Abstract: A method for counting data relating to an application transmitted by a terminal unit to a data server by a device, using an encrypted session between the terminal unit and the server. The method is implemented by the terminal unit and includes: transmitting a plurality of packets, each including a datum for determining a security key used for encrypting the packet; incrementing a counter of the application-related data; adding the incremented counter to a cooperation packet including the determining datum with a value distinct from a value of the data for determining the security keys of the other packets of the plurality of packets, the value corresponding to a security key used for encrypting packets of the plurality of packets exchanged between the terminal unit and the data server prior to sending the cooperation packet; and sending the cooperation packet including the added counter to the data server.

Abstract: A solution for providing a certification token for an instantiation of a node cluster to an item of equipment requesting it in an “edge computing” environment. Existing authentication solutions are not well suited to the context of edge computing, as they cannot guarantee that the various parties involved in providing the requested service have instantiated all the nodes and/or servers in accordance with the technical and/or contractual constraints relating to the requested service. The present solution makes it possible to establish, and therefore be able to provide upon request, an instantiation certificate of a node cluster contributing to implementing a service. Such a certificate makes it possible to guarantee that the various items of equipment and parties involved in the execution and provision of a given service comply with the terms of a service provision contract.

Abstract: A description is given of a method for securing a multi-access edge computing network, where provision is made for a hardware security device designed to be connected to a host module of the network. The method, implemented by the hardware security device, includes upon reception of a presence request from the host module in the network, verifying whether the presence request comprises data representative of an identifier of the host module, and, if so, sending a presence response to the host module, comprising a signature of the hardware security device.

Abstract: A method for securing the transmission of at least one data packet along a data path of a telecommunications network is disclosed. According to such a method, a security device performs: obtaining a variance delay representative of a difference between an actual end-to-end transit delay of the at least one data packet along the data path and an expected end-to-end transit delay of the at least one data packet along the data path; and securing the transmission by implementing at least one security action based on the variance delay.

Abstract: A method for capturing a packet from an encrypted session established between a terminal unit and a data server. The packet includes a datum for determining a security key used for the encryption of the packet. The method is implemented by a device routing the packet between the terminal unit and the data server and includes: analysis of a plurality of packets transmitted by the terminal unit and destined for the server; identification of a cooperation packet from among the plurality of analyzed packets, the cooperation packet including the determining datum corresponding to a security key used for the encryption of packets transmitted by the terminal unit to the data server prior to the terminal unit sending the cooperation packet; and decryption of the received cooperation packet using a security key corresponding to the determining datum from the identified cooperation packet.

Abstract: The advent of end-to-end encryption systems has put an end to the use of “caching” methods which consisted of replicating and storing data flows relating to content items in a “cache” which is located on board one or more intermediate devices. However, the disappearance of these “caching” solutions affects the management of the resources of different communication devices, particularly by bringing about an increase in the number of connections between communication devices that is necessary for delivering content items to the user terminals. Unlike known “caching” techniques in which the content itself is stored in at least one cache memory of a cache server, the method relies on storing in a cache server all of the messages exchanged between the original server hosting the content and the cache server, leading to the delivery of the content to the cache server.

Abstract: A method for improving the cooperation between two communication equipments constituting the ends of a path having at least one intermediate equipment. End-to-end encryption systems are designed to be resistant to any attempts of surveillance or tampering, as no third party can decrypt or alter the data being communicated. This reduction in cooperation between the communication equipments located at the ends of the connection and the intermediate equipments negatively impacts the performance of a connection established on the communication path comprising intermediate equipments. The method for improving cooperation makes it possible to re-establish cooperation between communication equipments that constitute the ends of a connection with intermediate nodes by calculating an intermediate performance parameter.

Abstract: Method for resolving name identifiers. Existing naming identifier resolution solutions give priority to one aspect, performance of a service or protection of privacy, over the other without it being possible to deviate therefrom. This lack of flexibility is detrimental to the user's quality of experience. This also impacts resource management for various communication equipment involved in the resolution of naming identifiers. The proposed solution makes it possible to give priority to performance or respecting privacy on a case-by-case basis. On the basis of an authorization to share a location of the equipment, the resolver gives priority to transmitting either a network address of a server associated with the naming identifier to be resolved requiring location information of the equipment, giving priority to performance, or a network address of a server associated with the naming identifier to be resolved not requiring location information of the equipment, giving priority to respecting privacy.

Abstract: A content distribution network is made up of terminals and servers that are connected as a network and cooperate in order to make content or data available to users. In order to be able to control access to the content via certain terminals, a solution called “URL signing” has been discussed. A “URL signing” solution requires establishing an active connection between a terminal requesting content and an originating server associated with the requested content. The solution relates to a method for accessing content implemented by a cache server, thus dispensing with the need for an active connection between a terminal requesting content and the originating server associated with the requested content.

