Abstract: A method for measuring reputation of paths visiting nodes in a communication network and including, for each node visited by a current path of the network: a) assigning a security score for the node; b) estimating a first trust index based on: a cumulative on the current path of the successive scores of the nodes visited by the current path; and a number of nodes visited by the current path, the estimation of the first trust index providing a reputation measurement for the current path.

Abstract: A method for determining a hosting device of a network infrastructure of an operator for the installation of a virtualized function. The virtualized function contributes to transmission and processing of at least one item of information relating to a service. The method is implemented by a management entity of the infrastructure and includes: transmitting to a virtualization entity a compatibility request including at least one datum relating to a test of a resource of the hosting device; receiving from the virtualization entity at least one first variable derived from the test, relating to the transmitted datum, executed on the resource; and determining an aptitude of the hosting device to accommodate the virtualized function as a function of the at least one first variable received.

Abstract: A method for securing the transmission of at least one data packet along a data path of a telecommunications network is disclosed. According to such a method, a security device performs: obtaining a variance delay representative of a difference between an actual end-to-end transit delay of the at least one data packet along the data path and an expected end-to-end transit delay of the at least one data packet along the data path; and securing the transmission by implementing at least one security action based on the variance delay.

Abstract: A method is described for optimizing the refresh rate of at least one part of a registration, the registration including an association between a first identifier of a resource on a network and a second identifier of the resource, and a time to live for said association. The method is performed by a resolver server having obtained the registration from an authorization server. The method includes transmitting a message comprising at least the association to an application server referencing the first identifier.

Abstract: A method for requesting proof of delegation for delivery of content to a client terminal via an encrypted connection. The content is referenced on a content server, to which the client terminal emitted a request to obtain the content. The content server has delegated the delivery of the content to a primary delivery server. The method is implemented by a secondary delivery server, to which the primary delivery server has delegated the delivery of the content. The method includes: receiving a request to establish an encrypted connection, from the client terminal, including an identifier of the content server; emitting a request for proof of delegation of delivery, addressed to the content server; receiving of a message from the content server, including an encryption key; emitting a response for establishing an encrypted connection, addressed to the client terminal; and establishing the encrypted connection with the client terminal using the encryption key.

Abstract: A method for allocating at least one transmission resource from among a plurality of resources, intended for routing a first item of data relating to a first application in a communication infrastructure. The method is implemented in a distributed management entity for managing the plurality of resources and includes: receiving, from a centralized management entity, an allocation message for allocating a plurality of resources having a set of transmission features for a second item of data relating to a second application; and assigning at least one resource of the plurality to the transmission of the first item of data. The method furthermore includes selecting a feature of the set for the transmission of the second item of data on the resources of the plurality that are not assigned to the transmission of the first item of data.

Abstract: A method of auditing at least one virtualized resource deployed in a cloud computing network, implemented by an administration device in respect of the at least one resource, able to administer virtual network functions, the virtual infrastructure or the network services. The method includes: storing a set of rules of the audit which are associated with the at least one virtualized resource; receiving from the at least one virtualized resource a message including an item of information about an event arising on the virtualized resource; correlating the item of information received with the set of stored rules; and if the correlation is positive, sending, to a recording device, a command message for writing at least one datum linked to the item of information received in a data register associated with the at least one virtualized resource.

Abstract: A method for preserving a transmission rate of second data transmitted by a first terminal destined for a second terminal attached to at least one access device in a communications network. A communications network node capable of routing the second data identifies an inability of the at least one access device to send first data received from the first terminal to the second terminal, processes the first data received from the first terminal during the identified period of inability of the at least one access device, and transmits to the first terminal a notification indicating that the first stored data is not subject to congestion.

Abstract: A method is proposed for monitoring a connection between end devices via a communications network. A set of modes having at least two monitoring modes and a ranking order associated with the set of modes, are agreed upon between the end devices and a network device present on a path between the end devices. The method includes an activation of the set of modes, corresponding to an activation of the first mode according to the ranking order; then an activation, according to the ranking order, of each other mode of the set of modes. Each monitoring mode includes at least one mechanism implemented by at least one of the end devices and enabling the network device to perform at least one function of monitoring the connection.

Abstract: The communications established on a communication path between two nodes, for example between a client and server, are increasingly encrypted, at least from the transport layer and to the application layer in the Open Systems Interconnection model. However, the devices present on the communication path may in certain cases or for certain services, intervene not only to transport the messages but also to read, edit or add data in the message. In addition, it may also be desirable that only “authorized” devices can carry out these actions. In order to intervene on these data, it would be necessary that the devices on the communication path have available all the keys used by the nodes to encrypt and decrypt the data of the messages, which is difficult to envisage.

