet data header event and the user plane information in the packet data header event.
可选的,执法监听设备可以根据关联信息关联分组数据头事件中的控制面信息和分组数据头事件中的用户面信息,形成一个完整的分组数据头事件,从而对目标用户进行监听。Optionally, the law enforcement interception device may associate the control plane information in the packet data header event with the user plane information in the packet data header event according to the association information to form a complete packet data header event, thereby monitoring the target user.
可选的,若执法监听设备已获取控制面实体生成的合法监听中除分组数据头事件以外的其他事件,例如在步骤407中,第一分发功能实体同时向执法监听设备发送该其他事件,则执法监听设备也可以关联分组数据头事件中的控制面信息、分组数据头事件中的用户面信息和该其他事件,形成一个完整的监听相关信息IRI。Optionally, if the law enforcement interception device has obtained other events in the lawful interception generated by the control plane entity other than the packet data header event, for example, in step 407, the first distribution function entity simultaneously sends the other event to the law enforcement interception device, The law enforcement interception device can also associate the control plane information in the packet header event, the user plane information in the packet header event, and the other events to form a complete interception related information IRI.
可选的,执法监听设备也可以根据其他预置的规则关联分组数据头事件中的控制面信息和分组数据头事件中的用户面信息,此处不做太多限定。Optionally, the law enforcement interception device may also associate the control plane information in the packet data header event with the user plane information in the packet data header event according to other preset rules, which is not limited herein.
可选的,在一些可能的实现方式中,第一监听激活消息还用于指示控制面实体监听分组数据头事件和通信内容。则相应地,监听管理信息还用于激活用户面实体的数据备份功能。用户面实体接收控制面实体的监听管理信息后,还包括用户面实体向第二分功能实体发送通信内容,该通信内容携带关联信息,第二分发功能实体再向执法监听设备发送该通信内容,则步骤410具体为执法监听设备根据关联信息或其他预置的规则关联分组数据头事件中的控制面信息、分组数据头事件中的用户面信息和通信内容。若执法监听设备已获取控制面实体生成的合法监听中除分组数据头事件以外的其他事件,步骤410还可以为执法监听设备根据关联信息或其他预置的规则关联该其他事件、分组数据头事件中的控制面信息、分组数据头事件中的用户面信息和通信内容。Optionally, in some possible implementation manners, the first interception activation message is further used to indicate that the control plane entity listens to the packet data header event and the communication content. Accordingly, the monitoring management information is also used to activate the data backup function of the user plane entity. After receiving the monitoring management information of the control plane entity, the user plane entity further includes: the user plane entity sends the communication content to the second sub-function entity, the communication content carries the association information, and the second distribution function entity sends the communication content to the law enforcement interception device, Step 410 is specifically that the law enforcement interception device associates the control plane information in the packet header event, the user plane information in the packet header event, and the communication content according to the association information or other preset rules. If the law enforcement interception device has obtained other events than the packet header event in the lawful interception generated by the control plane entity, step 410 may also associate the other event, packet header event with the law enforcement interception device according to the associated information or other preset rules. Control plane information, user plane information, and communication content in packet header events.
本实施例中,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,减轻了用户面实体和控制面实体之间的接口负担,且本实施例可以保留现有的网络架构,无需增加额外的接口。In this embodiment, the user plane entity does not send the user plane information in the packet header event to the control plane entity, which reduces the interface burden between the user plane entity and the control plane entity, and the embodiment can retain the existing network. Architecture, no need to add additional interfaces.
图2为本申请提供的一种可能的网络架构的示意图,图2所示的网络架构主要包括以下网元:2 is a schematic diagram of a possible network architecture provided by the present application. The network architecture shown in FIG. 2 mainly includes the following network elements:
控制面实体,主要对用户面实体进行管理和控制,为用户面下发规则等。本申请实施例中,控制面实体向用户面实体发送监听管理信息,且向第一分发功能实体发送分组数据头事件中的控制面信息。The control plane entity mainly manages and controls the user plane entity, and issues rules for the user plane. In this embodiment of the present application, the control plane entity sends the monitoring management information to the user plane entity, and sends the control plane information in the packet data header event to the first distribution function entity.
用户面实体,主要用于数据转发,接受控制面实体的管理。本申请实施例中,用户面实体不再将合法监听的分组数据头事件中的用户面信息发送到控制面实体,而是发送至第二分发功能实体,用户面实体还可以为第二分发功能实体提供被监听目标的通信内容,例如:数据包中的数据部分的内容。The user plane entity is mainly used for data forwarding and accepts the management of the control plane entity. In the embodiment of the present application, the user plane entity does not send the user plane information in the packet data header event of the lawful interception to the control plane entity, but sends the information to the second distribution function entity, and the user plane entity may also be the second distribution function. The entity provides the communication content of the monitored target, such as the content of the data portion of the data packet.
第一分发功能实体,第一分发功能实体为图2中的DF2,主要用于分发合法监听相关信 息,本申请实施例中,第一分发功能实体接收控制面实体发送的分组数据头事件中的控制面信息,以及接收第二分发功能实体发送的分组数据头事件中的用户面信息。其中,第一分发功能实体与第二分发功能实体之间通过F23接口连接。The first distribution function entity, the first distribution function entity is DF2 in FIG. 2, and is mainly used for distributing legal interception related information. In the embodiment of the present application, the first distribution function entity receives the control plane information in the packet data header event sent by the control plane entity, and receives the user plane information in the packet data header event sent by the second distribution function entity. The first distribution function entity and the second distribution function entity are connected through an F23 interface.
第二分发功能实体,第二分发功能实体为图2中的DF3,主要用于分发通信内容,本申请实施例中,第二分发功能实体还用于接收并转发用户面实体发送的分组数据头事件中的用户面信息。其中,第一分发功能实体与第二分发功能实体之间通过F23接口连接。The second distribution function entity, the second distribution function entity is the DF3 in FIG. 2, and is mainly used to distribute the communication content. In the embodiment of the present application, the second distribution function entity is further configured to receive and forward the packet data header sent by the user plane entity. User face information in the event. The first distribution function entity and the second distribution function entity are connected through an F23 interface.
执法监听设备,可以接收第一分发功能实体的合法监听相关信息和第二分发功能实体传递的通信内容,并将合法监听相关消息和通信内容关联起来。The law enforcement interception device can receive the lawful interception related information of the first distribution function entity and the communication content delivered by the second distribution function entity, and associate the lawful interception related message with the communication content.
管理功能实体,主要用于接收执法监听设备的控制,激活控制面实体、第一分发功能实体和第二分发功能实体的监听功能。The management function entity is mainly used for receiving the control of the law enforcement interception device, and the monitoring function of the control plane entity, the first distribution function entity and the second distribution function entity.
请参阅图5,图5所示的实施例以图2作为网络架构,本申请实施例的另一个可能的数据处理方法包括:Referring to FIG. 5, the embodiment shown in FIG. 5 uses FIG. 2 as a network architecture. Another possible data processing method in this embodiment of the present application includes:
