公开(公告)号：US11968295B2

公开(公告)日：2024-04-23

申请号：US17044755

申请日：2018-04-03

Applicant: Telefonaktiebolaget LM Ericsson (publ) ,  Daniel Migault ,  Makan Pourzandi

Inventor： Daniel Migault ,  Makan Pourzandi

IPC: H04L9/08

CPC classification number: H04L9/0841 ,  H04L9/083 ,  H04L9/0891 ,  H04L9/0894

Abstract: Methods, terminal and a data center gateway are provided for allowing efficient debugging and troubleshooting of data session encrypted with Perfect Forward Secrecy (PFS) encryption techniques such as for example the Transport Layer Security (TLS) protocol version 1.3. Embodiments of the invention allow the user terminal to authorize a data center gateway to persistently store one or more encryption keys associated with the data session for use to access the recorded data session and troubleshooting it after the session ended, when faults are detected. When a fault is detected, the user terminal provides authorization to the gateway to persistently store the data session along with one or more encryption key(s). With this, the gateway allows for the data session to be later decrypted and faults to be investigated despite the data session being encrypted with PFS techniques.

公开(公告)号：US07961852B2

公开(公告)日：2011-06-14

申请号：US10583589

申请日：2004-12-03

Applicant: Daniel Migault ,  Philippe Fouquart

Inventor： Daniel Migault ,  Philippe Fouquart

IPC: H04M1/64

CPC classification number: H04L29/12047 ,  H04L29/12009 ,  H04L61/15 ,  H04L69/40 ,  H04Q3/72 ,  H04Q2213/13091 ,  H04Q2213/13097 ,  H04Q2213/13103

Abstract: A method and device for sending a request (R) from a requesting machine (H) to a domain name server (1, 2, 3). A prior test of the validity of the destination telephone number (NTEL) of the request (R) is executed automatically and locally to the requesting machine (H) relative to a database (BD) local to said requesting machine (H) in order to forward the request (R) from the requesting machine (H) to the domain name server (1, 2, 3) only if its telephone number (NTEL) passes said test.

Abstract translation: 一种用于从请求机器（H）向域名服务器（1,2,3）发送请求（R）的方法和设备。 对请求（R）的目的地电话号码（NTEL）的有效性的先前测试相对于所述请求机器（H）本地的数据库（BD）自动地并且本地地执行到请求机器（H），以便 只有当电话号码（NTEL）通过所述测试时，才将请求（R）从请求机器（H）转发到域名服务器（1，2，3）。

公开(公告)号：US20090187649A1

公开(公告)日：2009-07-23

申请号：US12087323

申请日：2006-12-19

Applicant: Daniel Migault ,  Jean-Michel Combes ,  Anne-Sophie Duserre

Inventor： Daniel Migault ,  Jean-Michel Combes ,  Anne-Sophie Duserre

IPC: G06F15/173

CPC classification number: H04L63/126 ,  H04L29/12066 ,  H04L29/12132 ,  H04L61/1511 ,  H04L61/1552

Abstract: A domain server that comprises: means (10) for receiving a query transmitted from a client device (CL1) for obtaining DNS data; a zone file (FZ1, zone) comprising one or more distribution rules defining a partitioning of the domain into sub-zones, DNS data of said sub-zones being associated with a pair of partition keys specific to said sub-zone; means (20) for obtaining from said zone file a useful piece of information sufficient for identifying the pair of the partition keys associated with the required DNS data; and means (10) for transmitting to the client device (CL1): the required DNS data, the value of the signature of said data produced by means of the private component (ZSK2[pr]) of the pair of partition keys; and the useful piece of information.

