公开(公告)号：US08112530B2

公开(公告)日：2012-02-07

申请号：US10675972

申请日：2003-10-02

申请人： Yacine El Mghazli ,  Olivier Marce ,  Laurent Clevy

发明人： Yacine El Mghazli ,  Olivier Marce ,  Laurent Clevy

IPC分类号： G06F15/16

CPC分类号： H04L47/805 ,  H04L45/566 ,  H04L47/70 ,  H04L47/724

摘要： A method for reserving resources in a packet communication network, preferably an IP protocol network. The method includes sending an active packet containing a request for reservation of resources for an active data flow, receiving the packet by an active node in the network, and reserving resources of the node according to the request. In this method, an active packet communication network node, in particular an IP active router, reserves resources for processing data of an active data flow according to a resource reservation request for this active data flow contained in this active packet received by the node.

摘要翻译： 一种在分组通信网络中保留资源的方法，优选地是IP协议网络。 该方法包括：发送包含用于活动数据流的资源预留请求的活动分组，由网络中的活动节点接收分组，并根据请求预留该节点的资源。 在该方法中，活动分组通信网络节点，特别是IP活动路由器，根据由该节点接收的该活动分组中包含的该活动数据流的资源预留请求，预留用于处理活动数据流的数据的资源。

公开(公告)号：US07710955B2

公开(公告)日：2010-05-04

申请号：US10197402

申请日：2002-07-18

申请人： Olivier Marce ,  Laurent Clevy ,  Carlo Drago

发明人： Olivier Marce ,  Laurent Clevy ,  Carlo Drago

IPC分类号： H04L12/56 ,  G06F15/16

CPC分类号： H04L45/00 ,  H04L29/06 ,  H04L45/566 ,  H04L67/02 ,  H04L69/329

摘要： We describe an active node, which receives an active message containing an active application identifier, transmits the active application identifier to an active applications server. receives associated code from the active applications server, and executes the associated code. The active node also may transmit to the active applications server information relating to its own environment, and information relating to whether it is an edge node or core node in the network, enabling the active applications server to determine the associated code to return to the active node.

摘要翻译： 我们描述一个主动节点，它接收一个包含活动应用程序标识符的活动消息，将活动应用程序标识符传送到活动应用程序服务器。 从活动应用程序服务器接收关联代码，并执行相关代码。 活动节点还可以向活动应用服务器发送与其自身环境有关的信息，以及与网络中边缘节点或核心节点是否相关的信息，使活动应用服务器能够确定相关联的代码以返回到活动节点 节点。

公开(公告)号：US20050025151A1

公开(公告)日：2005-02-03

申请号：US10774501

申请日：2004-02-10

申请人： Olivier Marce ,  Laurent Clevy ,  Olivier Le Moigne

发明人： Olivier Marce ,  Laurent Clevy ,  Olivier Le Moigne

IPC分类号： H04L12/721 ,  H04L12/751 ,  H04L12/771 ,  H04L12/56

CPC分类号： H04L45/566 ,  H04L45/02 ,  H04L45/56

摘要： The operating process for an active node (1) of a packet-switched communication network, and in particular of an active IP router, includes the following successive steps: a) receipt of an active packet sent by a terminal (2); b) execution of a request contained in the active packet, this request being intended to configure packet processing functions; c) and then execution of a program contained or identified in the active packet, this program being intended to control packet processing functions. The active packet can also be sent by the router to a recipient terminal (3). The invention also proposes an active node, in particular an IP router, implementing the process. The invention also proposes a data packet which includes a request and a program or an identifier for a program, the request and the program being intended for execution by an active node.

