[go: up one dir, main page]

WO2008009234A1 - Method for identifying abuse of emergency bearer resources, device and system thereof - Google Patents

Method for identifying abuse of emergency bearer resources, device and system thereof Download PDF

Info

Publication number
WO2008009234A1
WO2008009234A1 PCT/CN2007/070278 CN2007070278W WO2008009234A1 WO 2008009234 A1 WO2008009234 A1 WO 2008009234A1 CN 2007070278 W CN2007070278 W CN 2007070278W WO 2008009234 A1 WO2008009234 A1 WO 2008009234A1
Authority
WO
WIPO (PCT)
Prior art keywords
bearer
emergency
message
application
layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2007/070278
Other languages
French (fr)
Chinese (zh)
Inventor
Peng Zhao
Fenqin Zhu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2008009234A1 publication Critical patent/WO2008009234A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/12Arrangements for interconnection between switching centres for working between exchanges having different types of switching equipment, e.g. power-driven and step by step or decimal and non-decimal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2242/00Special services or facilities
    • H04M2242/04Special services or facilities for emergency applications

Definitions

  • the present invention relates to the field of communication technologies, and in particular, to a method, device and system for identifying abuse of emergency bearer resources in an IP Multimedia Subsystem (IMS, Internet M ltiedia Subsystem).
  • IMS IP Multimedia Subsystem
  • IMS Internet M ltiedia Subsystem
  • the user In an emergency state, the user will use the user equipment (UE, User Equipment) to call the Public Safety Answering Point (PSAP) for assistance.
  • PSAP Public Safety Answering Point
  • the PSAP may also initiate a callback to the user after the user hangs up, in order to learn more. Information.
  • the emergency service mentioned in this article refers to the situation where the user initiates an emergency call, and may also include the case where the PSAP calls the user. Of course, the PSAP callback may not be included.
  • FIG. 1 shows the overall process framework of an existing IMS domain emergency call.
  • the solid line in the figure indicates the emergency call initiated by the UE, and the dotted line indicates the call initiated by the PSAP.
  • the emergency call initiated by the UE 10 passes through a GPRS Gateway Support Node (GGSN) 20, a Proxy Call Session Control Function (P-CSCF) entity 40, and an Emergency Call Session Control Function (E-CSCF)
  • GGSN GPRS Gateway Support Node
  • P-CSCF Proxy Call Session Control Function
  • E-CSCF Emergency Call Session Control Function
  • S-CSCF Serving Call Session Control Function
  • the E-CSCF sends the signaling to the S-CSCF to the PSAP and PS AJP.
  • the control function (MGCF, Media Gatewa Control Function) entity performs conversion. If the PSAP is in the IP domain, it does not need to go through.] GC
  • the policy decision function PDF, Policy Decision Functio entity is used to manage the resource.
  • MGCF1 and PSAP are roaming, but when PSAP calls back, there are two possibilities.
  • FIG. 2 is a schematic diagram of a management process of an existing IMS bearer resource.
  • Steps 101 - 102 after the user decides to initiate a call, firstly, by initiating an application for the bearer resource of the other side, generally, a request for creating a group data protocol (create PDF) is sent to the GGSN, and if it is the resource for the emergency service application, The request will carry an emergency bearer indication, such as an emergency bearer ID or an emergency access point name (APIs!, Access Pomi Name).
  • an emergency bearer indication such as an emergency bearer ID or an emergency access point name (APIs!, Access Pomi Name).
  • Steps 103 to 104 the UE sends a SIP request (i TVlTE) message using the applied bearer resource, and the destination address of the IP packet is the P-CSCF.
  • the message is transited through the GGSN. If the emergency call is performed, the INVITE is read.
  • the message contains an emergency service indication.
  • Steps 105 ⁇ 306 the P-CSCF forwards the i request to other devices, such as the E-CSCF, to establish an emergency call, and then receives the INVITE 200 message.
  • the P-CSCF sends the user connection information (such as the address port and the like) and the quality of service (QoS) information (such as bandwidth) obtained in the INVITE and the 200 to the PDF, usually using The AAR (AA-Request) message of the Diamter protocol, after which the response message from the PDF is received, and the AAA (AA-Answer) message of Diiffl ter is usually used. If the message is the first response message of the session, then the message is in the message. Must carry a Token, which identifies the PDF and this session
  • Steps 109 ⁇ 10 the P-CSCF forwards the 200 message received in step 106 to the UE through the GGSN. If the Token has not been carried before, the Tbken needs to be added to the 200 message.
  • Step 1 After receiving the message sent by the P-CSCF, the UE initiates a resource application process for the media information according to the obtained connection information and QoS information. This is a process of creating or updating a PDP, and the UE sends the create.
  • the PDP message carries a Token. If it is an emergency bearer request, the read message will contain an indication. The GGSN can know that this is an emergency service bearer request. The above indication may be the applied emergency bearer resource.
  • the association relationship may also be an emergency bearer identifier: - Step Bu Xing 112, after receiving the application message, the GGSN initiates an authentication request for the bearer resource to the PDF according to the Token therein, usually a general open policy service protocol (COPS) , Common Open Policy Service Protocol) REQ message (COPS REQtiest message).
  • COPS general open policy service protocol
  • COQ Common Open Policy Service Protocol
  • Step 113 the PDF sends related user connection information, QoS information and other information to
  • COPS DECision message COPS DEC message
  • Step 114 The GGSN checks the resource of the bearer application according to the received DEC message, for example, checks whether the IP address port and the bandwidth information meet the requirements of the application layer, and if yes, allocates bearer resources to the UE in the access network, and simultaneously gives the UE Send a response message that carries a resource request.
  • Step 1 ⁇ 5 if the bearer application is successful, IJE will send data to make a call, and the data packet will be transmitted to the GGSN, whose destination address is the relevant media device.
  • Step 1] 6 The GGSN forwards the data packet to the destination media device of the packet, where the media device includes the media device controlled by the PSAP and the media device controlled by the MGCF.
  • the indication that the resource requested by the UE is an emergency bearer is: an emergency identification field, or a global dedicated emergency, or an index that can be associated with an existing emergency bearer.
  • the existing emergency service adopts the following methods: First, configure filtering for the emergency ⁇ on the GGSN, and only allow the IP packet carrying the specified address of the P-CSCF for emergency call to pass through the GGSN, and ensure that the UE issues the IP packets can only reach the P-CSCF for emergency calls, and can only receive IP packets from these addresses. If it is for the emergency service to apply for the bearer resources, then at the time of application, the steps 01 and m in Figure 2 will carry the emergency bearer indication.
  • the GGSN When the GGSN receives the bearer resources applied for from these addresses, it will use the filtering rules to filter all the packets. The processing takes place in step 104, step 110 and step 1]6
  • the emergency bearer resources generally enjoy higher priority and QoS than the normal bearer resources. Even in the case of ordinary calls, because the roaming restrictions do not allow the use of bearer resources, the emergency bearer resources can be used, and the emergency call using the emergency bearer resources is also used. It is possible that the bearer layer is free, but the function of the GGSN is only to forward the IP packets sent by the UE, and does not parse the application layer content.
  • the filtering rules can restrict the IP packets sent by the UE to only reach certain specific emergency services.
  • the P-CSCF does not restrict the P-CSCF from parsing the received content. Otherwise, it still performs emergency service processing, so that the user may apply for emergency bearer resources when accessing the GGSN, and use it in the upper house application. Ordinary calls, so that you can evade billing and roaming restrictions on the access side, resulting in the abuse of emergency bearer resources.
  • the present invention provides a method and apparatus for identifying abuse of emergency bearer resources in an IMS. And systems to prevent abuse of emergency bearer resources.
  • a method for identifying an overflow emergency resource in an iMS comprising:
  • the intermediate entity for transmitting information determines that the bearer layer uses the emergency bearer, it checks whether the application layer is an emergency service;
  • a device for identifying abuse of emergency load resources in an IMS including:
  • a message receiving unit configured to receive a message or an application message from the same session during the call setup process
  • An emergency bearer identifying unit configured to check whether the bearer layer uses an emergency bearer according to the message or the application signaling
  • An emergency service identification unit configured to check whether the application layer is an emergency service by using the message or the application signaling
  • the determining unit determines, according to the check result of the emergency bearer identifying unit and the emergency service identifying unit, that the emergency bearer is used in the bearer layer, but the application is non-emergency service, determining the call abuse emergency bearer Resources.
  • a system for identifying abuse of emergency bearer resources in an IMS including an access side bearer control IP gateway and an application layer server,
  • the access-side bearer control device includes a resource allocation device, configured to allocate resources for the user terminal during the call setup process, including allocating related resources defined by the reserved bearer layer for the user applying for the emergency service bearer;
  • the application layer server includes an identifying device, configured to identify, according to the application signaling received by the application layer server, whether an application that uses the related resource defined by the bearer is abusing the emergency bearer resource.
  • the intermediate entity for transmitting information determines that the same service related request is used, for example, the bearer layer uses the emergency bearer, and then determines whether the application layer is an emergency service request, and if it is a non-emergency service request. Then, the call is judged to abuse the emergency bearer resources.
  • the present invention can be quickly and effectively identify misuse of the emergency call bearer resources, thus ensuring emergency bearer resources can be applied to emergency service, to avoid the abuse of emergency bearer resources 3 ⁇ 4
  • DRAWINGS Figure 1 Flowchart diagram of an emergency call for an existing IMS domain
  • FIG. 2 is a schematic diagram of a management process of an existing MS bearer resource
  • FIG. 3 is a schematic diagram of a bearer resource management process according to a first embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a bearer resource management process according to a second embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention.
  • FIG. 6 is a schematic diagram of a management process of a bearer resource according to a fourth embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a bearer resource management process according to a fifth embodiment of the present invention.
  • FIG. 8 is a schematic diagram of an apparatus for identifying abuse of emergency bearer resources in an IMS according to an embodiment of the present invention
  • FIG. 9 is a schematic diagram of a system for identifying abuse of emergency bearer resources in an IMS according to an embodiment of the present invention.
  • the intermediate entity for transmitting information learns the emergency attribute information of the bearer layer and the application layer. If the bearer layer uses the emergency bearer, it checks whether the application layer is an emergency service. For non-emergency services, it is determined that the abuse of emergency bearer resources is requested.
  • the emergency attribute information includes: carrying an emergency indication and a service emergency indication
  • the foregoing intermediate entity for transmitting information may be an access bearer control gateway, such as a GGSN, a packet data serving node (PDSN), etc., and may also be an FDF or an application server, etc., of course, not limited to this and a message from the application layer.
  • the emergency service indication in the middle can be generated according to the emergency service indication inserted in the session creation message.
  • 3 and 4 are two specific embodiments based on the method of the present invention.
  • an emergency call is initiated by the UE, and the GGSN determines whether the message carrying the application and the application all contain an emergency indication.
  • Step 201 The UE initiates a session INVITE request. If the emergency service is performed, the NVITE request carries an emergency service indication to indicate that the request is an emergency service.
  • the emergency service indication may be a header field or a header field in the INVITE message.
  • Steps 202 to 203 after receiving the request, the P-CSCF checks whether the message contains an emergency service indication. If yes, the P-CSCF locally marks the session as an emergency service, and routes the request to the specified media device. For example, E-CSCF performs processing. If not, it does not need to be marked. P-CSCF is normal. After the message is forwarded to the il' request, the P-CSCF receives the feedback 200 response message.
  • Step 204 The P-CSCF sends an AAR message to the PDF. If the P-CSCF marks that the session is an emergency service, the AAR message carries an emergency service indication, and the read indication may be a field in the AAR message, otherwise the AAR message No need to carry emergency business instructions
  • Step 205 The PDF sends a response message AAA to the P-CSCF. If it is the first response message of the session, the message must carry a Tke.
  • the Token identifies the PDF and the current session.
  • Step 206 After receiving the AAA message returned by the PDF, the P-CSCF transmits the response to the 200
  • Step 207 After receiving the message sent by the P-CSCF, the UE sends a message to the GGSN according to the obtained user connection information and QoS information, which is a process of creating or updating a PDP, where the message carries If the Tote is for the emergency service application bearer, the application message needs to carry an emergency bearer indication to indicate that the application is an urgent bearer resource, and the emergency bearer indication may be an emergency identifier field, a global dedicated emergency APN, or An index that can be linked to an existing emergency bearer
  • Step 208 After receiving the application message, the GGSN initiates an authentication request for the bearer resource, usually a COPS REQ message, according to 'Ibl en.
  • Step 209 The FDF sends a DEC message to the GGSN.
  • the PDF receives an emergency service indication from the application layer from the P-CSCF, that is, the received AAR message includes an emergency service indication, and then the sent The DEC message also carries an emergency service indication. Otherwise, no urgent service indication is added to the transmitted PDF message.
  • Step 210 After receiving the DEC message, the GGSN first checks whether the user carries the emergency bearer indication in the resource application process. If yes, it checks whether the received DEC message also contains an emergency service indication, such as a DEC message. If the emergency service indication is not included, the GGSN determines that the emergency bearer resource is abused. After that, the GGSN may perform related processing, such as blocking the current call flow, and performing corresponding records, etc.; if the received I3.EC message contains an emergency service indication, Then continue the normal process, which means that the call is indeed an emergency call process.
  • an emergency service indication such as a DEC message.
  • the present embodiment initiates a call back to the UE by a media device such as a PSAP, and the PDF determines whether the message of the bearer layer and the application layer all contain an emergency indication, and currently considers that the PSAP callback is also an emergency service.
  • the P-CSCF receives the INVITE used to call the UE.
  • Step 302 If the P-CSCF recognizes that the request is a PSAP call, the P-CSCF will carry an emergency service indication in the AAR message sent to the PDF. If not, the emergency service indication is not carried, and the specific identification method may be Identify whether the emergency indication header field is included in the INVITE, or according to the identity of the calling user in the INVITE.
  • Step 303 the PDF sends a response message to the P-CSCF.
  • AAA If it is the first response message of the session, the message must carry a Tbken, which identifies the PDF and the current session step 304, P- The CSCF forwards the INVITE request to the UE.
  • Step 305 After receiving the message sent by the P-CSCF, the UE sends a message carrying the resource request to the GGSN according to the obtained user connection information and QoS information.
  • This is a process of creating or updating a PDP, where the message carries a T3 ⁇ 4ken, if If the application is a bearer resource for the emergency service, the emergency bearer indication is also required to indicate that the application is an emergency bearer resource.
  • Step 306 After receiving the application message, the GGSN, according to the T ken, will initiate a REQ message carrying the resource authentication to the PDF. If the emergency bearer indication is carried in the application message, the emergency bearer indication will also be carried in the REQ message.
  • Step 307 after received PDF REQ message, checks that the message carries the emergency bearer indicating the bearer layer, the P-CSCF checks for this session sent by the message carrying an emergency service application layer indicating that there is:: as ⁇ No, the PDF determines that the emergency bearer resource is abused. After that, the relevant processing can be performed, such as blocking the current call flow and performing corresponding recording; if not, the normal process is continued, and the call is confirmed to be urgent. Call flow.
  • the above embodiment is used when the PSAP initiates a callback to the UE, and the PDF identifies the call that abuses the emergency bearer resource by determining whether the message of the bearer layer and the application house contains an emergency indication, and the emergency bearer resource is guaranteed only Can be applied to emergency services, avoiding the abuse of emergency bearer resources.
  • the embodiment of the present invention can also set a filtering rule for the bearer of the emergency service on the bearer layer gateway, and ensure that the data packet including the related resources defined by the bearer layer reserved for the emergency service is allowed.
  • the application layer server determines, according to the information of the protocol layer controlled by the bearer layer, whether the message is a bearer resource reserved for emergency services, and if so, the application layer server checks whether the request is an emergency service.
  • the bearer layer is a message that can be used by the emergency bearer, for example, a register message is judged, and the application layer determines whether it is In the case of emergency services, it can be judged by a register message, and the response of the register message and subsequent invite, message, etc.
  • the SIP message determines that the bearer layer control protocol includes at least: an IP, a transport layer protocol, such as UDP (User, User-Data Packet Protocol), TCP (Transmission Control Protoco!), port, AH (Authentication Header), ESP (: Encapsu ing Security Pay load), SPI (Security Parameter Index), etc.;
  • the method includes: an IP address of the UE, an address of the application server, a port provided by the application server, a transport layer protocol provided by the application server, an SPI allocated by the application server for the UE, and a possible combination thereof
  • the embodiment of the present invention further discloses a method for identifying abuse of emergency bearer resources in an IMS multi-media subsystem IMS: reserve a dedicated service port for a message of an emergency service on the P-CSCF, and determine from the Whether the port-related application layer message is an emergency service.
  • FIG. 5 it is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention, where the method includes the following steps:
  • an emergency bearer-dedicated port is reserved for the emergency service on the application server, such as the P-CSCF, for example, 9000.
  • the bearer control gateway of the system access side such as the GGSN
  • the filtering rule for example, only allows the 9000 port of the P-CSCF to pass the emergency bearer IP packet, and the other port of the P-CSCF that uses the emergency bearer does not allow the filtering. Rules can also allow media related to emergency services to pass
  • Step 402 The user sends a create group data protocol (create PDF:) request to the GGSN to apply for an emergency service bearer resource, where the request carries an emergency bearer indication, such as an emergency bearer identifier or an emergency APN.
  • create PDF create PDF
  • Step 403 The GGSN allocates an emergency bearer resource to the UE according to the emergency bearer indication, and if the UE is identified as an emergency bearer, and returns an application bearer resource to the IJE.
  • the source successfully responds, such as create PDF response, the response includes the source IP address assigned by the GGS to the UE, and may also include a remote IP address and end that can be accessed, wherein the remote IP address is the IP address of the P-CSCF.
  • the port is an emergency service dedicated port preset by the P-CSCF.
  • Step 404 The UE initiates a registration request message by using the applied emergency bearer resource, where the source IP address of the IP packet is the source IP address assigned by the GGS, and the destination address is the address of the P-CSCF.
  • the port is 9000; the format of the IP packet is the destination IP address + the IIDP port; if an emergency call is made, the message further includes an emergency service indication, where the emergency service indication may be the user's registration information, etc.
  • the read registration request message is transited by the GGSN.
  • the GGSN first checks the registration request message IP packet according to the filtering rule of the neck. If the packet is not sent to the 9000 port of the CSCF, the GGSN will determine the request. An illegal request; otherwise, step 405 is performed.
  • Step 405 The GGSN forwards the registration request message to the P-CSCF, and the P-CSCF receives the message through the 9000 port. At this time, the P-CSCF considers that the bearer used by the message is an emergency bearer.
  • Steps 406 to 407 the P-CSCF sends the registered request message to other servers, and the other servers return corresponding 401 response messages.
