INTRUSION DETECTION METHOD AND SYSTEM
    1.
    发明申请
    INTRUSION DETECTION METHOD AND SYSTEM 有权
    侵入检测方法与系统

    公开(公告)号:US20100287615A1

    公开(公告)日:2010-11-11

    申请号:US12733057

    申请日:2008-09-19

    IPC分类号: G06F11/00 G08B23/00

    CPC分类号: H04L63/1416

    摘要: Intrusion detection method for detecting unauthorized use or abnormal activities of a targeted system of a network, comprising the steps: creating defined preconditions for each vulnerability related to the targeted system and/or for each attack that exploit one or several vulnerabilities; creating assurance references corresponding to said defined preconditions and considering the targeted perimeter capturing data related to the targeted system; comparing captured data with attack signatures for generating at least one security alert when captured data and at least one attack signature match; capturing assurance data from monitoring of the targeted perimeter comparing assurance data, issued from assurance monitoring of the targeted perimeter, with assurance references for generating assurance information when said data issued from assurance monitoring and at least one assurance reference match retrieving the preconditions of the generated security alert checking if assurance information corresponding to said preconditions has been retrieved generating a verified security alarm when generated security alert and its retrieved precondition match with at least one corresponding assurance information filtering said security alert when no match has been found between its retrieved preconditions and at least one corresponding assurance information; emitting a non verified security alert when no preconditions have been retrieved for this alert and/or no assurance reference corresponding to said preconditions has been defined.

    摘要翻译: 一种用于检测网络的目标系统的未授权使用或异常活动的入侵检测方法,包括以下步骤:为与目标系统相关的每个漏洞和/或利用一个或多个漏洞的每个攻击创建定义的前提条件; 创建对应于所述定义的前提条件的保证引用并考虑与目标系统相关的目标周边捕获数据; 将捕获的数据与攻击签名进行比较,用于当捕获的数据和至少一个攻击签名匹配时生成至少一个安全警报; 通过对目标周边的监控来获取保证数据,比较从目标周界的保证监控发出的保证数据,以及在从保证监控发出的所述数据和至少一个保证参考匹配检索生成的安全性的前提条件时生成保证信息的保证参考 警报检查如果已经检索到对应于所述前提条件的保证信息,则当生成的安全警报及其检索到的前提条件与在其检索到的前提条件之间没有匹配时过滤所述安全警报的至少一个对应保证信息匹配时产生已验证的安全警报,并且至少 一个相应的保证信息; 当没有检索到用于该警报的前提条件和/或没有定义对应于所述前提条件的保证引用时,发出未验证的安全警报。

    Intrusion detection method and system
    2.
    发明授权
    Intrusion detection method and system 有权
    入侵检测方法和系统

    公开(公告)号:US08418247B2

    公开(公告)日:2013-04-09

    申请号:US12733057

    申请日:2008-09-19

    IPC分类号: G06F11/00 G08B23/00

    CPC分类号: H04L63/1416

    摘要: A technique is provided for detecting unauthorized use or abnormal activities of a targeted system of a network. The technique includes a comparison of captured data that relates to a targeted system with attack signatures to generate a security alert when the captured data and an attack signature match, a comparison of assurance metrics data from a monitored targeted perimeter with assurance references to generate assurance information when the assurance metrics data and an assurance reference match, a generation of a verified security alarm when the security alert and associated preconditions match a corresponding assurance information, a filtering of the security alert when no match has been found between the associated retrieved preconditions and the corresponding assurance information, and an emitting of a non verified security alert when no preconditions have been retrieved for the security alert and/or no assurance reference corresponding to the preconditions has been defined.

