阅读说明：本技术 一种基于ims网络诈骗电话拦截的实现方法、系统 (IMS network fraud call interception based realization method and system ) 是由 高树江 丁正 顾晓东 祝敬安 韦红 刘志永 刘艳 曹迪 于 2021-09-09 设计创作，主要内容包括：本申请公开了一种基于IMS网络诈骗电话拦截的实现方法,该方法包括,在诈骗电话拦截平台侧,接收IMS网络所触发的第一呼叫,将该第一呼叫所携带的呼叫参数进行存储,其中,呼叫参数包括主叫号码、被叫号码以及呼叫标识,当接收到来自外部系统的拦截请求时,则根据该请求所携带的主叫号码、被叫号码至少之一或其任意组合,查询所存储的呼叫参数,若查询到所存储的呼叫参数,则向IMS网络发送拆线信令,以使得第一呼叫被拆线。本申请可以对基于IMS网络的呼叫进行诈骗电话的监控和拦截,实时地切断通信,并可以为用户提供新的业务服务。(The application discloses a method for realizing IMS network fraud telephone interception, which comprises the steps of receiving a first call triggered by an IMS network at a fraud telephone interception platform side, storing call parameters carried by the first call, wherein the call parameters comprise a calling number, a called number and a call identifier, inquiring the stored call parameters according to at least one of the calling number and the called number carried by an external system or any combination thereof when an interception request from the external system is received, and sending a disconnection signaling to the IMS network to disconnect the first call if the stored call parameters are inquired. The method and the device can monitor and intercept the fraud calls of the calls based on the IMS network, cut off the communication in real time and provide new business services for users.)

1. A method for realizing IMS network fraud telephone interception is characterized in that the method comprises the following steps,

on the side of the fraud call interception platform,

receiving a first call triggered by an IMS network, storing call parameters carried by the first call, wherein the call parameters comprise a calling number, a called number and a call identifier,

when an interception request from an external system is received, inquiring the stored call parameters according to at least one of a calling number and a called number carried by the request or any combination thereof,

and if the stored call parameters are inquired, sending a disconnecting signaling to the IMS network so as to disconnect the first call.

2. The method of claim 1, further comprising,

storing the call parameters carried by the first call, calling the first call out to an IMS network,

monitoring the call state of the connected first call until the first call is ended;

when the interception request from the external system is not received, keeping monitoring of the call state until the first call is ended;

after the first call is over, the stored call parameters are deleted.

3. The method of claim 1, wherein said sending a disconnect signaling to the IMS network to cause the first call to be disconnected, comprises,

generating a disconnecting request according to the inquired calling parameters, wherein the request comprises a calling number, a called number and a calling identifier,

and according to the call identifier, generating a disconnecting signaling of the calling side and/or a disconnecting signaling of the called side in the IMS network in a simulation manner, and sending the disconnecting signaling to the IMS network.

4. The method as claimed in claim 3, wherein the simulating generates a disconnect signaling of a calling side and/or a disconnect signaling of a called side in the IMS network, and sends the disconnect signaling to the IMS network, including:

sending the disconnecting signaling of the calling side to the calling vehicle,

and according to the received response of the disconnecting signaling of the calling side, generating a disconnecting signaling of the called side in a simulation manner, and sending the disconnecting signaling to the called side in the IMS network.

5. The method of claim 1, wherein the first call is initiated by a subscriber to a calling number, or wherein a called number of the first call is a subscriber to a called number.

6. A method for realizing IMS network fraud telephone interception is characterized in that the method comprises the following steps,

on the side of the IMS network,

triggering the first call to a fraud phone interception platform,

receive disconnect signaling from a fraudulent telephone interception platform,

in response to the disconnect signaling, disconnecting the first call,

wherein the content of the first and second substances,

the disconnection signaling is generated by the fraud telephone interception platform inquiring the stored call parameters according to at least one of the calling number and the called number carried by the request or any combination thereof when receiving the interception request from the external system.