501、执法监听设备向管理功能实体发送第四监听激活消息。501. The law enforcement interception device sends a fourth monitoring activation message to the management function entity.
步骤501与图4的步骤401类似,不再赘述。Step 501 is similar to step 401 of FIG. 4 and will not be described again.
502、管理功能实体向第一分发功能实体发送第三监听激活消息。502. The management function entity sends a third interception activation message to the first distribution function entity.
步骤502与图4的步骤402类似,不再赘述。Step 502 is similar to step 402 of FIG. 4 and will not be described again.
需要说明的是,第三监听激活消息除了用于激活第一分发功能实体的监听功能,还用于指示第一分发功能实体关联分组数据头事件中的用户面信息和分组数据头事件中的控制面信息。It should be noted that the third interception activation message is used to instruct the first distribution function entity to associate the user plane information in the packet data header event with the control in the packet data header event, in addition to the monitoring function for activating the first distribution function entity. Information.
503、管理功能实体向第二分发功能实体发送第二监听激活消息。503. The management function entity sends a second interception activation message to the second distribution function entity.
相应地,第二分发功能实体接收管理功能实体发送的第二监听激活消息。第二监听激活消息除了用于激活第二分发功能实体的监听功能,还用于指示第二分发功能向第一分发功能转发用户面实体发送的分组数据头事件中的用户面信息。Correspondingly, the second distribution function entity receives the second monitoring activation message sent by the management function entity. The second interception activation message is used to instruct the second distribution function to forward the user plane information in the packet data header event sent by the user plane entity to the first distribution function, in addition to the monitoring function of the second distribution function entity.
504、管理功能实体向控制面实体发送第一监听激活消息。504. The management function entity sends a first interception activation message to the control plane entity.
步骤504与图4的步骤404类似,不再赘述。Step 504 is similar to step 404 of FIG. 4 and will not be described again.
505、控制面实体向用户面实体发送监听管理信息。505. The control plane entity sends the monitoring management information to the user plane entity.
步骤505与图4的步骤405类似,不再赘述。Step 505 is similar to step 405 of FIG. 4 and will not be described again.
506、控制面实体向第一分发功能实体发送分组数据头事件中的控制面信息。506. The control plane entity sends control plane information in the packet data header event to the first distribution function entity.
步骤506与图4的步骤406类似,不再赘述。Step 506 is similar to step 406 of FIG. 4 and will not be described again.
507、用户面实体向第二分发功能实体发送分组数据头事件中的用户面信息。507. The user plane entity sends the user plane information in the packet data header event to the second distribution function entity.
相应地,第二分发功能实体接收用户面实体发送的分组数据头事件中的用户面信息。Correspondingly, the second distribution function entity receives the user plane information in the packet header event sent by the user plane entity.
需要说明的是,用户面实体生成的除分组数据头事件中的用户面信息以外的其他信息,包括使用上报(Usage Report)信息、深度报文检测上报(DPI Reporting)信息、下行数据检测上报信息、应用开始上报信息和应用终止上报信息等,用户面实体可以根据控制面实体发送的上报规则上报给控制面实体,此处不做太多限定。It should be noted that the information generated by the user plane entity other than the user plane information in the packet header event includes using the Usage Report information, the DPI Reporting information, and the downlink data detection reporting information. The application entity may report the report information and the application termination report information, and the user plane entity may report the report rule sent by the control plane entity to the control plane entity.
可选的,步骤506和507之间并不存在执行的先后顺序,在一些可能的实现方式中,也可以按照其他顺序执行。 Optionally, there is no order of execution between the steps 506 and 507. In some possible implementations, the execution may also be performed in other orders.
508、第二分发功能实体向第一分发功能实体发送分组数据头事件中的用户面信息。508. The second distribution function entity sends the user plane information in the packet data header event to the first distribution function entity.
相应地,第一分发功能实体接收第二分发功能实体发送的分组数据头事件中的用户面信息。其中,可以通过在第一分发功能实体与第二分发功能实体之间增加F23接口进行数据传输。Correspondingly, the first distribution function entity receives the user plane information in the packet data header event sent by the second distribution function entity. The data transmission may be performed by adding an F23 interface between the first distribution function entity and the second distribution function entity.
509、第一分发功能实体关联数据头事件中的控制面信息和分组数据头事件中的用户面信息。509. The first distribution function entity associates control plane information in the data header event with user plane information in the packet header event.
可选的,第一分发功能实体可以根据关联信息关联分组数据头事件中的控制面信息和分组数据头事件分组数据头事件中的用户面信息,形成一个完整的分组数据头事件。Optionally, the first distribution function entity may associate the control plane information in the packet data header event with the user plane information in the packet header event packet header event according to the association information to form a complete packet header event.
可选的,第一分发功能实体也可以根据其他预置的规则关联分组数据头事件中的控制面信息和分组数据头事件中的用户面信息,此处不做太多限定。Optionally, the first distribution function entity may also associate the control plane information in the packet data header event with the user plane information in the packet data header event according to other preset rules, which is not limited herein.
可选的,若第一分发功能实体已获取控制面实体生成的合法监听中除分组数据头事件中的控制面信息以外的其他事件,例如控制面实体可以在步骤506中同时向第一分发功能实体发送该其他事件,则第一分发功能实体可以根据关联信息或其他预置的规则关联分组数据头事件中的控制面信息、分组数据头事件分组数据头事件中的用户面信息和该其他事件,形成一个完整的监听相关信息IRI。Optionally, if the first distribution function entity has acquired other events than the control plane information in the packet header event generated by the control plane entity, for example, the control plane entity may simultaneously send the first distribution function to the first distribution function in step 506. When the entity sends the other event, the first distribution function entity may associate the control plane information in the packet header event, the user plane information in the packet header event packet header event, and the other event according to the association information or other preset rules. Form a complete monitoring related information IRI.
510、第一分发功能实体向执法监听设备发送分组数据头事件。510. The first distribution function entity sends a packet data header event to the law enforcement interception device.
相应地,执法监听设备接收第一分发功能发送的分组数据头事件。Accordingly, the law enforcement interception device receives the packet data header event sent by the first distribution function.
可选的,若步骤509中第一分发功能实体形成监听相关信息IRI,则步骤510也可以为第一分发功能实体向执法监听设备发送监听相关信息IRI。Optionally, if the first distribution function entity forms the interception related information IRI in step 509, step 510 may also send the interception related information IRI to the law enforcement interception device for the first distribution function entity.
需要说明的是,在一些可能的实现方式中,第一监听激活消息还用于指示控制面实体监听分组数据头事件和通信内容。则相应地,监听管理信息还用于激活用户面实体的数据备份功能。用户面实体接收控制面实体的监听管理信息后,还包括用户面实体向第二分功能实体发送通信内容,该通信内容携带关联信息,第二分发功能实体再向执法监听设备发送该通信内容,则步骤510之后,还包括执法监听设备根据关联信息或其他预置的规则关联IRI和通信内容。It should be noted that, in some possible implementation manners, the first interception activation message is further used to instruct the control plane entity to listen to the packet data header event and the communication content. Accordingly, the monitoring management information is also used to activate the data backup function of the user plane entity. After receiving the monitoring management information of the control plane entity, the user plane entity further includes: the user plane entity sends the communication content to the second sub-function entity, the communication content carries the association information, and the second distribution function entity sends the communication content to the law enforcement interception device, After step 510, the law enforcement interception device is further included to associate the IRI and the communication content according to the associated information or other preset rules.