  • Steps 408 - 409 the P-CSCF allocates the port for the next communication to the UE, and the SP of the ESP protocol simultaneously marks that the request received through the next communication port is an emergency bearer message, and the message is 40]
  • the message is forwarded by the GGSN to the UE, where the 401 response message further includes a newly assigned port number and SPL of the P-CSCF.
  • Step 410 The UE re-initiates a registration request message to the GGSN.
  • the format of the registration request message IP packet sent by the UE includes the IJ address + ESP, where the IP address includes the source IP address allocated by the GGSN for the UE.
  • the GGSN After receiving the registration request message, the GGSN checks whether the source IP address in the message is the IP address allocated by the GGSN to the UE when applying for the emergency bearer resource. If not, the GGSN can determine that the request is an illegal request. ; Otherwise, perform the steps below.
  • Step 411 416 the GGSN sends the registration request message to the P-CSCF, and after receiving the ageing request message of the UE by using the newly allocated port, the P-CSCF performs ESP decoding on the requested IP packet.
  • the P-CSCF checks whether the registration request message includes an emergency service indication. If the request is an emergency service, the registration request of the P-CSCF ⁇ M completes the subsequent registration process, and after the registration is completed, The 200 response message is sent by the GGSN to the UE; if the request does not contain an emergency service indication > then the P-CSCF considers the request to be an illegal request.
  • the P-CSCF checks whether the request is subsequently performed when the UE initiates a SIP request such as vte, message, etc. related to the registration. For emergency services, if not, the P-CSCF will determine to read the relevant request, 3 ⁇ 4_-1 ⁇ ⁇ * ⁇ ⁇ 3 ⁇ 4 water.
  • the P-CSCF also notifies the GGSN to add a new media filtering rule to ensure that the negotiated media portion can specifically notify the new media filtering rule through the GGS L.
  • the P-CSCF also notifies the GGSN to add a new media filtering rule to ensure that the negotiated media portion can specifically notify the new media filtering rule through the GGS L.
  • the GGSN may also check whether the source I address in the request message sent by the UE using the emergency bearer is the IP address allocated by the GGSN to the i UE when the UE applies for the emergency bearer resource, and if not, Then the GGSN determines that the read request is an illegal request.
  • the above-mentioned singular travel case allocates a dedicated port for the emergency service on the application server, and sets a filtering rule for the bearer of the emergency service on the bearer layer gateway, allowing the data packet including the application layer server dedicated port to pass; If the application layer server receives the data packet from the allocated dedicated port, it considers that the data packet is an emergency bearer message, and determines whether the message obtained from the dedicated port is an emergency service, thereby ensuring that the emergency bearer resource can only be Was used in emergency services, avoiding the abuse of emergency bearer resources
  • the embodiment of the present invention is not limited to the above-mentioned setting of the port of the emergency service to identify whether the emergency bearer message is adopted.
  • the application server may also reserve a range such as SPI for the emergency service. When there is an SH in the range in the received message, it is determined whether the message is an emergency service.
  • FIG. 6 is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention.
  • the method includes the following steps:
  • Step 500 ⁇ Step 501 on the application server, such as the P-CSCF, not only "set the emergency service dedicated port, but also reserve an SPI range for emergency services, for example, 20,000 - 30000, and also set SPi on the P-CSCF.
  • Assignment rules, ie P-CSCF receives a note from the port dedicated to emergency services - ⁇ ! - Book request message, then assign the SPI in the range of the slave S to the user UE, for example
  • This filtering rule also allows media related to emergency services to pass.
  • Bearer control on the system access side ⁇ Gateway such as GGSN, sets the filtering rules for bearers for emergency services, such as IP packets in the SPI range that allow users to send to the P-CSCF (such as IPSEC packets with SPI value of 20000 30000) ) can pass, and other SPI-range IP packets sent to the P-CSCF cannot pass, allowing the user to send IP packets to the designated port of the P-CSCF.
  • IP packets in the SPI range that allow users to send to the P-CSCF such as IPSEC packets with SPI value of 20000 30000
  • Step 502 The UE sends a create group data protocol (create PDF) request to the GGSN to apply for an emergency service bearer*, where the request carries an emergency bearer indication, such as an emergency bearer or an emergency APN.
  • create PDF create group data protocol
  • Step 503 The G TSN determines, according to the emergency bearer indication, that the UE applies for an emergency bearer, allocates an emergency bearer resource to the UE, and returns a response to the UE that successfully requests the bearer resource, such as create PDF response.
  • the response includes the source address assigned by the GGSN to the UE, and may also include a remote IP address and port that can be accessed, wherein the port is an emergency service dedicated port preset by the P-CSCF.
  • Step 504 The UE initiates a register request message by using the applied emergency bearer resource, where the source of the request message is the source address of the GGSN, and the destination address is P-CSCF.
  • IP address, UDP port is P-CSCF dedicated port; its IP packet format is preferably 0P address + UDP port; if ⁇ is an emergency call, the message also includes emergency service indication, emergency service indication here It can be the user's registration information, etc.
  • the registration request message is transited by the GGSN.
  • the GGSN first checks the registration request message IP packet according to the preset filtering rule. For example, the destination port number in the IP packet is not dedicated to the P-CSCF. Port, then the GGSN will determine that the request is an illegal request; otherwise, execute step 505,
  • step 505 the GGS forwards the registration request message to the P-CSCF.
  • Step 506 .507 the P-CSCF sends the registered request message to other servers, and the other servers return a corresponding 401 response message.
  • Steps 508 - 509 the P-CSCF allocates the port for the next communication to the UE and the S.PL of the ESP protocol. If the request is received from the emergency service dedicated port, the P-CSCF considers that the request uses the emergency bearer resource. At this time, the SPi is selected from the SPi range reserved for emergency services. At the same time, the P-CSCF forwards the 401 response message to the UE by the GGSN, where the 401 response message further includes the newly assigned port number and SPL of the P-CSCF.
  • Step 510 The UE re-initiates a registration request message to the GGSN, where the registration request message 1.P packet sent by the UE includes an IP address, where the IP address includes the source IP address and P allocated by the GGSN to the UE.
  • - Purpose of the CSCF P address, the ESP includes the SP1U allocated by the P-CSCF for the UE.
  • the GGSN After receiving the read registration request message, the GGSN checks whether the SPi in the read message belongs to the range reserved for the emergency service. If not, the GGSN can determine that the request is an illegal request; otherwise, perform the following steps.
  • Step 51] 515 the GGSN sends the registration request message to the P-CSCF, and after receiving the registration request message of the UE through the newly allocated port, the P-CSCF performs ESP decoding on the requested I packet.
  • the P-CSCF checks whether the SPI in the decoded registration request message is within the emergency service specific range, and if yes, considers that the read message is the used emergency bearer resource message, and the P-CSCF further checks whether the message is an emergency service. If not, then the P-CSCF considers that the read request is an illegal request. Otherwise, the P-CSCF completes the subsequent registration process according to the registration request, and after the registration is completed, sends the 200 response message to the UE.
  • the P-CSCF checks whether the request is subsequently performed when the UE initiates a SiP request such as an invite or a message related to the registration of the UI. For emergency services, if not, the P-CSCF will determine that the relevant request is an illegal request.
  • the above implementation implements the filtering rule on the bearer layer gateway to ensure that the data packet containing the relevant resource information defined by the emergency bearer layer is allowed to pass; meanwhile, after receiving the message of the IP packet sent by the user, the application layer server roots
  • the SP1 in the message determines that the message is a message that includes the related resource information defined by the emergency bearer layer
  • the emergency service check is performed on the message to further determine whether the message is an emergency service, thereby ensuring that the emergency bearer resource is only Can be applied to emergency services, avoiding the abuse of emergency bearer resources.
  • the embodiment of the present invention further discloses a method for identifying abuse of emergency bearer resources in an IMS: setting, on the GGSN, a request to allow an address included in the preset specification to pass, wherein, The preset range is dedicated to emergency bearer resources.
  • the P-CSCF checks whether the request is an emergency service.
  • FIG. 7 is a schematic diagram of a bearer resource management process according to a fifth embodiment of the present invention, where the method includes the following steps:
  • Step 600 Leave a source address range for the emergency service on the GGSN, which is used to allocate 1 ⁇ of the bearer for applying for emergency services.
  • a filtering rule is also set on the GGSN to allow packets containing the : ⁇ address in the reserved range to pass, and IP packets containing other source P addresses cannot pass. This filtering rule also allows media related to emergency services to pass.
  • Step 60 The source address range reserved on the GGSN is learned by configuration or other means on the P-CSCF, so that when the P-CSCF receives the request in the reserved IP range, it checks whether the request is an emergency service.
  • Step 602 The UE sends a create group data protocol (create PDF) request to the GGSN to apply for an emergency service bearer resource, where the request carries an emergency bearer indication, such as an emergency bearer identifier or an emergency APN.
  • create PDF create group data protocol
  • Step 603 Identify, according to the emergency bearer indication, that the UE applies for an emergency bearer, and allocate an emergency bearer resource to the user, where the source IP address in the bearer resource is in the address range reserved by the emergency service. IP address
  • the 3GSN returns a response to the UE that successfully requests the bearer resource, such as create PDP response, where the response includes the IP address allocated by the GGSN for the UE.
  • Step 604 The UE initiates a registration request message by using the applied emergency bearer resource allocation. Since the request message IP packet is sent by using an emergency bearer resource, the GGSN checks whether the source IP address of the read message belongs to the reserved range. If not, the message is considered an illegal request; otherwise, the following steps are performed.
  • Step 605 The GGSN forwards the registration request message to the P-CSCF, and the P-CSOF receives the message, and determines, according to the IP in the message, the bearer used by the message as an emergency bearer.
  • Steps 606-607 the P-CSCF sends the registration request message to other servers, and the other servers return corresponding 401 response messages.
  • Steps 608 ⁇ 609> The P-CSCF allocates the port for the next communication to the UE and the SPL of the ESP protocol.
  • the P-CSCF forwards the 401 response message to the UE by the GGSN, where the 401 ring
  • the message should also include the newly assigned port number and SP] of the P-CSCF.
  • Step 610 The UE re-initiates a registration request message to the GGSN, where the registration request message ⁇ packet sent by the UE includes an ⁇ address, where the ⁇ ⁇ address includes an IP dedicated to the emergency service allocated by the GGSN for the UE.
  • the address and the destination ff address of the P-CSCF, the ESP includes the SPI allocated by the P-CSCF for the UE.
  • the GGSN After receiving the registration request message, the GGSN checks whether the source IP address in the message belongs to the P address range reserved for emergency services. If not, the GGSN may determine that the request is an illegal request; otherwise, perform the following Step
  • Steps 611 to 616 the GGSN sends the registration request message to the P-CSCF, and after receiving the registration request message of the UE by using the newly allocated port, the P-CSCF decodes the requested IP packet into 4 ESPs.
  • the P-CSCF checks whether the IP belongs to the source reserved for the emergency service according to the IP address in the registration request message. If the address is the case, the P-CSCF considers the message to be the emergency bearer resource, P-CSCF. Will check whether the request is an emergency service, if the request is not an emergency service, then the CSCF considers the request to be an illegal request; if the request is for an emergency service, the APP-CSCF completes the subsequent registration process according to the registration request, And after the registration is completed, the 200 response message is sent by the GGSN to the UE.
  • the P-CSCF checks whether the request is subsequently performed when the UE initiates a SiP request such as imdte, message, etc. related to the registration. For the emergency service, if not, it is determined that the related request is an illegal request.
  • the carrier layer gateway allocates a source IP address for the emergency service to the user applying for the emergency bearer, and ensures that only the source IP address is allowed.
  • the application server checks the message containing the source IP address after receiving the message. When it is considered that the message is an emergency bearer, it further determines whether the message is an emergency service, thereby ensuring that the message is an emergency service.
  • Emergency bearer resources can only be applied to emergency services, avoiding the misuse of emergency bearer resources.
  • the present invention is not limited to the emergency attribute information in the foregoing embodiments, that is, the source IP address, the port provided by the application server, and the SPI allocated by the application server respectively determine whether the request message is used urgently. Carrying, thereby further determining whether the emergency bearer resource is applied to the emergency service; or using other bearer control protocol resources or taking at least one of the above-mentioned emergency Attribute information to judge
  • an embodiment of the present invention further provides an emergency call control method in an IMS.
  • an intermediate entity that transmits information receives a message or application signaling from the same session, and the message is based on the message. Or signaling to identify whether the call is abusing the emergency bearer, and if so, disabling or redirecting the call.
  • the process of identifying whether the call is abusing the emergency bearer resource according to the message is consistent with the description in the previous embodiment, and details are not described herein again.
  • the embodiment of the invention further discloses a device for identifying abuse of emergency bearer resources in M:S, as shown in FIG. 8 , which is a schematic diagram of the reading device:
  • the reading device includes: a message receiving unit 81, an emergency bearer identifying unit 82, and an emergency service identifying unit 8 determining unit 84.
  • the message receiving unit 81 is configured to receive a message or application signaling from the same session in the call setup process;
  • the emergency bearer identifying unit 82 is configured to check whether the bearer layer uses the emergency bearer according to the message or the application signaling;
  • the identifying unit 83 is configured to check whether the application layer is an emergency service by using a root message or an application signaling;
  • the determining unit 84 uses the result of the checking by the emergency bearer identifying unit 82 and the emergency service identifying unit 83, and the result is used as a bearer.
  • Emergency bearer but the application layer is non-emergency service, and the call abuse emergency bearer resource is determined.
  • the emergency bearer identifying unit 82 checks whether the bearer layer uses the emergency bearer, the emergency service identifying unit 83 performs a check on the application layer, and the emergency service identifying unit 83 notifies the determining unit 84 of the final result.
  • the bearer layer and the application layer may be inspected by the emergency bearer identifying unit 82 and the emergency service identifying unit 83, respectively, and the checking result is notified to the determining unit 84, respectively.
  • the emergency bearer identification unit 82 may check whether the emergency bearer is used by the bearer in the message from the bearer layer received by the message receiving unit 81, if the emergency bearer is included in the message, if the message includes the emergency bearer indication information. Then, it is determined that the bearer layer uses an emergency bearer.
  • the emergency bearer indication information may be: an emergency identification field, or a globally dedicated emergency access point name, or an index that can be associated with an existing emergency bearer, etc.
  • the emergency service identification unit 83 may pass the message receiving unit.
  • the message received from the application layer includes the emergency service indication information for checking to determine whether the application house is an emergency service. If the message includes emergency service indication information, it is determined that the application layer is an emergency service.
  • the emergency service indication information may be a calling number, a registration information of the user, or the like.
  • the il device can be integrated on the access side bearer control IP gateway such as G (3SN, or PDSN.
  • the above function can be realized by detecting the message of the user terminal applying for the resource and the resource authentication response message returned by the PDF; On the PDF, the above functions are implemented by detecting the resource authentication message initiated by the GGSN and the RADIUS authorization message of the P-CSCF.
  • the implementation process of the IKE can refer to the foregoing description of the processes in FIG. 3 and FIG.
  • the device can not only identify whether the emergency call initiated by the user terminal abuses the emergency bearer resource, but also identify whether the public safety answering point sends a call back to the emergency call to abuse the emergency bearer.
  • the emergency bearer identification unit 82 further Whether the bearer layer uses the emergency bearer is determined by checking whether the application signaling received by the message receiving unit 81 uses the bearer resource reserved for the emergency service, and if the bearer resource reserved for the emergency service is used, the bearer is determined.
  • the layer uses the emergency bearer, and the bearer resource reserved for the emergency service may be an address port dedicated to the emergency bearer, the SPI, etc., and the application signaling received by the emergency service identifying unit 83 through the message receiving unit 81 is The emergency service indication information is checked to determine whether the application is an emergency service. If the emergency service indication information is included in the signaling, the application layer is determined to be an emergency service.
  • the emergency service indication information may be a called number, a registration information of a user, etc.
  • the device may be integrated on an application layer server, such as a P-CSCF, by detecting a registration request message of the user terminal or a SIP request message such as imnte or message related to the registration, so as to implement the above-mentioned function. Facing the description of the flow in Figure 5, Figure 6 and Figure 7,
  • the embodiment of the invention also discloses a system for identifying abuse of emergency bearer resources in the IMS, as shown in FIG. 9, which is a schematic diagram of the system:
  • the system includes: an access side bearer control gateway 91 and an application layer server 92, wherein the access side bearer control IP gateway 91 includes a resource allocation device 9.1 for allocating resources for the user terminal during the call setup process, including The user who applies for the emergency service bearer resource is allocated as the related resource defined by the bearer layer reserved for the emergency service; the application layer server 92 includes the identifying means 921, for identifying the use of the emergency according to the application signaling received by the application layer server 92. Whether the call of the related resource defined by the bearer layer reserved by the service abuses the emergency bearer resource.
  • the structure of the identification device 921 is similar to that of the embodiment of the present invention shown in FIG. 8, and details are not described herein again.
  • the access side bearer control 0 gateway 91 may be a GGSN, or a PDSN, an application layer.
  • Server 91 can be a P-CSCF.
  • the access side bearer control IP gateway 91 may further include a filtering device 9i2 for setting an over-rule for the bearer of the emergency service, and checking the access reverse-bearing control IP gateway 9j according to the filtering rule.
  • the application signaling number includes the relevant information defined by the bearer layer, and if the related resources defined by the bearer layer belong to the related resources defined by the bearer layer reserved for the emergency service, the access side bearer control IP is allowed.
  • the gateway 91 forwards the application signaling. Otherwise, the access to the reverse bearer control IP gateway is prohibited.
  • the forwarding of the symptom signaling through the filtering device 92 can ensure that the information related to the emergency service can only reach the emergency of the carrying house. Attribute description entity
  • control device in the system to control the establishment of the call by the inspection result of the identification device 92.
  • the identification device 921 checks the result for the abuse of the call. If the resource is carried, the call is prohibited or redirected.
  • the control device and the identification device 92 may be located on different functional entities or may be located on the same functional entity.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for identifying the abuse of the emergency bearer resources, a device, a system and an application thereof, in which the intermediate entity for transmitting information determines whether the information from the bearer layer comprises an emergency bearer indicator. While if the information from the application layer doesn't comprise an emergency service indicator, then it's determined that the emergency resources are abused. For the call that abuses the emergency bearer resources, it's prevented from establishing.

