公开(公告)号：US07369560B2

公开(公告)日：2008-05-06

申请号：US10852945

申请日：2004-05-25

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Claude Galand ,  Didier Giroir

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Claude Galand ,  Didier Giroir

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L63/0272 ,  H04L12/4641 ,  H04L29/12009 ,  H04L29/12358 ,  H04L29/12481 ,  H04L29/12801 ,  H04L45/50 ,  H04L61/251 ,  H04L61/2557 ,  H04L61/6004 ,  H04L63/101 ,  H04L69/16 ,  H04L69/167

摘要： Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

摘要翻译： 某些示例性实施例提供了一种用于基于IPv6协议将基于IPv4协议的数据分组转换成数据分组的方法，所述方法包括：在将其发送到IP交换机之前，将基于IPv4协议的任何数据分组转换为基于IPv6协议的数据分组 网络使用由外部服务器提供的信息，并且在将其发送到第一或第二工作站之前，将基于所述IP交换网络提供的IPv6协议的任何数据分组转换为基于IPv4协议的数据分组。

公开(公告)号：US07392379B2

公开(公告)日：2008-06-24

申请号：US11831631

申请日：2007-07-31

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： G06F9/00

CPC分类号： H04L41/042 ,  H04L29/12339 ,  H04L61/2503 ,  H04L63/0209 ,  H04L63/0263 ,  H04L63/0272

摘要： Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

摘要翻译： 用于将第一IP网络（10）互连到第二IP网络（16）的防火墙系统，属于具有不同管理的两个不同实体的这些网络，其中由第一IP网络发送/接收的任何数据分组通过使用第一IP网络 防火墙功能和由第二IP网络发送/接收的任何数据包通过使用第二防火墙功能进行过滤。 该系统基本上包括单个防火墙设备（20），其包括执行第一防火墙功能和第二防火墙功能的过滤装置（41,43），使得管理员能够负责每个IP网络的控制台端口（37）输入用于更新的过滤规则 相关联的防火墙功能和控制装置（39,47,49），其互连控制台端口和过滤装置，用于向其发送过滤规则，使得每个管理员可以从控制台端口独立地管理系统。

公开(公告)号：US07299353B2

公开(公告)日：2007-11-20

申请号：US10638839

申请日：2003-08-11

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： G06F1/24

CPC分类号： H04L41/042 ,  H04L29/12339 ,  H04L61/2503 ,  H04L63/0209 ,  H04L63/0263 ,  H04L63/0272

摘要： Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

摘要翻译： 用于将第一IP网络（10）互连到第二IP网络（16）的防火墙系统，属于具有不同管理的两个不同实体的这些网络，其中由第一IP网络发送/接收的任何数据分组通过使用第一IP网络 防火墙功能和由第二IP网络发送/接收的任何数据包通过使用第二防火墙功能进行过滤。 该系统基本上包括单个防火墙设备（20），其包括执行第一防火墙功能和第二防火墙功能的过滤装置（41,43），使得管理员能够负责每个IP网络的控制台端口（37）输入用于更新的过滤规则 相关联的防火墙功能和控制装置（39,47,49），其互连控制台端口和过滤装置，用于向其发送过滤规则，使得每个管理员可以从控制台端口独立地管理系统。

公开(公告)号：US20100158020A1

公开(公告)日：2010-06-24

申请号：US12643534

申请日：2009-12-21

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Didier F. Giroir ,  Aline Fichou

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Didier F. Giroir ,  Aline Fichou

IPC分类号： H04L12/56

CPC分类号： H04L12/1403 ,  H04L12/14

摘要： Virtual Private Network (VPN) dedicated to a customer using a physical transmission network based upon Multi-Protocol Label Switching (MPLS) technology including a plurality of Provider (P) devices and a plurality of Provider Edge (PE) devices, the customer owning at least two specific Customer Edge (CE) devices amongst a plurality of CE devices, a specific CE device being attached to a specific PE device and enabling the customer to gain access to any other CE device belonging to the same VPN, by the intermediary of PE devices to which are attached the CE devices. The VPN comprises several billing zones (10, 12, 14) being each defined by the application of a single flat rate. A PE device (18) belonging to each billing zone includes a virtual router (58, 60, 62) associated with each billing zone, two virtual routers being interconnected by a virtual circuit (38, 40, 42) transmitting all the traffic exchanged between the two associated billing zones so that the traffic flowing between the two billing zones can be measured and therefore precisely billed to the customer.

