Patents by Inventor Frederic Gariador
Frederic Gariador has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8315951Abstract: A method and apparatus are provided for providing authentication of an e-commerce server to a user engaging in e-commerce transactions. When the user begins an e-commerce session, the e-commerce server requests an authentication token from an authentication proxy with which it has registered. If the authentication proxy recognizes the e-commerce server, the authentication proxy generates an authentication token in the form of a simple image, and sends the authentication token to the e-commerce server over a trusted path. The e-commerce server sends the authentication token to the user. The authentication proxy also sends a copy of the authentication token to the user over a second trusted path to a second device or application accessible by the user. The user can then see that the authentication token presented by the e-commerce server matches the authentication token presented by the authentication proxy.Type: GrantFiled: November 1, 2007Date of Patent: November 20, 2012Assignee: Alcatel LucentInventors: Zlatko Krstulich, Frederic Gariador
-
Patent number: 7974234Abstract: Methods for authenticating peer mobile network nodes for establishing a secure peer-to-peer communications context in an ad-hoc network are presented. The methods include accessing wireless infrastructure network entities at low bandwidth and for a short time duration to obtain cryptographic information regarding a peer mobile network node for the purpose of establishing secure peer-to-peer communications therewith ad-hoc network. Having received cryptographic information regarding a peer mobile network node, the method further includes challenging the peer network node with a challenge phrase derived from the cryptographic information received, receiving a response, and establishing a secure communications context to the peer mobile network node based on the validity of the received response.Type: GrantFiled: October 22, 2004Date of Patent: July 5, 2011Assignee: Alcatel LucentInventors: Christophe Gustave, Vinod Kumar Choyi, Frederic Gariador
-
Patent number: 7783756Abstract: Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.Type: GrantFiled: June 3, 2005Date of Patent: August 24, 2010Assignee: Alcatel LucentInventors: Vinod Kumar Choyi, Bertrand Marquet, Frederic Gariador
-
Patent number: 7685420Abstract: Methods and apparatus for improving the resilience of wireless packet-switched networks to Layer-2 attacks is provided via a lightweight mechanism for detecting spoofed frames. The mechanism enables a receiving node to detect spoofed frames from information contained in cookies sent with frames. A first cookie, containing initial information, is sent to the receiving station from the transmitting node along with the first frame of a frame set. For each received frame, spoofing detection includes applying a function to information received via a corresponding cookie received with the subject frame, the result of which function is compared with information received via a previous cookie. The validity of the subject frame is asserted if the result of applying the function to information received in the corresponding subject cookie correlates with previous or initial information received in a previous or the first cookie, respectively. An exemplary implementation includes using a one-way hashing function.Type: GrantFiled: September 14, 2004Date of Patent: March 23, 2010Assignee: Alcatel LucentInventors: Frederic Gariador, Jean-Marc Robert
-
Patent number: 7676838Abstract: Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections, illustratively between a first system and an intermediate system and between a second system and an intermediate system. The multiple secure connections may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.Type: GrantFiled: July 26, 2004Date of Patent: March 9, 2010Assignee: Alcatel LucentInventors: Vinod Choyi, Andrew Robison, Frederic Gariador
-
Patent number: 7536716Abstract: The present invention provides adequate service virtualization and compartmentalization in Network Management Systems for heterogeneous Network Elements to provide interoperability. It introduces a generic mediation layer that can be added to each Network Element that does not provide a network compartmentalization model that is compatible with the one used by the Network Management System. The mediation layer acts as a reverse proxy for the Network Management System to provide an operator with transparent access to an appropriate Management Service. The present invention is also instrumental in providing a high level of security in such hybrid networks.Type: GrantFiled: April 17, 2003Date of Patent: May 19, 2009Assignee: Alcatel LucentInventors: Frederic Gariador, Olivier Le Moigne, Bertrand Marquet
-
Publication number: 20090119182Abstract: A method and apparatus are provided for providing authentication of an e-commerce server to a user engaging in e-commerce transactions. When the user begins an e-commerce session, the e-commerce server requests an authentication token from an authentication proxy with which it has registered. If the authentication proxy recognizes the e-commerce server, the authentication proxy generates an authentication token in the form of a simple image, and sends the authentication token to the e-commerce server over a trusted path. The e-commerce server sends the authentication token to the user. The authentication proxy also sends a copy of the authentication token to the user over a second trusted path to a second device or application accessible by the user. The user can then see that the authentication token presented by the e-commerce server matches the authentication token presented by the authentication proxy.Type: ApplicationFiled: November 1, 2007Publication date: May 7, 2009Applicant: ALCATEL LUCENTInventors: Zlatko Krstulich, Frederic Gariador