Description

is中识别滥用紧急承载资源的方法、 装置及系统  Method, device and system for identifying abuse of emergency bearer resources in is

本申请要求于 2006 年 7 月 14 日提交中国专利局、 申请号为 200610099415.4 , 发明名称为" iMS中识別滥用紧急承载资源的方法"的中国专 利申请的优先权, 其全部内容通过引用結合在本申请中  This application claims priority to Chinese Patent Application No. 200610099415.4, entitled "Method for Identifying Abuse of Emergency Bearer Resources in iMS", filed on July 14, 2006, the entire contents of which are incorporated by reference. In this application

技术领域 Technical field

本发明涉及通信技术领域,特別是指一种 IP多媒体子系统(IMS, Internet M ltiedia Subsystem ) 中识别滥用紧急承载资源的方法、 装置及系统。  The present invention relates to the field of communication technologies, and in particular, to a method, device and system for identifying abuse of emergency bearer resources in an IP Multimedia Subsystem (IMS, Internet M ltiedia Subsystem).

實.景拔术: Real. Scenery:

在紧急的状态下, 用户会使用用户设备 ( UE , User Equipment )呼叫公共 安全应答点 (PSAP, Public Safety Answering Point )获取帮助, PSAP也有 可能在用户挂机后对用户发起回叫, 以便了解更多的信息。本文提到的紧急业 务是指用户发起紧急呼叫, 还可以包括 PSAP闳叫用户的情况, 当然, 也可以 不包括 PSAP回叫的情况。  In an emergency state, the user will use the user equipment (UE, User Equipment) to call the Public Safety Answering Point (PSAP) for assistance. The PSAP may also initiate a callback to the user after the user hangs up, in order to learn more. Information. The emergency service mentioned in this article refers to the situation where the user initiates an emergency call, and may also include the case where the PSAP calls the user. Of course, the PSAP callback may not be included.

图 1 所示为现有 IMS域紧急呼叫的整体流程框架图。 图中实线表示 UE 发起的紧急呼叫, 虛线.表示 PSAP发起的 呼。 UE 10发起的紧急呼叫通过 GPRS网关支持节点 (GGSN, Gateway GPRS Support Node ) 20, 代理呼叫会 话控制功能 ( P-CSCF, Proxy Call Session Control Function ) 实体 40、 紧急呼 叫会话控制功能 ( E-CSCF )实体 50到达 PSAP 80, PSAP 80发起的回呼通过 服务呼叫会话控制功能 ( S-CSCF )实体 60、 P-CSCF 40、 GGSN 20到达 UE 10。 如果 PSAP位于公共交换电话网 ( PSTN, Public Switched Telephone Networ ) 或电路域(CS, Circuit Switched ) 网络, 则 E-CSCF发,往 PSAP和 PS AJP发往 S- CSCF的信令需要经过.媒体网关控制功能(MGCF , Media Gatewa Control Function )实体进行转换, 如杲 PSAP在 IP域, 则不需经过] GC 图 1中策 略决定功能 (PDF, Policy Decision Functio )实体用于承载资源的管理  Figure 1 shows the overall process framework of an existing IMS domain emergency call. The solid line in the figure indicates the emergency call initiated by the UE, and the dotted line indicates the call initiated by the PSAP. The emergency call initiated by the UE 10 passes through a GPRS Gateway Support Node (GGSN) 20, a Proxy Call Session Control Function (P-CSCF) entity 40, and an Emergency Call Session Control Function (E-CSCF) The entity 50 arrives at the PSAP 80, and the callback initiated by the PSAP 80 arrives at the UE 10 through the Serving Call Session Control Function (S-CSCF) entity 60, the P-CSCF 40, and the GGSN 20. If the PSAP is located in the Public Switched Telephone Network (PSTN) or Circuit (Switched) network, the E-CSCF sends the signaling to the S-CSCF to the PSAP and PS AJP. The control function (MGCF, Media Gatewa Control Function) entity performs conversion. If the PSAP is in the IP domain, it does not need to go through.] GC The policy decision function (PDF, Policy Decision Functio) entity is used to manage the resource.

由于紧急呼叫是一个本地的服务, 所以用户在漫游时, GGSN、 PDF, Since the emergency call is a local service, when the user is roaming, GGSN, PDF,

P-CSCF, E-CSCF. MGCF1和 PSAP都是漫游地的, 但是当 PSAP回叫时则会 有两种可能, 一种是使用漫游地的 MGCF1即 MGCF70a接入〗 MS域, 一种是 通过用户归属域的 MGCF2即 MGCF70b接入〖MS域。 P-CSCF, E-CSCF. Both MGCF1 and PSAP are roaming, but when PSAP calls back, there are two possibilities. One is to use MGCF1, which is the roaming ground, to access the MS domain, one is through The MGCF2 of the user home domain, that is, the MGCF 70b, accesses the MS domain.

下面結合 iMS承载资源的管理 ¾1程对现有的紧急呼叫流程进行说明 图 2所示为现有的 IMS承载资源的管理流程示意图。 The following describes the existing emergency call process in conjunction with the management of the iMS bearer resources. FIG. 2 is a schematic diagram of a management process of an existing IMS bearer resource.

步骤 101 - 102 ,用户决定发起一个呼叫后,首先通过 发起一个接 側 的承载资源申请, 一般是向 GGSN发送一个创建组数据协议 ( create PDF )请 求, 如果是为紧急业务申请的資漉, 则该请求中将携带一个紧急承载指示, 如 紧急承载标识或者紧急的接入点名称(APIs!, Access Pomi Name )等。 GGSN 和接入网给 UE分配承载资源后, GGSN返回一个申请承载资源成功的响应, 如 create POP response »  Steps 101 - 102, after the user decides to initiate a call, firstly, by initiating an application for the bearer resource of the other side, generally, a request for creating a group data protocol (create PDF) is sent to the GGSN, and if it is the resource for the emergency service application, The request will carry an emergency bearer indication, such as an emergency bearer ID or an emergency access point name (APIs!, Access Pomi Name). After the GGSN and the access network allocate the bearer resources to the UE, the GGSN returns a response to apply for the bearer resource successfully, such as create POP response »

步骤 103 ~ 104, UE使用申请到的承载资源发送 SIP的请求( i TVlTE )消 息, 其 IP包的目的地址是 P-CSCF 该消息通过 GGSN进行中转, 如杲进行 的是紧急呼叫, 那么读 INVITE消息中含有紧急业务指示。  Steps 103 to 104, the UE sends a SIP request (i TVlTE) message using the applied bearer resource, and the destination address of the IP packet is the P-CSCF. The message is transited through the GGSN. If the emergency call is performed, the INVITE is read. The message contains an emergency service indication.

步骤 105 ~ 306, P-CSCF将 i 请求转发给其它的设备, 如 E-CSCF等, 进 行紧急呼叫的建立, 之后, 接收 INVITE的 200消息„  Steps 105 ~ 306, the P-CSCF forwards the i request to other devices, such as the E-CSCF, to establish an emergency call, and then receives the INVITE 200 message.

步骤 107 ~ :108, P-CSCF将 INVITE和 200中得到的用户连接信息 (如 ΪΡ 地址端口等)和服务质量 ( QoS, Quality of Service )信息(如带宽等)发送給 PDF, 通常使用的是 Diamter协议的 AAR ( AA- Request )消息, 之后, 接收来 自 PDF的响应消息, 通常使用的是 Diiffl ter的 AAA ( AA-Answer ) 消息 如 杲是本会话的第一个响应消息, 那么该消息中必须携带一个 Token, 该 标识了该 PDF和本次会话  Steps 107 to :108, the P-CSCF sends the user connection information (such as the address port and the like) and the quality of service (QoS) information (such as bandwidth) obtained in the INVITE and the 200 to the PDF, usually using The AAR (AA-Request) message of the Diamter protocol, after which the response message from the PDF is received, and the AAA (AA-Answer) message of Diiffl ter is usually used. If the message is the first response message of the session, then the message is in the message. Must carry a Token, which identifies the PDF and this session

步骤 109 ~】10, P-CSCF将步骤 106中收到的 200消息通过 GGSN前传给 UE, 如果以前没有携带过 Token, 那么需要将 Tbken添加到 200消息中  Steps 109 ~ 10, the P-CSCF forwards the 200 message received in step 106 to the UE through the GGSN. If the Token has not been carried before, the Tbken needs to be added to the 200 message.

步骤〗〗1., U.E收到 P-CSCF发来的消息后, 根据得到的连接信息和 QoS 信息为媒体信息发起资源申请过.程, 这是一个创建或更新 PDP的过程, UE发 送的 create PDP消息中携带有 Token, 如果是紧急承载请求, 读消息中将含有 某个指示, 根椐该指示 GGSN可以知道这是一个紧急业务的承载请求 上述 某个指示可以是与已申请的紧急承载资源的关联关系,也可以是紧急承载标识 寸:; - 步尊 112, GGSN在收到这个申请消息后, 根据其中的 Token, 向 PDF发 起承载资源的认证请求,通常是通用开放策略服务协议( COPS, Common Open Policy Service Protocol )的 REQ消息 ( COPS REQtiest message )。 步骤 113, PDF将相关的用户连接信息, QoS信息和其它一些信息发送给Step 1. After receiving the message sent by the P-CSCF, the UE initiates a resource application process for the media information according to the obtained connection information and QoS information. This is a process of creating or updating a PDP, and the UE sends the create. The PDP message carries a Token. If it is an emergency bearer request, the read message will contain an indication. The GGSN can know that this is an emergency service bearer request. The above indication may be the applied emergency bearer resource. The association relationship may also be an emergency bearer identifier: - Step Bu Xing 112, after receiving the application message, the GGSN initiates an authentication request for the bearer resource to the PDF according to the Token therein, usually a general open policy service protocol (COPS) , Common Open Policy Service Protocol) REQ message (COPS REQtiest message). Step 113, the PDF sends related user connection information, QoS information and other information to

GGSN, 通常使用 COPS的 DEC消息 ( COPS DECision message ), GGSN, usually using COPS DEC message (COPS DECision message),

步 114, GGSN根据收到的 DEC消息核对承载屋申请的资源, 例如, 核对 IP地址端口和带宽信息是否符合应用层的要求, 如果符合, 将在接入网 给 UE分配承载资源, 同时给 UE发送承载资源请求的响应消息。  Step 114: The GGSN checks the resource of the bearer application according to the received DEC message, for example, checks whether the IP address port and the bandwidth information meet the requirements of the application layer, and if yes, allocates bearer resources to the UE in the access network, and simultaneously gives the UE Send a response message that carries a resource request.

步骤 1〗5, 如杲承载申请成功, IJE将发送数据进行通话, 读数据的 ίΡ包 会传送到 GGSN, 其目的地址是相关的媒体设备。  Step 1 〖5, if the bearer application is successful, IJE will send data to make a call, and the data packet will be transmitted to the GGSN, whose destination address is the relevant media device.

步骤 1】6, GGSN将数据包转发到 ΪΡ包的目的地媒体设备,所述媒体设备 包括 PSAP所控制的媒.体设备和 MGCF所控制的媒.体设备  Step 1] 6. The GGSN forwards the data packet to the destination media device of the packet, where the media device includes the media device controlled by the PSAP and the media device controlled by the MGCF.

在步骤〗01和步驟!1】 中, 表示 UE申请的资源为紧急承载的指示为: 一 个紧急标识字段, 或者一个全局专用的紧急 ΑΡΝ, 或者一个能够关联到已有 的紧急承载的索引„  In step 〖01 and step! In the 1], the indication that the resource requested by the UE is an emergency bearer is: an emergency identification field, or a global dedicated emergency, or an index that can be associated with an existing emergency bearer.

基于上述管理流程, 现有紧急业务采用的方法是: 首先在 GGSN上针对 紧急 ΑΡΝ配置过滤 , 仅让携带了指定的用于紧急呼叫的 P-CSCF的地址 的 IP包通过 GGSN, 保证 UE发出的 IP包只能到达用于紧急呼叫的 P-CSCF, 同时也只能接收这些地址过来的 IP包。 如果是为紧急业务申请承载资源, 那 么在申请时, 也就 图 2中的步骤〗01和步骤 m将携带紧急承载指示 那么 Based on the foregoing management process, the existing emergency service adopts the following methods: First, configure filtering for the emergency ΑΡΝ on the GGSN, and only allow the IP packet carrying the specified address of the P-CSCF for emergency call to pass through the GGSN, and ensure that the UE issues the IP packets can only reach the P-CSCF for emergency calls, and can only receive IP packets from these addresses. If it is for the emergency service to apply for the bearer resources, then at the time of application, the steps 01 and m in Figure 2 will carry the emergency bearer indication.

