Systems and methods for USN monitoring via virtual tap is provided. A system may obtain, from a virtual tap, virtual network data packets associated with a first type of wireless communication protocol. The system may extract a first ID from the virtual network data packets. The system may query a first database associated with the first type of wireless communication protocol or a second database using a second type of wireless communication protocol using the first ID. The system may determine a second ID and a security context based on the query. The system may convert the security context from a first type to a second type of security context. The system may store the converted security context into a field based on the second ID.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Software as a service (SAAS) services featuring software for monitoring and management of performance and availability of software applications; Software as a service (SAAS) services, namely, hosting software for use by others for analyzing wireless, cable, and wireline service performance; Software as a service (SAAS) services featuring software for analyzing computer network performance; Platform as a service (PAAS) featuring computer software platforms for monitoring and management of performance and availability of software applications; Platform as a service (PAAS) featuring computer software platforms for hosting software for use by others for analyzing wireless, cable, and wireline service performance; Platform as a service (PAAS) featuring computer software platforms for analyzing computer network performance; Design and development of computer hardware and software; Computer diagnostic services; Computer system design services; Computer programming services, namely, creating indexes of information, sites and other resources available on computer networks; Computer programming services, namely, monitoring, testing, analyzing, and reporting on the Internet traffic control and content control of the websites of others; Computer programming services, namely, providing search engines for obtaining data on a global computer network; computer virus protection services; Consulting services in the field of software as a service (SAAS); Consulting services in the field of cloud computing; Consulting services in the field of design, selection, implementation and use of computer hardware and software systems for others; Consulting in the field of configuration management for computer hardware and software; Computer security consultancy in the field of application and network performance management; Consultation services relating to computer software; IT consulting services relating to installation, maintenance and repair of computer software; Computer software consultancy; Information technology consultancy relating to installation, maintenance and repair of computer software; Computer technical support services, namely, 24/7 service desk or help desk services for IT infrastructure, operating systems, database systems, and web applications; Technical support services, namely, troubleshooting of industrial process control computer software problems; Technical support services, namely, remote and on-site infrastructure management services for monitoring, administration and management of public and private cloud computing IT and application systems; Technical support services, namely, troubleshooting of computer software problems; Computer programming services for others in the field of software configuration management; Consulting services in the field of hosting computer software applications
4.
SYSTEMS AND METHODS FOR REDUCING POWER CONSUMPTION BY MONITORING NETWORK TRAFFIC
A method can include monitoring a level of network traffic to a server. The method can include setting a clock rate of one or more cores of a processor of the server based on the monitored level of network traffic.
H04L 41/0823 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
5.
System and method for load balancing of network packets received from a MME with smart filtering
A system and method for monitoring one or more Mobility Management Entities (MMEs) with a plurality of scalable network probe devices arranged in a cluster format. A ciphered packet is received from one or more MMEs at a packet switching device. The packet switching device in turn sends all the ciphered packets to each of the plurality of clustered probes. Each of the network probes then in turn deciphers the packets received from the MME and extracts metadata from the deciphered packet to identify subscriber session information contained in the received packet. Each of the network probes then selectively retains deciphered packet information relating to a subscriber session and/or other prescribed criteria designated for that particular network probe and discards the remaining deciphered packet or portions of the packet so as to balance the load amongst the plurality of probes based upon prescribed load balancing criteria. KPI and other session related data is generated in a network probe associated with a subscriber session from the retained deciphered packet information. Subscriber session related data from each clustered network probe is then aggregated with at least one monitoring device operably coupled to the clustered probes such that a user of the monitoring device is provided with the perception that the monitoring device is coupled to a single probe.
A computer implemented method for determining the identity of an Over-the Top (OTT) application or service being accessed over the Internet from a HTTP, HTTPS or QUIC connection request received in a network monitoring device. Determine if one or more entries are present in the received connection request have an IP address that matches a known server IP address. A determination is then made as to whether if the received connection request is one of a HTTP, HTTPS or QUIC connection request, and if this cannot be determined than determine if a subject field in the received connection request is available. And determine if a candidate domain name is available from IP cache created from one or more of the above steps if a subject field is not available in the received connection request. Identify and categorize OTT applications associated with the received connection request if it is determined: the connection is either a HTTP, HTTPS or QUIC connection type; a subject field is available; or a candidate domain name is available utilizing a lookup table that is periodically updated with new OTT applications.
A method can include monitoring a level of network traffic to a server. The method can include setting a clock rate of one or more cores of a processor of the server based on the monitored level of network traffic.
A method is disclosed. A first data packet is received. Data is extracted from the first data packet. A first synthetic data packet is generated from data of the first data packet. A second data packet is received. Data is extracted from the second data packet. A key performance indicator is generated from data of the first and second synthetic data packets.
Systems and methods for USN monitoring via virtual tap is provided. A system may obtain, from a virtual tap, virtual network data packets associated with a first type of wireless communication protocol. The system may extract a first ID from the virtual network data packets. The system may query a first database associated with the first type of wireless communication protocol or a second database using a second type of wireless communication protocol using the first ID. The system may determine a second ID and a security context based on the query. The system may convert the security context from a first type to a second type of security context. The system may store the converted security context into a field based on the second ID.
H04W 8/02 - Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]Transfer of mobility data, e.g. between HLR, VLR or external networks
A method is disclosed. In the method, a set of data blocks can be stored. A continuous stream of data can be received. First data from the continuous stream of data can be stored in a first subset of data blocks. Second data from the continuous stream of data can be stored in a second subset of data blocks. Responsive to determining each of the set of data blocks is filled with data, data in a third subset of data blocks can be overwritten with data from the continuous stream of data.
A system and method for analyzing error codes includes detecting a failure condition on a network, identifying a subset of subscribers impacted by the failure condition, determining for each subscriber in the subset of subscribers a first set of error codes associated with the failure condition, creating a Bayesian network comprising one or more error codes from the first set of error codes of each the subset of subscribers, computing a Conditional Probability Distribution (CPD) for each of the one or more error codes of the Bayesian network, and determining a second set of error codes based on the CPD, the second set of error codes indicative of a cause of the failure condition.
H04L 41/0631 - Management of faults, events, alarms or notifications using root cause analysisManagement of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
H04L 1/00 - Arrangements for detecting or preventing errors in the information received
12.
SYSTEMS AND METHODS FOR DETECTING THE ANOMALIES IN A COMMUNICATIONS NETWORK
The present disclosure describes a method for detecting and mitigating network attacks. The method includes collecting network data packets transmitted by a plurality of computing devices across a communications network; presenting a user interface on a user device, the user interface comprising a threshold calculation button and one or more fields each corresponding to a threshold for a different network characteristic of the communications network; receiving a selection of the threshold calculation button from the user device; determining a threshold for each of the one or more fields based on the collected network data packets; responsive to receiving the selection of the threshold calculation button, automatically populating each of the one or more fields with the threshold determined for the field; and detecting an attack on the communications network using a first threshold that was automatically populated into a first field of the one or more fields.
H04L 41/0686 - Additional information in the notification, e.g. enhancement of specific meta-data
H04L 41/0816 - Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
H04L 41/142 - Network analysis or design using statistical or mathematical methods
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
13.
