公开(公告)号：WO2018044876A1

公开(公告)日：2018-03-08

申请号：PCT/US2017/049099

申请日：2017-08-29

Applicant: ZITOVAULT SOFTWARE, INC.

Inventor： KEIDAR, Ron ,  DING, Gang ,  MCELWEE, Timothy

IPC: H04L29/06 ,  H04L29/08 ,  H04W4/00

CPC classification number: H04L63/029 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L12/2854 ,  H04L12/2856 ,  H04L12/2898 ,  H04L12/4633 ,  H04L41/046 ,  H04L43/028 ,  H04L43/14 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/0492 ,  H04L67/10 ,  H04L67/12 ,  H04L2209/805

Abstract: A system for the maintenance and creation of security tunnels between IoT devices and IoT cloud servers, comprising the steps of receiving one or more packets from one or more IoT devices in a smart router, routing the one or more packets to an agent within the router, the agent performing one or more services on the one or more packets, routing the one or more packets to a WAN port of the router, and sending the one or more packets by a cloud secure tunnel to one or more IoT cloud servers. The system may have secure tunnels that are formed between the IoT devices using a unique password for each IoT device. The additional step of selectively stopping communication between the IoT devices and the router, wherein when the communication of one IoT device to the router is compromised, the remaining tunnels with unique passwords are integral.

Abstract translation: 一种用于在IoT设备和IoT云服务器之间维护和创建安全隧道的系统，包括以下步骤：从智能路由器中的一个或多个IoT设备接收一个或多个分组，路由该一个或多个分组;或者 向路由器内的代理发送更多分组，代理对一个或多个分组执行一个或多个服务，将一个或多个分组路由到路由器的WAN端口，并且通过云安全隧道将一个或多个分组发送到 一个或多个物联网云服务器。 系统可能使用每个物联网设备的唯一密码在物联网设备之间形成安全通道。 选择性地停止IoT设备和路由器之间的通信的附加步骤，其中当一个IoT设备与路由器的通信受到损害时，具有唯一密码的其余通道是不可或缺的。

公开(公告)号：WO2017042069A1

公开(公告)日：2017-03-16

申请号：PCT/EP2016/070489

申请日：2016-08-31

Applicant: ALCATEL LUCENT

Inventor： DANISIK, Bahadir ,  YANG, Jigang

IPC: H04L29/06 ,  H04L12/28

CPC classification number: H04L63/1466 ,  H04L12/2898

Abstract: A method to prevent internet protocol address spoofing for execution by an Auto Configuration Server and the Auto Configuration Server are claimed. Such an Auto Configuration Server is coupled via at least one Load Balancer in a broadband network to at least one device, comprising at least one gateway device, in at least one home network. The Auto configuration Server remotely manages the devices by using the CPE WAN Management Protocol CWMP on top of the Hypertext Transfer Protocol http. The method comprises the steps of receiving from the device a CWMP Inform message and - a step of determining by a determiner from the message according to the CWMP data model parameter a public IP address of the gateway device; and - a step of retrieving by a retriever from a X-Forwarded For field in a http header field at the http level of the Inform message a Forwarded IP address; and - a step of comparing by a comparator the public IP address with the Forwarded IP address and deciding whether spoofing is present. The step of retrieving is further executed by predetermining a number (n) of the at least one load balancers, according to a network topology in the broadband network, through which the CWMP messages passes in order to reach the Auto Configuration Server; and by selecting the Forwarded IP address from the X-Forwarded For field in function of the n-most last IP address.