摘要翻译： 基于多协议标签交换（MPLS）技术的使用物理传输网络的客户的虚拟专用网络（VPN），包括多个提供商（P）设备和多个提供者边缘（PE）设备，客户拥有 在多个CE设备中的至少两个特定的客户边缘（CE）设备，特定的CE设备被附加到特定的PE设备并且使客户能够通过PE的中介获得对属于同一VPN的任何其他CE设备的访问 设备连接到CE设备。 VPN包括几个计费区域（10,12,14），每个计费区域由应用单个统一费率定义。 属于每个计费区域的PE设备（18）包括与每个计费区域相关联的虚拟路由器（58,60,62），两个虚拟路由器由虚拟电路（38,40,42）互连，该虚拟路由器传输在 两个关联的计费区域，使得可以测量在两个计费区域之间流动的流量，并因此精确地向客户收费。

公开(公告)号：US07320143B2

公开(公告)日：2008-01-15

申请号：US10638860

申请日：2003-08-11

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： G06F17/30 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04L9/00 ,  H04L9/32 ,  H04K1/00 ,  H04N7/16

CPC分类号： H04L63/12 ,  H04L63/1466

摘要： Method of gaining secure access from a host (13) to Intranet resources provided by at least a content server (18) in a data transmission system wherein the host is connected to the content server through a gateway (17). Such a method consists in generating and sending at predetermined transmission instants from either the host or the gateway verification messages wherein each verification message contains a signature which depends upon the data exchanged between the host and the gateway since the preceding verification message, the host and the gateway also called peer devices having at their disposal a same algorithm defining which of them sends a verification message at each of the predetermined instants.

摘要翻译： 从数据传输系统获得从主机（13）到由至少内容服务器（18）提供的内联网资源的安全访问的方法，其中主机通过网关（17）连接到内容服务器。 这种方法包括：从主机或网关验证消息的预定传输时刻生成和发送，其中每个验证消息包含取决于主机与网关之间交换的数据的签名，因为前述验证消息，主机和 网关还称为具有相同算法的对等设备，其定义了在每个预定时刻中的哪一个发送验证消息。

公开(公告)号：US08132251B2

公开(公告)日：2012-03-06

申请号：US12115392

申请日：2008-05-05

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： H04L29/02

CPC分类号： H04L41/042 ,  H04L29/12339 ,  H04L61/2503 ,  H04L63/0209 ,  H04L63/0263 ,  H04L63/0272

摘要： Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

摘要翻译： 用于将第一IP网络（10）互连到第二IP网络（16）的防火墙系统，属于具有不同管理的两个不同实体的这些网络，其中由第一IP网络发送/接收的任何数据分组通过使用第一IP网络 防火墙功能和由第二IP网络发送/接收的任何数据包通过使用第二防火墙功能进行过滤。 该系统基本上包括单个防火墙设备（20），其包括执行第一防火墙功能和第二防火墙功能的过滤装置（41,43），使得管理员能够负责每个IP网络的控制台端口（37）输入用于更新的过滤规则 相关联的防火墙功能和控制装置（39,47,49），其互连控制台端口和过滤装置，用于向其发送过滤规则，使得每个管理员可以从控制台端口独立地管理系统。

公开(公告)号：US07668181B2

公开(公告)日：2010-02-23

申请号：US10638518

申请日：2003-08-11

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Didier F. Giroir ,  Aline Fichou

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Didier F. Giroir ,  Aline Fichou

IPC分类号： H04L12/28

CPC分类号： H04L12/1403 ,  H04L12/14

摘要： Virtual Private Network (VPN) dedicated to a customer using a physical transmission network based upon Multi-Protocol Label Switching (MPLS) technology including a plurality of Provider (P) devices and a plurality of Provider Edge (PE) devices, the customer owning at least two specific Customer Edge (CE) devices amongst a plurality of CE devices, a specific CE device being attached to a specific PE device and enabling the customer to gain access to any other CE device belonging to the same VPN, by the intermediary of PE devices to which are attached the CE devices. The VPN comprises several billing zones (10, 12, 14) being each defined by the application of a single flat rate. A PE device (18) belonging to each billing zone includes a virtual router (58, 60, 62) associated with each billing zone, two virtual routers being interconnected by a virtual circuit (38, 40, 42) transmitting all the traffic exchanged between the two associated billing zones so that the traffic flowing between the two billing zones can be measured and therefore precisely billed to the customer.

摘要翻译： 基于多协议标签交换（MPLS）技术的使用物理传输网络的客户的虚拟专用网络（VPN），包括多个提供商（P）设备和多个提供者边缘（PE）设备，客户拥有 在多个CE设备中的至少两个特定的客户边缘（CE）设备，特定的CE设备被附加到特定的PE设备并且使客户能够通过PE的中介获得对属于同一VPN的任何其他CE设备的访问 设备连接到CE设备。 VPN包括几个计费区域（10,12,14），每个计费区域由应用单个统一费率定义。 属于每个计费区域的PE设备（18）包括与每个计费区域相关联的虚拟路由器（58,60,62），两个虚拟路由器由虚拟电路（38,40,42）互连，该虚拟路由器传输在 两个关联的计费区域，使得可以测量在两个计费区域之间流动的流量，并因此精确地向客户收费。

公开(公告)号：US07983284B2

公开(公告)日：2011-07-19

申请号：US12643534

申请日：2009-12-21

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Didier F. Giroir ,  Aline Fichou

