公开(公告)号：US20070271605A1

公开(公告)日：2007-11-22

申请号：US11831631

申请日：2007-07-31

申请人： Jean-Francois Le Pennec ,  Aurelien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-Francois Le Pennec ,  Aurelien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/16

CPC分类号： H04L41/042 ,  H04L29/12339 ,  H04L61/2503 ,  H04L63/0209 ,  H04L63/0263 ,  H04L63/0272

摘要： Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

摘要翻译： 用于将第一IP网络（10）互连到第二IP网络（16）的防火墙系统，属于具有不同管理的两个不同实体的这些网络，其中由第一IP网络发送/接收的任何数据分组通过使用第一IP网络 防火墙功能和由第二IP网络发送/接收的任何数据包通过使用第二防火墙功能进行过滤。 该系统基本上包括单个防火墙设备（20），其包括执行第一防火墙功能和第二防火墙功能的过滤装置（41,43），使得管理员能够负责每个IP网络的控制台端口（37）输入用于更新的过滤规则 相关联的防火墙功能和控制装置（39,47,49），其互连控制台端口和过滤装置，用于向其发送过滤规则，使得每个管理员可以从控制台端口独立地管理系统。

公开(公告)号：US20080147871A1

公开(公告)日：2008-06-19

申请号：US11986534

申请日：2007-11-21

申请人： Jean-Francois Le Pennec ,  Aurelien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-Francois Le Pennec ,  Aurelien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/16

CPC分类号： H04L63/12 ,  H04L63/1466

摘要： Method of gaining secure access from a host (13) to Intranet resources provided by at least a content server (18) in a data transmission system wherein the host is connected to the content server through a gateway (17). Such a method consists in generating and sending at predetermined transmission instants from either the host or the gateway verification messages wherein each verification message contains a signature which depends upon the data exchanged between the host and the gateway since the preceding verification message, the host and the gateway also called peer devices having at their disposal same algorithm defining which of them sends a verification message at each of the predetermined instants.

摘要翻译： 从数据传输系统获得从主机（13）到由至少内容服务器（18）提供的内联网资源的安全访问的方法，其中主机通过网关（17）连接到内容服务器。 这种方法包括：从主机或网关验证消息的预定传输时刻生成和发送，其中每个验证消息包含取决于主机与网关之间交换的数据的签名，因为前述验证消息，主机和 网关还称之为具有相同算法的对等设备，其定义了在每个预定时刻中的哪一个发送验证消息。

公开(公告)号：US20050283639A1

公开(公告)日：2005-12-22

申请号：US10638445

申请日：2003-08-11

申请人： Jean-Francois Le Pennec ,  Aurelien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

发明人： Jean-Francois Le Pennec ,  Aurelien Bruno ,  Nicolas Grisi ,  Jean-Marie Sommerlatt

IPC分类号： H04L12/24 ,  G06F11/00

CPC分类号： H04L41/00

摘要： Method for performing the analysis of the characteristics of a data path from a first data processing device to a second data processing device through a network comprising at least an autonomous system consisting in defining a scenario file the scenario to be used, such a scenario including the actions to be used, building a parameter file defining the parameters to be used in the actions, running at least one analysis module based upon the actions of the scenario file and the parameters of the parameter file, the analysis module calling at least a predefined information requesting procedure, and storing in at least an output file the data resulting from the running of the analysis modules

摘要翻译： 用于通过网络执行从第一数据处理设备到第二数据处理设备的数据路径的特性的分析的方法，所述网络包括至少包括将待使用的场景定义为场景文件的自治系统， 要使用的动作，构建定义要在动作中使用的参数的参数文件，基于脚本文件的动作和参数文件的参数运行至少一个分析模块，分析模块至少调用预定义的信息 请求过程，并且至少在输出文件中存储由分析模块运行产生的数据

公开(公告)号：US08136152B2

公开(公告)日：2012-03-13

申请号：US12105756

申请日：2008-04-18

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/00

CPC分类号： H04L63/0209 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/0464

摘要： A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.

