公开(公告)号：US20070071241A1

公开(公告)日：2007-03-29

申请号：US10580438

申请日：2003-11-27

申请人： Ettore Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Zaccone

发明人： Ettore Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Zaccone

IPC分类号： H04K1/00

CPC分类号： H04L41/28 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/126

摘要： Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.

摘要翻译： 管理员设备和网络中的管理设备之间的通信以数字签名的通信项目链的形式进行布置，包括从发起者设备发送到接收者设备的消息。 每个消息具有关联的相应的数字签名的收据，并且发起者设备被配置为在没有针对先前发送的项目的相应的数字签名的收据的情况下，向接收者设备发送新的项目。 对于至少一个，优选地由管理员设备和被管理设备两者，存储有在其间交换的通信项目的历史记录。 历史记录由管理员设备和管理设备同意并签署。

公开(公告)号：US08413209B2

公开(公告)日：2013-04-02

申请号：US12225685

申请日：2006-03-27

申请人： Carlo Aldera ,  Paolo De Lutiis ,  Maria Teresa Grillo ,  Manuel Leone ,  Alessandro Basso ,  Michele Miraglia

发明人： Carlo Aldera ,  Paolo De Lutiis ,  Maria Teresa Grillo ,  Manuel Leone ,  Alessandro Basso ,  Michele Miraglia

IPC分类号： G06F17/00

CPC分类号： H04W12/08 ,  H04L63/0853 ,  H04L63/102 ,  H04L63/123 ,  H04L63/20 ,  H04W8/245 ,  H04W12/10 ,  H04W88/02

摘要： A system for enforcing security policies on mobile communications devices is adapted to be used in a mobile communications network in operative association with a subscriber identity module. The system having a client-server architecture includes a server operated by a mobile communications network operator and a client resident on a mobile communications device on which security policies are to be enforced. The server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied. The client is adapted to receive the security policy to be applied from the server, and to apply the received security policy. The server includes a server authentication function adapted to authenticate the security policy to be sent to the mobile communications device; the client is further adapted to assess authenticity of the security policy received from the server by exploiting a client authentication function resident on the subscriber identity module.

摘要翻译： 用于在移动通信设备上执行安全策略的系统适于在与用户身份模块有效关联的移动通信网络中使用。 具有客户机 - 服务器架构的系统包括由移动通信网络运营商操作的服务器和驻留在要执行安全策略的移动通信设备上的客户端。 服务器适于确定要应用于所述移动通信设备的安全策略，并向其发送要应用的安全策略。 客户端适合接收从服务器应用的安全策略，并应用接收到的安全策略。 服务器包括适于认证要发送到移动通信设备的安全策略的服务器认证功能; 客户端还适于通过利用驻留在订户身份模块上的客户端认证功能来评估从服务器接收的安全策略的真实性。

公开(公告)号：US20110016145A1

公开(公告)日：2011-01-20

申请号：US12745608

申请日：2007-11-30

申请人： Paolo De Lutiis ,  Francesco Silletta

发明人： Paolo De Lutiis ,  Francesco Silletta

IPC分类号： G06F17/30

CPC分类号： H04L29/12066 ,  H04L29/1216 ,  H04L29/12594 ,  H04L61/1511 ,  H04L61/157 ,  H04L61/301 ,  H04L61/3085 ,  H04L63/10 ,  H04L65/1006 ,  H04L67/24 ,  H04M3/4931 ,  H04M7/128 ,  H04M2203/354 ,  H04M2203/6009

摘要： A method of providing telecommunication services includes generating a fictitious contact information univocally associated with a telephone number assigned to a subscriber; and storing the fictitious contact information in a database, like an ENUM database. Responsive to a request, received from a requester, of a contact information corresponding to the telephone number and adapted to allow contacting over the Internet the subscriber assignee of the telephone number, the method includes having the database providing the fictitious contact information; and conditioning a resolution of the fictitious contact information for the provisioning of the contact information to the satisfaction of at least one security rule adapted to assess properties of at least one among the requester and the request. In a case that the request from the requester satisfies the at least one security rule, the method resolves the fictitious contact information and provides the requester with the contact information.

摘要翻译： 一种提供电信服务的方法包括：产生与分配给用户的电话号码单一地相关联的虚拟联系人信息; 并将虚拟联系人信息存储在数据库中，如ENUM数据库。 响应于从请求者接收到的与电话号码相对应的联系人信息并且适于允许通过因特网联系电话号码的订户受理人的请求，该方法包括使数据库提供虚构的联系人信息; 以及调节用于提供联系人信息的虚拟联系人信息的解决，以满足适于评估请求者和请求中的至少一个的属性的至少一个安全规则。 在来自请求者的请求满足至少一个安全规则的情况下，该方法解决虚拟联系人信息并向请求者提供联系人信息。