SYSTEMS AND METHODS FOR PROTECTING DNS SERVERS FROM WATER TORTURE DDOS ATTACKS
A system is disclosed. The system can include a network monitoring device connected to a communications network. The network monitoring device to store a probabilistic data structure indicating one or more domain names; receive a response data packet from the DNS server, the response data packet comprising a first domain name transmitted in a query to the DNS server and an affirmative response code; update the probabilistic data structure with the first domain name identified from the response data packet; responsive to detecting an attack on the network, retrieve a query message, the query message containing a second domain name; query the updated probabilistic data structure with the second domain name; and restrict transmission of the query message or communication by the computing device with the DNS server.
H04L 47/263 - Rate modification at the source after receiving feedback
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
14.
SYSTEMS AND METHODS FOR TRANSPARENT SERVICE RESPONSE ANALYSIS
Systems and methods for transparent service response analysis is provided. A system may obtain a network data packet from a network service provider. The system may determine the network data packet includes a response code indicating a status of the request. The system may extract the response code from the network data packet. The system may modify an IP header of the network data packet based on the response code. The system may encapsulate the network data packet based on the response code. The system may send the network data packet with the modified IP header. The system may send the encapsulated network data packet.
Systems and methods for service response analysis via out-of-band signaling is provided. A system may obtain, via a first network channel, a network data packet from a network service provider. The system may determine the network data packet comprises a response code indicating a status of the request. The system may extract the response code from the network data packet. The system may generate an out-of-band response message comprising the response code. The system may send, to an external device via a second network channel, the out-of-band response message comprising the response code.
Decrypting synthetic transactions with beacon packets is provided. A probe receives, from a client device, a start beacon packet that identifies a test of a service provided by one or more servers. The probe establishes, responsive to receipt of the start beacon packet, a log for the test. The probe stores, in the log established responsive to the start beacon packet, data packets transmitted between the client device and the one or more servers subsequent to the start beacon packet and encrypted with a key using a security protocol. The probe receives, from the client device, key information used to decrypt the data packets of the test encrypted with the key using the security protocol. The probe provides at least one of the data packets for evaluation or decryption using the key information to determine a performance of the service.
A method for detecting the sources of distributed denial of service attacks is disclosed. Control plane signaling data and user plane data is collected using network monitoring equipment connected to a communications network. The control plane signaling data and user plane data is correlated. Amounts of traffic are calculated for individual computing devices based on the correlated data. One or more computing devices are determined based on the amounts of traffic associated with the one or more computing devices satisfying a device anomaly criterion. A record including a list of the one or more computing devices is generated.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
Systems and methods for remote synthetic transactions is provided. A system may create a tunnel between the system and a device to perform remote synthetic transactions. The system may be at a location other than a location of the device and remotely transfer data packets to the device to be sent to a service of a service provider via a network. The data packets may appear to originate from the device and be handled accordingly by the service. The system may receive a response to the synthetic transactions from the device and provide an indication of performance of the synthetic transaction based on the response.
Systems and methods for remote synthetic transactions is provided. A system may create a tunnel between the system and a device to perform remote synthetic transactions. The system may be at a location other than a location of the device and remotely transfer data packets to the device to be sent to a service of a service provider via a network. The data packets may appear to originate from the device and be handled accordingly by the service. The system may receive a response to the synthetic transactions from the device and provide an indication of performance of the synthetic transaction based on the response.
A system and method for hierarchical network monitoring functions are disclosed. An order of execution for layer functions of a network architecture is determined. The layer functions may be distributed across multiple layers. The layers may include a sensor layer, a federated application layer, and a data lake layer. A machine learning model may be executed at a first layer. The first layer may be the sensor layer.
A cluster load balancer can be coupled to a network for monitoring network traffic. The cluster load balancer can include one or more computing devices. The one or more computing devices can be configured to receive a data packet, the data packet comprising a device identifier of a first device connected to a network for a communication session, wherein the data packet is a user plane data packet or a control plane data packet; generate a probe identification based on the device identifier of the first device in the data packet; add the probe identification to the data packet; and transmit the data packet with the probe identification to a second device in communication with a plurality of network probes. The second device can be configured to forward the data packet to a network probe of the plurality of network probes based on the probe identification in the data packet.
A method for detecting cell positioning anomalies is disclosed. Control plane signaling data packets are collected associated with multiple cells of a communications network. Distance and azimuth values for individual communication sessions are calculated for each cell. A machine learning model is executed using various communication parameters as input to generate a classification for each cell. A list identifying which cells are experiencing anomalies is generated.
A method is disclosed. In the method, a data generation process can continuously generate data in real time. The data generation process can store the data into discrete data blocks. An analyzer process can run analytical queries on the data from the data blocks. After the analytics is complete for different data blocks, data can be removed from the respective data blocks. The empty data blocks can be returned back to the generation process for reuse. The data blocks can be shared resources between the generation and the analyzer processes. The data can be stored in a directly queryable format. Though at any given time a given analytical query can run on a single data block, the analyzer process can preserve certain important records from that data block to be used while analyzing subsequent data blocks at a later time.
Decrypting synthetic transactions with beacon packets is provided. A probe receives, from a client device, a start beacon packet that identifies a test of a service provided by one or more servers. The probe establishes, responsive to receipt of the start beacon packet, a log for the test. The probe stores, in the log established responsive to the start beacon packet, data packets transmitted between the client device and the one or more servers subsequent to the start beacon packet and encrypted with a key using a security protocol. The probe receives, from the client device, key information used to decrypt the data packets of the test encrypted with the key using the security protocol. The probe provides at least one of the data packets for evaluation or decryption using the key information to determine a performance of the service.
A method is disclosed. A first data packet is received. Data is extracted from the first data packet. A first synthetic data packet is generated from data of the first data packet. A second data packet is received. Data is extracted from the second data packet. A key performance indicator is generated from data of the first and second synthetic data packets.
A method for machine learning model selection for time series data is disclosed. Sets of time series data is obtained. The time series data is clustered using a clustering algorithm. A similarity value of the clusters is evaluated and a quantity of clusters is selected. Machine learning models are evaluated using a center of each cluster of time series data. A machine learning model is selected for each cluster. Selection may be updated.
A method is disclosed. A control plane signaling data packet transmitted from a first node to a second node may be collected via a probe. An identifier of the second node may be identified. A determination as to whether the message is a notification message is made. A key performance indicator type for the control plane signaling data packet may be determined. A key performance indicator of the key performance indicator type may be generate from content of the control plane signaling data packet.
A method is disclosed. A control plane signaling data packet transmitted from a first node to a second node may be collected via a probe. An identifier of the second node may be identified. A determination as to whether the message is a notification message is made. A key performance indicator type for the control plane signaling data packet may be determined. A key performance indicator of the key performance indicator type may be generate from content of the control plane signaling data packet.
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
29.
SYSTEM AND METHOD FOR APPLYING MACHINE LEARNING TO MOBILE GEOLOCATION
Disclosed herein is a method to determine a geolocation that includes receiving, by a processor, from a base station (BS), radio predictors, a user equipment (UE) location history, and a geolocation of a first UE for which a minimization of drive test (MDT) mode is activated, radio predictors and a UE location history' of a second UE for which the MDT mode is not activated, and cell physical parameters. The method includes training, by the processor, a machine learning (ML) model at least based on the radio predictors, the UE location history, and the geolocation of the first UE, and the cell physical parameters. The method includes executing, by the processor, the ML model to determine the azimuth of the second UE and providing, by the processor, to a downstream application, a geolocation of the second UE at least based on the azimuth and the TA of the second UE.
