公开(公告)号：US20060159086A1

公开(公告)日：2006-07-20

申请号：US11305042

申请日：2005-12-19

申请人： Gwenael Bras ,  Laurent Clevy

发明人： Gwenael Bras ,  Laurent Clevy

IPC分类号： G06F12/10 ,  H04L12/56

CPC分类号： H04L29/1232 ,  H04L29/06 ,  H04L29/12283 ,  H04L61/2015 ,  H04L61/2061 ,  H04L61/2092 ,  H04L69/16 ,  H04L69/167

摘要： A device is dedicated to assigning prefixes for network equipments of an Internet Protocol communication network. It comprises processing means which, in the event of a request to assign a prefix of length L(Rk) for a network equipment Rk, determine a node Nj associated with an unallocated prefix Pj of length L(Pj) equal to L(Rk)−m, m≧0, in order to assign that prefix to the network equipment Rk if the value of m is equal to 0 or, if the value of m is greater than 0, to perform successively m loops each consisting in fragmenting the current prefix P into two prefixes P1 and P2 with lengths equal to L(P)+1 and then select one of the two prefixes P1 and P2 as the current prefix for the next loop, until there are obtained in the last of the m loops two prefixes with lengths equal to L(Rk), followed by the selection of one of them for assignment to the network equipment Rk.

摘要翻译： 一种设备专用于为因特网协议通信网络的网络设备分配前缀。 它包括处理装置，在对网络设备Rk分配长度为L（Rk）的前缀的请求的情况下，确定与等于L（Rk）的长度为L（Pj）的未分配前缀Pj相关联的节点Nj， -m，m> = 0，以便如果m的值等于0，则将该前缀分配给网络设备Rk，或者如果m的值大于0，则执行连续的m个循环，每个循环分组 当前前缀P分成长度等于L（P）+1的两个前缀P1和P2，然后选择两个前缀P1和P2中的一个作为下一个循环的当前前缀，直到在最后的m个循环中获得 长度等于L（Rk）的两个前缀，然后选择其中一个用于分配给网络设备Rk。

公开(公告)号：US20060067350A1

公开(公告)日：2006-03-30

申请号：US11231948

申请日：2005-09-22

申请人： Laurent Clevy ,  Guillaume Ivaldi

发明人： Laurent Clevy ,  Guillaume Ivaldi

IPC分类号： H04L12/56 ,  H04L12/28

CPC分类号： H04L61/2015 ,  H04L29/12952 ,  H04L61/6077

摘要： A method is dedicated to dynamically assigning interface network identifiers for interfaces of network equipments connected to an Internet Protocol communication network including a DHCP network identifier server. In this method, when a network equipment requires an interface network identifier for one of its interfaces, designated by an interface identifier and connected to a link: i) there is generated in the network equipment and sent to the server a request for the assignment of an interface network identifier specifying the identifier of the interface that is the subject of the request and the identifiers of the other interfaces connected to the link; ii) on receipt of the request in the server, there is determined for the interface that is the subject of the request an interface network identifier common to all the interfaces connected to the same link; iii) the interface network identifier thus determined is sent to the network equipment that requested it so that it can configure the interface.

摘要翻译： 一种方法专用于动态分配连接到包括DHCP网络标识符服务器的因特网协议通信网络的网络设备的接口的接口网络标识符。 在该方法中，当网络设备需要其接口之一的接口网络标识符时，由接口标识符指定并连接到链路：i）在网络设备中生成并向服务器发送请求， 指定作为该请求的对象的接口的标识符的接口网络标识符和连接到该链路的其他接口的标识符; ii）在服务器接收到请求时，确定作为请求主题的接口是连接到同一链路的所有接口所共有的接口网络标识符; iii）如此确定的接口网络标识符被发送到请求它的网络设备，使得它可以配置该接口。

公开(公告)号：US08418247B2

公开(公告)日：2013-04-09

申请号：US12733057

申请日：2008-09-19

申请人： Anula Sinnaya ,  Samuel Dubus ,  Laurent Clevy ,  Antony Martin

发明人： Anula Sinnaya ,  Samuel Dubus ,  Laurent Clevy ,  Antony Martin

IPC分类号： G06F11/00 ,  G08B23/00

CPC分类号： H04L63/1416

摘要： A technique is provided for detecting unauthorized use or abnormal activities of a targeted system of a network. The technique includes a comparison of captured data that relates to a targeted system with attack signatures to generate a security alert when the captured data and an attack signature match, a comparison of assurance metrics data from a monitored targeted perimeter with assurance references to generate assurance information when the assurance metrics data and an assurance reference match, a generation of a verified security alarm when the security alert and associated preconditions match a corresponding assurance information, a filtering of the security alert when no match has been found between the associated retrieved preconditions and the corresponding assurance information, and an emitting of a non verified security alert when no preconditions have been retrieved for the security alert and/or no assurance reference corresponding to the preconditions has been defined.