Abstract translation: 声称禁止自动配置服务器和自动配置服务器执行Internet协议地址欺骗的方法。 这样的自动配置服务器通过至少一个在至少一个家庭网络中的至少一个网关设备的至少一个设备耦合到宽带网络中的至少一个负载平衡器。 自动配置服务器通过使用超文本传输​​协议http之上的CPE WAN管理协议CWMP远程管理设备。 该方法包括以下步骤：从所述设备接收CWMP Inform消息;以及步骤，根据所述CWMP数据模型参数，由所述确定器从所述消息中确定所述网关设备的公共IP地址; 以及 - 在所述Inform消息的http级别的转发的IP地址的http头字段中的由X-Forwarded For字段检索的步骤; 以及 - 通过比较器比较公共IP地址与转发的IP地址并判断是否存在欺骗的步骤。 根据宽带网络中的网络拓扑，通过预先确定至少一个负载均衡器的数量来进一步执行检索步骤，CWMP消息通过该网络拓扑到达自动配置服务器; 并通过从最后一个IP地址的功能中选择从X-Forwarded For字段转发的IP地址。

公开(公告)号：WO2016206042A1

公开(公告)日：2016-12-29

申请号：PCT/CN2015/082339

申请日：2015-06-25

Applicant: THOMSON LICENSING

Inventor： HE, Qiang

IPC: H04L29/06

CPC classification number: H04L12/2898 ,  H04L29/06 ,  H04L43/08 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04M7/0024

Abstract: A gateway, a diagnosing method of gateway and a computer program product capable of enhancing security of the gateway with cheap and simple measure. The diagnosing method (200) of gateway comprises: identifying an abnormal behavior of the gateway (S210); and notifying the identified abnormal behavior to at least one terminal device (S220). A potential attack to a gateway may be detected as an abnormal behavior and sent to user of the gateway, such that the user of the gateway may be aware of the potential attack and administrate the configuration of the gateway, thus enhanced security may be achieved on the gateway.

Abstract translation: 网关，网关的诊断方法和能够以便宜和简单的措施增强网关安全性的计算机程序产品。 网关诊断方法（200）包括：识别网关的异常行为（S210）; 并向所述至少一个终端设备通知所识别的异常行为（S220）。 可能对网关的潜在攻击被检测为异常行为并发送给网关的用户，使得网关的用户可能意识到潜在攻击并管理网关的配置，从而可以实现增强的安全性 网关。

公开(公告)号：WO2016193123A1

公开(公告)日：2016-12-08

申请号：PCT/EP2016/061931

申请日：2016-05-26

Applicant: THOMSON LICENSING

Inventor： BICHOT, Guillaume ,  HAVET, Ludovic ,  GOUACHE, Stéphane

IPC: H04L12/28

CPC classification number: H04L41/26 ,  H04L12/283 ,  H04L12/2898 ,  H04L41/22 ,  H04L41/24 ,  H04L41/5041

Abstract: Network management infrastructure operable to be connected to at least one remote home network comprising at least one terminal (T21, T22) connected to a gateway (BRG2), wherein said infrastructure comprises a processor configured to connect a physical network interface (PNIB) of the infrastructure to the home network.

Abstract translation: 网络管理基础设施可操作地连接到至少一个远程家庭网络，所述至少一个远程家庭网络包括连接到网关（BRG2）的至少一个终端（T21，T22），其中所述基础设施包括处理器，其被配置为连接所述终端的物理网络接口（PNIB） 基础设施到家庭网络。

公开(公告)号：WO2016169707A1

公开(公告)日：2016-10-27

申请号：PCT/EP2016/055973

申请日：2016-03-18

Applicant: THOMSON LICENSING

Inventor： WITHOFS, Tim ,  VAN DEN BOSSCHE, Geert ,  VAN DE SYPE, Wim

IPC: H04L12/10 ,  H04L12/40 ,  H04M19/08

CPC classification number: H04L12/2869 ,  H04L12/10 ,  H04L12/2898 ,  H04L12/40045 ,  H04M11/062 ,  H04M19/08

Abstract: The method for operating a distribution point unit comprising a selection switch (17) and a monitor and control logic (15) for providing a first and a second service, comprises the steps of: receiving a switching signal powering the monitor and control logic (68), and switching the selection switch from the first service to the second service by the monitor and control logic (70), after receiving the switching signal. The selection switch has a default state, in which the first service is provided. The first service is in particular an xDSL and/or a PSTN service, and the second service is a G.fast service.

