Abstract: The present invention relates to, in a first aspect a handheld modular spectrometer comprising at least a light source, a detector, a sampling means and a processing unit, wherein at least the processing unit is within a spectrometer body that further comprises a connection node, at least the sampling means is within a spectrometer head module that attaches to the spectrometer body, the spectrometer head module further comprises a node interfacing means that interfaces with the connection node upon attachment of the spectrometer head module to the spectrometer body, and the attached spectrometer head module is able to be detached from the spectrometer body, enabling attachment of an alternate spectrometer head module also having a sampling means and node interfacing means, so as to alter at least one functional property of the handheld modular spectrometer.

Abstract: The present invention relates to a spectrometer for detecting multiple spectra, the spectrometer comprising a light source, a sample tray, a detector adapted to detect Raman spectra and at least one of absorbance spectra or reflectance spectra, an incident light path extending from the light source to the sample tray, and a sample light path extending from the sample tray to the detector, wherein in use, the incident light path directs incident light from the light source to a sample in the sample tray, whereupon it interacts with the sample to form a characteristic signal, the sample light path directs sample light comprising the characteristic signal from the sample to the detector, and the characteristic signal comprises at least one of a Raman spectrum, an absorbance spectrum and a reflectance spectrum that is characteristic of the sample in the sample tray.

Abstract: A threat level is evaluated for an ongoing attack detected for a set of resources based on received notifications having low weight in the evaluation of the threat level. If the threat level is smaller than an entrapment threshold, sensors associated with resources of an information system infrastructure that are potential subsequent targets of the ongoing attack are activated, the weight of the notifications sent from the activated sensors are set as average weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack. If the threat level is greater than the entrapment threshold, traps are deployed in the information system infrastructure, the weight of the notifications sent from the deployed traps are set as high weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack.

Abstract: A threat level is evaluated for an ongoing attack detected for a set of resources based on received notifications having low weight in the evaluation of the threat level. If the threat level is smaller than an entrapment threshold, sensors associated with resources of an information system infrastructure that are potential subsequent targets of the ongoing attack are activated, the weight of the notifications sent from the activated sensors are set as average weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack. If the threat level is greater than the entrapment threshold, traps are deployed in the information system infrastructure, the weight of the notifications sent from the deployed traps are set as high weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack.

Abstract: A method and system for providing conditional interaction for a virtual object (2) accessible with a mobile device (1), said mobile device (1) comprising geolocation means for assessing a real-world geographic location (PI) to said mobile device (1), and said virtual object (2) being assessed a location information (P2) corresponding to a real-world geographic location, In various embodiments at least one interaction is conditioned with said virtual object (2) through said mobile device (1), at least in function of the real-world geographic location (PI) of said mobile device (1) and the location information (P2) of said virtual object (2). In case said conditioning step is satisfied, interacting (7) with said mobile device (1) on said virtual object by modifying said location information (P2) of the virtual object (2).

Abstract: A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like.

Abstract: A method and apparatus for personalizing a smart card coupled with a communication device of a user who is a subscriber of a first telecommunication network and wishes to become a subscriber of a second telecommunication network is disclosed. A first authentication key is stored in both the smart card and in an first application server included in the first telecommunication network. A secure session is established with a second application server included in the second telecommunication network via the first telecommunication network by negotiating with the first application server and the second application server in order that the smart card and the second application server agree on an second authentication key. Shared values and shared functions according to a secure multiparty computation protocol are used to compute a second authentication key which replaces the first authentication key in the smart card.

Abstract: A video surveillance system able to monitor a set of surveillance zones by a set of cameras is disclosed. The video surveillance system includes an application server in a telecommunication network able to communicate with the video surveillance system to retrieve localization data associated with each mobile terminal that has contacted an emergency call center and whose user is witness of an incident, receive a message sent from the mobile terminal, the message containing current localization data and a direction towards the incident, if more than one call about an incident is received, compute coordinates of the incident, taking into account said current localization data and said directions provided by the at least two mobile terminals, then finally, send an incident message containing the coordinates of the incident to the video surveillance system that is able to select at least one camera using the coordinates of the incident.

Abstract: Provided is a method and devices for overload control in a cloud computing environment. The method includes receiving a first message from a network element associated with the cloud computing environment. The first message includes information associated with a target virtual machine and a list of sessions from the one or more sessions to move from the serving virtual machine to the target virtual machine. Associating one or more client addresses with an address associated with the target virtual machine based on the list of sessions. And, treating the target virtual machine as the serving virtual machine if processing sessions associated with the list of sessions.

Abstract: An exemplary technique is provided for detecting a hijacking of computer resources, located in an internal network implementing security criteria and confidentiality criteria specific to the internal network, connected to an external network with no security criteria and confidentiality criteria, through a connection managed by a service provider.