摘要翻译： 提供了一种用于在第一设备和第二设备之间实现安全网络通信的方法和系统，至少一个设备经由防火墙设备与另一设备通信。 该方法和系统可以包括获得由第一设备，第二设备和防火墙设备共享的加密参数。 然后可以在防火墙设备内复制由第一设备发送的数据分组，从而可以在防火墙设备的一部分内对数据分组的副本进行解密。 特别地，定义防火墙设备中发生解密的部分，使得该部分的内容对于防火墙设备的操作者是不可访问的。 因此，在防火墙设备内可以进行符合预定标准的数据分组的解密副本的扫描，而防火墙设备的操作者可以访问要发送的数据分组的内容。 此后，可以将原始数据分组转发到其原始的接收者。

公开(公告)号：US20090265553A1

公开(公告)日：2009-10-22

申请号：US12489500

申请日：2009-06-23

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： H04L9/28 ,  H04L9/32 ,  G06F11/14 ,  G06F21/20

CPC分类号： H04L63/0272 ,  H04L63/065 ,  H04L63/08 ,  H04L63/164

摘要： A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

摘要翻译： 提供了用于实现多个设备之间的安全通信的方法和系统。 该方法和系统通常包括向多个设备中的每一个提供至少一个公共加密参数，以及将多个设备彼此的标识。 可以通过多个设备与指定的服务器设备的交互来维护和共享该信息。 以这种方式，可以建立多个设备中的至少两个之间的安全的点对点连接。

公开(公告)号：US07543332B2

公开(公告)日：2009-06-02

申请号：US11703020

申请日：2007-02-06

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/00

CPC分类号： H04L63/0209 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/0464

摘要： A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.

摘要翻译： 提供了一种用于在第一设备和第二设备之间实现安全网络通信的方法和系统，至少一个设备经由防火墙设备与另一设备通信。 该方法和系统可以包括获得由第一设备，第二设备和防火墙设备共享的加密参数。 然后可以在防火墙设备内复制由第一设备发送的数据分组，从而可以在防火墙设备的一部分内对数据分组的副本进行解密。 特别地，定义防火墙设备中发生解密的部分，使得该部分的内容对于防火墙设备的操作者是不可访问的。 因此，在防火墙设备内可以进行符合预定标准的数据分组的解密副本的扫描，而防火墙设备的操作者可以访问要发送的数据分组的内容。 此后，可以将原始数据分组转发到其原始的接收者。

公开(公告)号：US07562386B2

公开(公告)日：2009-07-14

申请号：US11703021

申请日：2007-02-06

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/00

CPC分类号： H04L63/0272 ,  H04L63/065 ,  H04L63/08 ,  H04L63/164

摘要： A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

摘要翻译： 提供了用于实现多个设备之间的安全通信的方法和系统。 该方法和系统通常包括向多个设备中的每一个提供至少一个公共加密参数，以及将多个设备彼此的标识。 可以通过多个设备与指定的服务器设备的交互来维护和共享该信息。 以这种方式，可以建立多个设备中的至少两个之间的安全的点对点连接。

公开(公告)号：US07448081B2

公开(公告)日：2008-11-04

申请号：US11525399

申请日：2006-09-22

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/00

CPC分类号： H04L63/0209 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/0464

摘要： A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.

摘要翻译： 提供了一种用于在第一设备和第二设备之间实现安全网络通信的方法和系统，至少一个设备经由防火墙设备与另一设备通信。 该方法和系统可以包括获得由第一设备，第二设备和防火墙设备共享的加密参数。 然后可以在防火墙设备内复制由第一设备发送的数据分组，从而可以在防火墙设备的一部分内对数据分组的副本进行解密。 特别地，定义防火墙设备中发生解密的部分，使得该部分的内容对于防火墙设备的操作者是不可访问的。 因此，在防火墙设备内可以进行符合预定标准的数据分组的解密副本的扫描，而防火墙设备的操作者可以访问要发送的数据分组的内容。 此后，可以将原始数据分组转发到其原始的接收者。

公开(公告)号：US20070016947A1

公开(公告)日：2007-01-18

申请号：US11525399

申请日：2006-09-22

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/16

CPC分类号： H04L63/0209 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/0464

摘要： A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.

公开(公告)号：US07987507B2

公开(公告)日：2011-07-26

申请号：US12489500

申请日：2009-06-23

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/16

CPC分类号： H04L63/0272 ,  H04L63/065 ,  H04L63/08 ,  H04L63/164

摘要： A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

摘要翻译： 提供了用于实现多个设备之间的安全通信的方法和系统。 该方法和系统通常包括向多个设备中的每一个提供至少一个公共加密参数，以及将多个设备彼此的标识。 可以通过多个设备与指定的服务器设备的交互来维护和共享该信息。 以这种方式，可以建立多个设备中的至少两个之间的安全的点对点连接。