GGSN收到泉自或发往这些地址所申请的承载资源时,将会使用过滤规则来过 滤所有的 ΪΡ包, 铱处理发生在步骤 104, 步骤 110和步骤 1】6„ When the GGSN receives the bearer resources applied for from these addresses, it will use the filtering rules to filter all the packets. The processing takes place in step 104, step 110 and step 1]6

而紧急承载资源通常享有比普通承载资源更高的优先级和 QoS,甚至在普 通呼叫因为漫游限制不允许使用承载资源的情况,紧急承载资源也是可以使用 的, 同时使用紧急承载资源的紧急呼叫还有可能在承载层是免费的 但 GGSN 的功能只是.转发 UE发出的 IP包, 并不解析其应用层内容, 上迷过滤规则能 限制 UE发出的 IP包只能到达一些特定的用于紧急业务的 P-CSCF,但并不限 制 P-CSCF对接收到的内容解析后是.否仍进行紧急业务处理,这样用户就有可 能在接入 GGSN 时申请紧急的承载资源, 而在上屋应用使用普通的呼叫, 这 样就可以在接入側逃避计费及漫游限制等, 从而导致滥用紧急承载资源。  The emergency bearer resources generally enjoy higher priority and QoS than the normal bearer resources. Even in the case of ordinary calls, because the roaming restrictions do not allow the use of bearer resources, the emergency bearer resources can be used, and the emergency call using the emergency bearer resources is also used. It is possible that the bearer layer is free, but the function of the GGSN is only to forward the IP packets sent by the UE, and does not parse the application layer content. The filtering rules can restrict the IP packets sent by the UE to only reach certain specific emergency services. The P-CSCF does not restrict the P-CSCF from parsing the received content. Otherwise, it still performs emergency service processing, so that the user may apply for emergency bearer resources when accessing the GGSN, and use it in the upper house application. Ordinary calls, so that you can evade billing and roaming restrictions on the access side, resulting in the abuse of emergency bearer resources.

发明内容 Summary of the invention

有鉴于此, 本发明提供一种 IMS 中识别滥用紧急承载资源的方法、 装置 及系统, 以防止紧急承载资源被滥用。 In view of this, the present invention provides a method and apparatus for identifying abuse of emergency bearer resources in an IMS. And systems to prevent abuse of emergency bearer resources.

本发明的技术方案包括:  The technical solution of the present invention includes:

—种 iMS中识别溢用紧急承载资源的方法, 该方法包括:  A method for identifying an overflow emergency resource in an iMS, the method comprising:

在呼叫建立过程中 >如果用于传递信息的中间实体确定承载层使用了紧急 承载, 则检查应用层是否为紧急业务;  During the call setup process > If the intermediate entity for transmitting information determines that the bearer layer uses the emergency bearer, it checks whether the application layer is an emergency service;

若为非紧急业务, 则确定该呼叫滥用紧急承载资源  If it is a non-emergency service, determine that the call abuses emergency bearer resources.

—种 IMS中识别滥用紧急承栽资源的装置, 包括:  - A device for identifying abuse of emergency load resources in an IMS, including:

消息接收单元,用于接收在呼叫建立过程中出自同一会话的消息或应用信 令;  a message receiving unit, configured to receive a message or an application message from the same session during the call setup process;

紧急承载识別单元,用于根据所述消息或应用信令, ^^查承载层是否使用 了紧急承载;  An emergency bearer identifying unit, configured to check whether the bearer layer uses an emergency bearer according to the message or the application signaling;

紧急业务识別单元,用于根椐所述消息或应用信令检查应用层是否为紧急 业务;  An emergency service identification unit, configured to check whether the application layer is an emergency service by using the message or the application signaling;

判断单元,根据所述紧急承载识別单元和所述紧急业务识别单元的检查结 果, 在所述结果为承载层使用了紧急承载, 但应用展为非紧急业务时, 确定所 述呼叫滥用紧急承载资源。  The determining unit determines, according to the check result of the emergency bearer identifying unit and the emergency service identifying unit, that the emergency bearer is used in the bearer layer, but the application is non-emergency service, determining the call abuse emergency bearer Resources.

一种 IMS中识別滥用紧急承载资源的系统, 包括接入側承载控制 IP网关 和应用层服务器,  A system for identifying abuse of emergency bearer resources in an IMS, including an access side bearer control IP gateway and an application layer server,

所述接入侧承载控制 ίΡ网关包括资源分配装置,用于在呼叫建立过程中, 为用户终端分配资源 包括为申请紧急业务承载的用户分配预留的承载层限定 的相关资源;  The access-side bearer control device includes a resource allocation device, configured to allocate resources for the user terminal during the call setup process, including allocating related resources defined by the reserved bearer layer for the user applying for the emergency service bearer;

所迷应用层服务器包括识别装置,用于根据所述应用层服务器接收的应用 信令, 识別使用所迷承载展限定的相关资源的应用是否滥用紧急承载资源。  The application layer server includes an identifying device, configured to identify, according to the application signaling received by the application layer server, whether an application that uses the related resource defined by the bearer is abusing the emergency bearer resource.

本发明在呼叫建立过程中,用于传递信息的中间实体判断出在同一服务相 关请求中,如杲承载层使用的是紧急承载,再判断应用层是否是紧急业务请求, 若为非紧急业务请求, 则判定该呼叫滥用紧急承载资源。 本发明能够迅速有效 地识别出滥用紧急承载资源的呼叫,从而保证了紧急承载资源只能被应用于紧 急业务, 避免了紧急承载资源被滥用 ¾ In the call setup process, the intermediate entity for transmitting information determines that the same service related request is used, for example, the bearer layer uses the emergency bearer, and then determines whether the application layer is an emergency service request, and if it is a non-emergency service request. Then, the call is judged to abuse the emergency bearer resources. The present invention can be quickly and effectively identify misuse of the emergency call bearer resources, thus ensuring emergency bearer resources can be applied to emergency service, to avoid the abuse of emergency bearer resources ¾

附图说明 图 1.是现有的 IMS域的紧急呼叫的流程框架图; DRAWINGS Figure 1. Flowchart diagram of an emergency call for an existing IMS domain;

图 2是现有的 MS承载资源的管理流程示意图;  2 is a schematic diagram of a management process of an existing MS bearer resource;

图 3是根据本发明第一实施例的承载资源管理流程示意图;  3 is a schematic diagram of a bearer resource management process according to a first embodiment of the present invention;

图 4是根据本发明笫二实施例的承载资源管理流程示意图;  4 is a schematic diagram of a bearer resource management process according to a second embodiment of the present invention;

图 5是根据本发明第三实施例的承载资源管理流程示意图;  FIG. 5 is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention; FIG.

图 6是根据本发明笫四实施例的承载资¾管理流程示意图;  6 is a schematic diagram of a management process of a bearer resource according to a fourth embodiment of the present invention;

图 7是根据本发明第五实施例的承载资源管理流程示意图;  7 is a schematic diagram of a bearer resource management process according to a fifth embodiment of the present invention;

图 8是根据本发明实施^中 IMS中识别滥用紧急承载资¾的装置原理图; 图 9是根椐本发明实施例中 IMS中识别滥用紧急承载资源的系统原理图。 具体实施方式  FIG. 8 is a schematic diagram of an apparatus for identifying abuse of emergency bearer resources in an IMS according to an embodiment of the present invention; FIG. 9 is a schematic diagram of a system for identifying abuse of emergency bearer resources in an IMS according to an embodiment of the present invention. detailed description

下面结合附图对本发明实施例做进一步的详细说明,  The embodiments of the present invention are further described in detail below with reference to the accompanying drawings.

本发明实施例在同一服务相关请求中,用于传递信息的中间实体获知承载 层和应用层的紧急属性信息,如果承载层使用的是紧急承载, 那么将检查应用 层是否是紧急业务, 若为非紧急业务, 则判定 ¾请求滥用紧急承载资源。 所述 紧急属性信息包括: 承载紧急指示和业务紧急指示  In the same service related request, the intermediate entity for transmitting information learns the emergency attribute information of the bearer layer and the application layer. If the bearer layer uses the emergency bearer, it checks whether the application layer is an emergency service. For non-emergency services, it is determined that the abuse of emergency bearer resources is requested. The emergency attribute information includes: carrying an emergency indication and a service emergency indication

上述用于传递信息的中间实体可以是接入倒的承载控制 ίΡ 网关, 如 GGSN, 分组数据服务节点 (PDSN ) 等, 还可以是 FDF或应用服务器等 当 然并不限于此 而且来自应用层的消息中的紧急业务指示可根据会话创建消息 中插入的紧急业务指示生成,  The foregoing intermediate entity for transmitting information may be an access bearer control gateway, such as a GGSN, a packet data serving node (PDSN), etc., and may also be an FDF or an application server, etc., of course, not limited to this and a message from the application layer. The emergency service indication in the middle can be generated according to the emergency service indication inserted in the session creation message.

图 3和图 4是.基于本发明方法的两个具体实施例  3 and 4 are two specific embodiments based on the method of the present invention.

参见图 3, 本实施例由 UE发起紧急呼叫, 且由 GGSN判断承载展和应用 的消息中是否都含有紧急指示。  Referring to FIG. 3, in this embodiment, an emergency call is initiated by the UE, and the GGSN determines whether the message carrying the application and the application all contain an emergency indication.

步骤 201, UE发起会话 INVITE请求, 如杲是紧急业务, 则 : NVITE请求 中将携带紧急业务指示标明该请求为一个紧急业务„ 紧急业务指示可以是 INVITE 消息中的某个头域或者是头域中 的某个参数, 倒如: "priority: em ergeocy'%.  Step 201: The UE initiates a session INVITE request. If the emergency service is performed, the NVITE request carries an emergency service indication to indicate that the request is an emergency service. The emergency service indication may be a header field or a header field in the INVITE message. One of the parameters, such as: "priority: em ergeocy'%.

步骤 202 ~ 203, P-CSCF收到该请求后, 检査消息中是否含有紧急业务指 示, 如果有, 则 P-CSCF在本地标记该会话为紧急业务, 并将该请求路由到指 定的媒体设备例如 E- CSCF进行处理, 如果没有, 则不用标记, P- CSCF按常 规消息前传 il'清求 之后, P-CSCF接收反馈的 200响应消息。 Steps 202 to 203, after receiving the request, the P-CSCF checks whether the message contains an emergency service indication. If yes, the P-CSCF locally marks the session as an emergency service, and routes the request to the specified media device. For example, E-CSCF performs processing. If not, it does not need to be marked. P-CSCF is normal. After the message is forwarded to the il' request, the P-CSCF receives the feedback 200 response message.

步骤 204, P-CSCF给 PDF发送 AAR消息, 如果 P- CSCF标记过本次会 话是一个紧急业务, 则 AAR消息中将携带紧急业务指示, 读指示可以是 AAR 消息中的一个字段, 否则 AAR消息中不用携带读紧急业务指示  Step 204: The P-CSCF sends an AAR message to the PDF. If the P-CSCF marks that the session is an emergency service, the AAR message carries an emergency service indication, and the read indication may be a field in the AAR message, otherwise the AAR message No need to carry emergency business instructions

步骤 205 , PDF给 P-CSCF回响应消息 AAA,如果是本会话的第一个响应 消息,那么该消息中必须携带一个 T ke 该 Token标识了该 PDF和本次会话。  Step 205: The PDF sends a response message AAA to the P-CSCF. If it is the first response message of the session, the message must carry a Tke. The Token identifies the PDF and the current session.

步骤 206, P-CSCF接收到 PDF返回的 AAA消息后 , 将 200响应前传給 Step 206: After receiving the AAA message returned by the PDF, the P-CSCF transmits the response to the 200

UE。 UE.

步骤: 207 , UE收到 P-CSCF发来的消息后, 根据得到的用户连接信息和 QoS信息向 GGSN发起?^载资源申请的消息, 这是一个创建或更新 PDP的过 程, 消息中携带有 Tote 如杲是为紧急业务申请承载资滹, 那么申请消息中 需要携带紧急承载指示以表示申请的是紧急的承载资源,该紧急承载指示可以 为一个紧急标识字段, 一个全局专用的紧急 APN, 或者一个能够关联到已有 的紧急承载的索引„  Step 207: After receiving the message sent by the P-CSCF, the UE sends a message to the GGSN according to the obtained user connection information and QoS information, which is a process of creating or updating a PDP, where the message carries If the Tote is for the emergency service application bearer, the application message needs to carry an emergency bearer indication to indicate that the application is an urgent bearer resource, and the emergency bearer indication may be an emergency identifier field, a global dedicated emergency APN, or An index that can be linked to an existing emergency bearer

步骤 208, GGSN在收.到这个申请消息后, 根据 'Ibl en, 将会向 PDF发起 承载资源的认证请求, 通常是 COPS的 REQ消息。  Step 208: After receiving the application message, the GGSN initiates an authentication request for the bearer resource, usually a COPS REQ message, according to 'Ibl en.

步骤 209, FDF给 GGSN发送 DEC消息, 如杲针对本次会话, PDF从 P-CSCF收到过来自应用层的紧急业务指示, 即接收到的 AAR消息中包含了 紧急业务指示, 那么其发送的 DEC消息也携带紧急业务指示, 否则, 所发送 的 PDF消息中不添加紧急业务指示,,  Step 209: The FDF sends a DEC message to the GGSN. For example, for the current session, the PDF receives an emergency service indication from the application layer from the P-CSCF, that is, the received AAR message includes an emergency service indication, and then the sent The DEC message also carries an emergency service indication. Otherwise, no urgent service indication is added to the transmitted PDF message.

步骤 210, GGSN收到 DEC消息后, 首先检查用户在资源申请过.程中是 否携带了紧急承载指示, 如果是, 则检查收到的 DEC消息中是否也含有紧急 业务指示, 如杲 DEC消息中没有包含紧急业务指示, 则 GGSN判定为滥用紧 急承载资源, 之后, 可以进行相关处理, 如阻断当前呼叫流程, 并进行相应记 录等; 如杲收到的 I3.EC消息中含有紧急业务指示, 则继续正常的流程, 此时 表示该呼叫确实为紧急呼叫流程。  Step 210: After receiving the DEC message, the GGSN first checks whether the user carries the emergency bearer indication in the resource application process. If yes, it checks whether the received DEC message also contains an emergency service indication, such as a DEC message. If the emergency service indication is not included, the GGSN determines that the emergency bearer resource is abused. After that, the GGSN may perform related processing, such as blocking the current call flow, and performing corresponding records, etc.; if the received I3.EC message contains an emergency service indication, Then continue the normal process, which means that the call is indeed an emergency call process.

参见图 4, 本实施 由如 PSAP等媒体设备发起对 UE的回呼, 且由 PDF 判断承载层和应用层的消息中是否都含有紧急指示,且当前认为 PSAP回叫也 属于紧急业务 步骤 301, P-CSCF收到 T用于呼叫 UE的 INVITE消 I Referring to FIG. 4, the present embodiment initiates a call back to the UE by a media device such as a PSAP, and the PDF determines whether the message of the bearer layer and the application layer all contain an emergency indication, and currently considers that the PSAP callback is also an emergency service. Step 301, the P-CSCF receives the INVITE used to call the UE.

步骤 302,如杲 P- CSCF识别出该请求是一个 PSAP的 ι¾叫, P-CSCF将在 发给 PDF的 AAR消息中携带紧急业务指示 如果不是, 则不携带紧急业务指 示, 具体的识别方法可以通过 INVITE 中是否包含紧急指示头域, 或者根据 INVITE中的主叫用户身份等方法进行识别  Step 302: If the P-CSCF recognizes that the request is a PSAP call, the P-CSCF will carry an emergency service indication in the AAR message sent to the PDF. If not, the emergency service indication is not carried, and the specific identification method may be Identify whether the emergency indication header field is included in the INVITE, or according to the identity of the calling user in the INVITE.

步骤 303, PDF给 P-CSCF回响应消息 .AAA,如果是本会话的第一个响应 消息,那么该消息中必须携带一个 Tbken,该丁 oken标识了 ΐΐ PDF和本次会话 步骤 304, P-CSCF将 INVITE请求前传给 UE,  Step 303, the PDF sends a response message to the P-CSCF. AAA. If it is the first response message of the session, the message must carry a Tbken, which identifies the PDF and the current session step 304, P- The CSCF forwards the INVITE request to the UE.