    摘要翻译: 提供了用于检测网络的目标系统的未授权使用或异常活动的技术。 该技术包括将与目标系统相关的捕获数据与攻击签名进行比较,以在捕获的数据和攻击签名匹配时产生安全警报,将来自受监视的目标周边的保证度量数据与保证引用进行比较以产生保证信息 当保证度量数据和保证引用相匹配时,当安全警报和相关联的前提条件与相应的保证信息匹配时,生成已验证的安全警报,当在相关联的检索到的先决条件和 并且当没有为安全警报检索到前提条件和/或没有定义对应于前提条件的保证引用时,发出未验证的安全警报。

    Method for detecting the hijacking of computer resources
    3.
    发明授权
    Method for detecting the hijacking of computer resources 有权
    检测劫持计算机资源的方法

    公开(公告)号:US09104874B2

    公开(公告)日:2015-08-11

    申请号:US13515316

    申请日:2010-12-08

    摘要: An exemplary technique is provided for detecting a hijacking of computer resources, located in an internal network implementing security criteria and confidentiality criteria specific to the internal network, connected to an external network with no security criteria and confidentiality criteria, through a connection managed by a service provider. The technique includes storing, at the internal network, a connection parameter implemented by the computer resources to communicate with the external network; processing, at the internal network, the stored connection parameter based on an irreversible function to generate a unique code that corresponds to the stored connection parameter but which does not allow the identification of the stored connection parameter from the corresponding generated unique code; and sending, at the internal network, the generated unique code to a server located on the external network so that the server can analyze an activity of the computer resources from the unique code and detect any hijacking of the computer resources.

    摘要翻译: 提供了一种示例性技术,用于通过由服务管理的连接来检测位于内部网络中的计算机资源的劫持,所述内部网络实现与内部网络特定的安全标准和机密标准,连接到外部网络,没有安全标准和机密性标准 提供者 该技术包括在内部网络中存储由计算机资源实现的与外部网络通信的连接参数; 在内部网络处,基于不可逆函数来处理所存储的连接参数,以生成对应于所存储的连接参数但不允许从对应的生成的唯一代码识别存储的连接参数的唯一代码; 以及在内部网络将生成的唯一代码发送到位于外部网络上的服务器,使得服务器可以从唯一代码分析计算机资源的活动并检测计算机资源的任何劫持。

    METHOD FOR DETECTING THE HIJACKING OF COMPUTER RESOURCES
    5.
    发明申请
    METHOD FOR DETECTING THE HIJACKING OF COMPUTER RESOURCES 有权
    检测计算机资源重叠的方法

    公开(公告)号:US20120272316A1

    公开(公告)日:2012-10-25

    申请号:US13515316

    申请日:2010-12-08

    IPC分类号: G06F21/00

    摘要: The present invention provides a method for detecting the hijacking of computer resources, located on an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network with no such security and confidentiality criteria, through a connection managed by a service provider, comprising: storing a connection parameter implemented by the computer resources to communicate with the external network; processing the stored parameter based on an irreversible function to generate a unique code that corresponds to said stored parameter but which does not allow the identification of said parameter from the corresponding generated code; and sending said generated code to a server located on the external network so that the server can analyze the activity of the computer resources from said unique code to detect any hijacking of the computer resources.

    摘要翻译: 本发明提供了一种检测劫持计算机资源的方法,所述计算机资源位于内部网络上,该内部网络通过由服务管理的连接而实现与该内部网络特有的安全性和机密性标准,连接到外部网络,没有这种安全性和机密性标准 包括:存储由所述计算机资源实现的与所述外部网络通信的连接参数; 基于不可逆函数来处理所存储的参数,以产生对应于所存储的参数但不允许从对应的生成代码识别所述参数的唯一代码; 以及将所述生成的代码发送到位于所述外部网络上的服务器,使得所述服务器可以从所述唯一代码分析所述计算机资源的活动以检测所述计算机资源的任何劫持。

    CONTENT PUBLICATION CONTROL SYSTEM
    6.
    发明申请
    CONTENT PUBLICATION CONTROL SYSTEM 审中-公开
    内容出版控制系统

    公开(公告)号:US20140108802A1

    公开(公告)日:2014-04-17

    申请号:US14116215

    申请日:2012-04-24

    IPC分类号: H04L29/06

    摘要: To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC1), a control server (SC) capable of communicating with the publication server (SP) and the terminal provide the latter with an application (App) that is downloaded and implemented on the terminal. The application makes it possible to define the control parameters (ParC) associated with the digital content, said parameters comprising a period of validity for the content and a list of web sites authorised to publish the digital content, generate a key (Kc) associated with the digital content, encrypt the digital content with said key, and store the control parameters (ParC), the generated key (Kc), and the encrypted digital content in various databases. The application then generates a reference (Ref) associated with the digital content and requires the publication of the reference by the publication server in place of the digital content.

