Abstract: A method for securing data over a communication network, the method comprising detecting communication data transferred via a router in the communication network, applying an anomaly detection process on the detected communication data to identify malicious data sent via the router, generating a list of candidate Internet Protocol (IP) addresses having a probability of sending malicious data via the router, sending the list of candidates to the router, receiving additional telemetry about data received from the IP addresses included in the list of candidates, narrowing down the list of candidates to a list of verified attackers, generating one or more attack signatures configured to identify the port scanning traffic from the IP addresses included in the list of candidates, sending the one or more attack signatures to the router.

Abstract: The present patent application relates to wireless communication networks which may include a radio access network segment functionally associated with an edge computing cloud. Server application may provide digital service to one or more mobile communication devices communicatively coupled to the radio access network segment. A network core including network management appliances and a mobile communication device paging message generator may be a part of the communication network. A networked paging trigger appliance may generate a mobile communication device specific paging trigger, configured to cause the paging message generator to page the specific mobile communication device.

Abstract: Disclosed are methods, circuits, devices, systems and associated computer executable code for operating a wireless communication network. According to embodiments of the present invention, one or more network appliances functioning within a Radio Access Network (RAN), at or near an access point, of an exemplary network may identify within a multiplexed downstream communication line leading towards a wireless access point a packet stream addressed to a destination mobile communication device communicatively coupled to the access point and located within a sector or portion of a coverage area of the access point. The same or another appliance may correlate an identifier of the packet stream destination device with an estimated device location within the coverage area along with an associated coverage area sector.

Abstract: Disclosed is a communication network having at least one network access segment including one or more network access points, wherein a selective packet bridge appliance integral or otherwise functionally associated with the at least one network access segment, is adapted to selectively shunt packet flow between two or more mobile communication devices communicatively coupled to the at least one network access segment through access points of the at least one network segment, and wherein a packet is selected for shunting at least partially based on an intended destination of the packet and at least partially based on a payload type of the packets.

Abstract: The present invention includes methods, circuits, systems and functionally associated computer executable code for systems and functionally associated computer executable code for detecting and mitigating a denial of service attack on or through a radio access network. According to some embodiments, there may be provided a radio access network with one or more radio access points to wirelessly engage in communication with one or more wireless communication devices, a Malicious Packet Detector (MPD) communicatively coupled to one or more radio access points and configured to detect one or more malicious packets transmitted to the radio access network by the one or more wireless communication devices, and a controller functionally associated with the MPD and configured to alter network operation so as to mitigate malicious packet flow from the one or more malicious packet transmitting wireless communication devices.

Abstract: The present application discloses methods, circuits, devices, systems and functionally associated computer executable code to support edge computing on a communication network, such as a wireless access communication network. There are disclosed a data network architectures including: (a) at least one network core with one or more network elements to perform each of one or more network management functionalities; and (b) at least one network edge segment or zone including one or more access nodes, edge computing resources and a secure link gateway to convey to the core network elements information about data services provided by the edge computing resources to connected client devices.

Abstract: Disclosed is a communication network having at least one network access segment including one or more network access points, wherein a selective packet bridge appliance integral or otherwise functionally associated with the at least one network access segment, is adapted to selectively shunt packet flow between two or more mobile communication devices communicatively coupled to the at least one network access segment through access points of the at least one network segment, and wherein a packet is selected for shunting at least partially based on an intended destination of the packet and at least partially based on a payload type of the packets.

Abstract: The present application discloses methods, circuits, devices, systems and functionally associated computer executable code to support data services provided by one or more edge data service providers/applications running on edge computing resources, integral or otherwise functionally associated with a Radio Access Network (RAN) segment of a wireless communication network, to one or more wireless communication devices communicatively coupled to the wireless communication network through the RAN segment. Embodiments of the present invention include a wireless communication network comprising with at least one network core having one or more network elements to perform each of one or more network management functions, including to managing wireless communication device (User Equipment—UE) related information.

Abstract: Disclosed a methods, circuits, apparatuses, and associated computer executable code for regulating congestion levels on at least one segment of a data communication network. According to some embodiments, a data communication network may include an access point along with both uplink and downlink data paths. The network may include a traffic management appliance. The appliance or functionally associated device may include a traffic monitor to measure a downlink congestion level on a segment of the network downlink. The appliance or a functionally associated device may include a transmission manager to intercept or suppress uplink data traffic when the traffic monitor indicates a downlink congestion level exceeding a first threshold level.

Abstract: Disclosed are methods, circuits, devices, systems and associated computer executable code for operating a wireless communication network. According to embodiments of the present invention, one or more network appliances functioning within a Radio Access Network (RAN), at or near an access point, of an exemplary network may identify within a multiplexed downstream communication line leading towards a wireless access point a packet stream addressed to a destination mobile communication device communicatively coupled to the access point and located within a sector or portion of a coverage area of the access point. The same or another appliance may correlate an identifier of the packet stream destination device with an estimated device location within the coverage area along with an associated coverage area sector.