7. The method as recited in claim 6, wherein said method further comprises receiving a first call from said fraud phone interception platform, continuing said first call to said calling party and said called party,

the disconnecting signaling comprises a disconnecting signaling of the calling side and/or a disconnecting signaling of the called side, wherein the disconnecting signaling of the calling side is sent to the calling side, and the disconnecting signaling of the called side is sent to the called side.

8. A system for IMS network fraud telephone interception is characterized in that the system comprises,

a fraud call interception platform and an IMS network, wherein,

the fraud call interception platform is connected with a service call session control function S-CSCF in the IMS network and is connected with an external system,

the fraud telephone interception platform receives a first call triggered by the IMS network, stores call parameters carried by the first call, wherein the call parameters comprise at least one of a calling number, a called number or any combination thereof, and a call identifier,

when an interception request from an external system is received, inquiring the stored call parameters according to at least one of a calling number and a called number carried by the request or any combination thereof,

and if the stored call parameters are inquired, sending a disconnecting signaling to the IMS network so as to disconnect the first call.

9. The system as claimed in claim 8, wherein said fraud telephone interception platform comprises, a signaling docking module, a call logic processing module, an interface calling module, wherein,

the signaling interface module is used for interfacing with a serving call session control function S-CSCF in the IMS network,

the call logic processing module is used for receiving a first call triggered by an IMS network through the signaling docking module, storing call parameters carried by the first call, wherein the call parameters comprise at least one of a calling number, a called number or any combination thereof, and a call identifier,

when an interception request from an external system is received through an interface calling module, the stored call parameters are inquired according to at least one of a calling number and a called number carried by the request or any combination thereof,

and if the stored call parameters are inquired, sending a disconnecting signaling to the IMS network through a signaling docking module.

10. A computer-readable storage medium, wherein a computer program is stored in the storage medium, and when being executed by a processor, the computer program implements the steps of the method for implementing IMS phishing phone interception according to any one of claims 1 to 5, and/or the steps of the method for implementing IMS phishing phone interception according to any one of claims 6 to 7.

Technical Field

The invention relates to the field of communication, in particular to a method for realizing IMS network fraud call interception.

Background

In recent years, fraud implemented by communication means has been on the rise, negatively impacting social stability. With the upgrade of communication technology, the communication system is realized by upgrading the original circuit switching technology to the IMS (IP multimedia system) technology based on IP network, for example, the currently used fixed telephone communication network and 4G/5G mobile communication network system are realized by IMS network and technology; the proportion of fraudulent calls implemented through the IMS network is also increasing in the current communication technology background, and the control and implementation interception of fraudulent calls initiated by the IMS network are imperative.

The current interception techniques for fraud calls mainly focus on the following two types:

1. fraud call real-time interception technique based on serial connection system of traditional circuit switching network

In the traditional circuit switching network, the switching network adopts a layered architecture, the networking is relatively complex, the fraud telephone real-time interception system is connected into the switching network in a serial connection mode, and all calls passing through the switching network are subjected to subsequent connection through the fraud telephone interception system, so that the monitoring and filtering of the call state are realized; due to the complexity of the switching network, the fraud call real-time interception system cannot be connected to all switching nodes in series, and more important switching nodes are generally selected, such as cross-network gateway offices, cross-regional long distance offices and the like, so as to realize monitoring and real-time interception handling of fraud calls in inter-network and long distance calls.

The fraud telephone is controlled in a serial connection mode in the traditional communication network to realize the real-time interception function, the realization principle is simple, but the serial connection mode enables a fraud telephone interception system to become a node in the whole call flow of a communication number, the interception system is easy to form a fault point in a switching network besides needing to use a large amount of signaling and relay equipment to realize butt joint with the switching network, the stable operation of the interception system directly influences all calls passing through the node, meanwhile, according to the characteristics of hierarchical networking of the switching network, the interception system cannot be connected in all the switching network nodes in series, and the incomplete phenomenon exists in all the control ranges.

2. Fraud telephone real-time interception technology of intelligent network system based on traditional circuit switching network

In a traditional circuit switching network, a service Control point (scp) of an intelligent network system is utilized to realize a real-time interception function of a fraud call, the method needs to be connected to a Signaling Transfer Point (STP) of the circuit switching network, an intelligent network subscription is opened for a call of a calling number or a called number, a switching core network triggers the call to the intelligent network system for monitoring and real-time interception functions in a call subscription mode, and the intelligent network mode can realize management after all call subscription triggers by accessing to the scp.