摘要翻译： 提供了用于检测网络的目标系统的未授权使用或异常活动的技术。 该技术包括将与目标系统相关的捕获数据与攻击签名进行比较，以在捕获的数据和攻击签名匹配时产生安全警报，将来自受监视的目标周边的保证度量数据与保证引用进行比较以产生保证信息 当保证度量数据和保证引用相匹配时，当安全警报和相关联的前提条件与相应的保证信息匹配时，生成已验证的安全警报，当在相关联的检索到的先决条件和 并且当没有为安全警报检索到前提条件和/或没有定义对应于前提条件的保证引用时，发出未验证的安全警报。

公开(公告)号：US20120272316A1

公开(公告)日：2012-10-25

申请号：US13515316

申请日：2010-12-08

申请人： Laurent Clevy ,  Antony Martin

发明人： Laurent Clevy ,  Antony Martin

IPC分类号： G06F21/00

CPC分类号： G06F21/566 ,  G06F21/55 ,  H04L63/0236 ,  H04L63/0407 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/1466 ,  H04L2463/144

摘要： The present invention provides a method for detecting the hijacking of computer resources, located on an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network with no such security and confidentiality criteria, through a connection managed by a service provider, comprising: storing a connection parameter implemented by the computer resources to communicate with the external network; processing the stored parameter based on an irreversible function to generate a unique code that corresponds to said stored parameter but which does not allow the identification of said parameter from the corresponding generated code; and sending said generated code to a server located on the external network so that the server can analyze the activity of the computer resources from said unique code to detect any hijacking of the computer resources.

摘要翻译： 本发明提供了一种检测劫持计算机资源的方法，所述计算机资源位于内部网络上，该内部网络通过由服务管理的连接而实现与该内部网络特有的安全性和机密性标准，连接到外部网络，没有这种安全性和机密性标准 包括：存储由所述计算机资源实现的与所述外部网络通信的连接参数; 基于不可逆函数来处理所存储的参数，以产生对应于所存储的参数但不允许从对应的生成代码识别所述参数的唯一代码; 以及将所述生成的代码发送到位于所述外部网络上的服务器，使得所述服务器可以从所述唯一代码分析所述计算机资源的活动以检测所述计算机资源的任何劫持。

公开(公告)号：US07761082B2

公开(公告)日：2010-07-20

申请号：US11455694

申请日：2006-06-20

申请人： Bruno Mongazon-Cazavet ,  Laurent Clevy

发明人： Bruno Mongazon-Cazavet ,  Laurent Clevy

IPC分类号： H04M11/00 ,  H04M15/00

CPC分类号： H04W4/24 ,  H04L12/14 ,  H04L12/1453 ,  H04M15/00 ,  H04M17/00 ,  H04M2215/0192 ,  H04M2215/2026 ,  H04M2215/32

摘要： A device (D) is dedicated to controlling the transfer of units of connection time for a communication network (N1) having accounting and/or billing equipment (ABE1). This device (D) includes processing means (PM) that, when they receive a request to transfer a chosen quantity of units of connection time to a beneficiary account associated with the communication identifier of a first communication terminal (BT) connected to a communication network (N1), responsible for accessing a first set of accounting and/or billing equipment (ABE1) managing the account of a donor associated with the communication identifier of a second communication terminal (DT) connected to the communication network (R1), to verify whether the quantity of units of connection time that the donor's terminal (DT) has is at least equal to the chosen quantity, and if so, to order the first set of equipment (ABE1), which also manages the beneficiary's account, to transfer in real time a quantity of units of connection time at most equal to the quantity chosen from the donor's account to the beneficiary's account.

摘要翻译： 设备（D）专用于控制具有计费和/或计费设备（ABE1）的通信网络（N1）的连接时间单位的传送。 该设备（D）包括处理装置（PM），当它们接收到将所选择的连接时间单位数量传送到与连接到通信网络的第一通信终端（BT）的通信标识符相关联的受益帐户的请求时 （N1），负责访问管理与连接到通信网络（R1）的第二通信终端（DT）的通信标识符相关联的供体的帐户的第一组记帐和/或计费设备（ABE1），以验证 供应商终端（DT）具有的连接时间单位数量是否至少等于所选择的数量，如果是，则还将管理受益人帐户的第一组设备（ABE1）订购到 实时连接时间的单位数量最多等于从捐赠者帐户中选择的受益人帐户数量。

