公开(公告)号：US20060265751A1

公开(公告)日：2006-11-23

申请号：US11132118

申请日：2005-05-18

申请人： Francois Cosquer ,  Bertrand Marquet ,  Robert MacIntosh

发明人： Francois Cosquer ,  Bertrand Marquet ,  Robert MacIntosh

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  H04L63/1441

摘要： Communication network security risk exposure management systems and methods are disclosed. Risks to a communication network are determined by analyzing assets of the communication network and vulnerabilities affecting the assets. Assets may include physical assets such as equipment or logical assets such as software or data. Risk analysis may be adapted to assess risks to a particular feature of a communication network by analyzing assets of the communication network which are associated with that feature and one or more of vulnerabilities which affect the feature and vulnerabilities which affect the assets associated with the feature. A feature may be an asset itself or a function or service offered in the network and supported by particular assets, for example.

摘要翻译： 披露了通信网络安全风险管理系统和方法。 通信网络的风险是通过分析通信网络的资产和影响资产的漏洞来确定的。 资产可能包括物理资产，如设备或逻辑资产，如软件或数据。 可以通过分析与该特征相关联的通信网络的资产以及影响影响与特征相关联的资产的特征和漏洞的一个或多个漏洞来评估风险分析来评估通信网络的特定特征的风险。 特征可以是资产本身或网络中提供并由特定资产支持的功能或服务。

公开(公告)号：US20070011452A1

公开(公告)日：2007-01-11

申请号：US11176383

申请日：2005-07-08

申请人： Bertrand Marquet ,  Francois Cosquer

发明人： Bertrand Marquet ,  Francois Cosquer

IPC分类号： H04L9/00

CPC分类号： H04L63/105

摘要： A secured execution device (SED) maintains security credentials for a certain user that requests access to the network for performing specified operations or for obtaining specified information. The NE from where the user requests access to the network is authenticated using SED credentials against a multi-level and multi-factor credentials table maintained by a NE authentication controller provided in the EMS/NM/OSS controlling the respective NE. The NE authentication controller issues a challenge and transmits it to the NE. The SED receives the challenge and both the SED and the NE authentication controller process the random number in the same way. The SED then returns a one time usage cryptographic message with the response to the challenge. The NE authentication controller checks the SED response against the expected response calculated locally; the user gains access to the network over the NE if the two responses coincide.

摘要翻译： 安全执行装置（SED）维护特定用户的安全凭证，请求访问网络以执行指定的操作或获取指定的信息。 用户请求访问网络的网元使用SED证书，根据在控制相应网元的EMS / NM / OSS中提供的NE认证控制器维护的多级和多因素证书表进行认证。 NE认证控制器发出挑战并将其发送给NE。 SED接收质询，SED和NE认证控制器以相同的方式处理随机数。 SED然后返回一次使用加密消息与响应的挑战。 NE认证控制器根据本地计算的预期响应来检查SED响应; 如果两个响应相符，则用户通过网络获得对网络的访问。

公开(公告)号：US20050257047A1

公开(公告)日：2005-11-17

申请号：US10846542

申请日：2004-05-17

申请人： Bertrand Marquet ,  Jean-Marc Robert ,  Francois Cosquer

发明人： Bertrand Marquet ,  Jean-Marc Robert ,  Francois Cosquer

IPC分类号： H04L9/00 ,  H04L12/24 ,  H04L29/06

CPC分类号： H04L63/0853 ,  H04L41/28

摘要： A system for improving security of management and control functions at a network element in a communications network is described. The control card of the network element is configured to function in association with an execution device such as a smartcard. The execution device has embedded thereon one or several processors each implementing specific security related operations. This limits access to the network element which, in turn, minimizes access to sensitive and confidential information.

摘要翻译： 描述了一种用于提高通信网络中的网元的管理和控制功能的安全性的系统。 网元的控制卡被配置为与诸如智能卡的执行装置相关联地起作用。 执行装置在其上嵌入有一个或多个处理器，每个处理器实现特定的安全相关操作。 这限制了对网络的访问，这又使得对敏感和机密信息的访问最小化。

公开(公告)号：US20070011741A1

公开(公告)日：2007-01-11

申请号：US11176237

申请日：2005-07-08

申请人： Jean-Marc Robert ,  Francois Cosquer

发明人： Jean-Marc Robert ,  Francois Cosquer

IPC分类号： G06F12/14 ,  G06F11/00 ,  G06F12/16 ,  G06F15/18 ,  G08B23/00

CPC分类号： H04L63/0245 ,  H04L43/00 ,  H04L63/1425

摘要： This method and system for detecting abnormal traffic in a communications network is based on classifying the traffic in risk and status categories and maintaining a service status table with this information for each service at a respective node. The risk categories are initially established based on known software vulnerabilities recognized for the respective service. An early notifier enables further processing of services suspected of malware propagation. Status categories enable segregating the traffic with a “under attack status” from the “non under attack” status, so that the intrusion detection system at the respective node only processes the “under attack” traffic. In this way, the time and amount of processing performed by the intrusion detection system is considerably reduced.