步骤 305 , UE接收到 P-CSCF发来的消息后, 根据得到的用户连接信息 和 QoS信息向 GGSN发起承载资源申请的消息,这是一个创建或更新 PDP的 过程, 消息中携带有 T¾ken, 如果是为紧急业务申请承载资源, 那么该消息中 还需要携带紧急承载指示以表示申请的是紧急承载资源,,  Step 305: After receiving the message sent by the P-CSCF, the UE sends a message carrying the resource request to the GGSN according to the obtained user connection information and QoS information. This is a process of creating or updating a PDP, where the message carries a T3⁄4ken, if If the application is a bearer resource for the emergency service, the emergency bearer indication is also required to indicate that the application is an emergency bearer resource.

步骤 306, GGSN在收到这个申请消息后, 根据 T ken, 将会向 PDF发起 承载资源认证的 REQ消息。 如果申请消息中携带了紧急承载指示, 那么 REQ 消息中也将携带紧急承载指示。  Step 306: After receiving the application message, the GGSN, according to the T ken, will initiate a REQ message carrying the resource authentication to the PDF. If the emergency bearer indication is carried in the application message, the emergency bearer indication will also be carried in the REQ message.

步骤 307, PDF收到 REQ消息后, 检查出该消息中携带了承载层的紧急 承载指示,则检查 P-CSCF针对本次会话下发的消息中是否携带有应用层的紧 急业务指示 :: 如杲没有, 则 PDF判定为滥用紧急承载资源, 之后, 可以进行 相关处理, 如阻断当前呼叫流程, 并进行相应记录等; 如杲有, 则继续正常的 流程、 此时表示谅呼叫确实为紧急呼叫流程。 Step 307, after received PDF REQ message, checks that the message carries the emergency bearer indicating the bearer layer, the P-CSCF checks for this session sent by the message carrying an emergency service application layer indicating that there is:: as杲 No, the PDF determines that the emergency bearer resource is abused. After that, the relevant processing can be performed, such as blocking the current call flow and performing corresponding recording; if not, the normal process is continued, and the call is confirmed to be urgent. Call flow.

上迷实施例用于当 PSAP发起对 UE的回呼时, PDF通过判断承载层和应 用屋的消息中是否都含有紧急指示, 来识别出滥用紧急承载资源的呼叫, 从 保证了紧急承载资源只能被应用于紧急业务, 避免了紧急承载资源被滥用。  The above embodiment is used when the PSAP initiates a callback to the UE, and the PDF identifies the call that abuses the emergency bearer resource by determining whether the message of the bearer layer and the application house contains an emergency indication, and the emergency bearer resource is guaranteed only Can be applied to emergency services, avoiding the abuse of emergency bearer resources.

以上仅是两个具体实施例! ¾已, 可以理解, 在实际应用中, 当 U£发起紧 急呼叫时,也可以由 PDF判断承载层和应用层的消息中是否都含有紧急指示; 当 PSAP发起 Θ呼时,也可以由 GGSN判断承载屋和应用屋的消息中是否都含 有紧急指示  The above is only two specific embodiments! 3⁄4 already, it can be understood that, in practical applications, when U £ initiates an emergency call, it can also be judged by the PDF whether the message of the bearer layer and the application layer all contain an emergency indication; when the PSAP initiates When screaming, it can also be judged by the GGSN whether the message of the carrying house and the application house contains emergency instructions.

与此同时,本发明实施例还可以在承载层网关上为紧急业务的承载设置过 滤规则,保证允许包含了为紧急业务预留的承载层限定的相关资源的数据包通 过; 对应的,应用层服务器根据承载层控制的协议层的信息判断该消息是否采 用的是为紧急业务预留的承载资源, 若是, 则所述应用层服务器将检查该请求 是否为紧急业务, 如果不是, 将判断遂请求是非法请求; 否则, 将继续后续的 流程 其中, 判断承载层是否为使用紧急承载可通过 ^始的消息, 例如: 注册 ( register )消息判断,应用层在判断是否为紧急业务时,可通过注册( register ) 消息判断, 还可通过注册 ( register )消息的响应及后续的 invite、 message等At the same time, the embodiment of the present invention can also set a filtering rule for the bearer of the emergency service on the bearer layer gateway, and ensure that the data packet including the related resources defined by the bearer layer reserved for the emergency service is allowed. Correspondingly, the application layer server determines, according to the information of the protocol layer controlled by the bearer layer, whether the message is a bearer resource reserved for emergency services, and if so, the application layer server checks whether the request is an emergency service. If not, it will judge that the request is an illegal request; otherwise, it will continue the subsequent process, in which it is judged whether the bearer layer is a message that can be used by the emergency bearer, for example, a register message is judged, and the application layer determines whether it is In the case of emergency services, it can be judged by a register message, and the response of the register message and subsequent invite, message, etc.

SIP消息判断 所述承载层控制协议至少包括: IP、传输层协议,比如 UDP( User, 用户 -数据包协 'i义 Datagram Protocol ), TCP ( Transmission Control Protoco! , 传偷控制协议), 端口, AH ( Authentication Header , 认证头协议), ESP (: Encapsu ing Security Pay load,封装安全负载协议 ), SPI ( Security Parameter Index, 安全参数索引)等; 为紧急业务预留的承载层限定的相关资源至少包 括: UE的 IP地址、 应用服务器的 ΪΡ地址、 应用服务器提供服务的端口、 应 用服务器提供的传输层协议, 应用服务器为 UE分配的 SPI及其可能组合 The SIP message determines that the bearer layer control protocol includes at least: an IP, a transport layer protocol, such as UDP (User, User-Data Packet Protocol), TCP (Transmission Control Protoco!), port, AH (Authentication Header), ESP (: Encapsu ing Security Pay load), SPI (Security Parameter Index), etc.; The method includes: an IP address of the UE, an address of the application server, a port provided by the application server, a transport layer protocol provided by the application server, an SPI allocated by the application server for the UE, and a possible combination thereof

基于上述技术方案, 本发明实施例还公开了一种 IP多媒棒子系统 IMS中 识別滥用紧急承载资源的方法:在 P-CSCF上为紧急业务的消息预留专用服务 端口, 并判断从该端口相关的应用层消息是否为紧急业务。  Based on the foregoing technical solution, the embodiment of the present invention further discloses a method for identifying abuse of emergency bearer resources in an IMS multi-media subsystem IMS: reserve a dedicated service port for a message of an emergency service on the P-CSCF, and determine from the Whether the port-related application layer message is an emergency service.

如图 5所示, 其为本发明第三实施例的承载资源管理流程示意图, 该方法 包括以下步骤:  As shown in FIG. 5, it is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention, where the method includes the following steps:

步骤 400 ~步骤 401 , 在应用服务器如 P-CSCF上为紧急业务预留一个紧 急承载专用的端口, 例如 9000; 在系统接入側的承载控制 网关如 GGSN上 设置针对所迷紧急业务的承载的过滤规则, 例如, 只允许发往所迷 P-CSCF的 9000端口的使用紧急承载的 IP包通过, 而发往该 P- CSCF的其它端口的使用 紧急承载的 ΪΡ包不允许通过 此外, 该过滤规则还可以让紧急业务相关的媒 体通行  In step 400 to step 401, an emergency bearer-dedicated port is reserved for the emergency service on the application server, such as the P-CSCF, for example, 9000. On the bearer control gateway of the system access side, such as the GGSN, the bearer for the emergency service is set. The filtering rule, for example, only allows the 9000 port of the P-CSCF to pass the emergency bearer IP packet, and the other port of the P-CSCF that uses the emergency bearer does not allow the filtering. Rules can also allow media related to emergency services to pass

步骤 402, 用户 向 GGSN发送创建组数据协议(create PDF:)请求来 申请紧急业务的承载资源, 所述请求中携带紧急承载指示,如紧急承载标识或 者紧急的 APN等  Step 402: The user sends a create group data protocol (create PDF:) request to the GGSN to apply for an emergency service bearer resource, where the request carries an emergency bearer indication, such as an emergency bearer identifier or an emergency APN.

步璨 403, GGSN根据所述紧急承载指示, 如果识别出该 UE申请的是紧 急承载, 则 GGSN为 UE分配紧急的承载资源, 并向 IJE返回一个申请承载资 源成功的响应, 如 create PDF response, 该响应包括 GGS 为 UE分配的源 IP 地址, 可能还包括能够访问的远端 IP地址及端 , 其中, 所述远端 IP地址为 P-CSCF的 IP地址, 所述 的端口为 P-CSCF预置的紧急业务专用端口。 Step 403: The GGSN allocates an emergency bearer resource to the UE according to the emergency bearer indication, and if the UE is identified as an emergency bearer, and returns an application bearer resource to the IJE. The source successfully responds, such as create PDF response, the response includes the source IP address assigned by the GGS to the UE, and may also include a remote IP address and end that can be accessed, wherein the remote IP address is the IP address of the P-CSCF. The port is an emergency service dedicated port preset by the P-CSCF.

步骤 404, UE使用申请到的紧急承载资源发起注册(register )请求消息, 该请求消息 IP包的源 IP地址为 GGS 为其分配的所述源 IP地址 , 目的 ΪΡ地 址是 P-CSCF的 ίΡ地址,端口是 9000;其 IP包的格式优逸为目的 IP地址+ IIDP 端口; 如果进行的是紧急呼叫, 所述消息还包括紧急业务指示, 这里所述紧急 业务指示可以是用户的注册信息等  Step 404: The UE initiates a registration request message by using the applied emergency bearer resource, where the source IP address of the IP packet is the source IP address assigned by the GGS, and the destination address is the address of the P-CSCF. The port is 9000; the format of the IP packet is the destination IP address + the IIDP port; if an emergency call is made, the message further includes an emergency service indication, where the emergency service indication may be the user's registration information, etc.

读注册请求消息通过 GGSN进行中转, 在该过程中, GGSN首先根据颈 置的过滤规则来检查所述注册请求消息 IP包, 如果该 ΪΡ包不是发往 CSCF 的 9000端口, 那么 GGSN将判定该请求为非法请求; 否则, 执行步骤 405。  The read registration request message is transited by the GGSN. In the process, the GGSN first checks the registration request message IP packet according to the filtering rule of the neck. If the packet is not sent to the 9000 port of the CSCF, the GGSN will determine the request. An illegal request; otherwise, step 405 is performed.

步骤 405, GGSN将所述注册请求消息转发给 P-CSCF, P-CSCF通过 9000 端口接收该消息, 此时, P-CSCF认为逾消息使用的承载为紧急承载。  Step 405: The GGSN forwards the registration request message to the P-CSCF, and the P-CSCF receives the message through the 9000 port. At this time, the P-CSCF considers that the bearer used by the message is an emergency bearer.

步骤 406〜407, P-CSCF将所注册请求消息发送给其它服务器, 其它服务 器返回相应的 401响应消息。  Steps 406 to 407, the P-CSCF sends the registered request message to other servers, and the other servers return corresponding 401 response messages.

步骤 408 - 409, P-CSCF为该 UE分配下次通信的端口, 及 ESP协议的 SP 同时标记通过所述下次通信端口收到的请求为使用的是紧急承载的消息 同时, 将 40】响应消息由 GGSN转发给 UE, 其中, 所述 401响 应消息中还包括 P-CSCF新分配的端口号和 SPL  Steps 408 - 409, the P-CSCF allocates the port for the next communication to the UE, and the SP of the ESP protocol simultaneously marks that the request received through the next communication port is an emergency bearer message, and the message is 40] The message is forwarded by the GGSN to the UE, where the 401 response message further includes a newly assigned port number and SPL of the P-CSCF.

步骤 410, UE向 GGSN重新发起注册( register )请求消息, 此时 UE发 出的注册请求消息 IP包的格式是包含有 IJ 地址 +ESP 其中 , 所述 IP地址包 括 GGSN为该 UE分配的源 IP地址和 P-CSCF的目的 IP地址,所述 ESP包括 P-CSCF为 UE分配的 SJPI  Step 410: The UE re-initiates a registration request message to the GGSN. The format of the registration request message IP packet sent by the UE includes the IJ address + ESP, where the IP address includes the source IP address allocated by the GGSN for the UE. And the destination IP address of the P-CSCF, where the ESP includes the SJPI allocated by the P-CSCF to the UE

GGSN在收到该注册请求消息后,检查所迷消息中的源 IP地址是否为 UE 在申请紧急承载资源时 GGSN分配给该 UE的 IP地址, 如杲不是, 则 GGSN 可以判定该请求为非法请求; 否则, 执行下述步骤。  After receiving the registration request message, the GGSN checks whether the source IP address in the message is the IP address allocated by the GGSN to the UE when applying for the emergency bearer resource. If not, the GGSN can determine that the request is an illegal request. ; Otherwise, perform the steps below.

步骤 411 416, GGSN将所述注册请求消息发送给 P-CSCF, P-CSCF通 过所述新分配的端口收到该 UE的注齡请求消息后,对该请求的 IP包进行 ESP 解码 P-CSCF检查所述注册请求消息中是否包含紧急业务指示, 若包含, 则认 为该请求为紧急业务, 则 P-CSCF ^M 所迷注册请求完成后续的注册流程, 并 在注册完成后, 将 200响应消息由 GGSN发送至 UE; 若该请求不包含紧急业 务指示 > 那么 P- CSCF认为该请求是非法请求。 Step 411 416, the GGSN sends the registration request message to the P-CSCF, and after receiving the ageing request message of the UE by using the newly allocated port, the P-CSCF performs ESP decoding on the requested IP packet. The P-CSCF checks whether the registration request message includes an emergency service indication. If the request is an emergency service, the registration request of the P-CSCF ^M completes the subsequent registration process, and after the registration is completed, The 200 response message is sent by the GGSN to the UE; if the request does not contain an emergency service indication > then the P-CSCF considers the request to be an illegal request.

此外,如果 P-CSCF在此过程中不检查所述注册请求消息是否为紧急业务, 那么 P- CSCF会在后续当 UE发起与该注册相关的如 vte、 message等 SIP请 求时, 检查该请求是否为紧急业务, 若不是, 那么 P-CSCF将判定读相关请求 ,?¾_-1Γ Λ*Γ Ϊ¾水。  In addition, if the P-CSCF does not check whether the registration request message is an emergency service in the process, the P-CSCF checks whether the request is subsequently performed when the UE initiates a SIP request such as vte, message, etc. related to the registration. For emergency services, if not, the P-CSCF will determine to read the relevant request, 3⁄4_-1Γ Λ*Γ Ϊ3⁄4 water.

需要说明的是, 在后续的正常会话过程中, 如杲需要, P-CSCF 还通知 GGSN增加新的媒体过滤规则, 以确保协商的媒体部分能够通过 GGS L 具体 的通知新的媒体过滤规则的方法与上述实施例相同, 这里不再赘述。  It should be noted that, in the subsequent normal session, if necessary, the P-CSCF also notifies the GGSN to add a new media filtering rule to ensure that the negotiated media portion can specifically notify the new media filtering rule through the GGS L. The same as the above embodiment, and details are not described herein again.

除此之外,上述步骤 404中 GGSN还可以检查 UE使用紧急承栽发来的请 求消息中的源 I 地址是否为该 UE在申请紧急承载资源时 GGSN分配给 i UE 的 IP地址, 若不是, 则 GGSN判定读请求为非法请求  In addition, in the above step 404, the GGSN may also check whether the source I address in the request message sent by the UE using the emergency bearer is the IP address allocated by the GGSN to the i UE when the UE applies for the emergency bearer resource, and if not, Then the GGSN determines that the read request is an illegal request.