-
Patent number: 7409715Abstract: An impersonation detection system for a wireless node of a wireless communication network is described. The system comprises an intrusion detection module for correlating the original data frames transmitted by the wireless node with incoming data frames received over the air interface. The wireless node is connected to the intrusion detection module over a secure link, for receiving a copy of the original data frames. A method for detecting impersonation based attacks at a wireless node is also disclosed.Type: GrantFiled: December 10, 2003Date of Patent: August 5, 2008Assignee: Alcatel LucentInventors: Frederic Gariador, Vinod Kumar Choyi, Andrew Robison
-
Publication number: 20060274643Abstract: Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.Type: ApplicationFiled: June 3, 2005Publication date: December 7, 2006Applicant: ALCATELInventors: Vinod Choyi, Bertrand Marquet, Frederic Gariador
-
Publication number: 20060087999Abstract: Methods for authenticating peer mobile network nodes for establishing a secure peer-to-peer communications context in an ad-hoc network are presented. The methods include accessing wireless infrastructure network entities at low bandwidth and for a short time duration to obtain cryptographic information regarding a peer mobile network node for the purpose of establishing secure peer-to-peer communications therewith ad-hoc network. Having received cryptographic information regarding a peer mobile network node, the method further includes challenging the peer network node with a challenge phrase derived from the cryptographic information received, receiving a response, and establishing a secure communications context to the peer mobile network node based on the validity of the received response.Type: ApplicationFiled: October 22, 2004Publication date: April 27, 2006Applicant: ALCATELInventors: Christophe Gustave, Vinod Choyi, Frederic Gariador
-
Publication number: 20060056402Abstract: Methods and apparatus for improving the resilience of wireless packet-switched networks to Layer-2 attacks is provided via a lightweight mechanism for detecting spoofed frames. The mechanism enables a receiving node to detect spoofed frames from information contained in cookies sent with frames. A first cookie, containing initial information, is sent to the receiving station from the transmitting node along with the first frame of a frame set. For each received frame, spoofing detection includes applying a function to information received via a corresponding cookie received with the subject frame, the result of which function is compared with information received via a previous cookie. The validity of the subject frame is asserted if the result of applying the function to information received in the corresponding subject cookie correlates with previous or initial information received in a previous or the first cookie, respectively. An exemplary implementation includes using a one-way hashing function.Type: ApplicationFiled: September 14, 2004Publication date: March 16, 2006Applicant: ALCATELInventors: Frederic Gariador, Jean-Marc Robert
-
Publication number: 20060020787Abstract: Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections, illustratively between a first system and an intermediate system and between a second system and an intermediate system. The multiple secure connections may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.Type: ApplicationFiled: July 26, 2004Publication date: January 26, 2006Inventors: Vinod Choyi, Andrew Robison, Frederic Gariador
-
Publication number: 20050144544Abstract: An impersonation detection system for a wireless node of a wireless communication network is described. The system comprises an intrusion detection module for correlating the original data frames transmitted by the wireless node with incoming data frames received over the air interface. The wireless node is connected to the intrusion detection module over a secure link, for receiving a copy of the original data frames. A method for detecting impersonation based attacks at a wireless node is also disclosed.Type: ApplicationFiled: December 10, 2003Publication date: June 30, 2005Applicant: AlcatelInventors: Frederic Gariador, Vinod Choyi, Andrew Robison
-
Publication number: 20040210768Abstract: The present invention provides adequate service virtualization and compartmentalization in Network Management Systems for heterogeneous Network Elements to provide interoperability. It introduces a generic mediation layer that can be added to each Network Element that does not provide a network compartmentalization model that is compatible with the one used by the Network Management System. The mediation layer acts as a reverse proxy for the Network Management System to provide an operator with transparent access to an appropriate Management Service. The present invention is also instrumental in providing a high level of security in such hybrid networks.Type: ApplicationFiled: April 17, 2003Publication date: October 21, 2004Applicant: AlcatelInventors: Frederic Gariador, Olivier Le Moigne, Bertrand Marquet
-
Publication number: 20040083386Abstract: A system and method for providing distribution security measures in a distributed computer network environment. For consistency and ease of administration purposes, in a distributed computer network environment a security policy server can be used to maintain the global security policy of the environment. This server would need to distribute local security policies founded on the global policy to managed clients. The present invention provides a higher level of distribution security by utilizing robust cryptographic material in the distribution mechanism.Type: ApplicationFiled: October 28, 2002Publication date: April 29, 2004Inventors: Bertrand Marquet, Frederic Gariador