Abstract: Disclosed are methods, circuits, devices, systems and functionally associated computer executable code to Facilitate Edge Computing on a mobile communication network. According to some embodiments, there may be provided a mobile data communication network comprising two or more Mobile Edge Computing MEC Zones, wherein a first MEC Zone is communicatively coupled to a first set of network access points which are adapted to communicated with User Equipment (UE) and includes at least one Edge Processing Host adapted to run a server-side application accessible to a client application running on an EU communicating with a network access point of the first set of network access points.

Abstract: The present application discloses methods, circuits, devices, systems and functionally associated computer executable code to support location based services to mobile communication devices (UE) communicatively coupled to wireless communication networks in accordance with embodiments of the present invention. According to some embodiments, push type messages to a UE may include location service related content. UE localization may be performed by server applications having access to only a UE's temporary APN IP address, while network push type messages may be addressed using a permanent device identifier of the UE. A process of UE address to identifier correlation at or near the network core may support location triggered push messaging to the UE.

Abstract: Disclosed are methods, circuits, devices, systems and associated computer executable code for operating a cellular network. According to some embodiments, a network core may be communicatively connected to one or more network access segments through a data tunnel, which data tunnel is monitored by a data traffic analyzer. The analyzer may monitor data flow through the data tunnel to estimate a data transfer load on one or more wireless coverage cells of a base-station of said network access segment. Estimating may include identifying and monitoring one or more packet streams encapsulated within the data flow. The traffic analyzer may perform packet inspection on data packets of one or more packet streams within the data tunnel and to identify a payload data-type within downstream packets heading towards a wireless client device. The analyzer may associate data packets of one or more packet streams within the data tunnel with a specific coverage cell of a specific base-station.

Abstract: Disclosed are methods, circuits, devices, systems and associated computer executable code for providing application data services to a mobile communication device. A communication module, including communication circuits, receives application data services demand information relating to demand for a given application data service being experienced by one or more access nodes of the mobile communication network. A controller on the network adjusts at least one parameter of an application data service being provided by at least one network edge appliance of the mobile communication network accordingly.

Abstract: The present invention includes methods, circuits, systems and functionally associated computer executable code for systems and functionally associated computer executable code for detecting and mitigating a denial of service attack on or through a radio access network. According to some embodiments, there may be provided a radio access network with one or more radio access points to wirelessly engage in communication with one or more wireless communication devices, a Malicious Packet Detector (MPD) communicatively coupled to one or more radio access points and configured to detect one or more malicious packets transmitted to the radio access network by the one or more wireless communication devices, and a controller functionally associated with the MPD and configured to alter network operation so as to mitigate malicious packet flow from the one or more malicious packet transmitting wireless communication devices.

Abstract: Disclosed is a communication network having at least one network access segment including one or more network access points, wherein a selective packet bridge appliance integral or otherwise functionally associated with the at least one network access segment, is adapted to selectively shunt packet flow between two or more mobile communication devices communicatively coupled to the at least one network access segment through access points of the at least one network segment, and wherein a packet is selected for shunting at least partially based on an intended destination of the packet and at least partially based on a payload type of the packets.

Abstract: The present patent application relates to and discloses methods, circuits, devices, systems and functionally associated computer executable code for enabling applications to run at or near the edge of wireless or mobile communication network. According to some embodiments, there may be provided a UPF proxy at or near an edge of a network which communicates with network elements at or near a core of the network. The UPF proxy may enable applications, such as application server applications, to run on computing resources at edge of the network.

Abstract: The present application discloses methods, circuits, devices, systems and functionally associated computer executable code to support edge computing on a communication network, such as a wireless access communication network. There are disclosed a data network architectures including: (a) at least one network core with one or more network elements to perform each of one or more network management functionalities; and (b) at least one network edge segment or zone including one or more access nodes, edge computing resources and a secure link gateway to convey to the core network elements information about data services by the edge computing resources to connected client devices.

Abstract: The present patent application relates to and discloses methods, devices, systems and functionally associated computer executable code for paging a wireless communication device which is idle mode. Disclosed is a wireless communication network comprising: (a) at least one radio access network segment functionally associated with an edge computing cloud through which a server application provides digital service to one or more mobile communication devices communicatively coupled to said radio access network segment; and (b) a network core including network management appliances and a mobile communication device paging message generator.

Abstract: Disclosed are methods, circuits, devices, systems and associated computer executable code for facilitating local hosting and access of internet based information. Zone Specific Hosting Server(s) host content associated with a specific zone of a wireless or cellular network, while Zone Specific Domain Name System Server(s) store Domain Name System records of content stored on the Zone Specific Hosting Server(s). A Hosting Deployment System deploys content to one or more of the Zone Specific Hosting Server(s) and updates the records of the Zone Specific Domain Name System Server(s) in accordance, and a Transparent Breakout Engine allows access and directs client devices of the wireless or cellular network to content hosted on the Zone Specific Hosting Server(s) based on the Zone Specific Domain Name System Server(s) records.