摘要翻译： 用于检测通信网络中的异常流量的方法和系统是基于对风险和状态类别中的流量进行分类，并且在相应节点处为每个服务维护具有该信息的服务状态表。 风险类别最初是基于为相应服务识别的已知软件漏洞建立的。 早期的通知器可以进一步处理涉嫌恶意软件传播的服务。 状态类别使得具有“不受攻击”状态的“受攻击状态”的流量隔离，使得相应节点处的入侵检测系统仅处理“未受攻击”流量。 以这种方式，入侵检测系统执行的处理的时间和数量大大降低。

公开(公告)号：US20060265324A1

公开(公告)日：2006-11-23

申请号：US11131598

申请日：2005-05-18

申请人： Yvon Leclerc ,  Scott D'Souza ,  Francois Cosquer

发明人： Yvon Leclerc ,  Scott D'Souza ,  Francois Cosquer

IPC分类号： G06Q40/00

CPC分类号： H04L63/1416 ,  G06F21/577 ,  G06Q40/025 ,  H04L63/1433

摘要： Security risk analysis systems and methods are disclosed. Vulnerabilities affecting assets of a communication network are associated with other assets of the communication network according to relationships between assets. Security risk may thus be assessed on the basis of both vulnerabilities which directly affect assets and vulnerabilities which indirectly affect assets through their relationships with other assets. Risk exposure calculators which determine respective types of exposure of assets to vulnerabilities, illustratively direct and indirect exposures, are selectable so as to provide for customizable security risk analysis.

摘要翻译： 公开了安全风险分析系统和方法。 影响通信网络资产的漏洞根据资产关系与通信网络的其他资产相关联。 因此，可以基于直接影响资产的脆弱性和通过与其他资产的关系间接影响资产的脆弱性来评估安全风险。 可选择风险计算器，以确定资产对漏洞的曝光类型，例如直接和间接曝光，以提供可定制的安全风险分析。

公开(公告)号：US09338119B2

公开(公告)日：2016-05-10

申请号：US13596363

申请日：2012-08-28

申请人： Igor Faynberg ,  Hui-Lan Lu ,  Francois Cosquer

发明人： Igor Faynberg ,  Hui-Lan Lu ,  Francois Cosquer

IPC分类号： G06F15/16 ,  H04L12/58

CPC分类号： H04L51/30 ,  H04L51/12 ,  H04L63/0876 ,  H04L63/126 ,  H04L63/1441

摘要： Techniques for enabling improved electronic mail handling in communication networks include a method of handling an electronic mail message in an electronic mail system. The method includes establishing a secure connection between a client of a message sender and a server of a message recipient in the electronic mail system. The method also includes participating in an authentication exchange to verify the identity of the message sender. The method further includes the message sender depositing an electronic mail message with the server of the message recipient upon successful verification of the identity of the client of the message sender.

摘要翻译： 在通信网络中实现改进的电子邮件处理的技术包括在电子邮件系统中处理电子邮件消息的方法。 该方法包括在消息发送者的客户端和电子邮件系统中的消息接收者的服务器之间建立安全连接。 该方法还包括参与认证交换以验证消息发送者的身份。 该方法还包括在成功验证消息发送者的客户端的身份后，消息发送者与消息接收者的服务器一起存放电子邮件消息。

公开(公告)号：US20140067962A1

公开(公告)日：2014-03-06

申请号：US13596363

申请日：2012-08-28

申请人： Igor Faynberg ,  Hui-Lan Lu ,  Francois Cosquer

发明人： Igor Faynberg ,  Hui-Lan Lu ,  Francois Cosquer

IPC分类号： H04L12/58

CPC分类号： H04L51/30 ,  H04L51/12 ,  H04L63/0876 ,  H04L63/126 ,  H04L63/1441

摘要： Techniques are disclosed for enabling improved electronic mail handling in communication networks. For example, a method of handling an electronic mail message in an electronic mail system comprises the following steps. A secure connection is established between a client of a message sender and a server of a message recipient in the electronic mail system. An authentication exchange is employed to verify the identity of the message sender. The message sender deposits an electronic mail message with the server of the message recipient upon successful verification of the identity of the client of the message sender.

摘要翻译： 公开了用于实现通信网络中改进的电子邮件处理的技术。 例如，在电子邮件系统中处理电子邮件消息的方法包括以下步骤。 在电子邮件系统中的消息发送者的客户端和消息接收者的服务器之间建立安全连接。 采用认证交换来验证消息发送者的身份。 成功验证消息发送者的客户端的身份后，消息发送者与消息收件人的服务器存放电子邮件消息。