The method is characterized in that a real-time interception technology of fraud telephones is mature in a traditional intelligent network mode, an intelligent network technology supports the perfect disaster tolerance aspect of the whole switched network, however, the intelligent network mode is adopted to manage and control the fraud telephones, an intelligent network subscription function needs to be opened for calling and called numbers, the subscription attribute of the numbers in the traditional switched network is unique and cannot be repeatedly subscribed, a plurality of services (such as virtual network services, prepaid services and the like) of user numbers in the current network are realized in a subscription intelligent network mode, and therefore the mode has the mutual exclusion of intelligent network subscription and other services, and the user range is reduced.

With the development of communication technology, the switching network has been upgraded from traditional circuit switching to an IP-based IMS switching network, and with the popularization of 4G communication technology and the popularization of 5G, the IMS network-based mobile phone and fixed phone users have become popular, and on this background, the fraud phone real-time interception function based on the traditional circuit domain cannot support most of IMS network users, and needs to support the call real-time interception function under the IMS network.

Disclosure of Invention

The invention provides a method for realizing IMS network-based fraud call interception, which is used for intercepting IMS network-based fraud calls.

The invention provides a method for realizing IMS network fraud telephone interception, which is realized as follows:

on the side of the fraud call interception platform,

receiving a first call triggered by an IMS network, storing call parameters carried by the first call, wherein the call parameters comprise a calling number, a called number and a call identifier,

when an interception request from an external system is received, inquiring the stored call parameters according to at least one of a calling number and a called number carried by the request or any combination thereof,

and if the stored call parameters are inquired, sending a disconnecting signaling to the IMS network so as to disconnect the first call.

Preferably, the method further comprises the step of,

storing the call parameters carried by the first call, calling the first call out to an IMS network,

monitoring the call state of the connected first call until the first call is ended;

when the interception request from the external system is not received, keeping monitoring of the call state until the first call is ended;

after the first call is over, the stored call parameters are deleted.

Preferably, the sending of the disconnect signaling to the IMS network, such that the first call is disconnected, comprises,

generating a disconnecting request according to the inquired calling parameters, wherein the request comprises a calling number, a called number and a calling identifier,

and according to the call identifier, generating a disconnecting signaling of the calling side and/or a disconnecting signaling of the called side in the IMS network in a simulation manner, and sending the disconnecting signaling to the IMS network.

Preferably, the simulating generates a disconnecting signaling of the calling side and/or a disconnecting signaling of the called side in the IMS network, and sends the disconnecting signaling to the IMS network, including:

sending the disconnecting signaling of the calling side to the calling vehicle,

and according to the received response of the disconnecting signaling of the calling side, generating a disconnecting signaling of the called side in a simulation manner, and sending the disconnecting signaling to the called side in the IMS network.

Preferably, the first call is initiated by a subscriber of a calling number, or a called number of the first call is a subscriber of a called number.

In another aspect, the present invention provides a method for implementing IMS phishing phone interception, the method including,

on the side of the IMS network,

triggering the first call to a fraud phone interception platform,

receive disconnect signaling from a fraudulent telephone interception platform,

in response to the disconnect signaling, disconnecting the first call,

wherein the content of the first and second substances,

the disconnection signaling is generated by the fraud telephone interception platform inquiring the stored call parameters according to at least one of the calling number and the called number carried by the request or any combination thereof when receiving the interception request from the external system.

Preferably, the method further comprises receiving a first call from the fraud telephone interception platform, continuing the first call to the calling party and the called party,

the disconnecting signaling comprises a disconnecting signaling of the calling side and/or a disconnecting signaling of the called side, wherein the disconnecting signaling of the calling side is sent to the calling side, and the disconnecting signaling of the called side is sent to the called side.