公开(公告)号：US20080040801A1

公开(公告)日：2008-02-14

申请号：US11791719

申请日：2004-11-29

申请人： Luca Buriano ,  Fabrizio Caffaratti ,  Paolo De Lutiis ,  Fabia Ferreri

发明人： Luca Buriano ,  Fabrizio Caffaratti ,  Paolo De Lutiis ,  Fabia Ferreri

IPC分类号： G06F21/00

CPC分类号： H04L63/1408 ,  H04L63/1458

摘要： For managing denial of service situations at an application level in a communications network receiving message data, the message data are monitored in a sensor that sends an event message when detecting an alarm condition; a control logic detects a first analysis to be performed associated with the received event message and generates a request; an analysis module receives the request of analysis, performs the analysis and sends a result message; the control logic receives the result message and detects an action to be taken associated with the result message, the action being a countermeasure or a further analysis. For determining the analysis to be performed and the action to be taken, the control logic browses rules stored in a memory, each rule including a conditional clause and an associated action to be taken.

摘要翻译： 为了在接收消息数据的通信网络中的应用级管理拒绝服务情况，在检测到报警条件时发送事件消息的传感器中监视消息数据; 控制逻辑检测要与所接收的事件消息相关联地执行的第一分析并产生请求; 分析模块接收分析请求，执行分析并发送结果消息; 控制逻辑接收结果消息并检测与结果消息相关联的动作，该动作是对策或进一步的分析。 为了确定要执行的分析和要执行的操作，控制逻辑浏览存储在存储器中的规则，每个规则包括条件子句和要采取的相关联的动作。

公开(公告)号：US20070233883A1

公开(公告)日：2007-10-04

申请号：US11579604

申请日：2004-05-04

申请人： Paolo De Lutiis ,  Gaetano Di Caprio ,  Corrado Moiso

发明人： Paolo De Lutiis ,  Gaetano Di Caprio ,  Corrado Moiso

IPC分类号： G06F15/16

CPC分类号： H04L63/102 ,  H04L63/104 ,  H04L63/14

摘要： A method and a system for accessing services provided by network resources in communication networks. Access to service capabilities is controlled at the application level by controlling the access through a gateway wherein an object-oriented service architecture based on abstracted application programming interfaces is implemented. Preferably, the service architecture is defined in OSA/Parlay standards. Access control is carried out by means of a logical entity, the service reference monitor, which is linked to the gateway and configured so that it intercepts all the communications passing between the client applications and the gateway. The service reference monitor captures the object reference to the service capability and assigns to the object reference a lifetime. At the expiration of the lifetime, the service reference monitor destroys the service capability. The probability of a malicious attack is lowered by limiting the time window of the life of access to a service.

摘要翻译： 一种用于访问由通信网络中的网络资源提供的服务的方法和系统。 通过控制通过网关的访问来控制对应用级的访问，其中实现了基于抽象的应用编程接口的面向对象的服务体系结构。 优选地，服务架构在OSA / Parlay标准中定义。 访问控制是通过逻辑实体（服务参考监视器）进行的，该监视器链接到网关并配置成拦截客户应用程序和网关之间传递的所有通信。 服务参考监视器捕获对服务能力的对象引用，并为对象引用分配一生。 在生命期满时，服务参考监视器会破坏服务能力。 通过限制访问服务的寿命的时间窗口来降低恶意攻击的可能性。

公开(公告)号：US08670316B2

公开(公告)日：2014-03-11

申请号：US12448646

申请日：2006-12-28

申请人： Paolo De Lutiis ,  Luca Viale ,  Vito Pistillo

发明人： Paolo De Lutiis ,  Luca Viale ,  Vito Pistillo

IPC分类号： H04L12/26

CPC分类号： H04L29/125 ,  H04L29/12207 ,  H04L61/20 ,  H04L61/2564 ,  H04L63/1416 ,  H04L63/1458

摘要： A method to control communication traffic in a communication network. The traffic includes application-level messages between a client and a server having a private network address. The method includes the steps of: sending by the client a request message requesting a service to the server using a first public network address associated with the server; processing the request message at an intermediate logic unit logically positioned between the client and the server; and receiving an alert signal at the intermediate unit. Upon receipt of said alert signal, the method provides for: mapping the private network address of the server to a second public network address associated with the server; and instructing the client to send the request message to the second public network address of the server, routing to the server only request messages directed to the second public network address.

摘要翻译： 一种控制通信网络中的通信流量的方法。 流量包括客户端和具有私有网络地址的服务器之间的应用级消息。 该方法包括以下步骤：使用与该服务器相关联的第一公网地址向客户端发送请求服务的请求消息; 在逻辑上位于客户端和服务器之间的中间逻辑单元处理请求消息; 以及在中间单元处接收警报信号。 在接收到所述警报信号时，该方法提供：将服务器的专用网络地址映射到与服务器相关联的第二公共网络地址; 并且指示客户端将请求消息发送到服务器的第二公网地址，到服务器的路由仅请求指向第二公网地址的消息。

公开(公告)号：US08572382B2

公开(公告)日：2013-10-29

申请号：US12227281

申请日：2006-05-15

申请人： Paolo De Lutiis ,  Corrado Moiso ,  Gaetano Di Caprio

发明人： Paolo De Lutiis ,  Corrado Moiso ,  Gaetano Di Caprio

IPC分类号： H04L9/32 ,  H04L1/00 ,  H04N7/167

CPC分类号： H04L63/123 ,  H04L63/126 ,  H04L63/18

摘要： A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.