Abstract: A method and system for providing conditional interaction for a virtual object (2) accessible with a mobile device (1), said mobile device (1) comprising geolocation means for assessing a real-world geographic location (PI) to said mobile device (1), and said virtual object (2) being assessed a location information (P2) corresponding to a real-world geographic location, In various embodiments at least one interaction is conditioned with said virtual object (2) through said mobile device (1), at least in function of the real-world geographic location (PI) of said mobile device (1) and the location information (P2) of said virtual object (2). In case said conditioning step is satisfied, interacting (7) with said mobile device (1) on said virtual object by modifying said location information (P2) of the virtual object (2).

Abstract: This invention pertains to a method for protecting a telecommunication network comprising at least one secure router (100) equipped with a topology map (103) of that network in order to determine the intermediate routers which constitute an optimal pathway for routing information, said secure router and said intermediate routers generating this topological map by sharing the lists of links (LSA1, LSA2, LSAn) using a communications protocol, characterized in that the secure router (100) performs the following steps: The step (109) of calculating and then saving, when a list of links (LSA1, LSA2, . . . LSAn) is received, at least one receiving fingerprint (hash(LSA1), hash(LSA2), . . . hash(LSAn)) of the lists received (LSA1, LSA2, . . . LSAn), The step (120) of calculating and then saving, when a list of links (LSA?1, LSA?2, . . . LSA?n) is transmitted, at least one sending fingerprint (hash(LSA?1), hash(LSA?2), . . .

Abstract: To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC1), a control server (SC) capable of communicating with the publication server (SP) and the terminal provide the latter with an application (App) that is downloaded and implemented on the terminal. The application makes it possible to define the control parameters (ParC) associated with the digital content, said parameters comprising a period of validity for the content and a list of web sites authorised to publish the digital content, generate a key (Kc) associated with the digital content, encrypt the digital content with said key, and store the control parameters (ParC), the generated key (Kc), and the encrypted digital content in various databases. The application then generates a reference (Ref) associated with the digital content and requires the publication of the reference by the publication server in place of the digital content.

Abstract: To authenticate a user possessing a first communication terminal (TC1) and a second communication terminal (TC2), the first terminal being connected to an application server (SApp) in order to access a service, this application server being connected to an authentication server (SAuth) capable of communicating with the second terminal, the authentication server (SAuth) receives a user identifier (IdU) transmitted from the first terminal and identifies the second terminal based on the received identifier. The server generates coding data (DonC) and transmits it to one of the two terminals, and transmits a command to the other one of the two terminals to invite the user to provide a set of data (EnsD) using the coding data received by said one of the two terminals. The server compares the set of data with secret data (DonS) using the coding data, in order to allow the user access to the application server (SApp).

Abstract: A method and apparatus for personalizing a smart card coupled with a communication device of a user who is a subscriber of a first telecommunication network and wishes to become a subscriber of a second telecommunication network is disclosed. A first authentication key is stored in both the smart card and in an first application server included in the first telecommunication network. A secure session is established with a second application server included in the second telecommunication network via the first telecommunication network by negotiating with the first application server and the second application server in order that the smart card and the second application server agree on an second authentication key. Shared values and shared functions according to a secure multiparty computation protocol are used to compute a second authentication key which replaces the first authentication key in the smart card.

Abstract: A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like.

Abstract: A technique is provided for detecting unauthorized use or abnormal activities of a targeted system of a network. The technique includes a comparison of captured data that relates to a targeted system with attack signatures to generate a security alert when the captured data and an attack signature match, a comparison of assurance metrics data from a monitored targeted perimeter with assurance references to generate assurance information when the assurance metrics data and an assurance reference match, a generation of a verified security alarm when the security alert and associated preconditions match a corresponding assurance information, a filtering of the security alert when no match has been found between the associated retrieved preconditions and the corresponding assurance information, and an emitting of a non verified security alert when no preconditions have been retrieved for the security alert and/or no assurance reference corresponding to the preconditions has been defined.

Abstract: A method for preventing the poisoning of at least one DNS cache (5—i) within a computer network (B) including several DNS caches (5—1, 5—i, 5—n), this method comprising a step of comparing at least two DNS responses to a DNS query, returned by two different DNS caches.

Abstract: The present invention provides a method for detecting the hijacking of computer resources, located on an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network with no such security and confidentiality criteria, through a connection managed by a service provider, comprising: storing a connection parameter implemented by the computer resources to communicate with the external network; processing the stored parameter based on an irreversible function to generate a unique code that corresponds to said stored parameter but which does not allow the identification of said parameter from the corresponding generated code; and sending said generated code to a server located on the external network so that the server can analyze the activity of the computer resources from said unique code to detect any hijacking of the computer resources.