The invention also provides a system for IMS-based phishing phone interception, which comprises,

a fraud call interception platform and an IMS network, wherein,

the fraud call interception platform is connected with a service call session control function S-CSCF in the IMS network and is connected with an external system,

the fraud telephone interception platform receives a first call triggered by the IMS network, stores call parameters carried by the first call, wherein the call parameters comprise at least one of a calling number, a called number or any combination thereof, and a call identifier,

when an interception request from an external system is received, inquiring the stored call parameters according to at least one of a calling number and a called number carried by the request or any combination thereof,

and if the stored call parameters are inquired, sending a disconnecting signaling to the IMS network so as to disconnect the first call.

Preferably, the fraud phone interception platform comprises a signaling docking module, a call logic processing module, and an interface calling module, wherein,

the signaling interface module is used for interfacing with a serving call session control function S-CSCF in the IMS network,

the call logic processing module is used for receiving a first call triggered by an IMS network through the signaling docking module, storing call parameters carried by the first call, wherein the call parameters comprise at least one of a calling number, a called number or any combination thereof, and a call identifier,

when an interception request from an external system is received through an interface calling module, the stored call parameters are inquired according to at least one of a calling number and a called number carried by the request or any combination thereof,

and if the stored call parameters are inquired, sending a disconnecting signaling to the IMS network through a signaling docking module.

The invention also provides a computer readable storage medium, which stores a computer program, and the computer program when executed by a processor realizes the steps of any one of the IMS phishing phone interception based implementation methods on the fraud phone interception platform side, and/or the steps of any one of the IMS phishing phone interception based implementation methods on the IMS network side.

The method for realizing IMS network fraud telephone interception comprises the steps of triggering a call in an IMS network to a fraud telephone interception platform side and storing call parameters, inquiring the stored call parameters according to at least one of a calling number and a called number carried by an interception request from an external system or any combination of the calling number and the called number when the interception request is received, and sending a disconnection signaling to the IMS network if the stored call parameters are inquired, so that a first call is disconnected. The method and the device can monitor and intercept the fraud calls of the calls based on the IMS network, cut off the communication in real time and provide new business services for users.

Drawings

Fig. 1 is a schematic flow chart of an implementation method for IMS phishing phone interception according to the present application.

FIG. 2 is a schematic diagram illustrating an implementation structure of IMS phishing phone interception according to an embodiment of the present application.

FIG. 3 is a schematic diagram illustrating a real-time fraud interception process according to an embodiment of the present application.

FIG. 4 is a schematic diagram illustrating normal calls when there is no fraud call in the embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical means and advantages of the present application more apparent, the present application will be described in further detail with reference to the accompanying drawings.

The method and the device trigger the call initiated in the IMS network to the fraud call interception platform, generate the disconnection signaling through the interception processing of the platform, and send the disconnection signaling to the IMS network, so that the call is disconnected. The method and the system realize real-time call interruption for fraud calls in an SIP AS (application service) mode, provide an interface for real-time interception of fraud calls, encapsulate the call control capability of an IMS core network, and invoke and extend the service range of a communication network to the industry in the interface mode.

Referring to fig. 1, fig. 1 is a schematic flow chart of an implementation method for IMS phishing phone interception according to the present application. The method comprises, at the side of fraud call intercepting platform,

step 101, receiving a first call triggered by an IMS network, storing call parameters carried by the first call, wherein the call parameters include a calling number, a called number, and a call identifier,

102, when receiving the interception request from the external system, inquiring the stored call parameters according to at least one of the calling number and the called number carried by the request or any combination thereof,

step 103, if the stored call parameters are inquired, sending a disconnect signaling to the IMS network, so that the first call is disconnected.

For ease of understanding, the following is further explained in connection with functional network elements in an IMS network.

Referring to fig. 2, fig. 2 is a schematic diagram of an implementation structure of IMS phishing phone interception based on the embodiment of the present application.

And when the call occurs, the call is triggered to the fraud call interception platform through the cooperation of all network elements in the IMS network so as to realize the real-time interception function of the fraud call. In the core network of the IMS network, a service call session control function (S-CSCF), a proxy call session control function (P-CSCF), an interrogating call session control function (I-CSCF) and a Home Subscriber Server (HSS) are included,

wherein the content of the first and second substances,

the S-CSCF is a core node of the IMS network, and is responsible for functions of access registration, authentication, session processing, routing, service triggering, and the like of a user.