Disclosed herein is a method to determine a geolocation that includes receiving, by a processor, from a base station (BS), radio predictors, a user equipment (UE) location history, and a geolocation of a first UE for which a minimization of drive test (MDT) mode is activated, radio predictors and a UE location history of a second UE for which the MDT mode is not activated, and cell physical parameters. The method includes training, by the processor, a machine learning (ML) model at least based on the radio predictors, the UE location history, and the geolocation of the first UE, and the cell physical parameters. The method includes executing, by the processor, the ML model to determine the azimuth of the second UE and providing, by the processor, to a downstream application, a geolocation of the second UE at least based on the azimuth and the TA of the second UE.
A method for restoring an HPACK table is disclosed. A static table is maintained. Control plane signaling data packets are collected via a probe. A dynamic table is generated from the control plane signaling data packets. An event affecting operation of the probe may be detected. A first control plane signaling data packet may be collected by the probe subsequent to detection of the event. The dynamic table may be reorganized. The reorganized dynamic table may be stored in memory.
In some embodiments, a non-transitory computer readable medium is disclosed. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over an N11 interface, extract at least one type of session ID and a first Next Generation Application Protocol (NGAP) tunnel endpoint identifier (TEID) from the first message, store the at least one type of session ID and the first NGAP TEID in a first N11 protocol data unit (PDU) session record, capture a second message transmitted over an N3 interface, extract a general packet radio service (GPRS) tunneling protocol (GTP)-user plane (U) TEID from the second message, wherein the GTP-U TEID matches the first NGAP TIED, and retrieve information associated with session details record using the GTP-U TEID.
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer software; computer hardware; none of the aforementioned goods being for cryptocurrency, blockchain technology, non-fungible tokens, web3 services, or domain name registration services. IT consulting services; Software as a service; Platform as a service; computer software services; Computer software design; Design, development and implementation of software; none of the aforementioned services being for cryptocurrency, blockchain technology, non-fungible tokens, web3 services, or domain name registration services.
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Computer software; computer hardware. (1) IT consulting services; software as a service; platform as a service; computer software services; computer software design; design, development and implementation of software.
35.
Enrichment of monitoring user plane data using PFCP monitoring
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over a packet forwarding control protocol (PFCP) interface, extract a permanent ID and a first user plane tunnel endpoint identifier (TEID) from the first message, store the permanent ID and the first user plane TEID in a PFCP protocol data unit (PDU) session record, store the permanent ID in a session details record, capture a second message transmitted over a user plane interface after the first message is transmitted, extract a second user plane TEID from the second message, wherein the second user plane TEID matches the first user plane TEID, and retrieve the session details record using the second user plane TEID.
Correlating captured packets with synthetic application testing is provided. A device captures packets associated with a plurality of processes that include one or more synthetic transactions and one or more transactions responsive to user input. A packet capture data set can lack process identifiers (PIDs). The device captures first finger-printing data including first PIDs and attributes associated with the plurality of processes, and second finger-printing data comprising second PIDs corresponding to the one or more synthetic transactions. The device applies a first filter generated from the second PIDs in the second finger-printing data to a first finger-printing data set, and a second filter generated from the filtered attributes of a filtered finger-printing data set to the packet capture data set. The device provides a filtered packet capture data set to manage a performance of one or more processes of the plurality of processes.
Correlating captured packets with synthetic application testing is provided. A device captures packets associated with a plurality of processes that include one or more synthetic transactions and one or more transactions responsive to user input. A packet capture data set can lack process identifiers (PIDs). The device captures first finger-printing data including first PIDs and attributes associated with the plurality of processes, and second finger-printing data comprising second PIDs corresponding to the one or more synthetic transactions. The device applies a first filter generated from the second PIDs in the second finger-printing data to a first finger-printing data set, and a second filter generated from the filtered attributes of a filtered finger-printing data set to the packet capture data set. The device provides a filtered packet capture data set to manage a performance of one or more processes of the plurality of processes.
Method for monitoring network performance in a telecommunication network coupled with a plurality of Virtual Machines (VM) arranged in a cluster format is disclosed. A packet is received at a VM smart cluster device. Metadata is extracted from the packet. The packet can be distributed to one of the plurality of VMs. Key performance indicator (KPI) session related data associated with a subscriber in one of the plurality of VMs that receives the distributed packet can be generated.
Correlating captured packets with synthetic application testing is provided. A device captures packets associated with a plurality of processes that include one or more synthetic transactions and one or more transactions responsive to user input. A packet capture data set can lack process identifiers (PIDs). The device captures first finger-printing data including first PIDs and attributes associated with the plurality of processes, and second finger-printing data comprising second PIDs corresponding to the one or more synthetic transactions. The device applies a first filter generated from the second PIDs in the second finger-printing data to a first finger-printing data set, and a second filter generated from the filtered attributes of a filtered finger-printing data set to the packet capture data set. The device provides a filtered packet capture data set to manage a performance of one or more processes of the plurality of processes.
A method and system of configuring a stack of switches includes configuring a switch with mapping information based on a user input flow mapping that defines destination port(s) (local destination port(s) and/or remote destination port(s)) for a flow to exit the stack. The mapping information includes any local destination port(s) via which the flow can exit the stack from the switch and an outbound stack port for each of any remote destination port(s) via which the flow can be transmitted from the switch to a downstream switch. The method further includes creating a decapsulation entry having a flow ID for the flow, wherein the flow ID is assigned to the flow and is unique across the stack, and configuring the switch with access to a decapsulation algorithm configured to use the flow ID via the decapsulation entry to decapsulate encapsulated network traffic of the flow received from an upstream switch.
A method and system of transmitting network traffic through a stack having at least two switches is provided. The method includes receiving encapsulated network traffic via an inbound stack port of a switch of the stack, wherein the encapsulated network traffic was encapsulated with a flow identification (flow ID), and wherein the flow ID is assigned to a particular flow and is unique across the stack. The method further includes decapsulating the encapsulated network traffic using the flow ID contingent upon the switch being configured to decapsulate using the flow ID and transmitting the decapsulated network traffic from the switch in accordance with mapping information associated with the flow ID, wherein the switch is preconfigured with the mapping information.
In some embodiments, a non-transitory computer readable medium is disclosed. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over an N11 interface, extract at least one type of session ID and a first Next Generation Application Protocol (NGAP) tunnel endpoint identifier (TEID) from the first message, store the at least one type of session ID and the first NGAP TEID in a first N11 protocol data unit (PDU) session record, capture a second message transmitted over an N3 interface, extract a general packet radio service (GPRS) tunneling protocol (GTP)-user plane (U) TEID from the second message, wherein the GTP-U TEID matches the first NGAP TIED, and retrieve information associated with session details record using the GTP-U TEID.
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some embodiments, the medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a first message transmitted over a packet forwarding control protocol (PFCP) interface, extract a permanent ID and a first user plane tunnel endpoint identifier (TEID) from the first message, store the permanent ID and the first user plane TEID in a PFCP protocol data unit (PDU) session record, store the permanent ID in a session details record, capture a second message transmitted over a user plane interface after the first message is transmitted, extract a second user plane TEID from the second message, wherein the second user plane TEID matches the first user plane TEID, and retrieve the session details record using the second user plane TEID.
