Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract: A system is disclosed for measuring data utilization attributable to use by an application being executed on a mobile device. The system has a server operable to register the application and transmit information to establish a connection between the application and a proxy server. The system also has a proxy server operable to establish a first connection with the application, receive direction to establish a second connection with a target endpoint, establish the second connection between the proxy server and the target endpoint, pass data between the target endpoint and the application using the established connections, and measure the amount of data passed between the target endpoint and the application.

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract: A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token.

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract: A method is provided in one example embodiment and includes establishing a connection between a client and a messaging fabric of a conductor element associated with a video system; creating a plurality of nodes for system management events; and receiving a subscription request for a particular one of the system management events. The particular subscription request and system management event is authenticated and authorized by use of an identifier associated with the particular subscription request and system management event.

Abstract: In one embodiment, a method includes identifying unusual behavior with respect to a handshake between a first endpoint and a second endpoint that are included in a network, and determining whether the unusual behavior with respect to the handshake indicates presence of malicious software. The method also includes identifying at least one of the first endpoint and the second endpoint as potentially being infected by the malicious software if it is determined that the unusual behavior with respect to the handshake indicates the presence of malicious software.

Abstract: A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token.

Abstract: A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token.

Abstract: An example method is provided and includes receiving a packet associated with a flow, determining a tunnel identifier for the flow, and determining a flow identifier for the flow. The method includes associating the flow identifier and the tunnel identifier to an Internet protocol (IP) address to generate a binding to be used for a network address and port translation (NAPT). In other embodiments, a routing decision is executed based on the binding between the identifiers and the IP address. The flow identifier can be a context identifier (CID), and the tunnel identifier can be a softwire tunnel ID. In yet other embodiments, the packet can be tagged as part of an encapsulation operation, which includes providing information about a network location at which the network address and port translation is to be executed.

Abstract: A method is provided in one example embodiment and includes establishing a connection between a first client and a messaging fabric of a conductor element associated with a video system; receiving a request to perform a companion service with a second client; authenticating the first client via a client directory based on an identifier associated with the first client; receiving a pair message from the first client for the second client; and verifying whether the two clients can be paired in order to perform the companion service. Companion service commands can be authorized/policy checked and resulting commands on the second client may appear as-if they had been triggered locally.

Abstract: In one embodiment, a method includes identifying unusual behavior with respect to a handshake between a first endpoint and a second endpoint that are included in a network, and determining whether the unusual behavior with respect to the handshake indicates presence of malicious software. The method also includes identifying at least one of the first endpoint and the second endpoint as potentially being infected by the malicious software if it is determined that the unusual behavior with respect to the handshake indicates the presence of malicious software.

Abstract: An example method includes receiving a message related to a bearer or an Internet Protocol (IP) flow, the message includes an extension indicating whether an Internet Protocol security (IPsec) feature is designated for the bearer or the IP flow. The method further includes mapping a communication flow to the bearer or the IP flow, and applying the IPsec feature to the bearer or the IP flow. In other embodiments, the method can include communicating the extension to a next destination, and updating a security policy to indicate that the bearer or the IP flow is designated for the IPsec feature. In yet other embodiments, an Internet Key Exchange (IKE) is used to establish a security association for a serving gateway associated with the communication flow. The extension is provided at an IP flow level or at a bearer level such that network traffic is designated for the IPsec feature.

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract: A method is provided in one example embodiment and includes receiving a request for a service for a subscriber at an access gateway; receiving a default subscriber policy and a default service policy at the access gateway; receiving a subscriber policy and a service policy for the service being requested at the access gateway; receiving the service being requested at the access gateway; and communicating the service being requested from the access gateway to the subscriber in response to the request.

Abstract: A method is provided in one example embodiment and includes communicating an in-band message packet from a first network element; receiving a response to the in-band message from a second network element, the response contains tunnel identification binding data that identifies a tunnel on a backhaul link on which traffic from a user equipment can flow; and receiving instructions from the second network element to offload a received data packet from the backhaul link. In particular instances, the in-band message is set to loopback when the in-band message is sent from the first network element. In other embodiments, the tunnel identification binding data is provided in the payload of the in-band message when the in-band message is sent from the first network element. In other examples, the method can include receiving an assigned Internet protocol (IP) address of the user equipment in the response to the in-band message.

Abstract: A method is provided in one example embodiment and includes receiving a downstream data packet transported on a backhaul link at a first network element, the downstream data packet is associated with a user equipment; identifying whether a downstream tunnel used to communicate the data packet to the user equipment has become dormant; and communicating an in-band message to a second network element that the downstream tunnel is dormant. In other examples, the method can include dropping the data packet when a network address port translation binding has expired or does not exist. In certain implementations, the method can include identifying the downstream tunnel as dormant when an activity timer has expired, or identifying the downstream tunnel as dormant based on a stale state setting.

Abstract: A method is provided in one example embodiment and includes receiving a data packet over a first link at a first network element; establishing an out-of-band channel over a second link between the first network element and a second network element; and receiving instructions at the first network element to offload the data packet from the first link. In more particular embodiments, the first network element is a mobile enabled router, and the second network element is a gateway general packet radio service support node or a packet data network gateway. The method can also include receiving a discovery message from the second network element, the discovery message triggering the establishment of the out-of-band channel. In certain cases, the data packet is offloaded based on a type of data in the data packet.

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; de-capsulating the data packet; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; and offloading the data packet from the backhaul link. In more specific embodiment, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other examples, the method can include identifying that the data packet is a downstream data packet; identifying a service to be performed for the data packet that cannot be performed at the first network element; and communicating the data packet to a second network element.

Abstract: A method is provided in one example embodiment and includes invoking a mobile access gateway function based on an end user requesting an Internet Protocol (IP) address in a wireless or a wireline network. The invocation is selective such that the mobile access gateway function is invoked if the end user requires IP mobility services. The method also includes communicating with a gateway in order to obtain the IP address. The mobile access gateway function is coupled to a network element that receives packets for a communications flow from the end user that can conduct the flow through the wireless network and through the wireline network.