The P-CSCF is an access point for accessing the IMS network by the user and is responsible for forwarding signaling with other network elements;

the I-CSCF is used for receiving the signaling from the P-CSCF, inquiring the S-CSCF to which the user initiating the message belongs, and transferring the session to the S-CSCF for processing;

the HSS is configured to store IMS user data and provide corresponding data for other network elements through querying, and in this embodiment, the HSS stores fraud call interception user subscription information, so that a call processed by a fraud call interception platform performs fraud call interception according to the user subscription information stored in the HSS, that is, when a call occurs, the S-CSCF queries user data to obtain user subscription information, and triggers the call to a fraud call real-time interception platform.

The fraud phone intercepting platform is connected with S-CSCF in the IMS core network in an opposite mode and completes interaction of real-time Call signaling with the S-CSCF, information such as calling and called numbers, SIP signaling, Call-ID and the like is recorded in the fraud phone intercepting platform, when a certain calling and called number needs to be intercepted in real time, the calling logic processing module inquires and stores a Call state record, real-time Call disconnection operation is conducted on the Call according to IMS system signaling interaction rules, and therefore real-time monitoring and control are conducted on the Call, and the real-time intercepting function of the fraud phone is completed according to an intercepting instruction from the outside.

The fraud call intercepting platform comprises a signaling docking module, a call logic processing module, a memory database, an interface calling module and a ticket synchronizing module,

wherein the content of the first and second substances,

a signaling docking module, configured to dock an S-CSCF of an IMS core network, receive a call initiated by a user through an ISC (SIP) interface, and thereby cooperate with the IMS core network to complete functions such as call connection and signaling interaction;

the call logic processing module is a core module of call processing and is used for carrying out normal connection on a call according to a received signaling message, carrying out disconnection interception according to a signaling protocol standard corresponding to a received fraud call interception request;

the interface calling module is a calling interface of the IMS fraud telephone real-time interception function, and is used for calling the fraud telephone real-time interception function through the interface by an external system, and realizing the real-time interception of fraud telephones through the conditions of calling numbers and called numbers received on the interface;

the memory database is used for storing the mapping relation of the calling number, the called number, the Call identifier (Call-ID) and the like of each Call on the Call logic processing module, receiving the query of the Call logic processing module, and returning the relation between the calling number, the called number and the Call-ID to the Call logic processing module according to the query of the calling number and the called number so as to realize the real-time Call disconnection function;

and the ticket synchronization module is used for storing tickets called by the fraud call interception platform, particularly the interception tickets of real-time call interruption of fraud calls, and is used for external system inquiry.

Referring to fig. 3, fig. 3 is a schematic diagram illustrating a fraud call real-time interception process according to an embodiment of the present application. The fraud call intercepting process refers to that after a call is triggered to a fraud call intercepting platform, the fraud call intercepting platform receives a fraud call intercepting request from an external system through an open interface in the normal continuous process that the call is not ended, and the call in the call is subjected to real-time call disconnection operation according to the received fraud call intercepting request. Assuming that the call is a caller from a subscriber, the process includes:

step 301, a call from a user is triggered to a signaling docking module in a fraud telephone interception platform through a P-CSCF, an I-CSCF and an S-CSCF in sequence,

preferably, the user may be a calling subscriber or a called subscriber, and when the S-CSCF queries the HSS to obtain that the user is a subscriber, the S-CSCF triggers the current call to the signaling docking module in the fraud call interception platform.

Step 302, the signaling interface module inputs the call to the call logic processing module,

step 303, the Call logic processing module writes the information (Call parameters) of the calling number, called number, Call-ID, etc. carried by the Call into the memory database and stores them,

step 304, the call logic processing module calls out to the IMS through the signaling docking module to continue to call out through the S-CSCF in the IMS, connect the called number and carry out normal conversation;

305, the call logic processing module monitors the real-time state of the connected call through a call state monitoring process;

preferably, the external system can invoke the monitored call state through the interface call module, thereby discovering whether a fraudulent call exists.