Abstract translation: 一种域服务器，包括：用于接收从客户端设备（CL1）发送的用于获取DNS数据的查询的装置（10）; 包括一个或多个分配规则的区域文件（FZ1，区域），该分配规则定义了将域划分成子区域，所述子区域的DNS数据与特定于所述子区域的一对分区密钥相关联; 用于从所述区域文件获得足以识别与所需的DNS数据相关联的所述分区密钥对的有用信息的装置（20） 以及用于向所述客户端设备（CL1）发送所述必需的DNS数据的装置（10）：通过所述一对分区键的所述专用分量（ZSK2 [pr]）产生的所述数据的签名的值; 和有用的信息。

公开(公告)号：US20230094458A1

公开(公告)日：2023-03-30

申请号：US17796120

申请日：2020-01-30

Applicant: Daniel Migault ,  Stere Preda ,  Amine Boukhtouta ,  Fereydoun Farrahi Moghaddam

Inventor： Daniel Migault ,  Stere Preda ,  Amine Boukhtouta ,  Fereydoun Farrahi Moghaddam

IPC: H04L9/40

Abstract: Systems and methods for maintaining privacy of security protocol parameters are provided. A node receives an encrypted packet and determines if the Security Parameters Index (SPI) value has been updated. The node can modify its stored SPI value(s) accordingly and process the encrypted packet.

公开(公告)号：US07941517B2

公开(公告)日：2011-05-10

申请号：US12087323

申请日：2006-12-19

Applicant: Daniel Migault ,  Jean-Michel Combes ,  Anne-Sophie Duserre

Inventor： Daniel Migault ,  Jean-Michel Combes ,  Anne-Sophie Duserre

IPC: G06F15/16 ,  G06F12/00

CPC classification number: H04L63/126 ,  H04L29/12066 ,  H04L29/12132 ,  H04L61/1511 ,  H04L61/1552

Abstract: A domain server that comprises: means (10) for receiving a query transmitted from a client device (CL1) for obtaining DNS data; a zone file (FZ1, zone) comprising one or more distribution rules defining a partitioning of the domain into sub-zones, DNS data of said sub-zones being associated with a pair of partition keys specific to said sub-zone; means (20) for obtaining from said zone file a useful piece of information sufficient for identifying the pair of the partition keys associated with the required DNS data; and means (10) for transmitting to the client device (CL1): the required DNS data, the value of the signature of said data produced by means of the private component (ZSK2[pr]) of the pair of partition keys; and the useful piece of information.

Abstract translation: 一种域服务器，包括：用于接收从客户端设备（CL1）发送的用于获取DNS数据的查询的装置（10）; 包括一个或多个分配规则的区域文件（FZ1，区域），该分配规则定义了将域划分成子区域，所述子区域的DNS数据与特定于所述子区域的一对分区密钥相关联; 用于从所述区域文件获得足以识别与所需的DNS数据相关联的所述分区密钥对的有用信息的装置（20） 以及用于向所述客户端设备（CL1）发送所述必需的DNS数据的装置（10）：通过所述一对分区键的所述专用分量（ZSK2 [pr]）产生的所述数据的签名的值; 和有用的信息。

公开(公告)号：US20100049982A1

公开(公告)日：2010-02-25

申请号：US12312510

申请日：2007-10-26

Applicant: Daniel Migault ,  Jean-Michael Combes

Inventor： Daniel Migault ,  Jean-Michael Combes

IPC: H04L9/32 ,  G06F21/20

CPC classification number: H04L63/168 ,  H04L29/12066 ,  H04L61/1511 ,  H04L63/20 ,  H04L67/1002 ,  H04L67/1023

Abstract: The invention relates to a method for accessing via a first device a predetermined piece of information duplicated in several server devices, each server device implementing a sub-assembly of safety mechanisms from a predetermined set of safety mechanisms in order to provide a predetermined safety level for accessing the predetermined piece of information, wherein said method comprises the following steps: a) transmission (40) by the first device of at least one access request adapted for receiving the list of safety mechanisms implemented by the server devices; b) transmission (46) by the first device to at least one of said server devices of an access request to the predetermined piece of information, said request using the safety mechanisms implemented by the and at least one of said server devices.

