公开(公告)号：US20170150426A1

公开(公告)日：2017-05-25

申请号：US15369153

申请日：2016-12-05

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04W48/16 ,  H04W24/08 ,  H04W4/14 ,  H04W8/26 ,  H04W60/04

CPC classification number: H04W48/16 ,  H04W4/14 ,  H04W8/02 ,  H04W8/26 ,  H04W12/12 ,  H04W24/08 ,  H04W60/04

Abstract: A rogue base station detection system that receives communication that is exchanged in accordance with a communication protocol between one or more base stations and one or more communication terminals and detects a presence of a rogue base station based on detecting a signaling message that appears more than once in the communication, even though the signaling message is expected to appear only once in accordance with the communication protocol.

公开(公告)号：US09578462B2

公开(公告)日：2017-02-21

申请号：US14924882

申请日：2015-10-28

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04W24/00 ,  H04W4/02 ,  H04M1/725 ,  H04W40/00

CPC classification number: H04W4/026 ,  H04M1/72519 ,  H04W4/02 ,  H04W4/025 ,  H04W40/00 ,  H04W84/042 ,  H04W84/12 ,  H04W88/06

Abstract: Methods and systems for tracking mobile communication terminals based on their identifiers. The disclosed techniques identify cellular terminals and Wireless Local Area Network (WLAN) terminals that are likely to be carried by the same individual, or cellular and WLAN identifiers that belong to the same multi-mode terminal. A correlation system is connected to a cellular network and to a WLAN. The system receives location coordinates of cellular identifiers used by mobile terminals in the cellular network, and location coordinates of WLAN identifiers used by mobile terminals in the WLAN. Based on the location coordinates, the system is able to construct routes that are traversed by the terminals having the various cellular and WLAN identifiers. The system attempts to find correlations in time and space between the routes.

Abstract translation: 基于其标识符跟踪移动通信终端的方法和系统。 所公开的技术标识可能由属于相同多模终端的相同个人或蜂窝和WLAN标识符承载的蜂窝终端和无线局域网（WLAN）终端。 相关系统连接到蜂窝网络和WLAN。 系统接收移动终端在蜂窝网络中使用的蜂窝标识符的位置坐标，以及移动终端在WLAN中使用的WLAN标识符的位置坐标。 基于位置坐标，系统能够构建由具有各种蜂窝和WLAN标识符的终端遍历的路由。 系统尝试在路由之间找到时间和空间的相关性。

公开(公告)号：US09426777B2

公开(公告)日：2016-08-23

申请号：US14604263

申请日：2015-01-23

Applicant: Verint Systems Ltd.

Inventor： Gustavo Litmanovich ,  Eithan Goldfarb

IPC: H04W64/00 ,  H04W16/18 ,  G01S5/02

CPC classification number: H04W64/006 ,  G01S5/0252 ,  H04W16/18

Abstract: Systems and methods for fine-resolution mapping of cellular network coverage and capacity are described herein. An example method can include passively monitoring communication of multiple communication terminals in a cellular communication network, extracting from the monitored communication multiple data points and cell identifiers, and mapping an actual geographical coverage of at least a given cell of the cellular network based on the multiple data points. In particular, the multiple data points can comprise geographical positions that are measured and reported by the communication terminals while served by respective cells of the cellular communication network.

Abstract translation: 本文描述了用于蜂窝网络覆盖和容量的精细分辨率映射的系统和方法。 示例性方法可以包括被动地监视蜂窝通信网络中的多个通信终端的通信，从被监视的通信中提取多个数据点和小区标识符，以及基于多个信道映射蜂窝网络的至少一个给定小区的实际地理覆盖 数据点。 具体地，多个数据点可以包括由蜂窝通信网络的各个小区服务时由通信终端测量和报告的地理位置。

公开(公告)号：US11432139B2

公开(公告)日：2022-08-30

申请号：US16703241

申请日：2019-12-04

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04L29/06 ,  H04W12/033 ,  H04W12/069 ,  H04W24/08

Abstract: A monitoring system monitors authentication sessions both on the air interface between the terminals and the network, and on at least one wired network-side interface between network-side elements of the network. The monitoring system constructs a database of sets of network-side authentication parameters using network-side monitoring. Each set of network-side authentication parameters originates from a respective authentication session and is associated with the International Mobile Station Identity (IMSI) of the terminal involved in the session. In order to start decrypting the traffic of a given terminal, the system obtains the off-air authentication parameters of that terminal using off-air monitoring, and finds an entry in the database that matches the air-interface authentication parameters. From the combination of correlated network-side and off-air authentication parameters, the processor is able to extract the parameters needed for decryption.

公开(公告)号：US20200382322A1

公开(公告)日：2020-12-03

申请号：US16994928

申请日：2020-08-17

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04L9/32 ,  G06F21/33 ,  H04L9/08 ,  H04L29/06 ,  H04W12/02 ,  H04W12/04

Abstract: Systems and methods for obtaining authentication vectors issued, for use by a mobile communication terminal, by a Home Location Register (HLR) that serves a cellular communication network independently of any cooperation with the cellular network. Further to obtaining the authentication vectors, a terminal is caused to communicate over a WiFi WLAN using an encryption key derived from the obtained authentication vectors, e.g., per the EAP-SIM or EAP-AKA protocol. Since the encryption key is known, communication from the terminal is decrypted. The authentication vectors may be obtained by (i) an “impersonating” Visitor Location Register (VLR) server that does not serve the cellular network; (ii) an interrogation device which, by imitating a legitimate base station serving the cellular network, solicits the mobile communication terminal to associate with the interrogation device; or (iii) an SS7 probe, which obtains authentication vectors communicated from the HLR server to other entities on the SS7 network.