本实施例中,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,减轻了用户面实体和控制面实体之间的接口负担,且本实施例中对执法监听设备的改动较少。In this embodiment, the user plane entity no longer sends the user plane information in the packet data header event to the control plane entity, which reduces the interface burden between the user plane entity and the control plane entity, and in this embodiment, the law enforcement interception device Less changes.
图3为本申请提供的一种可能的网络架构的示意图,图3所示的网络架构主要包括以下网元:FIG. 3 is a schematic diagram of a possible network architecture provided by the present application. The network architecture shown in FIG. 3 mainly includes the following network elements:
控制面实体,主要对用户面实体进行管理和控制,为用户面下发规则等。本申请实施例中,控制面实体向用户面实体发送监听管理信息,且向第一分发功能实体发送分组数据头事件中的控制面信息。The control plane entity mainly manages and controls the user plane entity, and issues rules for the user plane. In this embodiment of the present application, the control plane entity sends the monitoring management information to the user plane entity, and sends the control plane information in the packet data header event to the first distribution function entity.
用户面实体,主要用于数据转发,接受控制面实体的管理。本申请实施例中,用户面实体不再将合法监听的分组数据头事件中的用户面信息发送到控制面实体,而是发送至第一分发功能实体,用户面实体还可以为第二分发功能实体提供被监听目标的通信内容,例如:数据包中的数据部分的内容。其中,用户面实体与第一分发功能实体之间通过X4接口连接。 The user plane entity is mainly used for data forwarding and accepts the management of the control plane entity. In the embodiment of the present application, the user plane entity does not send the user plane information in the packet data header event of the lawful interception to the control plane entity, but sends the information to the first distribution function entity, and the user plane entity may also be the second distribution function. The entity provides the communication content of the monitored target, such as the content of the data portion of the data packet. The user plane entity and the first distribution function entity are connected through an X4 interface.
第一分发功能实体,第一分发功能实体为图3中的DF2,主要用于分发合法监听相关信息,本申请实施例中,第一分发功能实体接收控制面实体发送的分组数据头事件中的控制面信息,以及接收用户面实体发送的分组数据头事件中的用户面信息。其中,第一分发功能实体与用户面实体之间通过X4接口连接。The first distribution function entity, the first distribution function entity is the DF2 in FIG. 3, and is mainly used to distribute the lawful interception related information. In the embodiment of the present application, the first distribution function entity receives the packet data header event sent by the control plane entity. Control plane information, and user plane information in the packet header event sent by the user plane entity. The first distribution function entity and the user plane entity are connected through an X4 interface.
第二分发功能实体,第二分发功能实体为图3中的DF3,主要用于分发通信内容。The second distribution function entity, the second distribution function entity is DF3 in FIG. 3, and is mainly used for distributing communication content.
执法监听设备,可以接收第一分发功能实体的合法监听相关信息和第二分发功能实体传递的通信内容,并将合法监听相关消息和通信内容关联起来。The law enforcement interception device can receive the lawful interception related information of the first distribution function entity and the communication content delivered by the second distribution function entity, and associate the lawful interception related message with the communication content.
管理功能实体,主要用于接收执法监听设备的控制,激活控制面实体、第一分发功能实体和第二分发功能实体的监听功能。The management function entity is mainly used for receiving the control of the law enforcement interception device, and the monitoring function of the control plane entity, the first distribution function entity and the second distribution function entity.
请参阅图6,图6所示的实施例以图3作为网络架构,本申请实施例的另一个可能的数据处理方法包括:Referring to FIG. 6, the embodiment shown in FIG. 6 uses FIG. 3 as a network architecture. Another possible data processing method in this embodiment of the present application includes:
601、执法监听设备向管理功能实体发送第四监听激活消息。601. The law enforcement interception device sends a fourth monitoring activation message to the management function entity.
步骤601与图5的步骤501类似,不再赘述。Step 601 is similar to step 501 of FIG. 5 and will not be described again.
602、管理功能实体向第一分发功能实体发送第三监听激活消息。602. The management function entity sends a third interception activation message to the first distribution function entity.
步骤602与图5的步骤502类似,不再赘述。Step 602 is similar to step 502 of FIG. 5 and will not be described again.
603、管理功能实体向第二分发功能实体发送第二监听激活消息。603. The management function entity sends a second interception activation message to the second distribution function entity.
相应地,第二分发功能实体接收管理功能实体发送的第二监听激活消息。第二监听激活消息用于激活第二分发功能实体的监听功能。Correspondingly, the second distribution function entity receives the second monitoring activation message sent by the management function entity. The second snoop activation message is used to activate the snooping function of the second distribution function entity.
604、管理功能实体向控制面实体发送第一监听激活消息。604. The management function entity sends a first interception activation message to the control plane entity.
步骤604与图5的步骤504类似,不再赘述。Step 604 is similar to step 504 of FIG. 5 and will not be described again.
605、控制面实体向用户面实体发送监听管理信息。605. The control plane entity sends the monitoring management information to the user plane entity.
步骤605与图5的步骤505类似,不再赘述。Step 605 is similar to step 505 of FIG. 5 and will not be described again.
606、控制面实体向第一分发功能实体发送分组数据头事件中的控制面信息。606. The control plane entity sends control plane information in the packet data header event to the first distribution function entity.
步骤606与图5的步骤506类似,不再赘述。Step 606 is similar to step 506 of FIG. 5 and will not be described again.
607、用户面实体向第一分发功能实体发送分组数据头事件中的用户面信息。607. The user plane entity sends the user plane information in the packet data header event to the first distribution function entity.
相应地,第一分发功能实体接收用户面实体发送的分组数据头事件中的用户面信息。其中,可以通过在第一分发功能实体与用户面实体之间增加X4接口进行数据传输。Correspondingly, the first distribution function entity receives the user plane information in the packet data header event sent by the user plane entity. The data transmission may be performed by adding an X4 interface between the first distribution function entity and the user plane entity.
需要说明的是,用户面实体生成的除分组数据头事件中的用户面信息以外的其他信息,包括使用上报(Usage Report)信息、深度报文检测上报(DPI Reporting)信息、下行数据检测上报信息、应用开始上报信息和应用终止上报信息等,用户面实体可以根据控制面实体发送的上报规则上报给控制面实体,此处不做太多限定。It should be noted that the information generated by the user plane entity other than the user plane information in the packet header event includes using the Usage Report information, the DPI Reporting information, and the downlink data detection reporting information. The application entity may report the report information and the application termination report information, and the user plane entity may report the report rule sent by the control plane entity to the control plane entity.
可选的,步骤606和607之间并不存在执行的先后顺序,在一些可能的实现方式中,也可以按照其他顺序执行。Optionally, there is no order of execution between the steps 606 and 607. In some possible implementations, the execution may also be performed in other orders.
608、第一分发功能关联数据头事件中的控制面信息和分组数据头事件中的用户面信息。608. The first distribution function associates control plane information in the data header event with user plane information in the packet header event.