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. The medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to identify a user database record associated with a user equipment (UE) using a mobile identity (ID), associate a Next Generation application protocol (NGAP) session with the user database record using an NGAP ID, capture a ciphered message associated with the NGAP session, decipher the ciphered message associated with the NGAP session, extract, from the deciphered message, session details associated with the UE, and store the session details in a session detail record.
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some aspects, the non-transitory computer readable medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a transaction transmitted over an N12 interface, extract, from the transaction, one of an expected response (XRES) or an authentication token (AUTN), a user identifier (ID), and a cipher key, capture a first message transmitted over an N1 interface, and determine that the first message is associated with the user ID and the cipher key extracted from the transaction.
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some aspects, the non-transitory computer readable medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a transaction transmitted over an N12 interface, extract, from the transaction, one of an expected response (XRES) or an authentication token (AUTN), a user identifier (ID), and a cipher key, capture a first message transmitted over an Nl interface, and determine that the first message is associated with the user ID and the cipher key extracted from the transaction.
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. The medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to identify a user database record associated with a user equipment (UE) using a mobile identity (ID), associate a Next Generation application protocol (NGAP) session with the user database record using an NGAP ID, capture a ciphered message associated with the NGAP session, decipher the ciphered message associated with the NGAP session, extract, from the deciphered message, session details associated with the UE, and store the session details in a session detail record.
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. In some aspects, the non-transitory computer readable medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to capture a transaction transmitted over an N12 interface, extract, from the transaction, one of an expected response (XRES) or an authentication token (AUTN), a user identifier (ID), and a cipher key, capture a first message transmitted over an N1 interface, and determine that the first message is associated with the user ID and the cipher key extracted from the transaction.
An illustrative embodiment disclosed herein is a non-transitory computer readable medium. The medium includes instructions for providing a mobile user monitoring solution that, when executed by a processor, cause the processor to identify a user database record associated with a user equipment (UE) using a mobile identity (ID), associate a Next Generation application protocol (NGAP) session with the user database record using an NGAP ID, capture a ciphered message associated with the NGAP session, decipher the ciphered message associated with the NGAP session, extract, from the deciphered message, session details associated with the UE, and store the session details in a session detail record.
09 - Scientific and electric apparatus and instruments
37 - Construction and mining; installation and repair services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Downloadable computer network performance and cybersecurity software; computer hardware; none of the aforementioned goods being for cryptocurrency, blockchain technology, non-fungible tokens, web3 services, or domain name registration services IT consulting services relating to installation, maintenance and repair of computer hardware; none of the aforementioned services being for cryptocurrency, blockchain technology, non-fungible tokens, web3 services, or domain name registration services IT consulting services relating to installation, maintenance and repair of computer software; Software as a service (SAAS) services featuring software for network performance and security monitoring; Platform as a service (PAAS) featuring computer software platforms for network performance and security monitoring; computer software design services; Computer software design; Design, development and implementation of software; providing online non-downloadable computer software for network performance and security functions; none of the aforementioned services being for cryptocurrency, blockchain technology, non-fungible tokens, web3 services, or domain name registration services
Generating synthetic transactions with packets is provided. A synthetic transaction generator can store, in a packet capture trace file, packets corresponding to a test of a service provided through a network. The synthetic transaction generator can transmit the packet capture trace file to a data processing system to cause the data processing system to play or analyze the packet capture trace file to evaluate the performance of the service provided by the service provider.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
G06F 15/173 - Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star or snowflake
G06F 17/00 - Digital computing or data processing equipment or methods, specially adapted for specific functions
Generating synthetic transactions with packets is provided. A synthetic transaction generator can store, in a packet capture trace file, packets corresponding to a test of a service provided through a network. The synthetic transaction generator can transmit the packet capture trace file to a data processing system to cause the data processing system to play or analyze the packet capture trace file to evaluate the performance of the service provided by the service provider.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
G06F 15/173 - Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star or snowflake
G06F 17/00 - Digital computing or data processing equipment or methods, specially adapted for specific functions
Generating synthetic transactions with packets is provided. A synthetic transaction generator can store, in a packet capture trace file, packets corresponding to a test of a service provided through a network. The synthetic transaction generator can transmit the packet capture trace file to a data processing system to cause the data processing system to play or analyze the packet capture trace file to evaluate the performance of the service provided by the service provider.
A system and method for monitoring one or more Mobility Management Entities (MMEs) with a plurality of scalable Virtual Machines (VM)/probes arranged in a cluster format. A ciphered packet is received from a MME at a smart cluster device/probe whereby data is aggregated from the individual clustered VMs/probes for distribution to a monitoring device. The smart cluster device/probe is preferably configured to decipher the ciphered packet received from the MME and extract metadata from the deciphered packet to identify subscriber information for the received packet. The deciphered packet is then distributed to one of the plurality of clustered probes to balance the load amongst the plurality of clustered probes. The balancing of loads is based upon prescribed load balancing criteria such that each packet received for an identified subscriber is sent to a same probe such that load balancing is performed on a per subscriber basis and/or with other state-based criteria. KPI session related data associated with a subscriber is generated in a clustered probe that receives the distributed packet from the smart cluster device/probe. Subscriber related data from each clustered probe is then aggregated with at least one monitoring device operably coupled to the clustered probes such that a user of the monitoring device is provided with the perception that the monitoring device is coupled to a single probe.
09 - Scientific and electric apparatus and instruments
Goods & Services
Downloadable computer software and hardware for managing
networks, including cloud, mobile, private, public, hybrid
networks, and applications in the field of cyber
intelligence, security, network and application integrity,
threat data, threat detection, and analytics of all the
foregoing; downloadable cloud based computer software for
managing networks, including cloud, mobile, private, public,
hybrid networks, and applications in the field of cyber
intelligence, security, network and application integrity,
threat data, threat detection, and analytics of all the
foregoing, none of the aforementioned goods being for
medical or cosmetic use or for use in relation to
biofeedback devices.
56.
Real-time adaptive processing of network data packets for analysis
A network monitoring system that summarizes a plurality of data packets of a session into a compact session record for storage and processing. Each session record may be produced in real-time and made available during the session and/or after the termination of the session. Depending on protocols, a network monitoring system extracts different sets of information, removes redundant information from the plurality of data packets, and adds performance information to produce the session record. The network monitoring system may retrieve and process a single session record or multiple session records for the same or different protocols to determine cause of events, resolve issues in a network or evaluate network performance or conditions. The session record enables analysis in the units of session instead of individual packets. Hence, the network monitoring system can analyze events, issues or performance of the network more efficiently and effectively.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Software as a service (saas), namely, software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; non-downloadable cloud based computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; platform as a service (paas), namely, providing online computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Software as a service (saas) services featuring software for managing networks, including cloud, mobile, private, public, hybrid networks, and software applications, all in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; Providing temporary use of non-downloadable cloud based computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and software applications, all in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; platform as a service (paas) featuring online computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and software applications, all in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Software as a service (saas), namely, software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; non-downloadable cloud based computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; platform as a service (paas), namely, providing online computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Software as a service (saas), namely, software as a service featuring software for monitoring and management of performance and availability of software applications; software as a service, namely, software as a service for analyzing wireless, cable, and wireline service performance; software as a service for analyzing computer network performance; design and development of computer hardware and computer software; computer services, namely, creating indexes of information, sites and other resources available on computer networks; computer services, namely, monitoring, testing, analyzing, and reporting on the Internet traffic control and content control of the websites of others; computer services, namely, providing search engines for obtaining data on a global computer network; computer virus protection services; consulting services in the field of application and network performance management; computer software consulting; computer consultation, installation, repair and maintenance of computer software; technical support services, namely, troubleshooting computer software problems; technical support services, namely, monitoring technological functions of computer network systems.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Software as a service (saas), namely, software as a service featuring software for monitoring and management of performance and availability of software applications; software as a service, namely, software as a service for analyzing wireless, cable, and wireline service performance; software as a service for analyzing computer network performance; design and development of computer hardware and computer software; computer services, namely, creating indexes of information, sites and other resources available on computer networks; computer services, namely, monitoring, testing, analyzing, and reporting on the Internet traffic control and content control of the websites of others; computer services, namely, providing search engines for obtaining data on a global computer network; computer virus protection services; consulting services in the field of application and network performance management; computer software consulting; computer consultation, installation, repair and maintenance of computer software; technical support services, namely, troubleshooting computer software problems; technical support services, namely, monitoring technological functions of computer network systems.