上迷实旅例通过在应用居服务器上为紧急业务分配专用端口,并在承载层 网关上针对紧急业务的承载设置过滤规则,允许包含有应用层服务器专用端口 的数据包通过; 同时, 所述应用层服务器如果从分配的专用端口收到数据包, 则认为该数据包为采用紧急承载的消息,进5¾判断从该专用端口获取到的消息 是否为紧急业务, 从而保证了紧急承载资源只能被应用于紧急业务, 避.免了紧 急承载资源被滥用  The above-mentioned singular travel case allocates a dedicated port for the emergency service on the application server, and sets a filtering rule for the bearer of the emergency service on the bearer layer gateway, allowing the data packet including the application layer server dedicated port to pass; If the application layer server receives the data packet from the allocated dedicated port, it considers that the data packet is an emergency bearer message, and determines whether the message obtained from the dedicated port is an emergency service, thereby ensuring that the emergency bearer resource can only be Was used in emergency services, avoiding the abuse of emergency bearer resources

除此之外,本发明实施例并不限于上迷的通过设置紧急业务的端口来识別 是否采用了紧急承载的消息, 例如, 所述应用服务器还可以为紧急业务预留一 个如 SPI等范围, 当接收到的消息中有该范围内的 SH时, 则判断兹消息是否 为紧急业务。  In addition, the embodiment of the present invention is not limited to the above-mentioned setting of the port of the emergency service to identify whether the emergency bearer message is adopted. For example, the application server may also reserve a range such as SPI for the emergency service. When there is an SH in the range in the received message, it is determined whether the message is an emergency service.

如图 6所示, 其为本发明第锊实施例的承载资源管理流程示意图, 该方法 包括以下步骤.:  As shown in FIG. 6, which is a schematic diagram of a bearer resource management process according to a third embodiment of the present invention, the method includes the following steps:

步骤 500 ~步據 501 , 在应用 务器如 P-CSCF上不仅 "^置紧急业务专用 端口,还为紧急业务預留一个 SPI范围,例如 20000 - 30000 同时,在 P-CSCF 上还设置 SPi的分配规则, 即 P- CSCF如果是从紧急业务专用的端口收到了注 - Γ! - 册请求消息, 那么为该用户 UE分配从顿留 S 范围中的 SPI, 例如 Step 500 ~ Step 501, on the application server, such as the P-CSCF, not only "set the emergency service dedicated port, but also reserve an SPI range for emergency services, for example, 20,000 - 30000, and also set SPi on the P-CSCF. Assignment rules, ie P-CSCF receives a note from the port dedicated to emergency services - Γ! - Book request message, then assign the SPI in the range of the slave S to the user UE, for example

该过滤规则还可以让紧急业务相关的媒体通行。 This filtering rule also allows media related to emergency services to pass.

在系统接入側的承载控制 ίί 网关如 GGSN上设置针对紧急业务的承载的 过滤规则, 例如允许用户发往 P-CSCF的所述 SPI范围内的 IP包 (如 SPI值 为 20000 30000的 IPSEC包 )能够通过, 而发往该 P-CSCF的其它 SPI范围 的 IP包不可以通过, 允许用户发往 P-CSCF指定端口的 IP包通过。  Bearer control on the system access side ίί Gateway, such as GGSN, sets the filtering rules for bearers for emergency services, such as IP packets in the SPI range that allow users to send to the P-CSCF (such as IPSEC packets with SPI value of 20000 30000) ) can pass, and other SPI-range IP packets sent to the P-CSCF cannot pass, allowing the user to send IP packets to the designated port of the P-CSCF.

步骤 502 , UE向 GGSN发送一个创建组数据协议 ( create PDF )请求来申 请紧急业务的承载资 *, 所述请求中携带紧急承载指示, 如紧急 载标识或者 紧急的 APN等。  Step 502: The UE sends a create group data protocol (create PDF) request to the GGSN to apply for an emergency service bearer*, where the request carries an emergency bearer indication, such as an emergency bearer or an emergency APN.

步骤 503, G TSN根据所述紧急承载指示如杲识別出该 UE申请的是紧急 承载, 则 为 UE分配紧急的承载资源, 并向 UE返回一个申请承载资源 成功的响应, 如 create PDF response„ 该响应包括 GGSN为 UE分配的源 ΪΡ地 址, 可能还包括能够访问的远端 IP地址及端口, 其中, 所迷端口为 P-CSCF 预置的紧急业务专用端口。  Step 503: The G TSN determines, according to the emergency bearer indication, that the UE applies for an emergency bearer, allocates an emergency bearer resource to the UE, and returns a response to the UE that successfully requests the bearer resource, such as create PDF response. The response includes the source address assigned by the GGSN to the UE, and may also include a remote IP address and port that can be accessed, wherein the port is an emergency service dedicated port preset by the P-CSCF.

步骤 504, UE使用申请到的紧急承载资源发起注册(register )请求消息, 所述请求消息 ίΡ包的源】ρ地址为 GGSN为其分配的所述源】Ρ地址, 目的 ΪΡ 地址是 P- CSCF的 IP地址, UDP端口是 P- CSCF专用端口; 其 IP包的格式优 选为 ] 0P地址 + UDP端口; 如杲进行的是紧急呼叫, 所迷消息还包括紧急业务 指示, 这里所述紧急业务指示可以是用户的注册信息等。  Step 504: The UE initiates a register request message by using the applied emergency bearer resource, where the source of the request message is the source address of the GGSN, and the destination address is P-CSCF. IP address, UDP port is P-CSCF dedicated port; its IP packet format is preferably 0P address + UDP port; if 杲 is an emergency call, the message also includes emergency service indication, emergency service indication here It can be the user's registration information, etc.

该注册请求消息通过 GGSN进行中转, 在该过程中, GGSN首先根据预 置的过滤规 来检査兹注册请求消息 IP包, 如杲所述 IP包中的目的端口号不 是 往 P-CSCF的专用端口, 那么 GGSN将判定该请求为非法请求; 否则, 执 行步據 505,  The registration request message is transited by the GGSN. In the process, the GGSN first checks the registration request message IP packet according to the preset filtering rule. For example, the destination port number in the IP packet is not dedicated to the P-CSCF. Port, then the GGSN will determine that the request is an illegal request; otherwise, execute step 505,

步據 505, GGS 将所述注册请求消息转发给 P- CSCF。  According to step 505, the GGS forwards the registration request message to the P-CSCF.

步骤 506 .507 , P- CSCF将所注册请求消息发送给其它服务器, 其它服务 器返回相应的 401响应消息。  Step 506 .507, the P-CSCF sends the registered request message to other servers, and the other servers return a corresponding 401 response message.

步骤 508 - 509, P-CSCF为该 UE分配下次通信的端口及 ESP协议的 S.PL 如果是从紧急业务专用端口收到的请求, 那么 P-CSCF认为该请求使用的是紧 急承载资源, 此时, 所述 SPi为从紧急业务预留的 SPi范围中选取的。 同时, P-CSCF将 401 响应消息由 GGSN转发给 UE, 其中, 401响应消 息中还包括 P-CSCF新分配的端口号和 SPL Steps 508 - 509, the P-CSCF allocates the port for the next communication to the UE and the S.PL of the ESP protocol. If the request is received from the emergency service dedicated port, the P-CSCF considers that the request uses the emergency bearer resource. At this time, the SPi is selected from the SPi range reserved for emergency services. At the same time, the P-CSCF forwards the 401 response message to the UE by the GGSN, where the 401 response message further includes the newly assigned port number and SPL of the P-CSCF.

步骤 510, UE向 GGSN重新发起注册 (register )请求消息, 此时 UE发 出的注册请求消息 1.P包包含有 IP地址 其中, 所述 IP地址包括 GGSN 为 UE分配的所述源 IP地址和 P-CSCF的目的 :P地址,所述 ESP包括 P-CSCF 为 UE.分配的 SP1U  Step 510: The UE re-initiates a registration request message to the GGSN, where the registration request message 1.P packet sent by the UE includes an IP address, where the IP address includes the source IP address and P allocated by the GGSN to the UE. - Purpose of the CSCF: P address, the ESP includes the SP1U allocated by the P-CSCF for the UE.

GGSN在收到读注册请求消息后,检查读消息中的 SPi是否属于为紧急业 务预留的范围内的, 如果不是, 则 GGSN可以判定该请求为非法请求; 否则, 执行下述步骤  After receiving the read registration request message, the GGSN checks whether the SPi in the read message belongs to the range reserved for the emergency service. If not, the GGSN can determine that the request is an illegal request; otherwise, perform the following steps.

步骤 51】― 515 , GGSN将所述注册请求消息发送给 P-CSCF, P-CSCF通 过所述新分配的端口收到逾 UE的注册请求消息后, 对所述请求的 I 包进行 ESP解码。  Step 51] 515, the GGSN sends the registration request message to the P-CSCF, and after receiving the registration request message of the UE through the newly allocated port, the P-CSCF performs ESP decoding on the requested I packet.

P-CSCF检查解码后的注册请求消息中的 SPI是否为紧急业务专用范围内 的, 若是, 则认为读消息为采用的紧急承载资源的消息, 则 P- CSCF进一步检 查该消息是否为紧急业务, 如果不是 那么 P-CSCF认为读请求是非法请求 否則, P-CSCF根据所迷注册请求完成后续的注册流程, 并在注册完成后, 将 200响应消息由 发送至 UE  The P-CSCF checks whether the SPI in the decoded registration request message is within the emergency service specific range, and if yes, considers that the read message is the used emergency bearer resource message, and the P-CSCF further checks whether the message is an emergency service. If not, then the P-CSCF considers that the read request is an illegal request. Otherwise, the P-CSCF completes the subsequent registration process according to the registration request, and after the registration is completed, sends the 200 response message to the UE.

此外,如果 P-CSCF在此过程中不检查所述注册请求消息是否为紧急业务, 那么 P-CSCF会在后续当 UE发起与璲注册相关的如 invite、 message等 SiP请 求时、 检查该请求是否为紧急业务, 若不是., 则 P-CSCF将判定该相关请求是 非法请求。  In addition, if the P-CSCF does not check whether the registration request message is an emergency service, the P-CSCF checks whether the request is subsequently performed when the UE initiates a SiP request such as an invite or a message related to the registration of the UI. For emergency services, if not, the P-CSCF will determine that the relevant request is an illegal request.

上迷实施倒通过在承载层网关上设置过滤规则,保证允许包含了使用紧急 承载层限定的相关资源信息的数据包通过; 同时,应用层服务器在收到用户发 出的 IP包的消息后, 根椐该消息中的 SP1判断出该消息为包含了使用紧急承 载层限定的相关资源信息的消息时,对该消息进行紧急业务检查, 进一步判断 该消息是否为紧急业务, 从而保证了紧急承载资源只能被应用于紧急业务, 避 免了紧急承载资源被滥用。  The above implementation implements the filtering rule on the bearer layer gateway to ensure that the data packet containing the relevant resource information defined by the emergency bearer layer is allowed to pass; meanwhile, after receiving the message of the IP packet sent by the user, the application layer server roots When the SP1 in the message determines that the message is a message that includes the related resource information defined by the emergency bearer layer, the emergency service check is performed on the message to further determine whether the message is an emergency service, thereby ensuring that the emergency bearer resource is only Can be applied to emergency services, avoiding the abuse of emergency bearer resources.

与此同时 本发明实施例还公开了一种 IMS 中识別滥用紧急承载资源的 方法: 在 GGSN上设置允许包含有预置范 ¾内的 地址的请求通过, 其中, 所述预置范围内的 ίΡ专用于紧急承载资源。 P-CSCF当收到该 J0P地址范围的 请求时, 检查该请求是否为紧急业务 At the same time, the embodiment of the present invention further discloses a method for identifying abuse of emergency bearer resources in an IMS: setting, on the GGSN, a request to allow an address included in the preset specification to pass, wherein, The preset range is dedicated to emergency bearer resources. When receiving the request of the J0P address range, the P-CSCF checks whether the request is an emergency service.

如图 7所示, 其为本发明第五实施例的承载资源管理流程示意图, 该方法 包括以下步骤:  FIG. 7 is a schematic diagram of a bearer resource management process according to a fifth embodiment of the present invention, where the method includes the following steps:

步骤 600, 在 GGSN上为紧急业务颈留一个源 ΪΡ地址范围, 用于为申请 紧急业务的承载资 ¾的1疋分配。 同时, 在 GGSN上还设置过滤规则, 允许包 含有所述预留范围内的 :Ρ地址的数据包通过, 而包含其它源 P地址的 IP包 不可以通过。 该过滤规则还可以让紧急业务相关的媒体通行。  Step 600: Leave a source address range for the emergency service on the GGSN, which is used to allocate 1承载 of the bearer for applying for emergency services. At the same time, a filtering rule is also set on the GGSN to allow packets containing the :Ρ address in the reserved range to pass, and IP packets containing other source P addresses cannot pass. This filtering rule also allows media related to emergency services to pass.

步骤 60】,在 P-CSCF上通过配置或者其它手段获知 GGSN上预留的源 ίΡ 地址范围, 以便在 P-CSCF收到所述预留 IP范围内的请求时, 检查该请求是 否为紧急业务  Step 60: The source address range reserved on the GGSN is learned by configuration or other means on the P-CSCF, so that when the P-CSCF receives the request in the reserved IP range, it checks whether the request is an emergency service.

步骤 602, UE向 GGSN发送一个创建組数据协议 ( create PDF )请求来申 请紧急业务的承载资源, 所述请求中携带紧急承载指示, 如紧急承载标识或者 紧急的 APN等„  Step 602: The UE sends a create group data protocol (create PDF) request to the GGSN to apply for an emergency service bearer resource, where the request carries an emergency bearer indication, such as an emergency bearer identifier or an emergency APN.

步骤 603, 根据所述紧急承载指示识别出该 UE申请的是紧急承载, 为该用户分配紧急的承载资源, 其中, 所迷承载资源中的源 IP地址为所述紧 急业务预留的地址范围中的 IP地址  Step 603: Identify, according to the emergency bearer indication, that the UE applies for an emergency bearer, and allocate an emergency bearer resource to the user, where the source IP address in the bearer resource is in the address range reserved by the emergency service. IP address

同时, (3GSN 向 UE返回一个申请承载资源成功的响应, 如 create PDP response,, 其中所述响应包括 GGSN为 UE分配的 IP地址。  At the same time, the 3GSN returns a response to the UE that successfully requests the bearer resource, such as create PDP response, where the response includes the IP address allocated by the GGSN for the UE.

步骤 604, UE使用申请到的紧急承载资源分配发起注册 (register )请求 消息, 由于所述请求消息 IP包是使用紧急承载资源发送的, GGSN将检查读 消息的源 IP地址是否属于预留的范围内的, 如果不是, 则认为该消息为非法 请求; 否则, 执行下述步骤。  Step 604: The UE initiates a registration request message by using the applied emergency bearer resource allocation. Since the request message IP packet is sent by using an emergency bearer resource, the GGSN checks whether the source IP address of the read message belongs to the reserved range. If not, the message is considered an illegal request; otherwise, the following steps are performed.

步據 605, GGSN将所述注册请求消息转发给 P-CSCF, P-CSOF接收该消 息, 根据该消息中的 IP确定该消息使用的承载为紧急承载  Step 605: The GGSN forwards the registration request message to the P-CSCF, and the P-CSOF receives the message, and determines, according to the IP in the message, the bearer used by the message as an emergency bearer.

步骤 606〜607, P- CSCF将所述注册请求消息发送给其它服务器, 其它服 务器返回相应的 401响应消息  Steps 606-607, the P-CSCF sends the registration request message to other servers, and the other servers return corresponding 401 response messages.

步璨 608 ~ 609> P-CSCF为该 UE分配下次通信的端口及 ESP协议的 SPL 同时, P-CSCF将 401响应消息由 GGSN转发给 UE, 其中, 所述 401响 应消息中还包括 P-CSCF新分配的端口号和 SP】.。 Steps 608 ~ 609> The P-CSCF allocates the port for the next communication to the UE and the SPL of the ESP protocol. The P-CSCF forwards the 401 response message to the UE by the GGSN, where the 401 ring The message should also include the newly assigned port number and SP] of the P-CSCF.

步骤 610, UE向 GGSN重新发起注册 ( re ster )请求消息, 此时 UE发 出的所述注册请求消息 ίΡ包包含有 ΓΡ地址 其中,所述 ίί地址包括 GGSN 为 UE分配的专用于紧急业务的 IP地址和 P-CSCF的目的 ff地址,所迷 ESP 包括 P-CSCF为 UE分配的 SPI。  Step 610: The UE re-initiates a registration request message to the GGSN, where the registration request message 发出 packet sent by the UE includes an ΓΡ address, where the 地址 地址 address includes an IP dedicated to the emergency service allocated by the GGSN for the UE. The address and the destination ff address of the P-CSCF, the ESP includes the SPI allocated by the P-CSCF for the UE.