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Didier F. Giroir ,  Aline Fichou

IPC分类号： H04L12/28

CPC分类号： H04L12/1403 ,  H04L12/14

摘要： Virtual Private Network (VPN) dedicated to a customer using a physical transmission network based upon Multi-Protocol Label Switching (MPLS) technology including a plurality of Provider (P) devices and a plurality of Provider Edge (PE) devices, the customer owning at least two specific Customer Edge (CE) devices amongst a plurality of CE devices, a specific CE device being attached to a specific PE device and enabling the customer to gain access to any other CE device belonging to the same VPN, by the intermediary of PE devices to which are attached the CE devices. The VPN comprises several billing zones (10, 12, 14) being each defined by the application of a single flat rate. A PE device (18) belonging to each billing zone includes a virtual router (58, 60, 62) associated with each billing zone, two virtual routers being interconnected by a virtual circuit (38, 40, 42) transmitting all the traffic exchanged between the two associated billing zones so that the traffic flowing between the two billing zones can be measured and therefore precisely billed to the customer.

摘要翻译： 基于多协议标签交换（MPLS）技术的使用物理传输网络的客户的虚拟专用网络（VPN），包括多个提供商（P）设备和多个提供者边缘（PE）设备，客户拥有 在多个CE设备中的至少两个特定的客户边缘（CE）设备，特定的CE设备被附加到特定的PE设备并且使客户能够通过PE的中介获得对属于同一VPN的任何其他CE设备的访问 设备连接到CE设备。 VPN包括几个计费区域（10,12,14），每个计费区域由应用单个统一费率定义。 属于每个计费区域的PE设备（18）包括与每个计费区域相关联的虚拟路由器（58,60,62），两个虚拟路由器由虚拟电路（38,40,42）互连，该虚拟路由器传输在 两个关联的计费区域，使得可以测量在两个计费区域之间流动的流量，并因此精确地向客户收费。

公开(公告)号：US07716369B2

公开(公告)日：2010-05-11

申请号：US10638504

申请日：2003-08-11

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt ,  Bernard Amadei

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt ,  Bernard Amadei

IPC分类号： G06F15/16

CPC分类号： H04L29/12509 ,  H04L29/12537 ,  H04L61/2567 ,  H04L61/2578 ,  H04L63/0272 ,  H04L63/164

摘要： Data transmission system based upon the Internet protocol (IP) comprising a private transmission network (18) and a public transmission network or the like (16) interconnected by a network address translation device NAT (12) wherein at least a workstation WS (10) connected to said private transmission network has to establish a communication with a peer device (14) connected to the public transmission network, the local IP address of each data packet from the workstation WS being translated into a NAT address used to provide the route through the public transmission network. The system includes a registration server (19) connected to the public transmission network for registering the local IP address corresponding to the NAT address and providing the correspondence between the NAT address and the local IP address to the peer device in order for this one to replace in the IP header of each data packet received by the peer device, the NAT address by the local IP address.

摘要翻译： 基于包括由网络地址转换装置NAT（12）互连的专用传输网络（18）和公共传输网络（16）的因特网协议（IP）的数据传输系统，其中至少一个工作站WS（10） 连接到所述专用传输网络必须与连接到公共传输网络的对等设备（14）建立通信，来自工作站WS的每个数据分组的本地IP地址被翻译成用于提供路由的NAT地址 公共传输网络。 该系统包括连接到公共传输网络的注册服务器（19），用于注册与NAT地址相对应的本地IP地址，并且向对等设备提供NAT地址和本地IP地址之间的对应关系，以使其替换 在对端设备收到的每个数据包的IP报头中，通过本地IP地址的NAT地址。

公开(公告)号：US07716331B2

公开(公告)日：2010-05-11

申请号：US11986534

申请日：2007-11-21

申请人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-François Le Pennec ,  Aurélien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/173 ,  H04L9/32 ,  G06F11/00 ,  G06F12/14

CPC分类号： H04L63/12 ,  H04L63/1466

摘要： Method of gaining secure access from a host (13) to Intranet resources provided by at least a content server (18) in a data transmission system wherein the host is connected to the content server through a gateway (17). Such a method consists in generating and sending at predetermined transmission instants from either the host or the gateway verification messages wherein each verification message contains a signature which depends upon the data exchanged between the host and the gateway since the preceding verification message, the host and the gateway also called peer devices having at their disposal same algorithm defining which of them sends a verification message at each of the predetermined instants.

摘要翻译： 从数据传输系统获得从主机（13）到由至少内容服务器（18）提供的内联网资源的安全访问的方法，其中主机通过网关（17）连接到内容服务器。 这种方法包括：从主机或网关验证消息的预定传输时刻生成和发送，其中每个验证消息包含取决于主机与网关之间交换的数据的签名，因为前述验证消息，主机和 网关还称之为具有相同算法的对等设备，其定义了在每个预定时刻中的哪一个发送验证消息。