Abstract: Systems and methods are disclosed herein that relate to secure monitoring or interception of traffic in a wireless communications system. In some embodiments, a method of operation of a network node comprises receiving a list of one or more obfuscated target identifiers from a monitoring node, where each obfuscated target identifier is a user identifier of a target user that is encrypted using a first encryption key that is unknown to the network node. The method further comprises receiving an encrypted packet from another network node and determining whether an encrypted user identifier of the encrypted packet matches one of the obfuscated target identifiers. The method further comprises, if the encrypted user identifier matches one of the obfuscated target identifiers, further encrypting the encrypted packet using a second encryption key negotiated between the network node and the monitoring node and transmitting the further encrypted packet to the monitoring node.

Abstract: Systems and methods for processing inbound and outbound secure packet traffic are provided herein. A first lookup operation can be performed to identify a security association corresponding to a received packet. A second lookup operation can be performed to determine a security parameters index associated with the packet and the identified security association. The packet can be processed in accordance with the security association and the security parameters index.

Abstract: Systems and methods for managing firewall rules in a distributed firewall system are provided. A first subset of rules is identified to be removed from a first firewall in a first domain and to be added to a second firewall in a second domain. A second subset of rules is identified to be duplicated from the first firewall to the second firewall. Usage statistics for the rules in the identified subsets are synchronized between the first and second firewalls and the second firewall can be configured accordingly.

Abstract: A method, node and identifier authorizing entity for generating a unique identifier at a node in a hierarchal tree having a plurality of nodes, the hierarchical tree arranged in a plurality of levels. The method includes obtaining a first limit condition from a higher level node of the plurality of nodes in the hierarchal tree, generating the identifier, applying a function to the generated identifier, verifying that an output of the function satisfies the limit condition, determining a second limit condition for at least one lower level node of the plurality of nodes in the hierarchal tree, and sending the second limit condition to the at least one lower level node of the plurality of nodes in the hierarchal tree.

Abstract: Systems and methods are provided for packet handling and steering in a service function chaining network such that the full metadata associated with a packet need not be appended to the packet itself.

Abstract: A domain name server includes a zone file containing partitioning rules that define the partitioning of all subfolders of this domain into subzones. The DNS data of each of these subzones is hosted by a partition server that is able to obtain from the zone file information for identifying the partition server able to respond to a query sent by a client to obtain a DNS folder.

Abstract: A method and device for sending a request (R) from a requesting machine (H) to a domain name server (1, 2, 3). A prior test of the validity of the destination telephone number (NTEL) of the request (R) is executed automatically and locally to the requesting machine (H) relative to a database (BD) local to said requesting machine (H) in order to forward the request (R) from the requesting machine (H) to the domain name server (1, 2, 3) only if its telephone number (NTEL) passes said test.

Abstract: A domain server that comprises: means (10) for receiving a query transmitted from a client device (CL1) for obtaining DNS data; a zone file (FZ1, zone) comprising one or more distribution rules defining a partitioning of the domain into sub-zones, DNS data of said sub-zones being associated with a pair of partition keys specific to said sub-zone; means (20) for obtaining from said zone file a useful piece of information sufficient for identifying the pair of the partition keys associated with the required DNS data; and means (10) for transmitting to the client device (CL1): the required DNS data, the value of the signature of said data produced by means of the private component (ZSK2[pr]) of the pair of partition keys; and the useful piece of information.

Abstract: The invention relates to a method for accessing via a first device a predetermined piece of information duplicated in several server devices, each server device implementing a sub-assembly of safety mechanisms from a predetermined set of safety mechanisms in order to provide a predetermined safety level for accessing the predetermined piece of information, wherein said method comprises the following steps: a) transmission (40) by the first device of at least one access request adapted for receiving the list of safety mechanisms implemented by the server devices; b) transmission (46) by the first device to at least one of said server devices of an access request to the predetermined piece of information, said request using the safety mechanisms implemented by the and at least one of said server devices.

Abstract: A domain server that comprises: means (10) for receiving a query transmitted from a client device (CL1) for obtaining DNS data; a zone file (FZ1, zone) comprising one or more distribution rules defining a partitioning of the domain into sub-zones, DNS data of said sub-zones being associated with a pair of partition keys specific to said sub-zone; means (20) for obtaining from said zone file a useful piece of information sufficient for identifying the pair of the partition keys associated with the required DNS data; and means (10) for transmitting to the client device (CL1): the required DNS data, the value of the signature of said data produced by means of the private component (ZSK2[pr]) of the pair of partition keys; and the useful piece of information.

Abstract: A domain name server includes a zone file containing partitioning rules that define the partitioning of all subfolders of this domain into subzones. The DNS data of each of these subzones is hosted by a partition server that is able to obtain from the zone file information for identifying the partition server able to respond to a query sent by a client to obtain a DNS folder.

Abstract: A method of secure mutual identification of nodes (Nn) in a communications network comprising for each node a file (Fn) containing parameters descriptive of the node, each parameter being indexed by a cryptographic identifier of the node and an identifier of the parameter. An interface (IR) broadcasts from the node a message containing the cryptographic identifier of said node to the other nodes of the network. A unit (UC) transmits an identification request containing the cryptographic identifier of a first other node and the identifier of a parameter of said first other node requested by said node. A unit (HF) searches the file for a part of a parameter requested by a second other node as a function of the cryptographic identifier of said node and the identifier of the parameter transmitted by the second other node, and the interface transmits the part found of the parameter requested by the second other node to said second other node.

Abstract: A method and device for sending a request (R) from a requesting machine (H) to a domain name server (1, 2, 3). A prior test of the validity of the destination telephone number (NTEL) of the request (R) is executed automatically and locally to the requesting machine (H) relative to a database (BD) local to said requesting machine (H) in order to forward the request (R) from the requesting machine (H) to the domain name server (1, 2, 3) only if its telephone number (NTEL) passes said test.

Abstract: The invention concerns a telecommunications system including a database DBS comprising a reference server REFS containing data associated with at least one domain name, and at least one first and second auxiliary server CFS and PBS intended to contain data CONFD and PUBD respectively provided with a first and second degree of confidentiality. At least one of the auxiliary servers is provided with identification means IDMC, IDMP for preventing any access to the data that it contains by terminals not having access authorisation compatible with the degree of confidentiality attributed to the data contained in this auxiliary server. The invention provides respect for the confidential character which certain data CONFD stored in a database DBS accessible by means of a terminal TER0, TER1 or TER2 via a public network could have.