GGSN在收到该注册请求消息后, 4^查该消息中的源 IP地址是否属于为 紧急业务预留的 P地址范围, 如果不是, 则 GGSN可以判定该请求为非法请 求; 否则, 执行下述步骤  After receiving the registration request message, the GGSN checks whether the source IP address in the message belongs to the P address range reserved for emergency services. If not, the GGSN may determine that the request is an illegal request; otherwise, perform the following Step

步骤 611 ~ 616, GGSN将所述注册请求消息发送给 P-CSCF, P-CSCF通 过所述新分配的端口收到该 UE的注册请求消息后, 对所述请求的 IP包进 4亍 ESP解码  Steps 611 to 616, the GGSN sends the registration request message to the P-CSCF, and after receiving the registration request message of the UE by using the newly allocated port, the P-CSCF decodes the requested IP packet into 4 ESPs.

P-CSCF根据所述注册请求消息中的漉 IP地址检查该 IP是否属于为紧急 业务所预留的源 ίΡ地址范 若是, 则 P-CSCF认为该消息为采用紧急承载 资源的消息, P-CSCF将检查 ¾请求是否是紧急业务, 如杲请求的不是紧急业 务, 则 Ρ- CSCF认为该请求为非法请求; 如果请求的是紧急业务、 M P-CSCF 根据所述注册请求完成后续的注册流程, 并在注册完成后,将 200响应消息由 GGSN发送至 UE  The P-CSCF checks whether the IP belongs to the source reserved for the emergency service according to the IP address in the registration request message. If the address is the case, the P-CSCF considers the message to be the emergency bearer resource, P-CSCF. Will check whether the request is an emergency service, if the request is not an emergency service, then the CSCF considers the request to be an illegal request; if the request is for an emergency service, the APP-CSCF completes the subsequent registration process according to the registration request, And after the registration is completed, the 200 response message is sent by the GGSN to the UE.

此外,如果 P-CSCF在此过程中不检查所述注册请求消息是否为紧急业务, 那么 P-CSCF会在后续当 UE发起与该注册相关的如 imdte、 message等 SiP请 求时、检查该请求是否为紧急业务,若不是,则判定所述相关请求是非法请求 上迷实施 ί承载层网关为申请紧急承载的用户分配针对紧急业务的源 IP 地址, 并保证只允许包含有所述源 IP地址的数据包通过; 同时, 应用展服务 器在收到消息后, 对包含有所述源 IP地址的消息做检查, 当认为兹消息为使 用紧急承载时, 再进一步判断该消息是否为紧急业务,从而保证了紧急承载资 源只能被应用于紧急业务, 避免了紧急承载资源被滥用  In addition, if the P-CSCF does not check whether the registration request message is an emergency service in the process, the P-CSCF checks whether the request is subsequently performed when the UE initiates a SiP request such as imdte, message, etc. related to the registration. For the emergency service, if not, it is determined that the related request is an illegal request. The carrier layer gateway allocates a source IP address for the emergency service to the user applying for the emergency bearer, and ensures that only the source IP address is allowed. After the packet is received, the application server checks the message containing the source IP address after receiving the message. When it is considered that the message is an emergency bearer, it further determines whether the message is an emergency service, thereby ensuring that the message is an emergency service. Emergency bearer resources can only be applied to emergency services, avoiding the misuse of emergency bearer resources.

需要说明的是, 本发明不仅限于上述几个实旄例中的紧急属性信息, 即分 別只通过源 IP地址、 应用服务器提供服务的端口、 及应用服务器分配的 SPI 来判断请求消息是否使用了紧急承载,从而进一步判断紧急承载资源是否应用 于紧急业务;还可以使用其他承载屋控制协议资源或者采取至少一种上述紧急 属性信息来判断 It should be noted that the present invention is not limited to the emergency attribute information in the foregoing embodiments, that is, the source IP address, the port provided by the application server, and the SPI allocated by the application server respectively determine whether the request message is used urgently. Carrying, thereby further determining whether the emergency bearer resource is applied to the emergency service; or using other bearer control protocol resources or taking at least one of the above-mentioned emergency Attribute information to judge

基于上迷技术方案, 本发明实施例还提供一种 IMS中紧急呼叫控制方法, 该方法在呼叫建立过程中,传递信息的中间实体接收出自同一会话的消息或应 用信令, 根椐所述消息或信令识别所述呼叫是否滥用紧急承载资遜, 如果是, 则禁止或重定向所述呼叫。根据消息识別所述呼叫是否滥用紧急承载资源的过 程与前面实施例中的描述一致, 在此不再赘述。  Based on the above technical solution, an embodiment of the present invention further provides an emergency call control method in an IMS. In a call setup process, an intermediate entity that transmits information receives a message or application signaling from the same session, and the message is based on the message. Or signaling to identify whether the call is abusing the emergency bearer, and if so, disabling or redirecting the call. The process of identifying whether the call is abusing the emergency bearer resource according to the message is consistent with the description in the previous embodiment, and details are not described herein again.

本发明实施例还公开了一种 M:S 中用于识別滥用紧急承载资源的装置, 如图 8所示, 其为读装置的原理图:  The embodiment of the invention further discloses a device for identifying abuse of emergency bearer resources in M:S, as shown in FIG. 8 , which is a schematic diagram of the reading device:

读装置包括: 消息接收单元 81、 紧急承载识別单元 82、 紧急业务识別单 元 8 判断单元 84。 其中, 消息接收单元 81用于接收在呼叫建立过程中出自 同一会话的消息或应用信令;紧急承载识別单元 82用于根据消息或应用信令, 检查承载层是否使用了紧急承载; 紧急业务识別单元 83用于根椐消息或应用 信令检查应用层是否为紧急业务;判断单元 84根据紧急承载识別单元 82和紧 急业务识别单元 83的检查结果, 在所述结果为承载居使用了紧急承载, 但应 用层为非紧急业务时 确定所述呼叫滥用紧急承载资源  The reading device includes: a message receiving unit 81, an emergency bearer identifying unit 82, and an emergency service identifying unit 8 determining unit 84. The message receiving unit 81 is configured to receive a message or application signaling from the same session in the call setup process; the emergency bearer identifying unit 82 is configured to check whether the bearer layer uses the emergency bearer according to the message or the application signaling; The identifying unit 83 is configured to check whether the application layer is an emergency service by using a root message or an application signaling; the determining unit 84 uses the result of the checking by the emergency bearer identifying unit 82 and the emergency service identifying unit 83, and the result is used as a bearer. Emergency bearer, but the application layer is non-emergency service, and the call abuse emergency bearer resource is determined.

可以在紧急承载识别单元 82 检查到承载层是否使用了紧急承载的情况 下 , 紧急业务识別单元 83再对应用层进行^^查, 由紧急业务识別单元 83将最 终结果通知判断单元 84。 当然, 也可以由紧急承载识別单元 82和紧急业务识 别单元 83分别对承载层和应用层进行检查, 并分別将检查结果通知判断单元 84,  In the case where the emergency bearer identifying unit 82 checks whether the bearer layer uses the emergency bearer, the emergency service identifying unit 83 performs a check on the application layer, and the emergency service identifying unit 83 notifies the determining unit 84 of the final result. Of course, the bearer layer and the application layer may be inspected by the emergency bearer identifying unit 82 and the emergency service identifying unit 83, respectively, and the checking result is notified to the determining unit 84, respectively.

紧急承载识别单元 82可以通过对消息接收单元 81接收的来自承载层的消 息中是否包舍紧急承载指示信息进行检查, 来确定承载屋是否使用了紧急承 载, 如果所述消息中包含紧急承载指示信息, 则确定承载层使用了紧急承载。 所述紧急承载指示信息可以是: 紧急标识字段、 或全局专用的紧急接入点名、 或能够关联到已有的紧急承栽的索引等, 同样, 紧急业务识別单元 83可以通 过对消息接收单元 81接收的来自应用层的消息中是否包含紧急业务指示信息 进行检查, 来确定应用屋是否为紧急业务,如果所述消息中包含紧急业务指示 信息, 则确定应用层为紧急业务。 所述紧急业务指示信息可以是 ^支叫号码、 用 户的注册信息等。 可以将 il装置集成在接入側承载控制 IP网关比如 G(3SN、 或 PDSN上。 通过.检测用户终端申请资源的消息和 PDF返回的资源认证响应消息来实现上 述功能; 还可以将遂装置集成在 PDF上, 通过检测 GGSN发起的资源认证消 息和 P- CSCF的资遜授权消息来实现上述功能。具休实现流程可参照前面对图 3和图 4中流程的描述 The emergency bearer identification unit 82 may check whether the emergency bearer is used by the bearer in the message from the bearer layer received by the message receiving unit 81, if the emergency bearer is included in the message, if the message includes the emergency bearer indication information. Then, it is determined that the bearer layer uses an emergency bearer. The emergency bearer indication information may be: an emergency identification field, or a globally dedicated emergency access point name, or an index that can be associated with an existing emergency bearer, etc. Similarly, the emergency service identification unit 83 may pass the message receiving unit. The message received from the application layer includes the emergency service indication information for checking to determine whether the application house is an emergency service. If the message includes emergency service indication information, it is determined that the application layer is an emergency service. The emergency service indication information may be a calling number, a registration information of the user, or the like. The il device can be integrated on the access side bearer control IP gateway such as G (3SN, or PDSN. The above function can be realized by detecting the message of the user terminal applying for the resource and the resource authentication response message returned by the PDF; On the PDF, the above functions are implemented by detecting the resource authentication message initiated by the GGSN and the RADIUS authorization message of the P-CSCF. The implementation process of the IKE can refer to the foregoing description of the processes in FIG. 3 and FIG.

利用该装置,不仅可以识别用户终端发起的紧急呼叫是否滥用紧急承载资 源,还可以识別公共安全应答点对所述紧急呼叫发^ ¾的回呼是否滥用紧急承载 另外,紧急承载识别单元 82还可以通过对消息接收单元 81接收的应用信 令是否使用了为紧急业务 留的承载资源进行检查,来确定承载层是否使用了 紧急承载, 如果使用了为紧急业务颈留的承载资源, 则确定承载层使用了紧急 承载,, 所述为紧急业务预留的承载资漉可以是紧急承载专用的 地址 端口、 SPI等 同样, 紧急业务识別单元 83可以通过对消息接收单元 81接收的应用 信令是否包含紧急业务指示信息进行检查, 来确定应用居是否为紧急业务, 如 果所述信令中包舍紧急业务指示信息, 则确定应用层为紧急业务。所述紧急业 务指示信息可以是被叫号码、 用户的注册信息等  The device can not only identify whether the emergency call initiated by the user terminal abuses the emergency bearer resource, but also identify whether the public safety answering point sends a call back to the emergency call to abuse the emergency bearer. In addition, the emergency bearer identification unit 82 further Whether the bearer layer uses the emergency bearer is determined by checking whether the application signaling received by the message receiving unit 81 uses the bearer resource reserved for the emergency service, and if the bearer resource reserved for the emergency service is used, the bearer is determined. The layer uses the emergency bearer, and the bearer resource reserved for the emergency service may be an address port dedicated to the emergency bearer, the SPI, etc., and the application signaling received by the emergency service identifying unit 83 through the message receiving unit 81 is The emergency service indication information is checked to determine whether the application is an emergency service. If the emergency service indication information is included in the signaling, the application layer is determined to be an emergency service. The emergency service indication information may be a called number, a registration information of a user, etc.

可以将该装置集成在应用层服务器比如 P- CSCF上 通过检测用户终端的 注册请求消息或与注册相关的如 imnte、 message等 SIP请求消息,来实现上迷 功能,, 具休实现流程可参照前面对图 5 图 6和图 7中流程的描述,,  The device may be integrated on an application layer server, such as a P-CSCF, by detecting a registration request message of the user terminal or a SIP request message such as imnte or message related to the registration, so as to implement the above-mentioned function. Facing the description of the flow in Figure 5, Figure 6 and Figure 7,

本发明实施例还公开了一种 IMS 中用于识刖滥用紧急承载资源的系统、 如图 9所示, 其为该系统的原理图:  The embodiment of the invention also discloses a system for identifying abuse of emergency bearer resources in the IMS, as shown in FIG. 9, which is a schematic diagram of the system:

该系统包括: 接入側承载控制 ΪΡ网关 91和应用层服务器 92, 其中, 接入侧承载控制 IP网关 91包括资源分配装置 9Γ1, 用于在呼叫建立过程 中, 为用户终端分配资源, 包括为申请紧急业务承载资源的用户分配为紧急业 务预留的承载层限定的相关资源; 应用层服务器 92 包括识別装置 921, 用于 根据应用层服务器 92接收的应用信令, 识别使用所述为紧急业务预留的承载 层限定的相关资源的呼叫是否滥用紧急承载资源。 识別装置 921的结构与图 8 所示本发明实施倒中类似, 在此不再赘述。  The system includes: an access side bearer control gateway 91 and an application layer server 92, wherein the access side bearer control IP gateway 91 includes a resource allocation device 9.1 for allocating resources for the user terminal during the call setup process, including The user who applies for the emergency service bearer resource is allocated as the related resource defined by the bearer layer reserved for the emergency service; the application layer server 92 includes the identifying means 921, for identifying the use of the emergency according to the application signaling received by the application layer server 92. Whether the call of the related resource defined by the bearer layer reserved by the service abuses the emergency bearer resource. The structure of the identification device 921 is similar to that of the embodiment of the present invention shown in FIG. 8, and details are not described herein again.

在 IMS中, 接入側承载控制 0 网关 91可以是 GGSN、 或 PDSN, 应用层 服务器 91可以是 P- CSCF。 In the IMS, the access side bearer control 0 gateway 91 may be a GGSN, or a PDSN, an application layer. Server 91 can be a P-CSCF.

除此之外, 接入側承载控制 IP网关 91还可以包括过滤装置 9i2, 用于设 置针对紧急业务的承载的过 规则,并根据所述过滤规则检查接入倒承载控制 IP网关 9j接收到的应用信令数椐包包含的承载层限定的相关资^信息, 如果 所述承载层限定的相关资源属于所述为紧急业务预留的承载层限定的相关资 源, 则允许接入側承载控制 IP网关 91转发所述应用信令, 否则, 禁止接入倒 承载控制 IP网关 9】转发所述症用信令 通过过滤装置 9 2, 可以保证发出的 与紧急业务相关的信息只能到达承载屋紧急属性信息描述的实体  In addition, the access side bearer control IP gateway 91 may further include a filtering device 9i2 for setting an over-rule for the bearer of the emergency service, and checking the access reverse-bearing control IP gateway 9j according to the filtering rule. The application signaling number includes the relevant information defined by the bearer layer, and if the related resources defined by the bearer layer belong to the related resources defined by the bearer layer reserved for the emergency service, the access side bearer control IP is allowed. The gateway 91 forwards the application signaling. Otherwise, the access to the reverse bearer control IP gateway is prohibited. The forwarding of the symptom signaling through the filtering device 92 can ensure that the information related to the emergency service can only reach the emergency of the carrying house. Attribute description entity

利用谅系统,不仅可以识别用户终端发起的紧急呼叫是否滥用紧急承载资 源,还可以识別公共安全应答点对所述紧急呼叫发起的 呼是否滥用紧急承载 资源》  Using the system of forgiveness, it is possible to identify not only whether the emergency call initiated by the user terminal abuses the emergency bearer resource, but also whether the call initiated by the public safety answering point to the emergency call abuses the emergency bearer resource.

还可以在该系统中设置控制装置 (图中未示), 以# ^据识别装置 92 !.的检 查结果,控制所述呼叫的建立, 如杲识別装置 921检查结果为所迷呼叫滥用紧 急承载资源, 则禁止或重定向所述呼叫„ 所述控制装置可以和识别装置 92】 位于不同的功能实体上, 也可以位于同一功能实体上。  It is also possible to set a control device (not shown) in the system to control the establishment of the call by the inspection result of the identification device 92.., for example, the identification device 921 checks the result for the abuse of the call. If the resource is carried, the call is prohibited or redirected. The control device and the identification device 92 may be located on different functional entities or may be located on the same functional entity.

利用该系统, 可以保证紧急承载资源只能被应用于紧急业务, 避.免了紧 以上所迷仅为本发明的较佳实旄例而已, 并非用于限.定本发明的保护范 围: 凡在本发明的精神和原则之内所作的任何修改、 等同替换、 改进等, 均包 含在本发明的保护范围内  With the system, it can be ensured that the emergency bearer resources can only be applied to the emergency service, and the above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention: Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present invention are included in the scope of the present invention.

