Abstract: A method and system are provided for use in detecting and preventing attacks in a communications network. In one example, the method includes calculating first and second traffic volumes based on messages received at a first time and a second time, respectively. An average acceleration is calculated based on the first and second traffic volumes, and the method identifies whether the average acceleration has crossed a threshold. The messages are serviced only if the average acceleration has not crossed the threshold.

Abstract: A method and system are provided for use in detecting and preventing attacks in a communications network. In one example, the method includes calculating first and second traffic volumes based on messages received at a first time and a second time, respectively. An average acceleration is calculated based on the first and second traffic volumes, and the method identifies whether the average acceleration has crossed a threshold. The messages are serviced only if the average acceleration has not crossed the threshold.

Abstract: A system, method and apparatus authenticates and protects an Internet Protocol (IP) user-end device by providing a client-based security software resident on the IP user-end device, authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, and protecting the IP user-end device by: (a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node.

Abstract: The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

Abstract: The present invention provides a system, method and apparatus for authenticating an Internet Protocol (IP) phone and a user of the IP phone by determining whether the IP phone is an authorized device, and whenever the IP phone is authorized and a trigger condition occurs, determining whether the user of the IP phone is authorized. The user authorization process initiates a call to the IP phone, sends a request for a passcode to the IP phone, sends a message to disable the IP phone whenever the passcode is invalid, and terminates the call. The user authentication process uses an in-band channel and the IP phone does not run a two factor authentication client application during the authentication process.

Abstract: The present invention provides a system, method and apparatus for protecting against high volume attacks. The present invention receives a packet, determines a source of the received packet, and updates a tree-based data structure based on the source of the received packet. The received packet is accepted or passed on whenever one or more statistics stored within the tree-based data structure do not exceed a threshold. The received packet is dropped whenever the one or more statistics exceed the threshold. The present invention can be implemented in hardware, software or a combination thereof. The software will implement the steps as one or more code segments of a computer program embodied on a computer readable medium.

Abstract: The present invention provides a system, method and apparatus for providing security in an IP-based end user device, such personal computer clients, hard phones, soft phones, cellular phones, dual-mode phones, handheld communication devices, wireless communications devices and any other device capable of supporting real time IP-based applications. An application layer, a TCP/IP layer and a datalink layer of the IP-based end user device are monitored. Whenever an incoming session is detected and analyzed, the incoming session is accepted whenever one or more session security parameter(s) are satisfied and the incoming session is denied whenever the session security parameter(s) are not satisfied. Whenever an incoming packet is detected and analyzed, the incoming packet is processed whenever one or more packet security parameter(s) are satisfied and the incoming packet is dropped whenever the packet security parameter(s) are not satisfied.

Abstract: The present invention provides a system, method and apparatus for troubleshooting one or more communications between a first device and a second device. A monitoring device disposed between the first device and the second device receives a message associated with the communication(s), analyzes the received message and stores the analyzed message whenever the analyzed message satisfies one or more troubleshooting criteria. The one or more troubleshooting criteria may include one or more data element criteria, one or more event-based criteria, one or more time-based criteria, one or more logical operators or a combination thereof. The method can be implemented using a computer program embodied on a computer readable medium having one or more code segments to perform the method steps.

Abstract: The present invention provides a system, method and apparatus for securely exchanging security keys and monitoring links in an IP communications network. The apparatus is disposed between the local device and the remote device and receives a security key associated with the secure communication(s) for the local device. The apparatus then uses the security key to decode one or more messages transmitted between the local device and the remote device. The apparatus may initiate one or more security protocols whenever the decoded message(s) satisfy one or more criteria. Note that the present invention can be implemented as a computer program embodied on a computer readable medium wherein each step is performed by one or more code segments.

Abstract: The present invention provides a system, method and apparatus for providing network level and nodal level vulnerability protection in VoIP networks by receiving a communication, filtering the received communication using three or more stages selected from the group comprising a media protection and filtering plane, a policy based filtering plane, a signature based filtering plane, a protocol anomaly detection and filtering plane and a behavioral learning based filtering plane, and either allowing or denying the received communication based the filtering step. The stages are applicable to one or more protocols including SIP, IMS, UMA, H.248, H.323, RTP, CSTA/XML or a combination thereof. In addition, the stages can be implemented within a single device or are distributed across a network (e.g., SIP network, a UMA network, an IMS network or a combination thereof).

Abstract: The present invention provides a system, method and apparatus for automatically classifying voice communications, such as voice messages and phone calls in prerecorded voicemails (one speaker) and two-way conversations, as either spam or legitimate signals in a communications system (e.g., SIP, IMS, UMA, etc.). More specifically, the present invention classifies a voice communication session by receiving one or more voice communication packets associated with the voice communication session, extracting one or more properties from the received voice communication packets and classifying the voice communication session based on the extracted properties. The present invention can also be implemented as a computer program embodied on a computer readable medium wherein each step is performed by one or more code segments.

Abstract: A method and system are provided for use in detecting and preventing attacks in a communications network. In one example, the method includes calculating first and second traffic volumes based on messages received at a first time and a second time, respectively. An average acceleration is calculated based on the first and second traffic volumes, and the method identifies whether the average acceleration has crossed a threshold. The messages are serviced only if the average acceleration has not crossed the threshold.