Abstract: A method allowing execution of transmission functions hosted in intermediate pieces of equipment of a path established between two pieces of communication equipment. End-to-end encryption systems are designed to resist any surveillance or tampering attempt, as no third party can decrypt or modify the communicated data. There is a solution which, depending on the connection opening requests of the applications, allows to select and assemble the transport protocols necessary for the operation of the application. However, this method is local: this protocol stack is only assembled at the pieces of communication equipment constituting the ends of the connections. Consequently, the requests emitted by these applications are not transmitted to the intermediate pieces of equipment which host the desired functions.

Abstract: Checking a certificate of delegation, from a first server to a second server, for delivery of content referenced on the first server, and addressed to a client terminal. The terminal: emits a first message requesting the content, addressed to the first server, via a first encrypted connection; receives a redirection message from the first server, including an identifier of a third-party server; obtains an address from the second server, based on the identifier received in the redirection message; emits a request to establish a second encrypted connection between the terminal and the second server, including an identifier of the first server; receiving a certificate of delegation signed by the first server from the second server, via the second encrypted connection; verifies the certificate by an encryption key of the first server; and if valid, emits a second message requesting content, addressed to the second server, via the second encrypted connection.

Abstract: A method, a device and a program are provided for processing data. The method is implemented within an intermediary module. The data is transmitted between a customer module and a server module connected through a communications network. The method includes: receiving, from one among the customer and server modules, an intermediation request identifying an operation of intermediation to be performed relative to a stream of encrypted data exchanged between the customer module and the server module; and processing relative to said encrypted data as a function of said operation of intermediation.

Abstract: A method for caching a piece of content in a content distribution network of a first network, a browser module running on a user terminal and allowing access to content by using encrypted sessions, the browser module being associated with a proxy server of a second network interconnected with the first network, the proxy server controlling a current session status between the browser module and a content provider. The method includes: the browser module sending a request relating to the content to the content provider; the proxy server obtaining a piece of information relating to the request; the browser module receiving the requested content; and the proxy server commanding the browser module to cache the content in the content distribution network.

Abstract: A method for routing data of a session initialized between a terminal and a server, over a first network slot corresponding to a set of data-processing functions of a communication infrastructure, implemented by the terminal. This method includes receiving from the server at least one routing identifier determined as a function of at least one communication parameter of the session, configuring session information as a function of the at least one identifier received, and emitting to the server subsequent data of the session routed over at least one second slot corresponding to the configured information.

Abstract: A method of auditing at least one virtualized resource deployed in a cloud computing network, implemented by an administration device in respect of the at least one resource, able to administer virtual network functions, the virtual infrastructure or the network services. The method includes: storing a set of rules of the audit which are associated with the at least one virtualized resource; receiving from the at least one virtualized resource a message including an item of information about an event arising on the virtualized resource; correlating the item of information received with the set of stored rules; and if the correlation is positive, sending, to a recording device, a command message for writing at least one datum linked to the item of information received in a data register associated with the at least one virtualized resource.

Abstract: A method is described for optimizing the refresh rate of at least one part of a registration, the registration including an association between a first identifier of a resource on a network and a second identifier of the resource, and a time to live for said association. The method is performed by a resolver server having obtained the registration from an authorization server. The method includes transmitting a message comprising at least the association to an application server referencing the first identifier.

Abstract: A method and a device are provided for managing, in a receiving entity, data packets received from a transport layer connection established with a transmitting entity. The connection includes at least one stream in connected mode and at least one stream in non-connected mode. The management method includes transmitting, by the receiving entity, a so-called return message, relating to at least one data packet from one of the two streams in connected mode or in non-connected mode of the connection, the return message being transmitted to the transmitting entity on the other stream of the connection.

Abstract: Checking a certificate of delegation, from a first server to a second server, for delivery of content referenced on the first server, and addressed to a client terminal. The terminal: emits a first message requesting the content, addressed to the first server, via a first encrypted connection; receives a redirection message from the first server, including an identifier of a third-party server; obtains an address from the second server, based on the identifier received in the redirection message; emits a request to establish a second encrypted connection between the terminal and the second server, including an identifier of the first server; receiving a certificate of delegation signed by the first server from the second server, via the second encrypted connection; verifies the certificate by an encryption key of the first server; and if valid, emits a second message requesting content, addressed to the second server, via the second encrypted connection.

Abstract: A method for requesting proof of delegation for delivery of content to a client terminal via an encrypted connection. The content is referenced on a content server, to which the client terminal emitted a request to obtain the content. The content server has delegated the delivery of the content to a primary delivery server. The method is implemented by a secondary delivery server, to which the primary delivery server has delegated the delivery of the content. The method includes: receiving a request to establish an encrypted connection, from the client terminal, including an identifier of the content server; emitting a request for proof of delegation of delivery, addressed to the content server; receiving of a message from the content server, including an encryption key; emitting a response for establishing an encrypted connection, addressed to the client terminal; and establishing the encrypted connection with the client terminal using the encryption key.