步骤608与图5的步骤509类似,不再赘述。Step 608 is similar to step 509 of FIG. 5 and will not be described again.
609、第一分发功能向执法监听设备发送分组数据头事件。 609. The first distribution function sends a packet data header event to the law enforcement interception device.
步骤609与图5的步骤510类似,不再赘述。Step 609 is similar to step 510 of FIG. 5 and will not be described again.
需要说明的是,在一些可能的实现方式中,第一监听激活消息还用于指示还控制面实体监听分组数据头事件和通信内容。则相应地,监听管理信息还用于激活用户面实体的数据备份功能。用户面实体接收控制面实体的监听管理信息后,还包括用户面实体向第二分功能实体发送通信内容,该通信内容携带关联信息,第二分发功能实体再向执法监听设备发送该通信内容,则步骤609之后,还包括执法监听设备根据关联信息关联IRI和通信内容。It should be noted that, in some possible implementation manners, the first interception activation message is further used to indicate that the control plane entity also listens to the packet data header event and the communication content. Accordingly, the monitoring management information is also used to activate the data backup function of the user plane entity. After receiving the monitoring management information of the control plane entity, the user plane entity further includes: the user plane entity sends the communication content to the second sub-function entity, the communication content carries the association information, and the second distribution function entity sends the communication content to the law enforcement interception device, Then, after step 609, the law enforcement interception device further associates the IRI and the communication content according to the associated information.
本实施例中,用户面实体不再向控制面实体发送分组数据头事件中的用户面信息,减轻了用户面实体和控制面实体之间的接口负担,且本实施例中不需第二分发功能实体向第一分发功能实体转发分组数据头事件中的用户面信息,直接由用户面实体向第一分发功能发送分组数据头事件中的用户面信息,可以减少信令交互。In this embodiment, the user plane entity does not send the user plane information in the packet header event to the control plane entity, which reduces the interface burden between the user plane entity and the control plane entity, and does not require the second distribution in this embodiment. The function entity forwards the user plane information in the packet data header event to the first distribution function entity, and directly sends the user plane information in the packet data header event to the first distribution function by the user plane entity, thereby reducing signaling interaction.
上述主要从各个网元之间交互的角度对本申请实施例的方案进行了介绍。可以理解的是,各个网元,例如用户面实体,控制面实体,执法监听设备,第一分发功能实体,第二分发功能实体等为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。The foregoing describes the solution of the embodiment of the present application mainly from the perspective of interaction between the network elements. It can be understood that each network element, such as a user plane entity, a control plane entity, a law enforcement interception device, a first distribution function entity, a second distribution function entity, etc., in order to implement the above functions, includes a hardware structure corresponding to performing each function and / or software module. Those skilled in the art will readily appreciate that the present application can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.
本申请实施例可以根据上述方法示例对用户面实体,控制面实体,执法监听设备,第一分发功能实体或第二分发功能实体进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiment of the present application may perform a function module division on a user plane entity, a control plane entity, a law enforcement interception device, a first distribution function entity or a second distribution function entity according to the foregoing method example. For example, each function module may be divided according to each function. It is also possible to integrate two or more functions into one processing module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. It should be noted that the division of the module in the embodiment of the present application is schematic, and is only a logical function division, and the actual implementation may have another division manner.
图7A示出了上述实施例中所涉及的用户面实体的一种可能的结构示意图。用户面实体700包括:处理模块702和通信模块703。处理模块702用于对用户面实体的动作进行控制管理,例如,处理模块702用于支持用户面实体执行图4~图6中的用户面实体执行的过程,和/或用于本文所描述的技术的其它过程。通信模块703用于支持用户面实体与控制面实体、第二分发功能实体或第一分发功能实体的通信。用户面实体还可以包括存储模块701,用于存储用户面实体的程序代码和数据。FIG. 7A shows a possible structural diagram of the user plane entity involved in the above embodiment. The user plane entity 700 includes a processing module 702 and a communication module 703. The processing module 702 is configured to perform control management on the actions of the user plane entity, for example, the processing module 702 is configured to support the user plane entity to perform the process performed by the user plane entity in FIG. 4 to FIG. 6, and/or used in the description herein. Other processes of technology. The communication module 703 is configured to support communication between the user plane entity and the control plane entity, the second distribution function entity, or the first distribution function entity. The user plane entity may further include a storage module 701 for storing program code and data of the user plane entity.
其中,处理模块702可以是处理器或控制器,例如可以是中央处理器(Central Processing Unit,CPU),通用处理器,数字信号处理器(Digital Signal Processor,DSP),专用集成电路(Application-Specific Integrated Circuit,ASIC),现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理 器组合,DSP和微处理器的组合等等。通信模块703可以是通信接口、收发器、收发电路等,其中,通信接口是统称,可以包括一个或多个接口,例如用户面实体与控制面实体之间的接口、用户面实体与第二分发功能实体之间的接口等。存储模块701可以是存储器。The processing module 702 can be a processor or a controller, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application-specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example including one or more microprocessors Combination, combination of DSP and microprocessor, etc. The communication module 703 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces, such as an interface between a user plane entity and a control plane entity, a user plane entity, and a second distribution. Interfaces between functional entities, etc. The storage module 701 can be a memory.
当处理模块702为处理器,通信模块703为通信接口,存储模块701为存储器时,本申请实施例所涉及的用户面实体可以为图7B所示的用户面实体。When the processing module 702 is a processor, the communication module 703 is a communication interface, and the storage module 701 is a memory, the user plane entity involved in the embodiment of the present application may be the user plane entity shown in FIG. 7B.
参阅图7B所示,该用户面实体710包括:处理器712、通信接口713、存储器711。可选的,用户面实体710还可以包括总线714。其中,通信接口713、处理器712以及存储器711可以通过总线714相互连接;总线714可以是外设部件互连标准(Peripheral Component Interconnect,简称PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,简称EISA)总线等。所述总线714可以分为地址总线、数据总线、控制总线等。为便于表示,图7B中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 7B, the user plane entity 710 includes a processor 712, a communication interface 713, and a memory 711. Optionally, the user plane entity 710 may further include a bus 714. The communication interface 713, the processor 712, and the memory 711 may be connected to each other through a bus 714. The bus 714 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (abbreviated). EISA) bus and so on. The bus 714 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 7B, but it does not mean that there is only one bus or one type of bus.