Abstract translation: 用于操作包括选择开关（17）和用于提供第一和第二服务的监视和控制逻辑（15）的分发点单元的方法包括以下步骤：接收为监视器和控制逻辑（68）供电的切换信号 ），并且在接收到切换信号之后，由监视和控制逻辑（70）将选择开关从第一服务切换到第二服务。 选择开关具有默认状态，其中提供第一个服务。 第一个服务特别是xDSL和/或PSTN服务，第二个服务是G.fast服务。

公开(公告)号：WO2015165766A1

公开(公告)日：2015-11-05

申请号：PCT/EP2015/058542

申请日：2015-04-21

Applicant: ALCATEL LUCENT

Inventor： MAES, Jochen

IPC: H04L12/28 ,  H04M11/06

CPC classification number: H04B3/50 ,  H04L12/2898 ,  H04M11/062

Abstract: A distribution point unit using discrete multi-tone technology, said distribution point unit being configured for connection to a wired shared medium associated with an available spectrum, said wired shared medium connecting said distribution point unit with a plurality of users, said distribution point unit comprising an assigning unit configured for assigning a first portion of the available spectrum to a first user of said plurality of users and a second portion of the available spectrum to a second user of said plurality of users; a sending and receiving unit configured for encoding and decoding digital data, using discrete multi-tone technology, and configured for sending and receiving encoded digital data over the assigned first portion to/from the first user and over the assigned second portion to/from the second user.

Abstract translation: 一种使用离散多音调技术的分发点单元，所述分配点单元被配置为连接到与可用频谱相关联的有线共享介质，所述有线共享介质将所述分配点单元与多个用户连接，所述分配点单元包括 分配单元，被配置为将所述可用频谱的第一部分分配给所述多个用户的第一用户，以及将所述可用频谱的第二部分分配给所述多个用户的第二用户; 发送和接收单元，被配置为使用离散多音调技术对数字数据进行编码和解码，并且被配置为用于经由所分配的第一部分向/从第一用户发送和接收经编码的数字数据，并且经由所分配的第二部分/ 第二个用户

公开(公告)号：WO2014169781A1

公开(公告)日：2014-10-23

申请号：PCT/CN2014/075158

申请日：2014-04-11

Applicant: 中兴通讯股份有限公司

Inventor： 周星月 ,  尤建洁

IPC: H04W4/24

CPC classification number: H04L12/2898 ,  H04L12/1403 ,  H04L12/1425 ,  H04L61/2015 ,  H04M15/66 ,  H04M2215/2033

Abstract: 一种实现用户终结连接的方法及系统，包括固定网络中的住宅网关接收到用户设备的终结连接信息后，向国际性标准组织宽带论坛BBF接入网请求终结连接，BBF接入网释放为该用户设备分配的资源信息。本发明实施例在用户设备发起终结连接时，网络侧及时释放了与该用户设备相关的资源信息，从而节省了网络资源。

公开(公告)号：WO2014127017A1

公开(公告)日：2014-08-21

申请号：PCT/US2014/016054

申请日：2014-02-12

Applicant: QUALCOMM INCORPORATED

Inventor： GANDHI, Bharath

IPC: H04L29/08 ,  H04L12/28

CPC classification number: H04L47/783 ,  H04L12/2898 ,  H04L47/22 ,  H04L67/06 ,  H04L67/104 ,  H04L67/2842

Abstract: Embodiments include a method for downloading data (e.g., audio files, video files, etc.) to a router. In some embodiments, the method includes receiving, via a web server residing in the router, information identifying data to be downloaded over a network from a remote device. The method can also include initiating operations for downloading the data from the remote device. The method can also include receiving, in the router, data packets from the network, where some of the data packets include portions of the data. The method can also include identifying those data packets that include data portions, and extracting the data portions. The method can also include combining the data portions to form a data file, and storing the data file in the router.

