Abstract: A data replication system of a communication network is disclosed. According to one embodiment, the data replication system includes a replication gateway node and a replication control system. The replication gateway node is configured to create a first replication tunnel between a first gateway node and the replication gateway node and a second replication tunnel between the replication gateway node and a second gateway node. The replication gateway node replicates data streams between the first gateway node and the second gateway and delivers the replicated data stream to a management node for further analysis.

Abstract: A system and method for defending a mobile network from a fraud committed via GTP is disclosed. According to one embodiment, a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network. The information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request. The information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. A GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.

Abstract: Systems and methods for scalable and iterative deep packet inspection for communication networks are disclosed. According to one embodiment, a system comprises a home network and a visitor network in communication with the home network over an Internetwork packet exchange. The visitor network may have an intercept area with an intercept probe, a local packet data network gateway (PGW) and a local proxy-call session control function (P-CSCF). The system further includes a diameter edge agent that monitors signaling traffic in the visitor network passing to and from the home network. The system also has a targeting system in communication with the diameter edge agent that redirects the signaling traffic from the home PGW to the visiting PGW.

Abstract: A system and method for defending a mobile network from a fraud committed via GTP is disclosed. According to one embodiment, a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network. The information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request. The information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. A GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.

Abstract: In one embodiment, a system includes an interface configured to receive a first request sent from a first customer for a first service provided by a first service provider, the first request being of a first type. The system also includes at least one processor configured to determine a first set of configuration parameters from a first policy associated with the first service provider in response to receiving the first request. The at least one processor also causes a node associated with the first service provider to provide the first service in response to receiving the first request using the first set of configuration parameters.

Abstract: A method is provided in one example embodiment that includes receiving a radio signal stream, segmenting the radio signal stream based on a control word in the radio signal stream, mapping the segmented radio signal stream to a service class, transporting the segmented radio signal stream in packets through channels over a backhaul link, and maintaining the order of the radio signal stream over the backhaul link. In more particular embodiments, the backhaul link may use a DOCSIS link, the radio signal stream can be received using a Common Public Radio Interface, and the radio signal stream may include sub-streams transported through segmented channels over the backhaul link.

Abstract: A data replication system of a communication network is disclosed. According to one embodiment, the data replication system includes a replication gateway node and a replication control system located in one or more of a visited network and a home network. The replication gateway node is configured to create a first replication tunnel between a first gateway node and the replication gateway node and a second replication tunnel between the replication gateway node and a second gateway node. The replication gateway node replicates data streams between the first gateway node and the second gateway and delivers the replicated data stream to a management node for further analysis.

Abstract: A system and method for transmitting a secure message is disclosed. According to one embodiment, a method includes providing a request for one or more attributes associated with a phone number for a recipient mobile device, generating a key based on the one or more attributes, receiving an encrypted message for a recipient mobile device, where the encrypted message is encrypted based on the key, requesting the one or more attributes from the recipient mobile device, receiving the one or more attributes from the recipient mobile device, regenerating the key based on the one or more attributes received from the recipient mobile device, decrypting the encrypted message based on the regenerated key, and delivering the decrypted message to the recipient mobile device.

Abstract: A system and method for discovering user equipment in a network is disclosed. According to one embodiment, a discovery proxy periodically scans an access router that serves a target user equipment and collects an address assignment record of the target user equipment via the access router. The discovery proxy passes the address assignment record to a discovery server, and the discovery server identifies a location of the target user equipment based on the address assignment record of the target user equipment.

Abstract: In one embodiment, a method includes receiving a first packet sent by a first node. The packet includes a first Layer 3 source address, a first Layer 3 destination address, a first Layer 2 source hardware identifier, a first Layer 2 destination hardware identifier, and a first path identifier. The first path identifier is situated between a Layer 2 header of the first packet and a Layer 3 header of the first packet. The method includes automatically determining a first port of the first network element associated with a second node. The second node is associated with the first Layer 2 destination hardware identifier. A second path identifier is automatically determined based on the first port. The first packet is prevented from being delivered to the second node in response to determining that the first path identifier and the second path identifier are different.

Abstract: A method and system for enabling peer-to-peer (P2P) communication between a first device and a second device is disclosed. According to one embodiment, a P2P communication system includes a first peer agent serving a first peer, a second peer agent serving a second peer, and a rendezvous server. The rendezvous server updates a first IP address for the first peer agent to the second peer agent and a second IP address for the second peer agent to the first peer agent. The first peer agent and the second peer agent communicate with the rendezvous server by dropping and retrieving a plurality of dead-drop packages. A first dead-drop package of the plurality of dead-drop packages comprises a first alias that is known only to the first peer and the second peer. A second dead-drop package of the plurality of dead-drop packages comprises a second alias that is different from the first alias.

