Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: Techniques are provided to use a trusted identity and location to select the most appropriate point of interconnect to edge application execution environments as well as a specific edge application execution environment. The techniques may involve obtaining, on behalf of a wireless mobile device, an access identifier that indicates an access location of the wireless mobile device that is wirelessly connected to wireless network infrastructure equipment operated by an access network provider that is associated with, and a member of, a federation of access network providers. The access location for the wireless mobile device is derived based on the access identifier, and the access location is used to select an edge resource to be used by the wireless mobile device.

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: Techniques are provided to use a trusted identity and location to select the most appropriate point of interconnect to edge application execution environments as well as a specific edge application execution environment. The techniques may involve obtaining, on behalf of a wireless mobile device, an access identifier that indicates an access location of the wireless mobile device that is wirelessly connected to wireless network infrastructure equipment operated by an access network provider that is associated with, and a member of, a federation of access network providers. The access location for the wireless mobile device is derived based on the access identifier, and the access location is used to select an edge resource to be used by the wireless mobile device.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

Abstract: In one embodiment, a device in a network captures domain name system (DNS) response data from a DNS response sent by a DNS service to a client in the network. The device captures session data for an encrypted session of the client. The device makes a determination that the encrypted session is malicious by using the captured DNS response data and the captured session data as input to a machine learning-based or rule-based classifier. The device performs a mediation action in response to the determination that the encrypted session is malicious.

Abstract: This disclosure relates to a system and method for offloading selected data traffic in logical tunnels to the Internet. The offloading provides another data path for selected data traffic that can relieve the burden on a mobile operator's network, such as the backhaul and core networks. As the proliferation of data rich content and increasingly more capable mobile devices has continued, the amount of data communicated over mobile operator's networks has increased. Upgrading the existing network that was designed for voice calls is not desirable or practical for many mobile operators. This disclosure provides systems and methods for offloading data to the Internet at a router to relieve congestion on the mobile operator's network.

Abstract: In one embodiment, a method includes receiving, at a visited network node, policy for a roaming terminal from a home network of the roaming terminal. The policy is associated with a home Internet Protocol (IP) address of the roaming terminal. The visited network node applies the policy in the visited network to data packets that include the home IP address. Applying the policy to a data packet encompasses either enforcing the policy at the node that applies the policy or sending data that indicates the policy to a different node that applies the policy based on the data sent, or both.

Abstract: In one embodiment, a network device receives an Internet protocol (IP) registration request, such as a mobile IP registration request, from an access terminal. The network device may be a home agent that is configured to register the access terminal for IP services at the network layer. In addition to registering the access terminal at the network layer, the network device may facilitate registration at another layer, such as the application layer. In one example, registration information for the access terminal for an application layer registration, such as information needed to register for a session initiation protocol (SIP) services, is determined. The network device then facilitates registration at the application layer automatically using the registration information.

Abstract: This disclosure relates to a system and method for offloading selected data traffic in logical tunnels to the Internet. The offloading provides another data path for selected data traffic that can relieve the burden on a mobile operator's network, such as the backhaul and core networks. As the proliferation of data rich content and increasingly more capable mobile devices has continued, the amount of data communicated over mobile operator's networks has increased. Upgrading the existing network that was designed for voice calls is not desirable or practical for many mobile operators. This disclosure provides systems and methods for offloading data to the Internet at a router to relieve congestion on the mobile operator's network.

Abstract: In one embodiment, a method includes receiving packet flow optimization (PFO) configuration data that associates each rule name of multiple PFO rule names with a corresponding method for processing a data packet in a communications network based on data in a payload of a layer 3 protocol of the data packet. A first policy message is received from a policy management process in the communications network. The first policy message includes rule data that indicates a signaled rule name associated with a particular network address in the communications network. In response to receiving the first policy message, a data packet of the particular network address is processed according to a particular method associated with a particular rule name selected based on the signaled rule name. As a result, a PFO policy is controlled from the policy management process.

Abstract: A mechanism provides for communication of “keep-alive” messages from clients to servers in a packet telephony network environment. The servers may be call agents and the clients may be gateways or MGCP-controlled IP phones. A client (e.g., gateway) registers a virtual endpoint. Upon a period of inactivity in which the client does not receive any commands or acknowledgments from an assigned server (e.g., call agent), the client starts to send keep-alive messages periodically to the server. The keep-alive message may include an endpoint identifier that identifies the registered virtual endpoint. If the server fails to respond to the keep-alive messages after a period of time, the client initiates a fallback mechanism from a first call control protocol (e.g., MGCP) to a second call control protocol (e.g., H.323 or SIP), to provide call control handling using a default application.

Abstract: A method and apparatus of communication processing at a client (e.g., media gateway) connected to a server (e.g., media gateway controller) includes collecting events in a quarantine buffer. The contents of the buffer are examined to determine whether the collected events include one or more synchronizing events. An instruction signal sent to the client from the server includes information defining one or more events as a synchronizing event. If one or more synchronizing events is present, the collected events are processed from the buffer relative to the one or more synchronizing events. The processing may include processing the collected events beginning after the most recent or second most recent synchronizing event. The collected events that occurred up to the most recent or second most recent synchronizing event may be moved to a synchronized event list. The synchronized event list may be reported to the server or discarded.