62.
System and method for repurposing layer 2 switch as a layer 1 switch
A computer-implemented method for repurposing one or more software configurable layer 2 switches in an IP (Internet Protocal) computer network to function as a layer 1 switch. Ternary Content-Addressable Memory (TCAM) is reconfigured in each of the one or more layer 2 switches and one or more pipeline engines are routed to emulate layer 1 switching functionality in each of the one or more layer 2 switches.
H04L 12/28 - Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
H04L 69/08 - Protocols for interworkingProtocol conversion
H04L 69/321 - Interlayer communication protocols or service data unit [SDU] definitionsInterfaces between layers
H04L 69/323 - Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the physical layer [OSI layer 1]
H04L 69/324 - Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the data link layer [OSI layer 2], e.g. HDLC
63.
Systems and methods for improving communications network performance using video session data
A method for assessing and improving network performance using video session data. Control plane signaling data comprising geographic location data from network monitoring equipment connected to a communications network is collected. Video session data comprising data of a plurality of video sessions from video monitoring equipment connected to the communications network is collected. The plurality of video sessions are associated with a plurality of mobile devices streaming videos on the respective mobile device across the communications network. The video session data and control plane signaling data within a cell of the communications network is correlated. The correlated data is provided to a communications network provider. The communications network is reorganized according to the correlated data.
H04N 21/647 - Control signaling between network components and server or clientsNetwork processes for video distribution between server and clients, e.g. controlling the quality of the video stream, by dropping packets, protecting content from unauthorised alteration within the network, monitoring of network load or bridging between two different networks, e.g. between IP and wireless
H04L 41/5003 - Managing SLAInteraction between SLA and QoS
Decrypting synthetic transactions with beacon packets is provided. A probe receives, from a client device, a start beacon packet that identifies a test of a service provided by one or more servers. The probe establishes, responsive to receipt of the start beacon packet, a log for the test. The probe stores, in the log established responsive to the start beacon packet, data packets transmitted between the client device and the one or more servers subsequent to the start beacon packet and encrypted with a key using a security protocol. The probe receives, from the client device, key information used to decrypt the data packets of the test encrypted with the key using the security protocol. The probe provides at least one of the data packets for evaluation or decryption using the key information to determine a performance of the service.
Decrypting synthetic transactions with beacon packets is provided. A probe receives, from a client device, a start beacon packet that identifies a test of a service provided by one or more servers. The probe establishes, responsive to receipt of the start beacon packet, a log for the test. The probe stores, in the log established responsive to the start beacon packet, data packets transmitted between the client device and the one or more servers subsequent to the start beacon packet and encrypted with a key using a security protocol. The probe receives, from the client device, key information used to decrypt the data packets of the test encrypted with the key using the security protocol. The probe provides at least one of the data packets for evaluation or decryption using the key information to determine a performance of the service.
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Software as a service (SAAS) services featuring software for monitoring and management of performance and availability of software applications; software as a service (SAAS) services featuring software for analyzing wireless, cable, and wireline service performance of computer networks; software as a service (SAAS) services featuring software for analyzing computer network performance; design and development of computer hardware and computer software; computer services, namely, creating computer network-based indexes of information, websites and resources; computer services, namely, monitoring, testing, analyzing, and reporting on the internet traffic control and content control of the websites of others; computer services, namely, providing search engines for obtaining data on a global computer network; computer virus protection services; consulting in the field of configuration management of computer application software; computer technology consultancy in the field of application and network performance management; computer software consulting; computer technology consultancy; computer security consultancy; computer programming consultancy; installation, repair and maintenance of computer software; technical support services, namely, troubleshooting computer software problems; technical support services, namely, monitoring technological functions of computer network systems, provided that none of the aforementioned services relate to humanitarian services or fundraising in connection with medical or health care services, international relief projects, or targeted to assisting victims of disasters and conflicts in underdeveloped countries, or concerned with promoting public awareness of populations at risk.
67.
Radio access network service mediated enhanced session records for artificial intelligence or machine learning
A computer-implemented method of monitoring a radio access network (RAN) is provided. The method includes receiving access stratum data that is a function of cell trace records (CTRs) associated with wireless communication transported to or from one or more cells of the RAN, wherein the CTRs are obtained at a granularity sufficient to detect one or more events, the events defining a segment or occurring during a segment, wherein a segment is defined by the beginning, end, or any handovers of a call included in the wireless communication. The method further includes detecting in the access stratum data one or more state transitions as indicated by the events and outputting an enhanced session record (ESR) including information processed from the access stratum data associated with the respective one or more detected state transitions.
A system and method of accessing a container environment having one or more containers is provided. The method of the disclosure includes receiving the container network namespace assigned to the container as established in a container runtime, switching from a host container network namespace to the container network namespace of the container, opening the container network interface of the container network namespace for allowing access to packets received or transmitted by the container network interface, and accessing the packets.
09 - Scientific and electric apparatus and instruments
Goods & Services
(1) Computer software and hardware for managing networks, namely cloud, mobile, private, public, hybrid networks, and computer application software used for the detection, analysis, mitigation and management issued related to cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing, none of the aforementioned goods being for medical or cosmetic use or for use in relation to biofeedback devices; downloadable cloud based computer software for managing networks, namely cloud, mobile, private, public, hybrid networks, and computer application software used for the detection, analysis, mitigation and management issued related to cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing, none of the aforementioned goods being for medical or cosmetic use or for use in relation to biofeedback devices.
70.
Processing paging requests messages in a wireless communication system
A network node device in a communication system in which a data packet stream is received in the network monitoring node device having a Paging Message packet that is sent from a network node device. The identity of a User Equipment (UE) associated with the received Paging Message packet is then determined. A determination is then made if Paging Message information associated with the determined UE is stored in memory associated with the network monitoring device, whereupon the received Paging Message packet is filtered from the received data packet stream in the event previous Paging Message information was determined to be associated with the determined UE device in the memory. Additionally, Paging Message information is stored in the memory in the event there are no Paging Message packets stored in the memory associated with the determined UE device.
09 - Scientific and electric apparatus and instruments
Goods & Services
Computer software and hardware for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; downloadable cloud based computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; none of the aforementioned goods being for medical or cosmetic use or for use in relation to biofeedback devices.
