As mobile communication technologies develop continuously, operators around the world already have deployed and tested Long Term Evolution (LTE) networks/4G networks, and 4G networks have gradually entered our daily life. The multimedia service of LTE network evolution is realized by creating an IP Multimedia Subsystem (IMS), that is, a 4G user equipment (UE) accesses the IMS through an Evolved Packet System (EPS) to realize media services such as a voice service and a short message service and the like. To guarantee the security of an access, the IMS can selectively encrypt an SIP signaling at a Gm interface between a UE and a Proxy Call Session Control Function (P-CSCF), and the authorization of the IMS is authenticated by the ESP mechanism providing Internet Protocol Security (IPsec), thereby realizing a secure access to the IMS system.
According to the Authentication and Key Agreement (AKA) mechanism of an IMS for authorization and authentication, a security mechanism is negotiated, IPSec ESP-related parameters are exchanged, and a Security Association (SA) is established between a UE and a P-CSCF during the registration process of the UE, so that each SIP signaling subsequently passing the SA is encrypted. That is, an SIP signaling is transmitted between the UE and the P-CSCF through an SA tunnel (IPSec encryption tunnel), and the Session Initiation Protocol (SIP) signaling is an encrypted SIP signaling.
The encryption for an SIP signaling guarantees the security of an access to an IMS but makes the signaling monitoring system of an LTE network incapable of decrypting the SIP signaling, resulting in that an SIP-based voice over Internet Protocol (SIP-VOIP) service cannot be monitored.
The problem that the signaling monitoring system of the ESP system cannot monitor an encrypted SIP-VOIP service is currently solved by directly deploying a signaling collection system in an IMS system in which an SIP signaling is unencrypted. However, the IMS system is typically an independent system which is independent from an EPS system and which is generally not opened by a network operator. The deployment of a signaling collection system in an IMS system is equivalent to additional setting a monitoring system. Thus, the operating cost of the operator is increased. Moreover, because the additionally set monitoring system does not belong to the signaling monitoring system of the EPS system, it cannot be associated with the other signaling such as the wireless network or the core network of the EPS system or acquire an overall index. Thus, an SIP-VOIP session service cannot be monitored by the signaling monitoring system of the EPS, as a result, operational requirements of the operator cannot be met.
Therefore, the SIP signaling decryption method used in the conventional art increases the operating cost of the operator but still fails to meet operational requirements of the operator and lowers the operational result of a network provided by the operator.