公开(公告)号：US20200320106A1

公开(公告)日：2020-10-08

申请号：US16833762

申请日：2020-03-30

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: G06F16/28 ,  G06F16/901 ,  G06F16/29

Abstract: An anomaly-detection system that gathers information relating to the relationships between entities and represents these relationships in a graph that interconnects each pair of related entities. The graph may represent a computer network, in which each node corresponds to a respective device in the network and each edge between two nodes indicates that the devices represented by the nodes exchanged communication with one another in the past. the system monitors each of the entities in the graph, by continually computing a single-entity anomaly score (SEAS) for the entity. If the SEAS exceeds a first threshold the system generates an alert. Otherwise, the system checks whether the SEAS exceeds a second, lower threshold. If so, the system computes a subgraph anomaly score (SAS) for the entity's subgraph. If the SAS exceeds a SAS threshold, an alert is generated. By computing the SAS in this manner resources are conserved.

公开(公告)号：US20200128389A1

公开(公告)日：2020-04-23

申请号：US16717227

申请日：2019-12-17

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Doron Breiter ,  Constantin Tanasa ,  Victor Ciochina ,  Nguyen Hoang Nguyen ,  Tymofii Brezhniev

IPC: H04W8/12 ,  H04W12/06 ,  H04L29/06 ,  H04W12/02

Abstract: Methods for obtain identifiers, such as International Mobile Subscriber Identities (IMSIs) and International Mobile Station Equipment Identities (IMEIs), of mobile communication terminals, and associate these identifiers with other items of identifying information provided by users of the terminals. A local interrogation device may be installed that imitates a legitimate base station belonging to a cellular network, at a control checkpoint. Local interrogation devices are connected to a global interrogation device in a hierarchical network, whereby the local interrogation devices are assigned a priority that is higher than that of the global interrogation device. The global interrogation device provides cellular coverage to a larger area that contains the control checkpoints, while the local interrogation devices provide more localized cellular coverage to the control checkpoints.

公开(公告)号：US10560842B2

公开(公告)日：2020-02-11

申请号：US15008375

申请日：2016-01-27

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04L29/06 ,  H04W12/06 ,  H04W24/08

Abstract: A monitoring system monitors authentication sessions both on the air interface between the terminals and the network, and on at least one wired network-side interface between network-side elements of the network. The monitoring system constructs a database of sets of network-side authentication parameters using network-side monitoring. Each set of network-side authentication parameters originates from a respective authentication session and is associated with the International Mobile Station Identity (IMSI) of the terminal involved in the session. In order to start decrypting the traffic of a given terminal, the system obtains the off-air authentication parameters of that terminal using off-air monitoring, and finds an entry in the database that matches the air-interface authentication parameters. From the combination of correlated network-side and off-air authentication parameters, the processor is able to extract the parameters needed for decryption.

公开(公告)号：US10084876B2

公开(公告)日：2018-09-25

申请号：US15457122

申请日：2017-03-13

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay ,  Eithan Goldfarb

IPC: G06F15/173 ,  H04L29/08 ,  H04L12/26 ,  H04L29/06 ,  G06F12/0813

CPC classification number: H04L67/2842 ,  G06F12/0813 ,  G06F2212/154 ,  G06F2212/60 ,  G06F2212/62 ,  H04L43/062 ,  H04L63/1408 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/22

Abstract: Embodiments that are described herein provide improved methods and systems for analyzing network traffic. The disclosed embodiments enable an analytics system to perform complex processing to only new, first occurrences of received content, while refraining from processing duplicate instances of that content. In an embodiment, the analytics results regarding the first occurring content are reported and cached in association with the content. For any duplicate instance of the content, the analytics results are retrieved from the cache without re-processing of the duplicate content. When using the disclosed techniques, the system still processes all first occurring content but not duplicate instances of content that was previously received and processed. In the embodiments described herein, input data comprises communication packets exchanged in a communication network.

公开(公告)号：US20170251074A1

公开(公告)日：2017-08-31

申请号：US15457122

申请日：2017-03-13

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay ,  Eithan Goldfarb

IPC: H04L29/08 ,  H04L12/26

CPC classification number: H04L67/2842 ,  G06F12/0813 ,  G06F2212/154 ,  G06F2212/60 ,  G06F2212/62 ,  H04L43/062 ,  H04L63/1408 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/22

Abstract: Embodiments that are described herein provide improved methods and systems for analyzing network traffic. The disclosed embodiments enable an analytics system to perform complex processing to only new, first occurrences of received content, while refraining from processing duplicate instances of that content. In an embodiment, the analytics results regarding the first occurring content are reported and cached in association with the content. For any duplicate instance of the content, the analytics results are retrieved from the cache without re-processing of the duplicate content. When using the disclosed techniques, the system still processes all first occurring content but not duplicate instances of content that was previously received and processed. In the embodiments described herein, input data comprises communication packets exchanged in a communication network.