Patents by Inventor Bertrand Marquet
Bertrand Marquet has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8102838Abstract: A method and apparatus are provided for authenticating a user attempting to establish a service which uses SIP. The user registers with the SIP server by providing the digital otoacoustic signature of the user. Thereafter, when the user attempts to initiate a session through the SIP server, the SIP server sends an Authorization Request message to the SIP client of the user. The SIP client reads the user's digital otoacoustic signature, generates a response based on the digital otoacoustic signature, and embeds the response in a second Invite message sent back to the SIP server. Meanwhile, the SIP server determines an expected response, based on the digital otoacoustic signature registered by the user. If the response provided by the SIP client matches the response expected by the SIP server, the SIP server allows establishment of the server.Type: GrantFiled: January 17, 2007Date of Patent: January 24, 2012Assignee: Alcatel LucentInventors: Vinod Kumar Choyi, Bertrand Marquet
-
Patent number: 8031596Abstract: The invention concerns a router associated to a secure device (DC) and included in a communication network (RC), comprising an interface (IRT) to communicate with the secure device following an authentication of the router by the secure device, and comprising a protocol interpreter (INT) to command the execution of the critical operations of one or more routing protocols by the secure device. The sensitive or critical portions of a routing protocol are executed in a secure and reliable manner in the secured device, for example of a chip card type.Type: GrantFiled: June 5, 2009Date of Patent: October 4, 2011Assignee: Alcatel LucentInventors: Emmanuel Onfroy, Evren Bulut, Bertrand Marquet, José Araujo, Arnaud Ansiaux
-
Patent number: 7783756Abstract: Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.Type: GrantFiled: June 3, 2005Date of Patent: August 24, 2010Assignee: Alcatel LucentInventors: Vinod Kumar Choyi, Bertrand Marquet, Frederic Gariador
-
Patent number: 7743421Abstract: Communication network security risk exposure management systems and methods are disclosed. Risks to a communication network are determined by analyzing assets of the communication network and vulnerabilities affecting the assets. Assets may include physical assets such as equipment or logical assets such as software or data. Risk analysis may be adapted to assess risks to a particular feature of a communication network by analyzing assets of the communication network which are associated with that feature and one or more of vulnerabilities which affect the feature and vulnerabilities which affect the assets associated with the feature. A feature may be an asset itself or a function or service offered in the network and supported by particular assets, for example.Type: GrantFiled: May 18, 2005Date of Patent: June 22, 2010Assignee: Alcatel LucentInventors: Francois J. N. Cosquer, Bertrand Marquet, Robert W. MacIntosh, Yvon Leclerc, Scott David D'Souza
-
Publication number: 20100014515Abstract: The invention concerns a router associated to a secure device (DC) and included in a communication network (RC), comprising an interface (IRT) to communicate with the secure device following an authentication of the router by the secure device, and comprising a protocol interpreter (INT) to command the execution of the critical operations of one or more routing protocols by the secure device. The sensitive or critical portions of a routing protocol are executed in a secure and reliable manner in the secured device, for example of a chip card type.Type: ApplicationFiled: June 5, 2009Publication date: January 21, 2010Inventors: Emmanuel Onfroy, Evren Bulut, Bertrand Marquet, José Araujo, Arnaud Ansiaux
-
Patent number: 7631344Abstract: A distributed authentication framework is presented. The framework includes an authentication stack that is created by an authentication server. The server receives an authentication request from an end-user, the request including an authentication domain ID that distinguishes the end-user. The authentication stack has entries that trigger local or remote specific authentication actions providing respective results. When the results are consolidated the authentication status of the end-user is determined.Type: GrantFiled: November 4, 2003Date of Patent: December 8, 2009Assignee: Alcatel LucentInventors: Christophe Gustave, Bertrand Marquet, Olivier Le Moigne
-
Patent number: 7536716Abstract: The present invention provides adequate service virtualization and compartmentalization in Network Management Systems for heterogeneous Network Elements to provide interoperability. It introduces a generic mediation layer that can be added to each Network Element that does not provide a network compartmentalization model that is compatible with the one used by the Network Management System. The mediation layer acts as a reverse proxy for the Network Management System to provide an operator with transparent access to an appropriate Management Service. The present invention is also instrumental in providing a high level of security in such hybrid networks.Type: GrantFiled: April 17, 2003Date of Patent: May 19, 2009Assignee: Alcatel LucentInventors: Frederic Gariador, Olivier Le Moigne, Bertrand Marquet