A system and computer-implemented method of managing botnet attacks to a computer network is provided. The system and method includes receiving a DNS request included in network traffic, each DNS request included in the network traffic and including a domain name of a target host and identifying a source address of a source host, wherein the translation of the domain name, if translated, provides an IP address to the source host that requested the translation. The domain name of the DNS request is compared to a botnet domain repository, wherein the botnet domain repository includes one or more entries, each entry having a confirmation indicator that indicates whether the entry corresponds to a confirmed botnet. If determined by the comparison that the domain name of the DNS request is included in the botnet domain repository, then the source address of the DNS request is stored or updated in an infected host repository and a control signal is output to cause any future network traffic from the source address to be diverted to an administrator configured address. Each source address stored in the infected host repository identifies a host known to be infected.
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
A computer implemented method for determining the identity of an Over-the Top (OTT) application or service being accessed over the Internet from a HTTP, HTTPS or QUIC connection request received in a network monitoring device. Determine if one or more entries are present in the received connection request have an IP address that matches a known server IP address. A determination is then made as to whether if the received connection request is one of a HTTP, HTTPS or QUIC connection request, and if this cannot be determined than determine if a subject field in the received connection request is available. And determine if a candidate domain name is available from IP cache created from one or more of the above steps if a subject field is not available in the received connection request. Identify and categorize OTT applications associated with the received connection request if it is determined: the connection is either a HTTP, HTTPS or QUIC connection type; a subject field is available; or a candidate domain name is available utilizing a lookup table that is periodically updated with new OTT applications.
09 - Scientific and electric apparatus and instruments
Goods & Services
Downloadable computer software and hardware for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; downloadable cloud based computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing, none of the aforementioned goods being for medical or cosmetic use or for use in relation to biofeedback devices
75.
Matching user and control plane data in a network system using control and user plane separation
A system having a network monitor communicating with U and C probes monitoring SGW-U and SGW-Cs. The U probes buffer captured user plane packets from which they determine new sessions and send new session data to the network monitor, the new session data including an IP address pair of the corresponding U probe and SGW-U. The C probes inspect captured control plane packets, determine control plane packets having a same IP address as an SGW-U in the new session data, and send associated control data to a particular U probe having the IP address paired with the IP address of the SGW-U, wherein the particular U probe correlates the control data with buffered user plane packets and generates associated monitoring data.
A system and method for monitoring one or more Mobility Management Entities (MMEs) with a plurality of scalable Virtual Machines (VM)/probes arranged in a cluster format. A ciphered packet is received from a MME at a smart cluster device/probe whereby data is aggregated from the individual clustered VMs/probes for distribution to a monitoring device. The smart cluster device/probe is preferably configured to decipher the ciphered packet received from the MME and extract metadata from the deciphered packet to identify subscriber information for the received packet. The deciphered packet is then distributed to one of the plurality of clustered probes to balance the load amongst the plurality of clustered probes. The balancing of loads is based upon prescribed load balancing criteria such that each packet received for an identified subscriber is sent to a same probe such that load balancing is performed on a per subscriber basis and/or with other state-based criteria. KPI session related data associated with a subscriber is generated in a clustered probe that receives the distributed packet from the smart cluster device/probe. Subscriber related data from each clustered probe is then aggregated with at least one monitoring device operably coupled to the clustered probes such that a user of the monitoring device is provided with the perception that the monitoring device is coupled to a single probe.
A system and method for monitoring one or more Mobility Management Entities (MMEs) with a plurality of scalable network probe devices arranged in a cluster format. A ciphered packet is received from one or more MMEs at a packet switching device. The packet switching device in turn sends all the ciphered packets to each of the plurality of clustered probes. Each of the network probes then in turn deciphers the packets received from the MME and extracts metadata from the deciphered packet to identify subscriber session information contained in the received packet. Each of the network probes then selectively retains deciphered packet information relating to a subscriber session and/or other prescribed criteria designated for that particular network probe and discards the remaining deciphered packet or portions of the packet so as to balance the load amongst the plurality of probes based upon prescribed load balancing criteria. KPI and other session related data is generated in a network probe associated with a subscriber session from the retained deciphered packet information. Subscriber session related data from each clustered network probe is then aggregated with at least one monitoring device operably coupled to the clustered probes such that a user of the monitoring device is provided with the perception that the monitoring device is coupled to a single probe.
A system for selective user plane (UP) monitoring includes a service gateway (SGW) having a plurality of units. The system further includes a network packet broker (NPB) configured to receive packets including UP data from tunnels created to enable transmission of the UP packets from UE to the plurality of SGW units. The NPB is also configured to receive packets including control plane (CP) data from channels enabling transmission of the CP packets from a base transceiver station to the SGW. The system also includes a plurality of probes operatively coupled to the NPB. The probes are configured to generate first metrics associated with the received CP packets and to selectively generate second metrics associated with the received UP packets based on one or more identifiers. The NPB is configured to forward UP packets being processed by a particular SGW unit to a particular probe of the plurality of probes.
09 - Scientific and electric apparatus and instruments
16 - Paper, cardboard and goods made from these materials
35 - Advertising and business services
41 - Education, entertainment, sporting and cultural services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer hardware; computer software, namely, computer software for monitoring and management of performance and availability of software applications; computer software, namely, computer software for analyzing wireless, cable, and wireline service performance; computer software for analyzing computer network performance; Telecommunications hardware devices, namely, switches and servers and software for transporting voice, data and video communications across multiple network infrastructures and communications protocols; Telecommunications Network test equipment, namely, servers and switches and parts therefor and testing software relating thereto, for use in operation support systems for billing, fraud prevention, marketing, service quality assurance, network management, early warning and troubleshooting; Computer software for collection, storage, analysis and re-assembly of data traffic over computer and communications networks; computer utility software; computer software for network intrusion detection applications; computer software for network management; and manuals provided together with each of the foregoing goods; Computer hardware and software for collection, storage, analysis and re-assembly of data traffic over computer and communications networks; computer utility software and hardware for supporting the utility of the computer infrastructure; computer hardware and software for monitoring network and system activities for network intrusion activity; computer hardware and software for use in network management; and manuals therewith sold as a unit; Computer hardware and software for managing computer networks, namely, hardware and software to monitor, analyze, identify, report, troubleshoot, and forecast the performance and efficiency of application and content delivery over network infrastructures; computer software that manages switches that direct packet flows used in network testing; computer software for use on local area networks and wide area networks to analyze network information traffic for the purpose of measuring network performance and isolating and diagnosing errors, delays and faults; downloadable electronic publications in the nature of research reports in the field of information and telecommunications technology. Printed publications in the nature of research reports in the field of information and telecommunications technology. Business consulting services in the field of managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing. Education and training services, namely, conducting classes, seminars, and workshops and training in the field of application and network performance management. Software as a service (saas) services, namely, software as a service featuring software for monitoring and management of performance and availability of software applications; software as a service, namely, software as a service for analyzing wireless, cable, and wireline service performance; software as a service for analyzing computer network performance; design and development of computer hardware and computer software; consulting services in the field of application and network performance management; computer software consulting; computer consultation; installation, repair and maintenance of computer software; technical support services, namely, troubleshooting computer software problems; technical support services, namely, monitoring technological functions of computer network systems; platform as a service featuring software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; software as a service featuring software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing.