摘要翻译： 用于发送的消息的带外认证的方法和系统，例如。 作为分组，在通信网络上，由发送器控制模块从发送器接收第一数据流; 第一数据流在第一信道上发送，例如， 一个非安全数据信道，朝向接收器控制模块; 发送方控制模块生成第一数据流的认证数据; 认证数据在第二信道上从发送器控制模块发送到接收器控制模块，例如， 与第一通道不同的安全数据通道; 并且使用认证数据检查由接收器控制模块接收的数据流。 在发送认证数据之前，发送器控制模块通过第二通道向接收器控制模块发送包括同步数据的控制消息。

公开(公告)号：US08510793B2

公开(公告)日：2013-08-13

申请号：US12745608

申请日：2010-10-05

申请人： Paolo De Lutiis ,  Francesco Silletta

发明人： Paolo De Lutiis ,  Francesco Silletta

IPC分类号： G06F7/04

CPC分类号： H04L29/12066 ,  H04L29/1216 ,  H04L29/12594 ,  H04L61/1511 ,  H04L61/157 ,  H04L61/301 ,  H04L61/3085 ,  H04L63/10 ,  H04L65/1006 ,  H04L67/24 ,  H04M3/4931 ,  H04M7/128 ,  H04M2203/354 ,  H04M2203/6009

摘要： A method of providing telecommunication services includes generating fictitious contact information univocally associated with a telephone number assigned to a subscriber; and storing the fictitious contact information in a database, like an ENUM database. Responsive to a request, received from a requester, of a contact information corresponding to the telephone number and adapted to allow contacting over the Internet the subscriber assignee of the telephone number, the method includes having the database providing the fictitious contact information; and conditioning a resolution of the fictitious contact information for the provisioning of the contact information to the satisfaction of at least one security rule adapted to assess properties of at least one among the requester and the request. In a case that the request from the requester satisfies the at least one security rule, the method resolves the fictitious contact information and provides the requester with the contact information.

摘要翻译： 提供电信服务的方法包括：生成与分配给用户的电话号码单一地相关联的虚拟联系人信息; 并将虚拟联系人信息存储在数据库中，如ENUM数据库。 响应于从请求者接收到的与电话号码相对应的联系人信息并且适于允许通过因特网联系电话号码的订户受理人的请求，该方法包括使数据库提供虚构的联系人信息; 以及调节用于提供联系人信息的虚拟联系人信息的解决，以满足适于评估请求者和请求中的至少一个的属性的至少一个安全规则。 在来自请求者的请求满足至少一个安全规则的情况下，该方法解决虚拟联系人信息并向请求者提供联系人信息。

公开(公告)号：US07636848B2

公开(公告)日：2009-12-22

申请号：US10580438

申请日：2003-11-27

申请人： Ettore Elio Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Luigi Zaccone

发明人： Ettore Elio Caprella ,  Paolo De Lutiis ,  Manuel Leone ,  Pier Luigi Zaccone

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F7/04

CPC分类号： H04L41/28 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/126

摘要： Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.

摘要翻译： 管理员设备和网络中的管理设备之间的通信以数字签名的通信项目链的形式进行布置，包括从发起者设备发送到接收者设备的消息。 每个消息具有关联的相应的数字签名的收据，并且发起者设备被配置为在没有针对先前发送的项目的相应的数字签名的收据的情况下，向接收者设备发送新的项目。 对于至少一个，优选地由管理员设备和被管理设备两者，存储有在其间交换的通信项目的历史记录。 历史记录由管理员设备和管理设备同意并签署。

公开(公告)号：US20090210707A1

公开(公告)日：2009-08-20

申请号：US12227281

申请日：2006-05-15

申请人： Paolo De Lutiis ,  Corrado Moiso ,  Gaetano Di Caprio

发明人： Paolo De Lutiis ,  Corrado Moiso ,  Gaetano Di Caprio

IPC分类号： H04L29/06

CPC分类号： H04L63/123 ,  H04L63/126 ,  H04L63/18

摘要： A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.

摘要翻译： 用于发送的消息的带外认证的方法和系统，例如。 作为分组，在通信网络上，由发送器控制模块从发送器接收第一数据流; 第一数据流在第一信道上发送，例如， 一个非安全数据信道，朝向接收器控制模块; 发送方控制模块生成第一数据流的认证数据; 认证数据在第二信道上从发送器控制模块发送到接收器控制模块，例如， 与第一通道不同的安全数据通道; 并且使用认证数据检查由接收器控制模块接收的数据流。 在发送认证数据之前，发送器控制模块通过第二通道向接收器控制模块发送包括同步数据的控制消息。