公开(公告)号：US20210273926A1

公开(公告)日：2021-09-02

申请号：US17255088

申请日：2019-06-14

Applicant: Orange

Inventor： Emile Stephan ,  Frédéric Fieau ,  Gaël Fromentoux

IPC: H04L29/06

Abstract: The communications established on a communication path between two nodes, for example between a client and server, are increasingly encrypted, at least from the transport layer and to the application layer in the Open Systems Interconnection model. However, the devices present on the communication path may in certain cases or for certain services, intervene not only to transport the messages but also to read, edit or add data in the message. In addition, it may also be desirable that only “authorized” devices can carry out these actions. In order to intervene on these data, it would be necessary that the devices on the communication path have available all the keys used by the nodes to encrypt and decrypt the data of the messages, which is difficult to envisage. A method for editing enables a device, capable of intercepting a data message on a communication path between two nodes, to edit the data under the control of the nodes, while ensuring that a device cannot access the data edited by another device on the path.

公开(公告)号：US10979750B2

公开(公告)日：2021-04-13

申请号：US16478343

申请日：2018-01-16

Applicant: ORANGE

Inventor： Emile Stephan ,  Frederic Fieau

IPC: G06F15/16 ,  H04N21/258 ,  H04L29/06 ,  H04N21/222 ,  H04N21/237 ,  H04N21/254

Abstract: Checking a certificate of delegation, from a first server to a second server, for delivery of content referenced on the first server, and addressed to a client terminal. The terminal: emits a first message requesting the content, addressed to the first server, via a first encrypted connection; receives a redirection message from the first server, including an identifier of a third-party server; obtains an address from the second server, based on the identifier received in the redirection message; emits a request to establish a second encrypted connection between the terminal and the second server, including an identifier of the first server; receiving a certificate of delegation signed by the first server from the second server, via the second encrypted connection; verifies the certificate by an encryption key of the first server; and if valid, emits a second message requesting content, addressed to the second server, via the second encrypted connection.

公开(公告)号：US10924463B2

公开(公告)日：2021-02-16

申请号：US15525187

申请日：2015-10-28

Applicant: Orange

Inventor： Emile Stephan ,  Nathalie Omnes

IPC: H04L29/06 ,  H04L29/08

Abstract: A method, a device and a program are provided for processing data. The method is implemented within an intermediary module. The data is transmitted between a customer module and a server module connected through a communications network. The method includes: receiving, from one among the customer and server modules, an intermediation request identifying an operation of intermediation to be performed relative to a stream of encrypted data exchanged between the customer module and the server module; and processing relative to said encrypted data as a function of said operation of intermediation.

公开(公告)号：US10305857B2

公开(公告)日：2019-05-28

申请号：US15313929

申请日：2015-05-26

Applicant: Orange

Inventor： Nathalie Omnes ,  Emile Stephan ,  Romuald Corbel

IPC: H04L29/06 ,  H04L12/725 ,  H04L12/24

Abstract: One embodiment relates to a method for obtaining, in a communication network, a routing policy indicating rules for routing requests emitted by a software module running on a client device. The method comprises sending, by the client device, a connection request to an authentication server of the communication network in order to attach the client device to the communications network- and receiving, by the client device, a connection context response from the authentication server. The context comprises an identifier of a system for managing routing rules. The software module obtains the routing policy in accordance with at least one first rule for routing to a proxy system certified by the operator of the communications network obtained by means of the identifier.