Claims

权 利 要 求 Rights request 1、一种 IMS中识別滥用紧急承载资源的方法,其特征在于,该方法包括: 在呼叫建立过程中,如果用于传递信息的中间实体确定承载层使用了紧急 承载, 则检查应用层是否为紧急业务;  A method for identifying abuse of emergency bearer resources in an IMS, the method comprising: in the call setup process, if the intermediate entity for transmitting information determines that the bearer layer uses the emergency bearer, check whether the application layer is For emergency operations; 若为非紧急业务, 则确定该呼叫滥用紧急承载资源。  If it is a non-emergency service, it is determined that the call abuses the emergency bearer resource. 2、 根据权利要求〗 所述的方法, 其特征在于, 所述中间实体确定承载屋 使用了紧急承载的过程包括:  2. The method according to claim 1, wherein the process of determining, by the intermediate entity, that the bearer uses an emergency bearer comprises: 所述中间实体检查接收的来自承载层的消息中是否包含紧急承载指示信 息;  The intermediate entity checks whether the received message from the bearer layer includes emergency bearer indication information; 如果包含, 则确定承载层使用了紧急承载。  If included, it is determined that the bearer layer uses an emergency bearer. 3、 根据权利要求 2所述的方法, 其特征在于, 所述中间实体检查应用 是否为紧急业务的过程包括:  The method according to claim 2, wherein the process of checking whether the application is an emergency service includes: 所述中间实体检查接收的来自应用层的消息中是否包含紧急业务指示信 息;  The intermediate entity checks whether the received message from the application layer includes emergency service indication information; 如果包含, 则确定应用居为紧急业务  If included, determine that the application is in emergency service 4> 根据权利要求 3所迷的方法, 其特征在于, 所述紧急业务指示信息是 根据会话剣建消息中的信息生成的  4) The method according to claim 3, wherein the emergency service indication information is generated according to information in a session setup message 5 > 根据权利要求 4所迷的方法, 其特征在于, 所述中间实体为接入側承 载控制 IP网关;  The method according to claim 4, wherein the intermediate entity is an access side bearer control IP gateway; 所迷泉自承载层的消息为用户终端申请资源的消息,所述来自应用层的消 息为策略决定功能实体返回的资源认证响应消息  The message from the bearer layer is a message for the user terminal to apply for a resource, and the message from the application layer is a resource authentication response message returned by the policy determining function entity. 6, 根据权利要求 5所述的方法, 其特征在于, 所述接入側承载控制 IP网 关包括: GPRS网关支持节点 GGS'N'、 和 /或分组数据服务节点 PDSISL  The method according to claim 5, wherein the access side bearer control IP gateway comprises: a GPRS gateway support node GGS 'N', and/or a packet data service node PDSISL Ί、 根据权利要求 4所述的方法, 其特征在于, 所述中间实体为策略决定 功能实体;  The method according to claim 4, wherein the intermediate entity is a policy decision function entity; 所迷来自承载层的消息为 GPRS网关支持节点 GGSN发起的资源认证消 息, 所述来自应用屋的消息为来自代理呼叫会话控制功能实体的资源授权消 息。  The message from the bearer layer is a resource authentication message initiated by the GPRS gateway support node GGSN, and the message from the application house is a resource authorization message from the proxy call session control function entity. 8、 根椐权利要求 1所述的方法, 其特征在于, 所述中间实体确定承载层 使用了紧急承载的过程包括: 8. The method of claim 1 wherein said intermediate entity determines a carrier layer The process of using emergency bearers includes: 所述中间实体检査接收到的应用信令是否包含了为紧急业务預留的承载 屋限定的相关资源;  The intermediate entity checks whether the received application signaling includes related resources defined by the bearer reserved for emergency services; 如果使用了为紧急业务预留的资源 > 则确定承载层使用了紧急承载。  If resources reserved for emergency services are used > then the bearer layer is determined to use emergency bearers. 9, 根据权利要求 8所述的方法, 其特征在于, 所述方法还包括: 为紧急业务预留承载层限定的相关资源;  The method according to claim 8, wherein the method further comprises: reserving related resources defined by the bearer layer for emergency services; 所述用户设备发送应用信令,所述应用信令数据包中包含了所述为紧急业 务预留的承载屋限定的相关资源信息。  The user equipment sends application signaling, where the application signaling data packet includes related resource information defined by the bearer house reserved for emergency services. 10、 根据权利要求 9所述的方法, 其特征在于, 所迷方法还包括: 所述接入侧承载控制 ΪΡ网关根据设置的针对紧急业务承载的过滤规则, 检查接收到的所迷用户设备所发出的应用信令数据包;  The method according to claim 9, wherein the method further comprises: the access side bearer control gateway checking the received user equipment according to the set filtering rule for the emergency service bearer The application signaling packet sent; 如杲所述应用信令数据包包含的承载层限定的相关资源信息属于所述预 留的承载层限定的相关资源, 则转发所迷应用信令;  For example, if the related resource information defined by the bearer layer included in the application signaling data packet belongs to the related resource defined by the reserved bearer layer, the application signaling is forwarded; 否则, 则判定该应用信令数据包非法„  Otherwise, it is determined that the application signaling packet is illegal. 11、 根据权利要求 8所述的方法 其特征在于、 所述中间实体检查应用层 是否为紧急业务的过程包括:  The method according to claim 8, wherein the process of checking, by the intermediate entity, whether the application layer is an emergency service comprises: 所述中间实体检查收到的应用信令中是否包含紧急业务指示信息; 如杲包含, 则确定应用层为紧急业务。  The intermediate entity checks whether the received application signaling includes emergency service indication information; if 杲 includes, determines that the application layer is an emergency service. 12、 根.据权利要求 1 1所述的方法, 其特征在于, 所述中间实体为应用层 服务器;  12. The method according to claim 11, wherein the intermediate entity is an application layer server; 所迷应用信令为 SIP消息。  The application signaling is a SIP message. 13. 根据权利要求 1至 12任一项所述的方法, 其特征在于, 所述呼叫为 用户终端发起的紧急呼叫, 或公共安全应答点对所迷紧急呼叫发起的回呼,  The method according to any one of claims 1 to 12, wherein the call is an emergency call initiated by a user terminal, or a callback initiated by a public safety answering point to the emergency call, 14. 根 4 &权利要求 1至 12任一项所述的方法, 其特征在于, 其特征在于, 所述方法还包括:  A method according to any one of the preceding claims, wherein the method further comprises: 确定所述呼叫滥用紧急承载资源时, 禁止或重定向所述呼叫  Disabling or redirecting the call when determining that the call abuses emergency bearer resources 15 , 一种 IMS中识别滥用紧急承载资源的装置, 其特征在于, 包括: 消息接收举元,用于接收在呼叫建立过程中出自同一会话的消息或应用信 令; 紧急承载识別单元, 用于.根据所迷消息或应用信令, 检査承载层是否使用 了紧急承载; An apparatus for identifying an abused emergency bearer resource in an IMS, comprising: a message receiving element for receiving a message or application signaling from a same session in a call setup process; An emergency bearer identifying unit, configured to check whether the bearer layer uses an emergency bearer according to the message or the application signaling; 紧急业务识別单元,用于根据所述消息或应用信令检查应用层是否为紧急 业务;  An emergency service identification unit, configured to check, according to the message or application signaling, whether the application layer is an emergency service; 判断单元,根据所述紧急承载识別单元和所述紧急业务识別单元的检查结 杲, 在所述结果为承载屋使用了紧急承载, 但应用层为非紧急业务时, 确定所 述呼叫滥用紧急承载资源。  a judging unit, according to the inspection result of the emergency bearer identification unit and the emergency service identification unit, determining that the call abuse is used when the result is that the bearer uses an emergency bearer, but the application layer is a non-emergency service Emergency carrying resources. 16, 根据权利要求 1.5所述的装置, 其特征在于,  16. Apparatus according to claim 1.5, wherein 所述紧急承载识別单元通过检查所述消息接收单元接收的来自承载层的 消息中包含紧急承载指示信息, 确定承载层使用了紧急承载;  The emergency bearer identifying unit determines that the bearer layer uses the emergency bearer by checking that the message from the bearer layer received by the message receiving unit includes emergency bearer indication information; 所述紧急业务识別单元通过检查所述消息接收单元接收的来自应用层的 消息中未—包含紧急承载指示信息, 确定应用层为非紧急业务„  The emergency service identification unit determines that the application layer is a non-emergency service by checking that the message from the application layer received by the message receiving unit does not include the emergency bearer indication information. 17, 根据权利要求 15所迷的装置, 其特征在于,  17. Apparatus according to claim 15 wherein: 所述紧急承载识別单元通过检查所述消息接收单元接收到的应用信令使 用了为紧急业务预留的承载资源, 确定承载层使用了紧急承载;  The emergency bearer identifying unit uses the bearer resource reserved for the emergency service by checking the application signaling received by the message receiving unit, and determines that the bearer layer uses the emergency bearer; 所述紧急业务识別单元通过检査所述消息接收单元接收的应用信令中未 包舍紧急业务指示信息, 确定应用层为非紧急业务  The emergency service identification unit determines that the application layer is a non-emergency service by checking the emergency service indication information that is not included in the application signaling received by the message receiving unit. 18, 根据权利要求 15至 17任一项所述的装置, 其特征在于, 还包括: 控制单元, 用于根据所述判断单元的确定结杲, 控制所述呼叫的建立, 如 杲所述判断单元的确定结果为所迷呼叫滥用紧急承载资源,则禁止或重定向所 迷呼叫 ,  The device according to any one of claims 15 to 17, further comprising: a control unit, configured to control establishment of the call according to the determination result of the determining unit, If the determined result of the unit is that the call abuses the emergency bearer resource, the called call is prohibited or redirected. 19 , 一种 IMS中识别滥用紧急.承载资源的系统, 包括接入側承载控制 IP 网关和应用层服务器, 其特征在于,  19 . A system for identifying abuse of emergency and bearer resources in an IMS, comprising: an access side bearer control IP gateway and an application layer server, wherein: 所迷接入側承载控制 IP网关包括资源分配装置,用于在呼叫建立过程中, 为用户终端分配资源,包括为申请紧急业务承载资源的用户分配预留的承载层 限定的相关资源;  The access-side bearer control IP gateway includes a resource allocation device, configured to allocate resources for the user terminal during the call setup process, including allocating related resources defined by the reserved bearer layer for the user applying for the emergency service bearer resource; 所迷应用层服务器包括识别装置,用于根椐所述应用层服务器接收的应用 信令, 识別使用所述承载层限定的相关资源的应用是否滥用紧急承载资源。  The application layer server includes identification means for identifying application signaling received by the application layer server, and identifying whether an application using the related resource defined by the bearer layer abuses emergency bearer resources. 20 , 根据权利要求 19所述的系统, 其特征在于, 所述接入倒承载控制 IP网关还包括过滤装置, 用于设置针对紧急业务的 承载的过滤规则, 并根据所述过滤规则检查所迷接入側承载控制 IP网关接收 到的应用信令使用的承载层限定的相关资源,如果所述应用信令数据包包含的 承载县限定的相关资源属于所述为紧急业务预留的承载层限定的相关资遜,则 允许所述接.入倒承载控制 P网关转发所述应用信令, 否则, 禁止或重定向所 述接入側承载控制 IP网关转发所述应用信令 20. The system of claim 19, wherein The access reverse bearer control IP gateway further includes filtering means, configured to set a filtering rule for the bearer of the emergency service, and check, according to the filtering rule, the application signaling received by the access side bearer control IP gateway. The related resources defined by the bearer layer, if the related resources defined by the bearer county included in the application signaling data packet belong to the related resource defined by the bearer layer reserved for the emergency service, the connection and the reverse bearer control are allowed. The P gateway forwards the application signaling, otherwise, prohibits or redirects the access side bearer control IP gateway to forward the application signaling. 2.K 权利要求 19或 20所述的系统, 其特征在于, 所述应用层服务器 还包括:  2. The system of claim 19 or 20, wherein the application layer server further comprises: 控制装置, 用于根据所述识别装置的 ^查结果, 控制所述呼叫的建立, 如 杲所述识别装置检查结果为所述呼叫滥用紧急承载资漉,则禁止或重定向所述 呼叫  a control device, configured to control establishment of the call according to a result of the checking of the identification device, and if the identification device checks that the call abuses emergency bearer resources, prohibits or redirects the call
PCT/CN2007/070278 2006-07-14 2007-07-12 Method for identifying abuse of emergency bearer resources, device and system thereof Ceased WO2008009234A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610099415.4 2006-07-14
CN200610099415 2006-07-14

Publications (1)

Publication Number Publication Date
WO2008009234A1 true WO2008009234A1 (en) 2008-01-24

Family

ID=38956552

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070278 Ceased WO2008009234A1 (en) 2006-07-14 2007-07-12 Method for identifying abuse of emergency bearer resources, device and system thereof

Country Status (1)

Country Link
WO (1) WO2008009234A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012025151A1 (en) 2010-08-25 2012-03-01 Nokia Siemens Networks Oy Method and apparatus for registration of an emergency service in packet data connections
WO2016180152A1 (en) * 2015-08-06 2016-11-17 中兴通讯股份有限公司 Authentication method and apparatus for accessing special business network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1422507A (en) * 2000-04-10 2003-06-04 诺基亚有限公司 Telephone Service in Mobile IP Network
US20030198331A1 (en) * 2002-04-19 2003-10-23 Worldcom, Inc. Telephone system and method for reliable emergency services calling
WO2005039227A1 (en) * 2003-10-17 2005-04-28 Nortel Networks Limited Method for obtaining location information for emergency services in wireless multimedia networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1422507A (en) * 2000-04-10 2003-06-04 诺基亚有限公司 Telephone Service in Mobile IP Network
US20030198331A1 (en) * 2002-04-19 2003-10-23 Worldcom, Inc. Telephone system and method for reliable emergency services calling
WO2005039227A1 (en) * 2003-10-17 2005-04-28 Nortel Networks Limited Method for obtaining location information for emergency services in wireless multimedia networks

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012025151A1 (en) 2010-08-25 2012-03-01 Nokia Siemens Networks Oy Method and apparatus for registration of an emergency service in packet data connections
CN103053149A (en) * 2010-08-25 2013-04-17 诺基亚西门子通信公司 Method and apparatus for registration of an emergency service in packet data connections
CN103053149B (en) * 2010-08-25 2016-03-09 诺基亚通信公司 The method and apparatus of the registration of the emergency services in connecting for grouped data
WO2016180152A1 (en) * 2015-08-06 2016-11-17 中兴通讯股份有限公司 Authentication method and apparatus for accessing special business network

Similar Documents

Publication Publication Date Title
EP2093931B1 (en) Method, system and policy control and charging rules function for processing service data streams
CN104322136B (en) Handling communication sessions in communication networks
CN101127671B (en) A method and system for remote control of home electrical appliance devices
CN101465808B (en) Method, device and system for controlling network PRI
US8572258B2 (en) Control of quality-of-service preconditions in an IP multimedia subsystem
CN101420432B (en) Implementing method, system and apparatus for IMS listening
EP2899937B1 (en) Qos bearer resource control method and system during access negotiation and release
TW201010467A (en) System, apparatus and method to enable mobile stations to identify calls based on predetermined values set in a call header
AU2006344794A1 (en) Loss of signalling bearer transport
BRPI0810914B1 (en) policy control method on a network, device operating to act as an application function entity, device operation method and device to operate as an application function entity, device operating method to operate as an entity policy control and policy control system
EP1762056B1 (en) Dynamic service information for the access network
US20110085470A1 (en) Apparatus and method for integrated signal processing for ip-based convergence network
US8249077B2 (en) Methods and apparatus for enhancing the scalability of IMS in VoIP service deployment
CN102263786B (en) A kind of method and system for realizing bearing resource control function
WO2014180410A1 (en) Method and apparatus for implementing media qos carrier resource control
WO2008003214A1 (en) Method, device and system for media flow traversing nat
WO2008009234A1 (en) Method for identifying abuse of emergency bearer resources, device and system thereof
CN101110991B (en) Method, device and system for identifying abuse of emergency bearer resources in IMS
CN102904859B (en) Ensure the method and system of streaming media service service quality
WO2009043289A1 (en) Method for determining the media stream path relation and call control system
CN104396213A (en) Methods and entities for processing messages
KR101007369B1 (en) Mobile communication system supporting call processing without PPC linkage and method
CN101106813B (en) Method for identifying abuse of emergency bearer resources and access side bearer control IP gateway
WO2008154850A1 (en) Method, entity and system of realizing network address transfer
WO2007085199A1 (en) Method, application and apparatus for identifying user state in networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764206

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07764206

Country of ref document: EP

Kind code of ref document: A1