With development of communication technology, an idea of separating a control plane of a gateway from a user plane thereof is proposed so as to simplify design of a hardware platform and reduce cost of the hardware platform, which is beneficial to accelerate deployment of a mobile packet data network. The original gateway can be separated into: a network gateway-control (GW-C) entity of the gateway and a network gateway-user (GW-U) entity (i.e. forward plane entity) thereof. Wherein, it is concerned that both the GW-C entity and a mobility management entity (MME/SGSN) adopt a general computer platform, therefore, they can be integrated together, and also can be separately arranged.
Before the separation, the gateway (including the GW-C and the GW-U) is connected with a lawful interception center (LIC) or a law enforcement agency (LEA) through an interface X1, an interface X2 and an interface X3, wherein, the X1 interface is configured to perform an access authentication by the gateway for the LIC/LEA and set monitoring information of a target to be intercepted; wherein, the monitoring information of the target to be intercepted includes at least one event of the following events: activation, update and deactivation of a PDP context/bearing context, user access report, tunnel built and tunnel released, which need to be reported by the X2 interface. The monitoring information can further include reporting user data content of lawful interception content tunnel (LICT) of the X3 interface. The monitoring information can further include information of the target to be intercepted, which includes an identifier of the target to be intercepted; the X3 interface is configured to report data content information of a UE device to the LEA or the LIC; that is to say, the gateway can report the data content information of the UE device to the LEA or the LIC through messages.
After the separation of the control plane entity and the user plane entity of the gateway, the intercepting interface of the LEA or the LIC is provided on the control plane entity, but uplink data of the user equipment UE are forwarded to a PDN through the user plane entity; the downlink user data of the PDN are forwarded to the UE through the user plane entity. However, if the interfaces X1, X2 and X3 are all provided on the control plane entity, the user plane entity cannot report the data content information of the user to the LEA or the LIC through the interface X3. If the user plane entity forwards the data of the target to be intercepted, the user equipment, to the control plane entity, and the data are reported to the LEA or the LIC by the control plane entity through the X3 interface thereon, then the control plane entity needs to reserve a data forwarding function, which results in a complex structure of the control plane entity and greatly increased cost.
During research and practice with respect to the prior art, the inventor of the present invention has found that in the present implementing manners, how to avoid a complex structure of the control plane entity and how to reduce data flow of the target to be intercepted between the control plane entity and the user plane entity are the technical problems to be solved at present.