-
Publication number: 20080172728Abstract: A method and apparatus are provided for authenticating a user attempting to establish a service which uses SIP. The user registers with the SIP server by providing the digital otoacoustic signature of the user. Thereafter, when the user attempts to initiate a session through the SIP server, the SIP server sends an Authorization Request message to the SIP client of the user. The SIP client reads the user's digital otoacoustic signature, generates a response based on the digital otoacoustic signature, and embeds the response in a second Invite message sent back to the SIP server. Meanwhile, the SIP server determines an expected response, based on the digital otoacoustic signature registered by the user. If the response provided by the SIP client matches the response expected by the SIP server, the SIP server allows establishment of the server.Type: ApplicationFiled: January 17, 2007Publication date: July 17, 2008Applicant: ALCATEL LUCENTInventors: Vinod Kumar Choyi, Bertrand Marquet
-
Publication number: 20080005575Abstract: A method and apparatus are provided for authenticating a user of a mobile phone. While the user holds the phone to his or her ear, a microphone near the earpiece emits clicks into the user's ear. The speaker of the phone measures the response from the ear as an otoacoustic signal. A processor digitizes the measured otoacoustic signal to produce a received digital otoacoustic signature, and compares this with a stored digital otoacoustic signature of a legitimate user. If the signatures match, the phone is enabled. The invention allows secure authentication of mobile phones in a manner very natural and convenient to users.Type: ApplicationFiled: June 30, 2006Publication date: January 3, 2008Applicant: ALCATELInventors: Vinod Kumar Choyi, Bertrand Marquet
-
Patent number: 7305554Abstract: Systems and methods of dynamically introducing security features into a client-server application program are described. A security server between an application server and a database has multiple security components with a shared dependency. This shared dependency enables the introduction of a new security component providing a new security function without compromising the security of the application program. The new security component acquires state information from other security components in the security server thereby dynamically reconfiguring the component-based security system.Type: GrantFiled: December 16, 2002Date of Patent: December 4, 2007Assignee: Alcatel Canada Inc.Inventors: Bertrand Marquet, Adrian Mario Rossi, Francois J. N. Cosquer
-
Patent number: 7284269Abstract: A communications security system has been described. The security system in the form of a firewall is made up of a plurality of communicatively coupled sets of modules in a matrix configuration. The modules may be implemented in hardware and software in order to rely on the advantages of each technology. Data packets are typically coupled to an ingress side of the firewall where policy rules having the highest importance are checked first. The result is a high speed system having carrier class availability.Type: GrantFiled: May 29, 2002Date of Patent: October 16, 2007Assignee: Alcatel Canada Inc.Inventors: Bertrand Marquet, Scott David D'Souza, Paul Kierstead
-
Patent number: 7171684Abstract: A virtual security server enabling a set of applications to access a plurality of security services. In response to a service request from a software application, the virtual security server receive service determines which of the security servers is able to provide the requested service. The virtual security server sends to a selected security server data enabling the selected security server to provide the security service corresponding to the service request. Accordingly, communication between the applications and the security servers is simplified because the application are not required to manage negotiation protocols associated with the security servers and choose the security server(s) appropriate for the required service.Type: GrantFiled: May 4, 2000Date of Patent: January 30, 2007Assignee: AlcatelInventors: Bertrand Marquet, Guy Fouquet, Laurent Ballester
-
Publication number: 20070011452Abstract: A secured execution device (SED) maintains security credentials for a certain user that requests access to the network for performing specified operations or for obtaining specified information. The NE from where the user requests access to the network is authenticated using SED credentials against a multi-level and multi-factor credentials table maintained by a NE authentication controller provided in the EMS/NM/OSS controlling the respective NE. The NE authentication controller issues a challenge and transmits it to the NE. The SED receives the challenge and both the SED and the NE authentication controller process the random number in the same way. The SED then returns a one time usage cryptographic message with the response to the challenge. The NE authentication controller checks the SED response against the expected response calculated locally; the user gains access to the network over the NE if the two responses coincide.Type: ApplicationFiled: July 8, 2005Publication date: January 11, 2007Applicant: ALCATELInventors: Bertrand Marquet, Francois Cosquer