摘要翻译： 分组交换通信网络，特别是活动IP路由器的主动节点（1）的操作过程包括以下连续步骤：a）接收由终端（2）发送的活动分组; b）执行包含在活动分组中的请求，该请求旨在配置分组处理功能; c）然后执行在活动分组中包含或识别的程序，该程序旨在控制分组处理功能。 活动分组也可以由路由器发送到接收终端（3）。 本发明还提出了实现该过程的主动节点，特别是IP路由器。 本发明还提出了一种数据分组，其包括一个请求和程序或程序的标识符，该请求和该程序旨在由主动节点执行。

公开(公告)号：US20100287615A1

公开(公告)日：2010-11-11

申请号：US12733057

申请日：2008-09-19

申请人： Antony Martin ,  Anula Sinnaya ,  Samuel Dubus ,  Laurent Clevy

发明人： Antony Martin ,  Anula Sinnaya ,  Samuel Dubus ,  Laurent Clevy

IPC分类号： G06F11/00 ,  G08B23/00

CPC分类号： H04L63/1416

摘要： Intrusion detection method for detecting unauthorized use or abnormal activities of a targeted system of a network, comprising the steps: creating defined preconditions for each vulnerability related to the targeted system and/or for each attack that exploit one or several vulnerabilities; creating assurance references corresponding to said defined preconditions and considering the targeted perimeter capturing data related to the targeted system; comparing captured data with attack signatures for generating at least one security alert when captured data and at least one attack signature match; capturing assurance data from monitoring of the targeted perimeter comparing assurance data, issued from assurance monitoring of the targeted perimeter, with assurance references for generating assurance information when said data issued from assurance monitoring and at least one assurance reference match retrieving the preconditions of the generated security alert checking if assurance information corresponding to said preconditions has been retrieved generating a verified security alarm when generated security alert and its retrieved precondition match with at least one corresponding assurance information filtering said security alert when no match has been found between its retrieved preconditions and at least one corresponding assurance information; emitting a non verified security alert when no preconditions have been retrieved for this alert and/or no assurance reference corresponding to said preconditions has been defined.

摘要翻译： 一种用于检测网络的目标系统的未授权使用或异常活动的入侵检测方法，包括以下步骤：为与目标系统相关的每个漏洞和/或利用一个或多个漏洞的每个攻击创建定义的前提条件; 创建对应于所述定义的前提条件的保证引用并考虑与目标系统相关的目标周边捕获数据; 将捕获的数据与攻击签名进行比较，用于当捕获的数据和至少一个攻击签名匹配时生成至少一个安全警报; 通过对目标周边的监控来获取保证数据，比较从目标周界的保证监控发出的保证数据，以及在从保证监控发出的所述数据和至少一个保证参考匹配检索生成的安全性的前提条件时生成保证信息的保证参考 警报检查如果已经检索到对应于所述前提条件的保证信息，则当生成的安全警报及其检索到的前提条件与在其检索到的前提条件之间没有匹配时过滤所述安全警报的至少一个对应保证信息匹配时产生已验证的安全警报，并且至少 一个相应的保证信息; 当没有检索到用于该警报的前提条件和/或没有定义对应于所述前提条件的保证引用时，发出未验证的安全警报。

公开(公告)号：US20070121613A1

公开(公告)日：2007-05-31

申请号：US10587942

申请日：2005-02-01

申请人： Laurent Clevy ,  Philippe Bereski ,  Bruno Mongazon-Cazavet

发明人： Laurent Clevy ,  Philippe Bereski ,  Bruno Mongazon-Cazavet

IPC分类号： H04L12/56

CPC分类号： H04L29/12207 ,  H04L29/06 ,  H04L29/12009 ,  H04L61/20 ,  H04L69/16

摘要： A communication equipment for an Internet Protocol communication network including a set of interfaces each connected to one or more other communication equipments and having means for receiving an address prefix from a first other communication equipment. It further includes allocation means for allocating to at least a portion of the other communication equipments to which the first other equipment does not belong a sub-prefix formed of the address prefix concatenated with an individual identifier whose length depends on the total number of other communication equipments.

摘要翻译： 一种用于因特网协议通信网络的通信设备，包括一组接口，每个接口连接到一个或多个其他通信设备，并且具有用于从第一其他通信设备接收地址前缀的装置。 它还包括分配装置，用于分配给第一其他设备不属于由与其长度取决于其他通信总数的单个标识符连接的地址前缀形成的子前缀的其他通信设备的至少一部分 设备

公开(公告)号：US09104874B2

公开(公告)日：2015-08-11

申请号：US13515316

申请日：2010-12-08

申请人： Laurent Clevy ,  Antony Martin

发明人： Laurent Clevy ,  Antony Martin

IPC分类号： G06F12/14 ,  G06F17/00 ,  H04L29/06 ,  H04L9/32 ,  G06F21/56 ,  G06F21/55

CPC分类号： G06F21/566 ,  G06F21/55 ,  H04L63/0236 ,  H04L63/0407 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1458 ,  H04L63/1466 ,  H04L2463/144