Abstract: A data replication system of a communication network is disclosed. According to one embodiment, the data replication system includes a replication gateway node and a replication control system. The replication gateway node is configured to create a first replication tunnel between a first gateway node and the replication gateway node and a second replication tunnel between the replication gateway node and a second gateway node. The replication gateway node replicates data streams between the first gateway node and the second gateway and delivers the replicated data stream to a management node for further analysis.

Abstract: A system and method for metadata analysis and collection with privacy is disclosed. According to one embodiment, a trusted third party (TTP) system generates and transmits authorization keys to a government agency (GA) system and a communication service provider (CSP) system. The TTP system receives index records referencing records of subscribers from the CSP system and ingests the index records received from the CSP system. The TTP system receives a target index request from the GA system and sends a metadata record request to the CSP system based on the target index request. The CSP system sends metadata records to the TTP system, and the TTP system delivers the metadata records to the GA system. The metadata records are encrypted with encryption keys shared between the GA system and the CSP system such that the TTP system cannot decrypt the metadata records.

Abstract: In one embodiment, a method includes receiving a first packet sent by a first node. The packet includes a first Layer 3 source address, a first Layer 3 destination address, a first Layer 2 source hardware identifier, a first Layer 2 destination hardware identifier, and a first path identifier. The first path identifier is situated between a Layer 2 header of the first packet and a Layer 3 header of the first packet. The method includes automatically determining a first port of the first network element associated with a second node. The second node is associated with the first Layer 2 destination hardware identifier. A second path identifier is automatically determined based on the first port. The first packet is prevented from being delivered to the second node in response to determining that the first path identifier and the second path identifier are different.

Abstract: A method is provided in example embodiments that include receiving a radio signal stream and segmenting the radio signal stream into segments. The segments may be packetized and transported in packets over a pseudowire in a packet-switched network. The radio signal stream can be reconstructed from the segments. In more particular embodiments, the pseudowire may be a multi-protocol label switching pseudowire or a layer 2 tunneling protocol pseudowire, for example. In yet other specific example embodiments, the radio signal stream may be received using a common public radio interface or a femtocell application programming interface.

Abstract: In one embodiment, a method includes receiving a first packet sent by a first node. The packet includes a first Layer 3 source address, a first Layer 3 destination address, a first Layer 2 source hardware identifier, a first Layer 2 destination hardware identifier, and a first path identifier. The first path identifier is situated between a Layer 2 header of the first packet and a Layer 3 header of the first packet. The method includes automatically determining a first port of the first network element associated with a second node. The second node is associated with the first Layer 2 destination hardware identifier. A second path identifier is automatically determined based on the first port. The first packet is prevented from being delivered to the second node in response to determining that the first path identifier and the second path identifier are different.

Abstract: A method is provided in one example embodiment that includes receiving a radio signal stream, segmenting the radio signal stream based on a control word in the radio signal stream, mapping the segmented radio signal stream to a service class, transporting the segmented radio signal stream in packets through channels over a backhaul link, and maintaining the order of the radio signal stream over the backhaul link. In more particular embodiments, the backhaul link may use a DOCSIS link, the radio signal stream can be received using a Common Public Radio Interface, and the radio signal stream may include sub-streams transported through segmented channels over the backhaul link.

Abstract: A method is provided in one example embodiment that includes receiving a radio signal stream, segmenting the radio signal stream based on a control word in the radio signal stream, mapping the segmented radio signal stream to a service class, transporting the segmented radio signal stream in packets through channels over a backhaul link, and maintaining the order of the radio signal stream over the backhaul link. In more particular embodiments, the backhaul link may use a DOCSIS link, the radio signal stream can be received using a Common Public Radio Interface, and the radio signal stream may include sub-streams transported through segmented channels over the backhaul link.

Abstract: In one embodiment, a method includes receiving a first packet sent by a first node. The packet includes a first Layer 3 source address, a first Layer 3 destination address, a first Layer 2 source hardware identifier, a first Layer 2 destination hardware identifier, and a first path identifier. The first path identifier is situated between a Layer 2 header of the first packet and a Layer 3 header of the first packet. The method includes automatically determining a first port of the first network element associated with a second node. The second node is associated with the first Layer 2 destination hardware identifier. A second path identifier is automatically determined based on the first port. The first packet is prevented from being delivered to the second node in response to determining that the first path identifier and the second path identifier are different.

Abstract: A method is provided in example embodiments that include receiving a radio signal stream and segmenting the radio signal stream into segments. The segments may be packetized and transported in packets over a pseudowire in a packet-switched network. The radio signal stream can be reconstructed from the segments. In more particular embodiments, the pseudowire may be a multi-protocol label switching pseudowire or a layer 2 tunneling protocol pseudowire, for example. In yet other specific example embodiments, the radio signal stream may be received using a common public radio interface or a femtocell application programming interface.