Abstract: The field of the system and method is that of updating, within a first telecommunication network, access policies to a second telecommunication network. Edge computing thus minimises bandwidth requirements between devices and data processing centres. Generally, the access policy depends on the access rights negotiated between the operator of a communication network MNO and the operator of the communication network MEC (edge computing). However, these policies are most often static and do not allow for flexible management of the changing needs of the parties concerned. By establishing direct communication between a device in a communication network MEC and a device in a communication network MNO, the system and method enables the implementation of a more flexible and dynamic procedure for updating the access policy to the communication network MEC.

Abstract: A method for routing data of a session initialized between a terminal and a server, over a first network slice corresponding to a set of data-processing functions of a communication infrastructure, implemented by the terminal. This method includes receiving from the server at least one routing identifier determined as a function of at least one communication parameter of the session, configuring session information as a function of the at least one identifier received, and emitting to the server subsequent data routed over at least one second slice corresponding to the configured information.

Abstract: A method for measuring reputation of paths visiting nodes in a communication network and including, for each node visited by a current path of the network: a) assigning a security score for the node; b) estimating a first trust index based on: a cumulative on the current path of the successive scores of the nodes visited by the current path; and a number of nodes visited by the current path, the estimation of the first trust index providing a reputation measurement for the current path.

Abstract: A method allowing execution of transmission functions hosted in intermediate pieces of equipment of a path established between two pieces of communication equipment. End-to-end encryption systems are designed to resist any surveillance or tampering attempt, as no third party can decrypt or modify the communicated data. There is a solution which, depending on the connection opening requests of the applications, allows to select and assemble the transport protocols necessary for the operation of the application. However, this method is local: this protocol stack is only assembled at the pieces of communication equipment constituting the ends of the connections. Consequently, the requests emitted by these applications are not transmitted to the intermediate pieces of equipment which host the desired functions.

Abstract: A method for routing data of a session initialized between a terminal and a server, over a first network slice corresponding to a set of data-processing functions of a communication infrastructure, implemented by the terminal. This method includes receiving from the server at least one routing identifier determined as a function of at least one communication parameter of the session, configuring session information as a function of the at least one identifier received, and emitting to the server subsequent data routed over at least one second slice corresponding to the configured information.

Abstract: A method for allocating resources of a network infrastructure in order to provide a telecommunication service is disclosed. The method includes receiving, by a resource orchestrator, a request to instantiate virtualized functions on servers; determining servers to be allocated and resources of the network infrastructure enabling connectivity between the servers, based on the instantiation request; sending, to the determined resources, a configuration request enabling connectivity between the determined servers; and sending, to the determined servers, a request to allocate computing means on the determined servers.

Abstract: A method for processing a connection between user equipment and remote equipment in a communication network. The user equipment is attached to a wireless access network of the communication network via a wireless link. The method includes: detecting an underutilization of a data rate allocated to the connection over the wireless link; obtaining padding data, the data being stored in a memory accessible within the communication network; and transmitting the padding data thus obtained over the wireless link.

Abstract: A process implemented by an administration entity for configuring an access unit of a communication network in a virtualised environment having an operating software application. The process includes receiving, from a mediating entity of the operating software application, a log message of the operating software application associating an identifier of the operating software application and an identifier of a node supporting the operating software application. Prior to or following receipt of the log message, the administration entity determines an operating software application for hosting the access unit based on a test relating to a placement criterion relating to a data stream conveyed by the access unit. The administration entity then emits, to the mediating entity of the determined operating software application, a message for configuring the access unit in the determined operating software application, the message including an identifier of at least one other access unit of the communication network.

Abstract: A method and device for providing a certificate to an item of equipment in an “edge computing” environment, which may be deployed in distributed infrastructures and in which equipment may be reconfigured, suspended, removed, reactivated or even reassigned to another master node depending on the requirements to be met. The method and device for providing a certificate make it possible, by reusing components that are already present in a communication network, to reliably authenticate such an item of equipment by providing it with a certificate the integrity of which cannot be called into question since a trusted third party that issued the certificate is an operator managing the communication network.

Abstract: A method for allocating at least one transmission resource from among a plurality of resources, intended for routing a first item of data relating to a first application in a communication infrastructure. The method is implemented in a distributed management entity for managing the plurality of resources and includes: receiving, from a centralized management entity, an allocation message for allocating a plurality of resources having a set of transmission features for a second item of data relating to a second application; and assigning at least one resource of the plurality to the transmission of the first item of data. The method furthermore includes selecting a feature of the set for the transmission of the second item of data on the resources of the plurality that are not assigned to the transmission of the first item of data.

Abstract: A method for determining a hosting device of a network infrastructure of an operator for the installation of a virtualized function. The virtualized function contributes to transmission and processing of at least one item of information relating to a service. The method is implemented by a management entity of the infrastructure and includes: transmitting to a virtualization entity a compatibility request including at least one datum relating to a test of a resource of the hosting device; receiving from the virtualization entity at least one first variable derived from the test, relating to the transmitted datum, executed on the resource; and determining an aptitude of the hosting device to accommodate the virtualized function as a function of the at least one first variable received.