Abstract translation: 实施例包括将数据（例如，音频文件，视频文件等）下载到路由器的方法。 在一些实施例中，该方法包括经由驻留在路由器中的web服务器接收标识要通过网络从远程设备下载的数据的信息。 该方法还可以包括从远程设备下载数据的启动操作。 该方法还可以包括在路由器中接收来自网络的数据分组，其中一些数据分组包括数据的部分。 该方法还可以包括识别包括数据部分的那些数据分组，以及提取数据部分。 该方法还可以包括组合数据部分以形成数据文件，并将数据文件存储在路由器中。

公开(公告)号：WO2014120661A1

公开(公告)日：2014-08-07

申请号：PCT/US2014/013354

申请日：2014-01-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SINGH, Hemant ,  BEEBEE, William ,  SUDAN, Madhu ,  VOLZ, Bernard, E. ,  MIKKELSON, Chad

IPC: H04L29/12 ,  H04L29/08 ,  H04L12/28

CPC classification number: H04L61/2015 ,  H04L12/2878 ,  H04L12/2898 ,  H04L45/741 ,  H04L61/6059 ,  H04L69/14 ,  H04L69/40

Abstract: In one embodiment, methods are described for recovering lost customer premises equipment (CPE) information on a cable modem termination system (CMTS) in the presence of only Dynamic Host Control Protocol Version 6 (DHCPv6) CONFIRM. A CMTS purges routing information for an Internet Protocol Version 6 (IPv6) node, such as a CPE router, in response to detecting an interface reset for the IPv6 node. IPv6 addresses and prefixes information for the IPv6 node is gleaned from a DHCPv6 CONFIRM message received from the IPv6 node. By sending portions of the IPv6 addresses and prefixes information within a DHCPv6 LEASEQUERY message, a DHCPv6 CONFIRM message with an embedded DHCPv6 LEASEQUERY message, or a DHCPv6 CONFIRM message with an Interface-ID option, a reply message can be received that contains the purged routing information for the IPv6 node.

Abstract translation: 在一个实施例中，描述了在仅存在动态主机控制协议版本6（DHCPv6）CONFIRM的情况下在电缆调制解调器终端系统（CMTS）上恢复丢失的客户驻地设备（CPE）信息的方法。 响应于检测到针对IPv6节点的接口重置，CMTS清除因特网协议版本6（IPv6）节点（例如CPE路由器）的路由信息​​。 从IPv6节点收到的DHCPv6 CONFIRM消息中收集IPv6节点的IPv6地址和前缀信息。 通过在DHCPv6 LEASEQUERY消息中发送IPv6地址和前缀信息的部分信息，可以接收包含已清除路由的DHCPv6 LEASEQUERY消息的DHCPv6 CONFIRM消息或具有Interface-ID选项的DHCPv6 CONFIRM消息，回复消息 IPv6节点的信息。

公开(公告)号：WO2014062933A1

公开(公告)日：2014-04-24

申请号：PCT/US2013/065468

申请日：2013-10-17

Applicant: PPC BROADBAND, INC.

Inventor： BAILEY, Paul, Francis

IPC: H04N5/21

CPC classification number: H04L65/1069 ,  H04L12/2801 ,  H04L12/2898 ,  H04L43/16 ,  H04N7/104

Abstract: A system, method and device provide passive operation mode and noise management. The system, in one embodiment, includes power loss bypass and upstream noise management. Cable television (CATV) networks supply high frequency "downstream" signals from a main signal distribution facility, known as a "headend," through the CATV network infrastructure, to the homes and offices of subscribers.

Abstract translation: 系统，方法和设备提供被动操作模式和噪声管理。 在一个实施例中，该系统包括功率损耗旁路和上游噪声管理。 有线电视（CATV）网络通过CATV网络基础设施向主要信号分配设施（称为“前端”）向订户的家庭和办公室提供高频“下游”信号。