09 - Scientific and electric apparatus and instruments
16 - Paper, cardboard and goods made from these materials
35 - Advertising and business services
37 - Construction and mining; installation and repair services
41 - Education, entertainment, sporting and cultural services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Computer hardware; computer software, namely, computer software for monitoring and management of performance and availability of software applications; computer software, namely, computer software for analyzing wireless, cable, and wireline service performance; computer software for analyzing computer network performance; Telecommunications hardware devices, namely, switches and servers and software for transporting voice, data and video communications across multiple network infrastructures and communications protocols; Telecommunications Network test equipment, namely, servers and switches and parts therefor and testing software relating thereto, for use in operation support systems for billing, fraud prevention, marketing, service quality assurance, network management, early warning and troubleshooting; Computer software for collection, storage, analysis and re-assembly of data traffic over computer and communications networks; computer utility software; computer software for network intrusion detection applications; computer software for network management; and manuals provided together with each of the foregoing goods; Computer hardware and software for collection, storage, analysis and re-assembly of data traffic over computer and communications networks; computer utility software and hardware for supporting the utility of the computer infrastructure; computer hardware and software for monitoring network and system activities for network intrusion activity; computer hardware and software for use in network management; and manuals therewith sold as a unit; Computer hardware and software for managing computer networks, namely, hardware and software to monitor, analyze, identify, report, troubleshoot, and forecast the performance and efficiency of application and content delivery over network infrastructures; computer software that manages switches that direct packet flows used in network testing; computer software for use on local area networks and wide area networks to analyze network information traffic for the purpose of measuring network performance and isolating and diagnosing errors, delays and faults; downloadable electronic publications in the nature of research reports in the field of information and telecommunications technology; computer software and hardware for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; downloadable cloud based computer software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing. Printed publications in the nature of research reports in the field of information and telecommunications technology. Business consulting services in the field of managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing. Installation and repair of computer hardware; customizing computer hardware; maintenance of computer hardware. Education and training services, namely, conducting classes, seminars, and workshops and training in the field of application and network performance management. Software as a service (saas) services, namely, software as a service featuring software for monitoring and management of performance and availability of software applications; software as a service, namely, software as a service for analyzing wireless, cable, and wireline service performance; software as a service for analyzing computer network performance; design and development of computer hardware and computer software; consulting services in the field of application and network performance management; computer software consulting; computer consultation; installation, repair and maintenance of computer software; technical support services, namely, troubleshooting computer software problems; technical support services, namely, monitoring technological functions of computer network systems; platform as a service featuring software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; software as a service featuring software for managing networks, including cloud, mobile, private, public, hybrid networks, and applications in the field of cyber intelligence, security, network and application integrity, threat data, threat detection, and analytics of all the foregoing; Technical support services, namely, troubleshooting in the nature of repair of computer hardware.
81.
Optimizing radio cell quality for capacity and quality of service using machine learning techniques
A method for optimizing a radio access network includes receiving at least one area of the radio access network to be analyzed from a user and receiving a desired outcome from a user. A plurality of network monitoring parameters related to a user requested analysis is identified. The identified plurality of network monitoring parameters is correlated. A root cause analysis is performed using an automated classification model based on the correlated plurality of network monitoring parameters. A recommendation related to the desired outcome is generated based on the performed root cause analysis.
A system for performing computer network service chain analytics includes network-connected devices containing a plurality of virtual network functions having elements and a data model for storing a plurality of metrics related to the plurality of virtual network functions and a service chain intelligence engine in communication with the one or more network-connected devices and the data model. The memory device contains a set of instructions that causes a processor to analyze the plurality of virtual network functions to automatically identify one or more service chains, to automatically determine, using the data model, performance behavior characteristics of each element for each of the identified service chains and to automatically generate an alarm, in response to determining that the performance behavior characteristics of one or more elements of at least one of the identified one or more service chains does not meet a predefined set of the performance behavior characteristics.
A method for detecting user triggered call drops includes identifying one or more user terminated calls from a plurality of monitored calls. Signaling information associated with the identified user terminated calls is correlated with media channel information associated with the identified user terminated calls. A determination is made if termination of the one or more of the identified user terminated calls is related to quality of media across corresponding media channels. A predefined cause code is assigned to the one or more of the identified user terminated calls, in response to determining that the termination of the one or more of the identified user terminated calls is related to the quality of media across the corresponding media channels.
A method for deriving geolocation of a mobile device within a coverage area of a cellular communication network includes receiving pathloss data and measurement data associated with a plurality of individual sectors within a plurality of individual cells of the cellular communication network. Each of the plurality of individual sectors includes a plurality of geographic bins. Reception power measurements are determined for each of the plurality of geographic bins. A plurality of maps is generated for each of the plurality of individual sectors based on at least one characteristic included in the received pathloss data or measurement data or based on the determined one or more reception power measurements. Geolocation of the mobile device is determined based on the generated plurality of maps.
A method for determining Over-The-Top (OTT) applications includes receiving, by an active agent, a list of OTT service platforms to be monitored. The received list includes URLs associated with various applications that are delivered by the OTT service platforms. The active agent connects to the URLs to determine information uniquely identifying OTT applications. The active agent stores the information in a repository. A network monitor monitors data flows between a plurality of sources and destinations on a network. Each of the data flows includes a plurality of data packets of the various applications that are delivered OTT. The network monitor extracts at least a portion of header information from each of monitored data packets. The network monitor identifies an OTT application occurring on the network based on the extracted header information and based on the information uniquely identifying various applications stored in the repository.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 12/24 - Arrangements for maintenance or administration
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
86.
Cloud computing environment system for automatically determining over-the-top applications and services
A cloud computing system for determining Over-The-Top (OTT) applications includes a cloud computing environment partitioned into a plurality of partitions. The cloud partitions include at least a first wireless network operator's cloud, a second wireless network operator's cloud and a shared partition configured to receive and store information uniquely identifying OTT applications supported by at least one of the first and second wireless network operators. The system further includes a plurality of active agents. Each active agent receives a list of OTT service platforms supported by a corresponding wireless network operator. The received list includes a plurality of URLs associated with various applications that are delivered by the OTT service platforms. The active agent(s) connect to the plurality of URLs to determine information uniquely identifying each of the OTT applications and to store the information in the shared partition of the cloud computing environment.
A method for determining Over-The-Top (OTT) applications includes receiving, by an active agent, a list of OTT service platforms to be monitored. The received list includes URLs associated with various applications that are delivered by the OTT service platforms. The active agent connects to the URLs to determine information uniquely identifying OTT applications. The active agent stores the information in a repository. A network monitor monitors data flows between a plurality of sources and destinations on a network. Each of the data flows includes a plurality of data packets of the various applications that are delivered OTT. The network monitor extracts at least a portion of header information from each of monitored data packets. The network monitor identifies an OTT application occurring on the network based on the extracted header information and based on the information uniquely identifying various applications stored in the repository.
A cloud computing system for determining Over-The-Top (OTT) applications includes a cloud computing environment partitioned into a plurality of partitions. The cloud partitions include at least a first wireless network operator's cloud, a second wireless network operator's cloud and a shared partition configured to receive and store information uniquely identifying OTT applications supported by at least one of the first and second wireless network operators. The system further includes a plurality of active agents. Each active agent receives a list of OTT service platforms supported by a corresponding wireless network operator. The received list includes a plurality of URLs associated with various applications that are delivered by the OTT service platforms. The active agent(s) connect to the plurality of URLs to determine information uniquely identifying each of the OTT applications and to store the information in the shared partition of the cloud computing environment.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
A plurality of data packets is received from a wireless communication system. At least one of SIP signaling messages and S1-AP signaling messages associated with calls being made or attempted in the wireless communication system are analyzed for a specified time period to identify one or more dropped calls. At least one of SIP signaling error codes and S1-AP signaling cause codes associated with the identified dropped calls are analyzed to identify one or more call drop reasons. An ASI data set is generated based on the analysis of the at least one of the SIP signaling messages and the S1-AP signaling messages and based on the analysis of the at least one of the SIP signaling error codes and the S1-AP signaling cause codes.