摘要： An exemplary technique is provided for detecting a hijacking of computer resources, located in an internal network implementing security criteria and confidentiality criteria specific to the internal network, connected to an external network with no security criteria and confidentiality criteria, through a connection managed by a service provider. The technique includes storing, at the internal network, a connection parameter implemented by the computer resources to communicate with the external network; processing, at the internal network, the stored connection parameter based on an irreversible function to generate a unique code that corresponds to the stored connection parameter but which does not allow the identification of the stored connection parameter from the corresponding generated unique code; and sending, at the internal network, the generated unique code to a server located on the external network so that the server can analyze an activity of the computer resources from the unique code and detect any hijacking of the computer resources.

摘要翻译： 提供了一种示例性技术，用于通过由服务管理的连接来检测位于内部网络中的计算机资源的劫持，所述内部网络实现与内部网络特定的安全标准和机密标准，连接到外部网络，没有安全标准和机密性标准 提供者 该技术包括在内部网络中存储由计算机资源实现的与外部网络通信的连接参数; 在内部网络处，基于不可逆函数来处理所存储的连接参数，以生成对应于所存储的连接参数但不允许从对应的生成的唯一代码识别存储的连接参数的唯一代码; 以及在内部网络将生成的唯一代码发送到位于外部网络上的服务器，使得服务器可以从唯一代码分析计算机资源的活动并检测计算机资源的任何劫持。

公开(公告)号：US20100182918A1

公开(公告)日：2010-07-22

申请号：US12452890

申请日：2008-08-06

申请人： Laurent Clevy ,  Antony Martin ,  Haithem El-Abed ,  Arnaud Ansiaux

发明人： Laurent Clevy ,  Antony Martin ,  Haithem El-Abed ,  Arnaud Ansiaux

IPC分类号： H04L12/26

CPC分类号： H04L63/0227 ,  H04L41/142 ,  H04L43/026 ,  H04L43/18 ,  H04L63/1416

摘要： Method for classification of traffic on telecommunications networks, said method including a stage for the capture of traffic and a stage for detailed packet analysis, said method also including a stage for the statistical classification of traffic using a statistically-generated decision tree.

摘要翻译： 用于电信网络上的业务分类的方法，所述方法包括用于捕获业务的阶段和用于详细分组分析的阶段，所述方法还包括使用统计生成的决策树对业务进行统计分类的阶段。

公开(公告)号：US07577138B2

公开(公告)日：2009-08-18

申请号：US11305042

申请日：2005-12-19

申请人： Gwenael Bras ,  Laurent Clevy

发明人： Gwenael Bras ,  Laurent Clevy

IPC分类号： H04L12/56

CPC分类号： H04L29/1232 ,  H04L29/06 ,  H04L29/12283 ,  H04L61/2015 ,  H04L61/2061 ,  H04L61/2092 ,  H04L69/16 ,  H04L69/167

摘要： Example embodiments disclose a prefix assignment device for use in network equipments of an Internet Protocol communication network, the device including a processing module. The processing module of the prefix assignment device may determine a node Nj associated with an unassigned prefix Pj of length L(Pj) equal to L(Rk)−m. The processing module may also assign prefix Pj to the network equipment Rk if m is equal to 0 and/or perform successive m loops if m is greater than 0. The module may select one of the two prefixes with lengths equal to L(Rk) for assignment to the network equipment Rk.

摘要翻译： 示例性实施例公开了一种用于互联网协议通信网络的网络设备中的前缀分配设备，该设备包括处理模块。 前缀分配装置的处理模块可以确定与等于L（Rk）-m的长度L（Pj）的未分配前缀Pj相关联的节点Nj。 如果m等于0，则处理模块还可以将前缀Pj分配给网络设备Rk，和/或如果m大于0则执行连续的m个循环。该模块可以选择长度等于L（Rk）的两个前缀之一， 用于分配给网络设备Rk。