-
Publication number: 20060274643Abstract: Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.Type: ApplicationFiled: June 3, 2005Publication date: December 7, 2006Applicant: ALCATELInventors: Vinod Choyi, Bertrand Marquet, Frederic Gariador
-
Publication number: 20060265751Abstract: Communication network security risk exposure management systems and methods are disclosed. Risks to a communication network are determined by analyzing assets of the communication network and vulnerabilities affecting the assets. Assets may include physical assets such as equipment or logical assets such as software or data. Risk analysis may be adapted to assess risks to a particular feature of a communication network by analyzing assets of the communication network which are associated with that feature and one or more of vulnerabilities which affect the feature and vulnerabilities which affect the assets associated with the feature. A feature may be an asset itself or a function or service offered in the network and supported by particular assets, for example.Type: ApplicationFiled: May 18, 2005Publication date: November 23, 2006Applicant: AlcatelInventors: Francois Cosquer, Bertrand Marquet, Robert MacIntosh
-
Publication number: 20050257047Abstract: A system for improving security of management and control functions at a network element in a communications network is described. The control card of the network element is configured to function in association with an execution device such as a smartcard. The execution device has embedded thereon one or several processors each implementing specific security related operations. This limits access to the network element which, in turn, minimizes access to sensitive and confidential information.Type: ApplicationFiled: May 17, 2004Publication date: November 17, 2005Applicant: AlcatelInventors: Bertrand Marquet, Jean-Marc Robert, Francois Cosquer
-
Publication number: 20050097322Abstract: A distributed authentication framework is presented. The framework includes an authentication stack that is created by an authentication server. The server receives an authentication request from an end-user, the request including an authentication domain ID that distinguishes the end-user. The authentication stack has entries that trigger local or remote specific authentication actions providing respective results. When the results are consolidated the authentication status of the end-user is determined.Type: ApplicationFiled: November 4, 2003Publication date: May 5, 2005Applicant: AlcatelInventors: Christophe Gustave, Bertrand Marquet, Olivier Le Moigne
-
Publication number: 20040210768Abstract: The present invention provides adequate service virtualization and compartmentalization in Network Management Systems for heterogeneous Network Elements to provide interoperability. It introduces a generic mediation layer that can be added to each Network Element that does not provide a network compartmentalization model that is compatible with the one used by the Network Management System. The mediation layer acts as a reverse proxy for the Network Management System to provide an operator with transparent access to an appropriate Management Service. The present invention is also instrumental in providing a high level of security in such hybrid networks.Type: ApplicationFiled: April 17, 2003Publication date: October 21, 2004Applicant: AlcatelInventors: Frederic Gariador, Olivier Le Moigne, Bertrand Marquet
-
Publication number: 20040117622Abstract: Systems and methods of dynamically introducing security features into a client-server application program are described. A security server between an application server and a database has multiple security components with a shared dependency. This shared dependency enables the introduction of a new security component providing a new security function without compromising the security of the application program. The new security component acquires state information from other security components in the security server thereby dynamically reconfiguring the component-based security system.Type: ApplicationFiled: December 16, 2002Publication date: June 17, 2004Inventors: Bertrand Marquet, Adrian Mario Rossi, Francois J.N Cosquer
-
Publication number: 20040083386Abstract: A system and method for providing distribution security measures in a distributed computer network environment. For consistency and ease of administration purposes, in a distributed computer network environment a security policy server can be used to maintain the global security policy of the environment. This server would need to distribute local security policies founded on the global policy to managed clients. The present invention provides a higher level of distribution security by utilizing robust cryptographic material in the distribution mechanism.Type: ApplicationFiled: October 28, 2002Publication date: April 29, 2004Inventors: Bertrand Marquet, Frederic Gariador