A system for selective user plane (UP) monitoring includes a service gateway (SGW) having a plurality of units. The system further includes a network packet broker (NPB) configured to receive packets including UP data from tunnels created to enable transmission of the UP packets from UE to the plurality of SGW units. The NPB is also configured to receive packets including control plane (CP) data from channels enabling transmission of the CP packets from a base transceiver station to the SGW. The system also includes a plurality of probes operatively coupled to the NPB. The probes are configured to generate first metrics associated with the received CP packets and to selectively generate second metrics associated with the received UP packets based on one or more identifiers. The NPB is configured to forward UP packets being processed by a particular SGW unit to a particular probe of the plurality of probes.
A method for continuous data anomaly detection includes identifying a period of time covered by metrics data stored in a repository. The stored metrics data is categorized into a plurality of non-overlapping time segments. Statistical analysis of the stored metrics data is performed based on the identified period of time. A range of acceptable metric values is dynamically generated based on the performed statistical analysis.
A system for selective user plane monitoring includes a network packet broker (NPB) configured to receive a plurality of packets including user plane data from one or more tunnels created to enable direct transmission of the user plane packets from user equipment to a service getaway (SGW). The NPB is also configured to receive a plurality of packets including control plane data from one or more channels created to enable transmission of the control plane packets from a base transceiver station to the SGW. The system further includes a monitoring probe operatively coupled to the NPB. The monitoring probe is configured to generate a first plurality of metrics associated with the received control plane packets and configured to selectively generate a second plurality of metrics associated with the received user plane packets based on one or more identifiers.
A system and computer-implemented method to manage alerts, wherein the method includes receiving anomaly triggers associated with detected anomalies, associating an anomaly trigger of the received anomaly triggers with an alert, tracking the alert using a state machine, determining whether to change a state of the state machine if a subsequent anomaly trigger associated with the alert is received or if a predetermined amount of time passes without receiving trigger information, and generating an alarm based on the state of the state machine.
A system and computer-implemented method to test end-to-end performance of a server, wherein the method includes transmitting from a processing device of a remote test system, to at least one monitor device, a proxy-based test for execution by the at least one monitor device to emulate end-user communication using a protocol via one or more networks with a web-based server coupled to the at least one monitor device. The method further includes receiving by the processing device, from the at least one monitor device, responses by the web-based server to the proxy-based test, and performing by the processing device automated web application testing to measure characteristics of communication between the at least one monitor device and the web-based server, the communication including user-emulated messages from the at least one monitor device executing the proxy-based test to the web-based server and corresponding responses from the web-based server.
A method for determining a location of a device in a wireless network includes transmitting a digital transmit signal from a digital transmitter including a first antenna. The first antenna is configured to transmit the digital transmit signal to two or more receivers. A first receiver including a second antenna and a second receiver including a third antenna receive the digital transmit signal from the digital transmitter. The digital transmit signal arrives at the receivers at two different time instances as a first digital signal and a second digital signal. A comparison of the digital signals is performed at the processor. A time difference of arrival of the digital signals is determined at the processor based on the performed comparison. The direction of travel of the digital transmit signal is estimated at the processor. A bearing to the digital transmitter is determined.
H04B 1/00 - Details of transmission systems, not covered by a single one of groups Details of transmission systems not characterised by the medium used for transmission
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
96.
Automatic calibration of geolocation analytic systems and operator network equipment parameters
A method for calibrating geolocation analytic system in a wireless network includes receiving a first data set including measurement data associated with a mobile device connected to the wireless network from a first data source. A second data set comprising external geo-location data associated with the mobile device is received from a second data source. The first data set is compared to the second data set to estimate geo-location of the mobile device and to identify one or more errors using calibration function. The identified one or more errors are corrected based on the comparison.
H04W 4/02 - Services making use of location information
G01S 5/02 - Position-fixing by co-ordinating two or more direction or position-line determinationsPosition-fixing by co-ordinating two or more distance determinations using radio waves
H04B 17/27 - MonitoringTesting of receivers for locating or positioning the transmitter
H04W 24/02 - Arrangements for optimising operational condition
A method for calibrating geolocation analytic system in a wireless network includes receiving a first data set including measurement data associated with a mobile device connected to the wireless network from a first data source. A second data set comprising external geo-location data associated with the mobile device is received from a second data source. The first data set is compared to the second data set to estimate geo-location of the mobile device and to identify one or more errors using calibration function. The identified one or more errors are corrected based on the comparison.
G01S 1/00 - Beacons or beacon systems transmitting signals having a characteristic or characteristics capable of being detected by non-directional receivers and defining directions, positions, or position lines fixed relatively to the beacon transmittersReceivers co-operating therewith
H04W 4/029 - Location-based management or tracking services
H04W 64/00 - Locating users or terminals for network management purposes, e.g. mobility management
98.
Efficient storage and querying of time series metrics
A method for processing time series measurement data is provided. Data including a plurality of network performance metrics is received over a plurality of time periods. The received data is written to a plurality of measure data structures. The measure data structures are stored to a two dimensional array having a first dimension and a second dimension. The first dimension represents time and the second dimension represents a plurality of network entities. Elements of the two-dimensional array are compressed into BLOBs. Each one of the BLOBS is associated with a time period and a measure type associated with the data stored within a corresponding BLOB. The BLOBS are stored in a first table and second table. The first table is indexed by a combination of a network entity and a time period. The second table is indexed by a combination of a network performance metric and a network entity.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Software as a service (saas), namely, software as a service featuring software for monitoring and management of performance and availability of software applications; software as a service, namely, software as a service for analyzing wireless, cable, and wireline service performance; software as a service for analyzing computer network performance; design and development of computer hardware and computer software; computer services, namely, creating indexes of information, sites and other resources available on computer networks; computer services, namely, monitoring, testing, analyzing, and reporting on the Internet traffic control and content control of the websites of others; computer services, namely, providing search engines for obtaining data on a global computer network; computer virus protection services; consulting services in the field of application and network performance management; computer software consulting; computer consultation, installation, repair and maintenance of computer software; technical support services, namely, troubleshooting computer software problems; technical support services, namely, monitoring technological functions of computer network systems.
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Software as a service (saas), namely, software as a service featuring software for monitoring and management of performance and availability of software applications; software as a service, namely, software as a service for analyzing wireless, cable, and wireline service performance; software as a service for analyzing computer network performance; design and development of computer hardware and computer software; computer services, namely, creating indexes of information, sites and other resources available on computer networks; computer services, namely, monitoring, testing, analyzing, and reporting on the Internet traffic control and content control of the websites of others; Computer services, namely, providing search engines for obtaining data on a global computer network; computer virus protection services; consulting services in the field of application and network performance management; computer software consulting; computer consultation, installation, repair and maintenance of computer software; technical support services, namely, troubleshooting computer software problems; technical support services, namely, monitoring technological functions of computer network systems.
