Unlock instant, AI-driven research and patent intelligence for your innovation.

VoLTE data traffic filtering method and device, gateway, equipment and medium

A technology of data flow and filtering method, applied in the field of communication security, can solve the problems of breaking commercial password management regulations, VoLTE data packet filtering, etc.

Active Publication Date: 2019-05-03
CHINA MOBILE COMM LTD RES INST +1
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the prior art, there is no solution for filtering VoLTE data packets transmitted on the 4G network in the communication network, resulting in the transmission of unauthorized VoLTE encrypted data traffic in the communication network, which violates the national commercial encryption management regulations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • VoLTE data traffic filtering method and device, gateway, equipment and medium
  • VoLTE data traffic filtering method and device, gateway, equipment and medium
  • VoLTE data traffic filtering method and device, gateway, equipment and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] figure 2 It is a schematic diagram of a VoLTE data flow filtering process provided by an embodiment of the present invention, and the process includes:

[0049] S201: Identify whether the VoLTE data packet to be forwarded contains an Encapsulating Security Payload (ESP) encapsulated packet, if yes, proceed to S202, if not, proceed to S204.

[0050] The VoLTE data flow filtering method provided by the embodiment of the present invention is applied to a first gateway. The first gateway may be a modified SGW or a detection gateway (GW) added in the bypass of the SGW. The detection gateway and the SGW After connection, the VoLTE data packet to be forwarded received by the SGW can be obtained.

[0051] Internet Protocol Security (IPSec) is not a separate protocol. It provides a complete set of architectures applied to network data security at the IP layer, including the authentication header (Authentication Header, AH), ESP, and Internet. Key exchange (Internet Key Exchange, IKE)...

Embodiment 2

[0063] Since the data packets forwarded by the SGW include not only the VoLTE data packets of the audio and video call services, but also the 4G Internet data packets of the data Internet services, on the basis of the above embodiments, in order to improve the filtering efficiency of VoLTE data packets, the implementation of the present invention In an example, before the identifying whether the VoLTE data packet to be forwarded contains an ESP encapsulated packet, the method further includes:

[0064] Receiving a data packet to be forwarded, and identifying an access point (Access Point Name, APN) in the data packet;

[0065] Determining whether the APN is an IP Multimedia Subsystem (IMS) APN;

[0066] If it is, it is determined that the data packet is a VoLTE data packet, and the subsequent steps are performed.

[0067] Specifically, if the first gateway is the SGW, the SGW receives the data packet to be forwarded, identifies whether the APN in the data packet is an IMS APN, and if ...

Embodiment 3

[0078] In order to ensure the accuracy of VoLTE data traffic filtering, if the first gateway is an SGW, blocking the forwarding of the VoLTE data packet includes:

[0079] Discard the VoLTE data packet or delete the bearer channel corresponding to the VoLTE data packet.

[0080] Specifically, if the SGW determines that the ESP encapsulated message contained in the VoLTE data packet cannot be parsed as RTP, or RTCP, or SIP, discard the VoLTE data packet or delete the bearer channel corresponding to the VoLTE data packet.

[0081] Figure 4 with Figure 5 This is a schematic diagram of VoLTE data traffic blocking provided by an embodiment of the present invention, such as Figure 4 with Figure 5 As shown, the VoLTE data packets sent between the UE and the IMS need to be transmitted through the MME, SGW, and P-GW. Therefore, the SGW can block the encrypted VoLTE data packets sent between the UE and the IMS. Specifically, Such as Figure 4 As shown, in the UE registration process, after...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a VoLTE data flow filtering method and device, a gateway, electronic equipment and a storage medium. The method comprises the steps that the first gateway identifies whether aVoLTE data packet to be forwarded contains a message packaged by an ESP or not; If the VoLTE data packet contains the message packaged by the ESP, judging whether the message packaged by the ESP can be analyzed or not; And if not, blocking the forwarding of the VoLTE data packet. According to the embodiment of the invention, the VoLTE data packet to be forwarded comprises a message packaged by theESP by the first gateway, the ESP-encapsulated packet cannot be parsed, the forwarding of the VoLTE packet is blocked. The method can be used for detecting and blocking the VoLTE encrypted data flow,avoiding the transmission of unauthorized VoLTE encrypted data flow in a communication network, and meeting the national commercial password management regulations when the VoLTE encrypted data flowis unauthorized and the message packaged by the ESP cannot be analyzed.

Description

Technical field [0001] The present invention relates to the technical field of communication security, in particular to a VoLTE data flow filtering method, device, gateway, electronic equipment and storage medium. Background technique [0002] VoLTE, or Voice over LTE, is a voice service based on the IP Multimedia Subsystem (IMS). The service is carried on the 4th Generation mobile communication technology (4G) network and can realize data, audio and video. Unification of business under the same network. That is, the 4G network not only provides data Internet services, but also provides audio and video call services. [0003] The National Commercial Encryption Regulations stipulate that any unit or individual can only use commercial encryption products approved by the national encryption management agency, and must not use self-developed or overseas-produced encryption products, and stipulate that foreign organizations or individuals use encryption products or Equipment containin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 陆黎王静侯长江
Owner CHINA MOBILE COMM LTD RES INST