Step 306, when the Call logic processing module receives the first fraud Call interception request from the external system through the interface calling module, inquiring the memory database according to one or any combination of the calling number and the called number carried by the request, if a Call corresponding to one or any combination of the calling number and the called number exists in the memory database, sending a second fraud Call interception request to the Call state monitoring process, where the request carries one or any combination of the calling number and the called number, and the Call-ID inquired by the memory database,

wherein, the external system is a designated private network except the fraud call interception platform and the IMS network, for example, the external system can be an anti-fraud center network;

the first fraudulent call interception request may comply with the HTTP protocol and be sent when the external system discovers that a fraudulent call exists.

Step 307, the Call state monitoring process initiates a disconnect request to the Call logic processing module according to the received second fraud Call interception request, the request carries the calling number, the called number, and the Call-ID,

step 308, the Call logic processing module generates a simulated disconnecting signaling according to the Call-ID carried by the received disconnecting request,

for example,

a signaling butt-joint module initiates a simulated called disconnection signaling to a calling side through an S-CSCF,

the calling logic processing module initiates a simulation calling party disconnecting signaling to the called side through the S-CSCF by the signaling docking module according to the simulation called party disconnecting signaling response from the calling side,

step 309, after the calling and called parties are disconnected successfully, the Call logic processing module deletes the Call record in the memory database according to the calling number, the called number and the Call-ID information, and the Call interception is completed.

Referring to fig. 4, fig. 4 is a schematic diagram illustrating normal calling when a fraud-free phone is called according to an embodiment of the present application. Assuming that the call is a caller from a subscriber, the call process includes,

step 401, a call from a user is triggered to a signaling docking module in a fraud telephone interception platform through a P-CSCF, an I-CSCF and an S-CSCF in sequence,

preferably, the user may be a calling subscriber or a called subscriber, and when the S-CSCF queries the HSS to obtain that the user is a subscriber, the S-CSCF triggers the current call to the signaling docking module in the fraud call interception platform.

Step 402, the signaling interface module inputs the call to the call logic processing module,

step 403, the Call logic processing module writes the information of the calling number, called number, Call-ID, etc. carried by the Call into the memory database and stores them,

step 404, the call logic processing module continues to make an outbound call through the S-CSCF in the IMS through the signaling docking module to connect the called number and make a normal call;

step 405, the call state monitoring process performs real-time state monitoring on the connected call;

step 406, determining whether a first fraud phone interception request from an external system is received, when the first fraud phone interception request is not received, keeping monitoring of the current call state, and repeatedly executing step 406 until the call is ended.

Step 407, the Call logic processing module deletes the information of the calling and called numbers and the Call-ID from the memory database in time.

In the embodiment, the fraud call interception platform is in butt joint with the S-CSCF in the IMS core network, so that the call state monitoring is carried out in an AS mode, and normal call connection is not sensed for a user; the call is triggered to a fraud call interception platform through an IMS iFC subscription mode of the calling number and the called number, so that the realization is simple, and the user coverage is wide; simulating the call ending signaling of a calling party and a called party to carry out interaction in the calling process, and conforming to protocol specifications and signaling interaction flows; because the call concurrency in the IMS network is huge, only real-time call data is stored through the memory database, and necessary conditions for call processing are provided for fraud call interception.

In the embodiment, the fraud call interception platform realizes the processing of the call capability by butting the IMS core network, namely, the fraud call real-time interception function is packaged and then is butted with an external system by an interface calling mode, so that the range of the communication service capability is extended, and the opening of the communication network capability and the fusion of the network are realized; when the external system is an anti-fraud center system, fraud calls can be intercepted in real time, the rights and interests of the victims are protected, and the contribution is made to current national anti-fraud; the original 2/3G communication anti-fraud interception function is supplemented, the real-time interception of 4G/5G user fraud calls can be supported, and the short board of the current fraud call management and control is supplemented.

The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the storage medium, and when being executed by a processor, the computer program realizes the steps of the implementation method based on IMS phishing phone interception.

For the device/network side device/storage medium embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the relevant points, refer to the partial description of the method embodiment.

In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.