公开(公告)号：US07747849B2

公开(公告)日：2010-06-29

申请号：US11508188

申请日：2006-08-23

申请人： Laurent Clevy ,  Thierry Legras

发明人： Laurent Clevy ,  Thierry Legras

IPC分类号： G06F17/00 ,  G06F15/16 ,  H04L29/06

CPC分类号： H04L63/02 ,  H04L29/06 ,  H04L63/12 ,  H04L67/16 ,  H04L69/161 ,  H04L69/167 ,  H04L69/32

摘要： A security-procuring method for making an item of communications equipment (E) secure, said item of communications equipment comprising an operating system core (K) and a set of software applications (A), said core including at least one IPv6 protocol stack (PS) making it possible to transmit incoming data packets from an input port (PIN) to an application (A) and to transmit outgoing data packets from an application (A) to an output port (POUT), said protocol stacks including a set of interfaces (HPRE, HIN, HOUT, HPOST) organized to enable external modules connected to them to access said data packets transmitted by said at least one protocol stack at determined points associated with said interfaces. Said method is characterized in that an input module (MIN) and an output module (MOUT) are connected respectively to an input interface (HIN) and to an output interface (HOUT) of said core (K), and in that said modules select, analyze, and, if necessary, modify the data packets of the Network Discovery Protocol (NDP), in compliance with the Secure Neighbor Discovery (SEND) mechanism.

摘要翻译： 一种用于使通信设备（E）项目安全的安全采购方法，所述通信设备项目包括操作系统核心（K）和一组软件应用（A），所述核心包括至少一个IPv6协议栈（ PS）使得可以将输入数据分组从输入端口（PIN）发送到应用（A）并且将输出数据分组从应用（A）发送到输出端口（POUT），所述协议栈包括一组 组织的接口（HPRE，HIN，HOUT，HPOST），以使与其连接的外部模块能够访问由所述至少一个协议栈在与所述接口相关联的确定点处发送的所述数据分组。 所述方法的特征在于，输入模块（MIN）和输出模块（MOUT）分别连接到所述核（K）的输入接口（HIN）和输出接口（HOUT），并且所述模块选择 ，根据安全邻居发现（SEND）机制进行分析，并在必要时修改网络发现协议（NDP）的数据包。

公开(公告)号：US20070042751A1

公开(公告)日：2007-02-22

申请号：US11455694

申请日：2006-06-20

申请人： Bruno Mongazon-Cazavet ,  Laurent Clevy

发明人： Bruno Mongazon-Cazavet ,  Laurent Clevy

IPC分类号： H04M11/00

CPC分类号： H04W4/24 ,  H04L12/14 ,  H04L12/1453 ,  H04M15/00 ,  H04M17/00 ,  H04M2215/0192 ,  H04M2215/2026 ,  H04M2215/32

摘要： A device (D) is dedicated to controlling the transfer of units of connection time for a communication network (N1) having accounting and/or billing equipment (ABE1). This device (D) includes processing means (PM) that, when they receive a request to transfer a chosen quantity of units of connection time to a beneficiary account associated with the communication identifier of a first communication terminal (BT) connected to a communication network (N1), responsible for accessing a first set of accounting and/or billing equipment (ABE1) managing the account of a donor associated with the communication identifier of a second communication terminal (DT) connected to the communication network (R1), to verify whether the quantity of units of connection time that the donor's terminal (DT) has is at least equal to the chosen quantity, and if so, to order the first set of equipment (ABE1), which also manages the beneficiary's account, to transfer in real time a quantity of units of connection time at most equal to the quantity chosen from the donor's account to the beneficiary's account.

摘要翻译： 设备（D）专用于控制具有计费和/或计费设备（ABE1）的通信网络（N1）的连接时间单位的传送。 该设备（D）包括处理装置（PM），当它们接收到将所选择的连接时间单位数量传送到与连接到通信网络的第一通信终端（BT）的通信标识符相关联的受益帐户的请求时 （N1），负责访问管理与连接到通信网络（R1）的第二通信终端（DT）的通信标识符相关联的供体的帐户的第一组记帐和/或计费设备（ABE1），以验证 供应商终端（DT）具有的连接时间单位数量是否至少等于所选择的数量，如果是，则还将管理受益人帐户的第一组设备（ABE1）订购到 实时连接时间的单位数量最多等于从捐赠者帐户中选择的受益人帐户数量。