Abstract translation: 本发明涉及一种用于经由第一设备访问在几个服务器设备中复制的预定信息的方法，每个服务器设备从预定的一组安全机构实现安全机构的子组件，以便提供预定的安全级别 其中所述方法包括以下步骤：a）由所述第一设备传送（40）至少一个访问请求，适于接收由所述服务器设备实现的安全机制的列表; b）由所述第一设备向至少一个所述服务器设备传输（46）到所述预定信息的访问请求，所述请求使用由所述服务器设备和所述服务器设备中的至少一个实现的安全机制。

公开(公告)号：US11240214B2

公开(公告)日：2022-02-01

申请号：US16625122

申请日：2017-06-20

Applicant: Daniel Migault ,  Stere Preda

Inventor： Daniel Migault ,  Stere Preda

IPC: H04L29/06 ,  H04L12/741

Abstract: Systems and methods for processing inbound and outbound secure packet traffic are provided herein. A first lookup operation can be performed to identify a security association corresponding to a received packet. A second lookup operation can be performed to determine a security parameters index associated with the packet and the identified security association. The packet can be processed in accordance with the security association and the security parameters index.

公开(公告)号：US09130990B2

公开(公告)日：2015-09-08

申请号：US12300939

申请日：2007-05-10

Applicant: Daniel Migault

Inventor： Daniel Migault

IPC: G06F15/16 ,  G06F15/177 ,  G06F15/173 ,  H04L29/12

CPC classification number: H04L61/1511 ,  H04L29/12066 ,  H04L29/12283 ,  H04L61/2061

Abstract: A domain name server includes a zone file containing partitioning rules that define the partitioning of all subfolders of this domain into subzones. The DNS data of each of these subzones is hosted by a partition server that is able to obtain from the zone file information for identifying the partition server able to respond to a query sent by a client to obtain a DNS folder.

Abstract translation: 域名服务器包括一个包含分区规则的区域文件，该区域规则将此域的所有子文件夹的划分定义为子区域。 这些子区域中的每一个的DNS数据由分区服务器托管，分区服务器能够从区域文件信息获得用于识别能够响应客户端发送的查询以获得DNS文件夹的分区服务器的信息。

公开(公告)号：US20060288007A1

公开(公告)日：2006-12-21

申请号：US10572608

申请日：2004-09-23

Applicant: Daniel Migault

Inventor： Daniel Migault

IPC: G06F17/30

CPC classification number: H04L63/101 ,  G06F21/6218 ,  G06F2221/2113 ,  H04L29/12066 ,  H04L29/12132 ,  H04L61/1511 ,  H04L61/1552

Abstract: The invention concerns a telecommunications system including a database DBS comprising a reference server REFS containing data associated with at least one domain name, and at least one first and second auxiliary server CFS and PBS intended to contain data CONFD and PUBD respectively provided with a first and second degree of confidentiality. At least one of the auxiliary servers is provided with identification means IDMC, IDMP for preventing any access to the data that it contains by terminals not having access authorisation compatible with the degree of confidentiality attributed to the data contained in this auxiliary server. The invention provides respect for the confidential character which certain data CONFD stored in a database DBS accessible by means of a terminal TER0, TER1 or TER2 via a public network could have.

Abstract translation: 本发明涉及一种包括数据库DBS的电信系统，该数据库DBS包括包含与至少一个域名相关联的数据的参考服务器REFS，以及旨在包含数据CONFD和PUBD的至少一个第一和第二辅助服务器CFS和PBS，分别具有第一和 二级保密。 至少一个辅助服务器具有识别装置IDMC，IDMP，用于防止对不具有归属于包含在该辅助服务器中的数据的机密性的访问权限的终端的数据进行访问。 本发明提供了通过公共网络可以通过终端TER 0，TER 1或TER 2可访问的存储在数据库DBS中的某些数据CONFD的机密特征。

公开(公告)号：US11343322B2

公开(公告)日：2022-05-24

申请号：US16955419

申请日：2018-12-18

Applicant: Daniel Migault ,  Stere Preda ,  Elaheh Jalalpour ,  Enayatallah Ghaznavi

Inventor： Daniel Migault ,  Stere Preda ,  Elaheh Jalalpour ,  Enayatallah Ghaznavi

IPC: H04L29/08 ,  H04L67/14 ,  H04W76/12 ,  H04L29/06 ,  H04L67/1097 ,  H04L67/568 ,  H04L69/16

Abstract: Systems and methods for virtualizing edge node functionality as a service for handling content delivery are described herein. An edge node receives a packet and determines if it associated with an established session and if it should be offloaded for processing. An offload status indicator and/or session context information can be added to the offloaded packet and it is transmitted to a subsequent edge node.