图8A示出了上述实施例中所涉及的控制面实体的一种可能的结构示意图。控制面实体800包括:处理模块802和通信模块803。处理模块802用于对控制面实体的动作进行控制管理,例如,处理模块802用于支持控制面实体执行图4~图6中控制面实体执行的过程,和/或用于本文所描述的技术的其它过程。通信模块803用于支持控制面实体与用户面实体、第一分发功能实体或管理功能实体之间的通信。控制面实体还可以包括存储模块801,用于存储控制面实体的程序代码和数据。FIG. 8A shows a possible structural diagram of the control plane entity involved in the above embodiment. The control plane entity 800 includes a processing module 802 and a communication module 803. The processing module 802 is configured to control and manage the actions of the control plane entity, for example, the processing module 802 is configured to support the control plane entity to perform the process performed by the control plane entity in FIGS. 4-6, and/or for the techniques described herein Other processes. The communication module 803 is configured to support communication between the control plane entity and the user plane entity, the first distribution function entity, or the management function entity. The control plane entity may also include a storage module 801 for storing program code and data of the control plane entity.
其中,处理模块802可以是处理器或控制器,例如可以是CPU,通用处理器,DSP,ASIC,FPGA或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。通信模块803可以是通信接口、收发器、收发电路等,其中,通信接口是统称,可以包括一个或多个接口,例如控制面实体与用户面实体之间的接口,控制面实体与第一分发功能实体之间的接口等。存储模块801可以是存储器。The processing module 802 can be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA, or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like. The communication module 803 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces, such as an interface between a control plane entity and a user plane entity, a control plane entity and a first distribution. Interfaces between functional entities, etc. The storage module 801 can be a memory.
当处理模块802为处理器,通信模块803为通信接口,存储模块801为存储器时,本申请实施例所涉及的控制面实体可以为图8B所示的控制面实体。When the processing module 802 is a processor, the communication module 803 is a communication interface, and the storage module 801 is a memory, the control plane entity involved in the embodiment of the present application may be the control plane entity shown in FIG. 8B.
参阅图8B所示,该控制面实体810包括:处理器812、通信接口813、存储器811。可选的,控制面实体810还可以包括总线814。其中,通信接口813、处理器812以及存储器811可以通过总线814相互连接;总线814可以是PCI总线或EISA总线等。所述总线814可以分为地址总线、数据总线、控制总线等。为便于表示,图8B中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 8B, the control plane entity 810 includes a processor 812, a communication interface 813, and a memory 811. Optionally, the control plane entity 810 can also include a bus 814. The communication interface 813, the processor 812, and the memory 811 may be connected to each other through a bus 814; the bus 814 may be a PCI bus or an EISA bus or the like. The bus 814 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 8B, but it does not mean that there is only one bus or one type of bus.
图9A示出了上述实施例中所涉及的执法监听设备的一种可能的结构示意图。执法监听设备900包括:处理模块902和通信模块903。处理模块902用于对执法监听设备的动作进行控制管理,例如,处理模块902用于支持执法监听设备执行图4~图6中执法监听设备执行的过程,和/或用于本文所描述的技术的其它过程。通信模块903用于支持执法监听设备与第二分发功能实体、第一分发功能实体或管理功能实体之间的通信。执法监听设备 还可以包括存储模块901,用于存储执法监听设备的程序代码和数据。FIG. 9A is a schematic diagram showing a possible structure of the law enforcement listening device involved in the above embodiment. The law enforcement interception device 900 includes a processing module 902 and a communication module 903. The processing module 902 is configured to control and manage the actions of the law enforcement interception device, for example, the processing module 902 is configured to support the law enforcement interception device to perform the processes performed by the law enforcement listening device of FIGS. 4-6, and/or for the techniques described herein. Other processes. The communication module 903 is configured to support communication between the law enforcement interception device and the second distribution function entity, the first distribution function entity, or the management function entity. Law enforcement monitoring equipment A storage module 901 can also be included for storing program code and data of the law enforcement listening device.
其中,处理模块902可以是处理器或控制器,例如可以是CPU,通用处理器,DSP,ASIC,FPGA或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。通信模块903可以是通信接口、收发器、收发电路等,其中,通信接口是统称,可以包括一个或多个接口,例如执法监听设备与用户面实体之间的接口,执法监听设备与第一分发功能实体之间的接口等。存储模块901可以是存储器。The processing module 902 can be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like. The communication module 903 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name, and can include one or more interfaces, such as an interface between the law enforcement interception device and the user plane entity, the law enforcement interception device and the first distribution. Interfaces between functional entities, etc. The storage module 901 can be a memory.
当处理模块902为处理器,通信模块903为通信接口,存储模块901为存储器时,本申请实施例所涉及的执法监听设备可以为图9B所示的执法监听设备。When the processing module 902 is a processor, the communication module 903 is a communication interface, and the storage module 901 is a memory, the law enforcement monitoring device involved in the embodiment of the present application may be the law enforcement listening device shown in FIG. 9B.
参阅图9B所示,该执法监听设备910包括:处理器912、通信接口913、存储器911。可选的,执法监听设备910还可以包括总线914。其中,通信接口913、处理器912以及存储器911可以通过总线914相互连接;总线914可以是PCI总线或EISA总线等。所述总线914可以分为地址总线、数据总线、控制总线等。为便于表示,图9B中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 9B, the law enforcement interception device 910 includes a processor 912, a communication interface 913, and a memory 911. Alternatively, the law enforcement interception device 910 can also include a bus 914. The communication interface 913, the processor 912, and the memory 911 may be connected to each other through a bus 914; the bus 914 may be a PCI bus or an EISA bus or the like. The bus 914 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 9B, but it does not mean that there is only one bus or one type of bus.
图10A示出了上述实施例中所涉及的第一分发功能实体的一种可能的结构示意图。第一分发功能实体1000包括:处理模块1002和通信模块1003。处理模块1002用于对第一分发功能实体的动作进行控制管理,例如,处理模块1002用于支持第一分发功能实体执行图4~图6中第一分发功能实体执行的过程,和/或用于本文所描述的技术的其它过程。通信模块1003用于支持第一分发功能实体与第二分发功能实体、控制面实体、用户面实体、执法监听设备或管理功能实体之间的通信。第一分发功能实体还可以包括存储模块1001,用于存储第一分发功能实体的程序代码和数据。FIG. 10A is a schematic diagram showing a possible structure of the first distribution function entity involved in the above embodiment. The first distribution function entity 1000 includes a processing module 1002 and a communication module 1003. The processing module 1002 is configured to control and manage the actions of the first distribution function entity. For example, the processing module 1002 is configured to support the first distribution function entity to perform the process performed by the first distribution function entity in FIG. 4 to FIG. 6, and/or Other processes of the techniques described herein. The communication module 1003 is configured to support communication between the first distribution function entity and the second distribution function entity, the control plane entity, the user plane entity, the law enforcement interception device, or the management function entity. The first distribution function entity may further include a storage module 1001 for storing program codes and data of the first distribution function entity.
其中,处理模块1002可以是处理器或控制器,例如可以是CPU,通用处理器,DSP,ASIC,FPGA或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。通信模块1003可以是通信接口、收发器、收发电路等,其中,通信接口是统称,可以包括一个或多个接口,例如第一分发功能实体与控制面实体之间的接口,第一分发功能实体与用户面实体之间的接口等。存储模块1001可以是存储器。The processing module 1002 may be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like. The communication module 1003 may be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name, and may include one or more interfaces, such as an interface between the first distribution function entity and the control plane entity, and the first distribution function entity Interfaces with user plane entities, etc. The storage module 1001 may be a memory.