    摘要翻译: 为了控制从通信终端(TC1)由发布服务器(SP)管理的网站上发布数字内容,能够与发布服务器(SP)通信的控制服务器(SC)和终端向终端提供 在终端上下载并实现的应用程序(App)。 应用使得可以定义与数字内容相关联的控制参数(ParC),所述参数包括内容的有效期和被授权发布数字内容的网站列表,生成与数字内容相关联的密钥(Kc) 数字内容使用所述密钥加密数字内容,并将控制参数(ParC),生成的密钥(Kc)和加密的数字内容存储在各种数据库中。 应用程序然后生成与数字内容相关联的参考(Ref),并且需要由出版服务器发布参考以代替数字内容。

    Automatic allocation of prefixes to equipments of an ipv6 communication network
    7.
    发明申请
    Automatic allocation of prefixes to equipments of an ipv6 communication network 审中-公开
    自动分配ipv6通信网络设备的前缀

    公开(公告)号:US20070121613A1

    公开(公告)日:2007-05-31

    申请号:US10587942

    申请日:2005-02-01

    IPC分类号: H04L12/56

    摘要: A communication equipment for an Internet Protocol communication network including a set of interfaces each connected to one or more other communication equipments and having means for receiving an address prefix from a first other communication equipment. It further includes allocation means for allocating to at least a portion of the other communication equipments to which the first other equipment does not belong a sub-prefix formed of the address prefix concatenated with an individual identifier whose length depends on the total number of other communication equipments.

    摘要翻译: 一种用于因特网协议通信网络的通信设备,包括一组接口,每个接口连接到一个或多个其他通信设备,并且具有用于从第一其他通信设备接收地址前缀的装置。 它还包括分配装置,用于分配给第一其他设备不属于由与其长度取决于其他通信总数的单个标识符连接的地址前缀形成的子前缀的其他通信设备的至少一部分 设备

    Device of dynamically assigning variable length prefixes for IP network equipments
    8.
    发明授权
    Device of dynamically assigning variable length prefixes for IP network equipments 失效
    为IP网络设备动态分配可变长度前缀的设备

    公开(公告)号:US07577138B2

    公开(公告)日:2009-08-18

    申请号:US11305042

    申请日:2005-12-19

    IPC分类号: H04L12/56

    摘要: Example embodiments disclose a prefix assignment device for use in network equipments of an Internet Protocol communication network, the device including a processing module. The processing module of the prefix assignment device may determine a node Nj associated with an unassigned prefix Pj of length L(Pj) equal to L(Rk)−m. The processing module may also assign prefix Pj to the network equipment Rk if m is equal to 0 and/or perform successive m loops if m is greater than 0. The module may select one of the two prefixes with lengths equal to L(Rk) for assignment to the network equipment Rk.

    摘要翻译: 示例性实施例公开了一种用于互联网协议通信网络的网络设备中的前缀分配设备,该设备包括处理模块。 前缀分配装置的处理模块可以确定与等于L(Rk)-m的长度L(Pj)的未分配前缀Pj相关联的节点Nj。 如果m等于0,则处理模块还可以将前缀Pj分配给网络设备Rk,和/或如果m大于0则执行连续的m个循环。该模块可以选择长度等于L(Rk)的两个前缀之一, 用于分配给网络设备Rk。

    Secure communications equipment for processing data packets according to the send mechanism
    9.
    发明授权
    Secure communications equipment for processing data packets according to the send mechanism 有权
    根据发送机制处理数据包的安全通信设备