公开(公告)号：US20070083765A1

公开(公告)日：2007-04-12

申请号：US11508188

申请日：2006-08-23

申请人： Laurent Clevy ,  Thierry Legras

发明人： Laurent Clevy ,  Thierry Legras

IPC分类号： H04L9/00

CPC分类号： H04L63/02 ,  H04L29/06 ,  H04L63/12 ,  H04L67/16 ,  H04L69/161 ,  H04L69/167 ,  H04L69/32

摘要： A security-procuring method for making an item of communications equipment (E) secure, said item of communications equipment comprising an operating system core (K) and a set of software applications (A), said core including at least one IPv6 protocol stack (PS) making it possible to transmit incoming data packets from an input port (PIN) to an application (A) and to transmit outgoing data packets from an application (A) to an output port (POUT), said protocol stacks including a set of interfaces (HPRE, HIN, HOUT, HPOST) organized to enable external modules connected to them to access said data packets transmitted by said at least one protocol stack at determined points associated with said interfaces. Said method is characterized in that an input module (MIN) and an output module (MOUT) are connected respectively to an input interface (HIN) and to an output interface (HOUT) of said core (K), and in that said modules select, analyze, and, if necessary, modify the data packets of the Network Discovery Protocol (NDP), in compliance with the Secure Neighbor Discovery (SEND) mechanism.

摘要翻译： 一种用于使通信设备（E）项目安全的安全采购方法，所述通信设备项目包括操作系统核心（K）和一组软件应用（A），所述核心包括至少一个IPv6协议栈（ PS）使得可以将输入数据分组从输入端口（P INL IN）发送到应用（A），并将输出数据分组从应用（A）发送到输出端口（P < SUB> OUT ），所述协议栈包括一组接口（H SUB），H OUT，H OUT， 组织成使得能够连接到它们的外部模块访问由所述至少一个协议栈在与所述接口相关联的确定点处发送的数据分组。 所述方法的特征在于，输入模块（M IN IN IN）和输出模块（M OUT OUT）分别连接到输入接口（H IN IN / SUB>）和所述核（K）的输出接口（H OUT OUT），并且所述模块选择，分析并且如果需要，修改网络发现协议（的数据分组） NDP），符合安全邻居发现（SEND）机制。

公开(公告)号：US20050066049A1

公开(公告)日：2005-03-24

申请号：US10942998

申请日：2004-09-17

申请人： Laurent Clevy ,  Patrick Fontaine

发明人： Laurent Clevy ,  Patrick Fontaine

IPC分类号： H04L29/06 ,  H04L29/08 ,  H04M11/02 ,  G06F15/16

CPC分类号： H04L63/0227 ,  H04L29/06027 ,  H04L63/10 ,  H04L65/4007 ,  H04L67/1095 ,  H04L67/12 ,  H04L67/34 ,  H04L69/329 ,  H04M11/025

摘要： A gateway (G) between an Internet network (N) and a local network (NL) associated with a building constituted by a plurality of private premises and at least one common area; the common area and at least some of the private premises having multimedia terminals (T1, T2, T3, TP, . . . ) connected to the local network (NL). The gateway is characterized in that it comprises execution means for executing extended services downloaded from a server (S) accessible via said Internet network (N).

摘要翻译： 在由多个私人房屋和至少一个公共区域构成的与建筑物相关联的因特网（N）和本地网络（NL）之间的网关（G） 公用区域和连接到本地网络（NL）的具有多媒体终端（T1，T2，T3，TP ...）的私人房屋的至少一些。 该网关的特征在于，它包括用于执行从经由所述因特网（N）可访问的服务器（S）下载的扩展服务的执行装置。

公开(公告)号：US20140108802A1

公开(公告)日：2014-04-17

申请号：US14116215

申请日：2012-04-24

申请人： Laurent Clevy ,  Antony Martin

发明人： Laurent Clevy ,  Antony Martin

IPC分类号： H04L29/06

CPC分类号： H04L63/0428 ,  G06F16/958 ,  G06F21/10 ,  G06F2221/2137 ,  H04L63/102

摘要： To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC1), a control server (SC) capable of communicating with the publication server (SP) and the terminal provide the latter with an application (App) that is downloaded and implemented on the terminal. The application makes it possible to define the control parameters (ParC) associated with the digital content, said parameters comprising a period of validity for the content and a list of web sites authorised to publish the digital content, generate a key (Kc) associated with the digital content, encrypt the digital content with said key, and store the control parameters (ParC), the generated key (Kc), and the encrypted digital content in various databases. The application then generates a reference (Ref) associated with the digital content and requires the publication of the reference by the publication server in place of the digital content.

摘要翻译： 为了控制从通信终端（TC1）由发布服务器（SP）管理的网站上发布数字内容，能够与发布服务器（SP）通信的控制服务器（SC）和终端向终端提供 在终端上下载并实现的应用程序（App）。 应用使得可以定义与数字内容相关联的控制参数（ParC），所述参数包括内容的有效期和被授权发布数字内容的网站列表，生成与数字内容相关联的密钥（Kc） 数字内容使用所述密钥加密数字内容，并将控制参数（ParC），生成的密钥（Kc）和加密的数字内容存储在各种数据库中。 应用程序然后生成与数字内容相关联的参考（Ref），并且需要由出版服务器发布参考以代替数字内容。