当处理模块1002为处理器,通信模块1003为通信接口,存储模块1001为存储器时,本申请实施例所涉及的第一分发功能实体可以为图10B所示的第一分发功能实体。When the processing module 1002 is a processor, the communication module 1003 is a communication interface, and the storage module 1001 is a memory, the first distribution function entity involved in the embodiment of the present application may be the first distribution function entity shown in FIG. 10B.
参阅图10B所示,该第一分发功能实体1010包括:处理器1012、通信接口1013、存储器1011。可选的,第一分发功能实体1010还可以包括总线1014。其中,通信接口1013、处理器1012以及存储器1011可以通过总线1014相互连接;总线1014可以是PCI总线或EISA总线等。所述总线1014可以分为地址总线、数据总线、控制总线等。为便于表示,图10B中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 10B, the first distribution function entity 1010 includes a processor 1012, a communication interface 1013, and a memory 1011. Optionally, the first distribution function entity 1010 may further include a bus 1014. The communication interface 1013, the processor 1012, and the memory 1011 may be connected to each other through a bus 1014; the bus 1014 may be a PCI bus or an EISA bus or the like. The bus 1014 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 10B, but it does not mean that there is only one bus or one type of bus.
图11A示出了上述实施例中所涉及的第二分发功能实体的一种可能的结构示意图。第 二分发功能实体1100包括:处理模块1102和通信模块1103。处理模块1102用于对第二分发功能实体的动作进行控制管理,例如,处理模块1102用于支持第二分发功能实体执行图4~图6中第二分发功能实体执行的过程,和/或用于本文所描述的技术的其它过程。通信模块1103用于支持第二分发功能实体与第一分发功能实体、用户面实体、执法监听设备或管理功能实体之间的通信。第二分发功能实体还可以包括存储模块1101,用于存储第二分发功能实体的程序代码和数据。FIG. 11A is a schematic diagram showing a possible structure of a second distribution function entity involved in the above embodiment. First The second distribution function entity 1100 includes a processing module 1102 and a communication module 1103. The processing module 1102 is configured to control and manage the actions of the second distribution function entity. For example, the processing module 1102 is configured to support the second distribution function entity to perform the process performed by the second distribution function entity in FIG. 4 to FIG. 6, and/or Other processes of the techniques described herein. The communication module 1103 is configured to support communication between the second distribution function entity and the first distribution function entity, the user plane entity, the law enforcement interception device, or the management function entity. The second distribution function entity may further include a storage module 1101 for storing program codes and data of the second distribution function entity.
其中,处理模块1102可以是处理器或控制器,例如可以是CPU,通用处理器,DSP,ASIC,FPGA或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。通信模块1103可以是通信接口、收发器、收发电路等,其中,通信接口是统称,可以包括一个或多个接口,例如第二分发功能实体与控制面实体之间的接口,第二分发功能实体与用户面实体之间的接口等。存储模块1101可以是存储器。The processing module 1102 can be a processor or a controller, such as a CPU, a general purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like. The communication module 1103 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name, and can include one or more interfaces, such as an interface between the second distribution function entity and the control plane entity, and the second distribution function entity Interfaces with user plane entities, etc. The storage module 1101 can be a memory.
当处理模块1102为处理器,通信模块1103为通信接口,存储模块1101为存储器时,本申请实施例所涉及的第二分发功能实体可以为图11B所示的第二分发功能实体。When the processing module 1102 is a processor, the communication module 1103 is a communication interface, and the storage module 1101 is a memory, the second distribution function entity involved in the embodiment of the present application may be the second distribution function entity shown in FIG. 11B.
参阅图11B所示,该第二分发功能实体1110包括:处理器1112、通信接口1113、存储器1111。可选的,第二分发功能实体1110还可以包括总线1114。其中,通信接口1113、处理器1112以及存储器1111可以通过总线1114相互连接;总线1114可以是PCI总线或EISA总线等。所述总线1114可以分为地址总线、数据总线、控制总线等。为便于表示,图11B中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 11B, the second distribution function entity 1110 includes a processor 1112, a communication interface 1113, and a memory 1111. Optionally, the second distribution function entity 1110 may further include a bus 1114. The communication interface 1113, the processor 1112, and the memory 1111 may be connected to each other through a bus 1114; the bus 1114 may be a PCI bus or an EISA bus or the like. The bus 1114 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in FIG. 11B, but it does not mean that there is only one bus or one type of bus.
类似的,本申请实施例所涉及的管理功能实体也可以具有与图7A或图7B相似的结构,可执行上述方法示例中所涉及的管理功能实体的行为,具体内容可以参照图7A或图7B中的详细介绍,此处不作赘述。Similarly, the management function entity involved in the embodiment of the present application may also have a structure similar to that of FIG. 7A or FIG. 7B, and may perform the behavior of the management function entity involved in the foregoing method example. For details, refer to FIG. 7A or FIG. 7B. The detailed introduction is not repeated here.
结合本申请实施例公开内容所描述的方法或者算法的步骤可以硬件的方式来实现,也可以是由处理器执行软件指令的方式来实现。软件指令可以由相应的软件模块组成,软件模块可以被存放于随机存取存储器(Random Access Memory,RAM)、闪存、只读存储器(Read Only Memory,ROM)、可擦除可编程只读存储器(Erasable Programmable ROM,EPROM)、电可擦可编程只读存储器(Electrically EPROM,EEPROM)、寄存器、硬盘、移动硬盘、只读光盘(CD-ROM)或者本领域熟知的任何其它形式的存储介质中。一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于ASIC中。另外,该ASIC可以位于用户面实体、控制面实体、第一分发功能实体、第二分发功能实体或执法监听设备中。当然,处理器和存储介质也可以作为分立组件存在于用户面实体、控制面实体、第一分发功能实体、第二分发功能实体或执法监听设备中。The steps of the method or algorithm described in connection with the disclosure of the embodiments of the present application may be implemented in a hardware manner, or may be implemented by a processor executing software instructions. The software instructions may be composed of corresponding software modules, which may be stored in a random access memory (RAM), a flash memory, a read only memory (ROM), an erasable programmable read only memory ( Erasable Programmable ROM (EPROM), electrically erasable programmable read only memory (EEPROM), registers, hard disk, removable hard disk, compact disk read only (CD-ROM) or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor to enable the processor to read information from, and write information to, the storage medium. Of course, the storage medium can also be an integral part of the processor. The processor and the storage medium can be located in an ASIC. Additionally, the ASIC can be located in a user plane entity, a control plane entity, a first distribution function entity, a second distribution function entity, or a law enforcement listening device. Of course, the processor and the storage medium may also exist as discrete components in the user plane entity, the control plane entity, the first distribution function entity, the second distribution function entity, or the law enforcement interception device.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product.
所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机 程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存储的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk(SSD))等。 The computer program product includes one or more computer instructions. Loading and executing the computer on a computer The program or function described in the embodiment of the present application is generated in whole or in part when the program is instructed. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.). The computer readable storage medium can be any available media that can be stored by a computer or a data storage device such as a server, data center, or the like that includes one or more available media. The usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a solid state disk (SSD)).