    公开(公告)号:US07747849B2

    公开(公告)日:2010-06-29

    申请号:US11508188

    申请日:2006-08-23

    IPC分类号: G06F17/00 G06F15/16 H04L29/06

    摘要: A security-procuring method for making an item of communications equipment (E) secure, said item of communications equipment comprising an operating system core (K) and a set of software applications (A), said core including at least one IPv6 protocol stack (PS) making it possible to transmit incoming data packets from an input port (PIN) to an application (A) and to transmit outgoing data packets from an application (A) to an output port (POUT), said protocol stacks including a set of interfaces (HPRE, HIN, HOUT, HPOST) organized to enable external modules connected to them to access said data packets transmitted by said at least one protocol stack at determined points associated with said interfaces. Said method is characterized in that an input module (MIN) and an output module (MOUT) are connected respectively to an input interface (HIN) and to an output interface (HOUT) of said core (K), and in that said modules select, analyze, and, if necessary, modify the data packets of the Network Discovery Protocol (NDP), in compliance with the Secure Neighbor Discovery (SEND) mechanism.

    摘要翻译: 一种用于使通信设备(E)项目安全的安全采购方法,所述通信设备项目包括操作系统核心(K)和一组软件应用(A),所述核心包括至少一个IPv6协议栈( PS)使得可以将输入数据分组从输入端口(PIN)发送到应用(A)并且将输出数据分组从应用(A)发送到输出端口(POUT),所述协议栈包括一组 组织的接口(HPRE,HIN,HOUT,HPOST),以使与其连接的外部模块能够访问由所述至少一个协议栈在与所述接口相关联的确定点处发送的所述数据分组。 所述方法的特征在于,输入模块(MIN)和输出模块(MOUT)分别连接到所述核(K)的输入接口(HIN)和输出接口(HOUT),并且所述模块选择 ,根据安全邻居发现(SEND)机制进行分析,并在必要时修改网络发现协议(NDP)的数据包。

    Control device to transfer units of connection time between donor and beneficiary terminals of communication network(S)
    10.
    发明申请
    Control device to transfer units of connection time between donor and beneficiary terminals of communication network(S) 失效
    通信网络的供体和受益终端之间的连接时间单位的控制装置(S)

    公开(公告)号:US20070042751A1

    公开(公告)日:2007-02-22

    申请号:US11455694

    申请日:2006-06-20

    IPC分类号: H04M11/00

    摘要: A device (D) is dedicated to controlling the transfer of units of connection time for a communication network (N1) having accounting and/or billing equipment (ABE1). This device (D) includes processing means (PM) that, when they receive a request to transfer a chosen quantity of units of connection time to a beneficiary account associated with the communication identifier of a first communication terminal (BT) connected to a communication network (N1), responsible for accessing a first set of accounting and/or billing equipment (ABE1) managing the account of a donor associated with the communication identifier of a second communication terminal (DT) connected to the communication network (R1), to verify whether the quantity of units of connection time that the donor's terminal (DT) has is at least equal to the chosen quantity, and if so, to order the first set of equipment (ABE1), which also manages the beneficiary's account, to transfer in real time a quantity of units of connection time at most equal to the quantity chosen from the donor's account to the beneficiary's account.

    摘要翻译: 设备(D)专用于控制具有计费和/或计费设备(ABE1)的通信网络(N1)的连接时间单位的传送。 该设备(D)包括处理装置(PM),当它们接收到将所选择的连接时间单位数量传送到与连接到通信网络的第一通信终端(BT)的通信标识符相关联的受益帐户的请求时 (N1),负责访问管理与连接到通信网络(R1)的第二通信终端(DT)的通信标识符相关联的供体的帐户的第一组记帐和/或计费设备(ABE1),以验证 供应商终端(DT)具有的连接时间单位数量是否至少等于所选择的数量,如果是,则还将管理受益人帐户的第一组设备(ABE1)订购到 实时连接时间的单位数量最多等于从捐赠者帐户中选择的受益人帐户数量。