Claims (21)

  1. 一种用于合法监听的数据处理方法,其特征在于,包括:A data processing method for lawful interception, comprising:
    用户面实体接收控制面实体发送的监听管理信息,所述监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息;The user plane entity receives the interception management information sent by the control plane entity, where the interception management information includes destination address information of the user plane information in the packet data header event for legal interception;
    所述控制面实体根据上下文生成所述分组数据头事件中的控制面信息;The control plane entity generates control plane information in the packet data header event according to a context;
    所述控制面实体向第一分发功能实体发送所述分组数据头事件中的控制面信息;Transmitting, by the control plane entity, control plane information in the packet data header event to the first distribution function entity;
    所述用户面实体根据所述目的地址信息,向第二分发功能实体发送所述分组数据头事件中的用户面信息。The user plane entity sends the user plane information in the packet data header event to the second distribution function entity according to the destination address information.
  2. 根据权利要求1所述的数据处理方法,其特征在于,所述监听管理信息还包括关联信息。The data processing method according to claim 1, wherein the monitoring management information further comprises associated information.
  3. 根据权利要求2所述的数据处理方法,其特征在于,所述关联信息包括相关标识或相关系数或序列。The data processing method according to claim 2, wherein the association information comprises a correlation identifier or a correlation coefficient or a sequence.
  4. 根据权利要求2或3所述的数据处理方法,所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息中携带所述关联信息,所述关联信息用于关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。The data processing method according to claim 2 or 3, wherein the user plane information in the packet header event and the control plane information in the packet header event carry the association information, and the association information is used for association User plane information in the packet data header event and control plane information in the packet header event.
  5. 根据权利要求4所述的数据处理方法,其特征在于,在所述第二分发功能实体接收所述用户面实体发送的所述分组数据头事件中的用户面信息之后,还包括:The data processing method according to claim 4, further comprising: after the second distribution function entity receives the user plane information in the packet header event sent by the user plane entity, further comprising:
    所述第二分发功能实体向执法监听设备发送所述分组数据头事件中的用户面信息;Transmitting, by the second distribution function entity, user plane information in the packet data header event to the law enforcement interception device;
    在所述第一分发功能实体接收所述控制面实体发送的所述分组数据头事件中的控制面信息之后,还包括:After the first distribution function entity receives the control plane information in the packet data header event sent by the control plane entity, the method further includes:
    所述第一分发功能实体向所述执法监听设备发送所述分组数据头事件中的控制面信息;Transmitting, by the first distribution function entity, control plane information in the packet data header event to the law enforcement interception device;
    所述执法监听设备根据所述关联信息关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。The law enforcement intercepting device associates user plane information in the packet data header event with control plane information in the packet data header event according to the association information.
  6. 根据权利要求4所述的数据处理方法,其特征在于,在所述第二分发功能实体接收所述分组数据头事件中的用户面信息之后,还包括:The data processing method according to claim 4, further comprising: after the second distribution function entity receives the user plane information in the packet data header event, further comprising:
    所述第二分发功能实体向所述第一分发功能实体发送所述分组数据头事件中的用户面信息;Transmitting, by the second distribution function entity, user plane information in the packet data header event to the first distribution function entity;
    所述第一分发功能实体根据所述关联信息关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。The first distribution function entity associates user plane information in the packet data header event with control plane information in the packet header event according to the association information.
  7. 根据权利要求5或6所述的数据处理方法,其特征在于,在所述控制面实体向所述用户面实体发送所述监听管理信息之前,The data processing method according to claim 5 or 6, wherein before the control plane entity sends the interception management information to the user plane entity,
    所述控制面实体接收管理功能实体发送的第一监听激活消息,所述第一监听激活消息用于指示所述控制面实体监听所述分组数据头事件。The control plane entity receives a first interception activation message sent by the management function entity, where the first interception activation message is used to instruct the control plane entity to listen to the packet data header event.
  8. 根据权利要求5或6所述的数据处理方法,其特征在于,在所述控制面实体向所述用户面实体发送所述监听管理信息之前,The data processing method according to claim 5 or 6, wherein before the control plane entity sends the interception management information to the user plane entity,
    所述第二分发功能实体接收所述管理功能实体发送的第二监听激活消息,所述第二监 听激活消息用于指示所述第二分发功能实体转发所述用户面实体发送的所述分组数据头事件中的用户面信息。Receiving, by the second distribution function entity, a second monitoring activation message sent by the management function entity, where the second monitoring The listening activation message is used to instruct the second distribution function entity to forward user plane information in the packet data header event sent by the user plane entity.
  9. 根据权利要求5或6所述的数据处理方法,其特征在于,在所述控制面实体向所述用户面实体发送所述监听管理信息之前,The data processing method according to claim 5 or 6, wherein before the control plane entity sends the interception management information to the user plane entity,
    所述第一分发功能实体接收所述管理功能实体发送的第三监听激活消息,所述第三监听激活消息用于指示所述第一分发功能实体关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。Receiving, by the first distribution function entity, a third interception activation message sent by the management function entity, where the third interception activation message is used to instruct the first distribution function entity to associate user plane information in the packet data header event And control plane information in the packet header event.
  10. 根据权利要求1-9中任一项所述的数据处理方法,其特征在于,所述第一监听激活消息具体用于指示所述控制面实体监听所述分组数据头事件和通信内容,在所述用户面实体接收所述控制面实体发送的监听管理信息之后,还包括:The data processing method according to any one of claims 1 to 9, wherein the first interception activation message is specifically configured to instruct the control plane entity to listen to the packet data header event and communication content. After receiving the monitoring management information sent by the control plane entity, the user plane entity further includes:
    所述用户面实体向所述第二分发功能实体发送所述通信内容。The user plane entity sends the communication content to the second distribution function entity.
  11. 一种通信系统,其特征在于,所述系统包括用户面实体和控制面实体,所述用户面实体用于:A communication system, characterized in that the system comprises a user plane entity and a control plane entity, the user plane entity being used for:
    接收所述控制面实体发送的监听管理信息,所述监听管理信息包括用于合法监听的分组数据头事件中的用户面信息的目的地址信息;Receiving, by the control plane entity, the interception management information, where the interception management information includes destination address information of the user plane information in the packet data header event for legal interception;
    根据所述目的地址信息,向所述第二分发功能实体发送所述分组数据头事件中的用户面信息;Transmitting user plane information in the packet data header event to the second distribution function entity according to the destination address information;
    所述控制面实体用于:The control plane entity is used to:
    根据上下文生成所述分组数据头事件中的控制面信息;Generating control plane information in the packet data header event according to a context;
    向所述第一分发功能实体发送所述分组数据头事件中的控制面信息。The control plane information in the packet header event is sent to the first distribution function entity.
  12. 根据权利要求11所述的通信系统,其特征在于,所述监听管理信息还包括关联信息。The communication system according to claim 11, wherein said monitoring management information further comprises associated information.
  13. 根据权利要求12所述的通信系统,所述关联信息包括相关标识或相关系数或序列。The communication system of claim 12, the associated information comprising a correlation identification or correlation coefficient or sequence.
  14. 根据权利要求12或13所述的通信系统,其特征在于,所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息中携带所述关联信息,所述关联信息用于关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。The communication system according to claim 12 or 13, wherein the user plane information in the packet header event and the control plane information in the packet header event carry the association information, the association information Used to associate user plane information in the packet header event and control plane information in the packet header event.
  15. 根据权利要求14所述的通信系统,其特征在于,所述通信系统还包括所述第二分发功能实体和所述第一分发功能实体和执法监听设备,所述第二分发功能实体用于:The communication system according to claim 14, wherein said communication system further comprises said second distribution function entity and said first distribution function entity and law enforcement interception device, said second distribution function entity being:
    向所述执法监听设备发送所述分组数据头事件中的用户面信息;Transmitting user plane information in the packet data header event to the law enforcement interception device;
    所述第一分发功能实体用于:The first distribution function entity is used to:
    向所述执法监听设备发送所述分组数据头事件中的控制面信息;Sending control plane information in the packet data header event to the law enforcement interception device;
    所述执法监听设备用于:The law enforcement interception device is used to:
    根据所述关联信息关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。User plane information in the packet header event and control plane information in the packet header event are associated according to the association information.
  16. 根据权利要求14所述的通信系统,其特征在于,所述通信系统还包括所述第二分发功能实体和所述第一分发功能实体,所述第二分发功能用于:The communication system according to claim 14, wherein said communication system further comprises said second distribution function entity and said first distribution function entity, said second distribution function being:
    向所述第一分发功能实体发送所述分组数据头事件中的用户面信息; Transmitting user plane information in the packet data header event to the first distribution function entity;
    所述第一分发功能实体用于:The first distribution function entity is used to:
    根据所述关联信息关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。User plane information in the packet header event and control plane information in the packet header event are associated according to the association information.
  17. 根据权利要求15或16所述的通信系统,其特征在于,所述控制面实体还用于:The communication system according to claim 15 or 16, wherein the control plane entity is further configured to:
    接收所述管理功能实体发送的第一监听激活消息,所述第一监听激活消息用于指示所述控制面实体监听所述分组数据头事件。And receiving, by the management function entity, a first interception activation message, where the first interception activation message is used to instruct the control plane entity to listen to the packet data header event.
  18. 根据权利要求15或16所述的通信系统,其特征在于,所述第二分发功能实体还用于:The communication system according to claim 15 or 16, wherein the second distribution function entity is further configured to:
    接收所述管理功能实体发送的第二监听激活消息,所述第二监听激活消息用于指示所述第二分发功能实体转发所述用户面实体发送的所述分组数据头事件中的用户面信息。Receiving a second interception activation message sent by the management function entity, where the second interception activation message is used to instruct the second distribution function entity to forward user plane information in the packet data header event sent by the user plane entity .
  19. 根据权利要求15或16所述的通信系统,其特征在于,所述第一分发功能实体还用于:The communication system according to claim 15 or 16, wherein the first distribution function entity is further configured to:
    接收所述管理功能实体发送的第三监听激活消息,所述第三监听激活消息用于指示所述第一分发功能实体关联所述分组数据头事件中的用户面信息和所述分组数据头事件中的控制面信息。Receiving a third interception activation message sent by the management function entity, where the third interception activation message is used to instruct the first distribution function entity to associate user plane information and the packet data header event in the packet data header event Control surface information in .
  20. 根据权利要求10-19中任一项所述的通信系统,其特征在于,所述第一监听激活消息具体用于指示所述控制面实体监听所述分组数据头事件和通信内容,所述用户面实体还用于:The communication system according to any one of claims 10 to 19, wherein the first interception activation message is specifically configured to instruct the control plane entity to listen to the packet data header event and communication content, the user Face entities are also used to:
    向所述第二分发功能实体发送所述通信内容。Transmitting the communication content to the second distribution function entity.
  21. 一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得所述计算机执行如权利要求1-10所述的方法。 A computer readable storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of claims 1-10.
PCT/CN2017/072594 2017-01-25 2017-01-25 Data processing method and communication system for lawful interception WO2018137171A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/072594 WO2018137171A1 (en) 2017-01-25 2017-01-25 Data processing method and communication system for lawful interception

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/072594 WO2018137171A1 (en) 2017-01-25 2017-01-25 Data processing method and communication system for lawful interception

Publications (1)

Publication Number Publication Date
WO2018137171A1 true WO2018137171A1 (en) 2018-08-02

Family

ID=62977841

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/072594 WO2018137171A1 (en) 2017-01-25 2017-01-25 Data processing method and communication system for lawful interception

Country Status (1)

Country Link
WO (1) WO2018137171A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141761A (en) * 2007-09-30 2008-03-12 华为技术有限公司 Monitoring method, system and device
WO2009102245A1 (en) * 2008-02-14 2009-08-20 Telefonaktiebolaget Lm Ericsson (Publ) Lawful interception of non-local subscribers
US20120155333A1 (en) * 2010-12-17 2012-06-21 Electronics And Telecommunications Research Institute Of Daejeon Appratus and method for lawful interception
CN102577316A (en) * 2011-12-29 2012-07-11 华为技术有限公司 Method, device and system of data interception

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101141761A (en) * 2007-09-30 2008-03-12 华为技术有限公司 Monitoring method, system and device
WO2009102245A1 (en) * 2008-02-14 2009-08-20 Telefonaktiebolaget Lm Ericsson (Publ) Lawful interception of non-local subscribers
US20120155333A1 (en) * 2010-12-17 2012-06-21 Electronics And Telecommunications Research Institute Of Daejeon Appratus and method for lawful interception
CN102577316A (en) * 2011-12-29 2012-07-11 华为技术有限公司 Method, device and system of data interception

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
OTD: "Discussion on Lawful Interception in split architectures", SA WG3-LI MEETING #61 S3I-160172, 24 April 2016 (2016-04-24), pages 1 - 3, XP055531021 *

Similar Documents

Publication Publication Date Title
US9979818B2 (en) Caller ID verification
WO2018153305A1 (en) Security early-warning method applied to network payment, computer device and storage medium
US10686832B2 (en) Dynamic allocation of a signal receiver for dissemination of threat information
US10313290B2 (en) System and method for communicating electronic health information
US11528205B2 (en) Tunneled monitoring service and method
CN110188121B (en) Service data monitoring method, device, computer equipment and storage medium
US20210314434A1 (en) Active Call Verification to Prevent Falsified Caller Information
EP2887625A1 (en) Method for real-time reporting and prevention of call abuse
WO2020259515A1 (en) Method and device for obtaining calling chain of tcp application
KR20140101787A (en) Apparatus and method for performing lawful intercept in group calls
CN111064607A (en) Management method, device and storage medium of network operation and maintenance system
US20160197921A1 (en) Secure Data Transmission System
KR101586595B1 (en) Apparatus and method for performing precognitive lawful intercept in group calls
US20240106815A1 (en) Licensing verification message
CN112287364A (en) Data sharing method, device, system, medium and electronic equipment
EP3029917B1 (en) Method for telecommunication device monitoring
WO2012089050A1 (en) Interception apparatus, interception method, and system
WO2018137171A1 (en) Data processing method and communication system for lawful interception
KR20150079724A (en) Device monitoring using multiple servers optimized for different types of communications
WO2012105883A1 (en) Method for malicious attacks monitoring
TWI520548B (en) Information System and Its Method of Confidential Data Based on Packet Analysis
US11824782B2 (en) Rate limiter for database access
WO2021027505A1 (en) Smart contract-based data processing method, and related device
CN105574395A (en) Account security system and method for cloud computing
US11805201B2 (en) Call processing apparatus, call processing method, call processing system and call processing program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17894376

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17894376

Country of ref document: EP

Kind code of ref document: A1