Abstract: A method for counting data relating to an application transmitted by a terminal unit to a data server by a device, using an encrypted session between the terminal unit and the server. The method is implemented by the terminal unit and includes: transmitting a plurality of packets, each including a datum for determining a security key used for encrypting the packet; incrementing a counter of the application-related data; adding the incremented counter to a cooperation packet including the determining datum with a value distinct from a value of the data for determining the security keys of the other packets of the plurality of packets, the value corresponding to a security key used for encrypting packets of the plurality of packets exchanged between the terminal unit and the data server prior to sending the cooperation packet; and sending the cooperation packet including the added counter to the data server.

Abstract: A solution for providing a certification token for an instantiation of a node cluster to an item of equipment requesting it in an “edge computing” environment. Existing authentication solutions are not well suited to the context of edge computing, as they cannot guarantee that the various parties involved in providing the requested service have instantiated all the nodes and/or servers in accordance with the technical and/or contractual constraints relating to the requested service. The present solution makes it possible to establish, and therefore be able to provide upon request, an instantiation certificate of a node cluster contributing to implementing a service. Such a certificate makes it possible to guarantee that the various items of equipment and parties involved in the execution and provision of a given service comply with the terms of a service provision contract.

Abstract: A description is given of a method for securing a multi-access edge computing network, where provision is made for a hardware security device designed to be connected to a host module of the network. The method, implemented by the hardware security device, includes upon reception of a presence request from the host module in the network, verifying whether the presence request comprises data representative of an identifier of the host module, and, if so, sending a presence response to the host module, comprising a signature of the hardware security device.

Abstract: A method for securing the transmission of at least one data packet along a data path of a telecommunications network is disclosed. According to such a method, a security device performs: obtaining a variance delay representative of a difference between an actual end-to-end transit delay of the at least one data packet along the data path and an expected end-to-end transit delay of the at least one data packet along the data path; and securing the transmission by implementing at least one security action based on the variance delay.

Abstract: A method for capturing a packet from an encrypted session established between a terminal unit and a data server. The packet includes a datum for determining a security key used for the encryption of the packet. The method is implemented by a device routing the packet between the terminal unit and the data server and includes: analysis of a plurality of packets transmitted by the terminal unit and destined for the server; identification of a cooperation packet from among the plurality of analyzed packets, the cooperation packet including the determining datum corresponding to a security key used for the encryption of packets transmitted by the terminal unit to the data server prior to the terminal unit sending the cooperation packet; and decryption of the received cooperation packet using a security key corresponding to the determining datum from the identified cooperation packet.

Abstract: The advent of end-to-end encryption systems has put an end to the use of “caching” methods which consisted of replicating and storing data flows relating to content items in a “cache” which is located on board one or more intermediate devices. However, the disappearance of these “caching” solutions affects the management of the resources of different communication devices, particularly by bringing about an increase in the number of connections between communication devices that is necessary for delivering content items to the user terminals. Unlike known “caching” techniques in which the content itself is stored in at least one cache memory of a cache server, the method relies on storing in a cache server all of the messages exchanged between the original server hosting the content and the cache server, leading to the delivery of the content to the cache server.

Abstract: A method is described for processing a data transport service in a virtual data space deployed on a communications infrastructure, the virtual data space comprising a plurality of sites each comprising a communication server, also referred to as a connector, capable of hosting a data item or an application for processing the data. The method is implemented by an optimisation entity capable of communicating with the connector and comprises receiving a request for deploying the data transport service from a data management agent; obtaining a connectivity parameter with respect to the communication infrastructure of a connector of a site among the plurality of servers, the connector contributing to the data transport service of the received request; and determining at least one data path in the virtual data space, the at least one path comprising an ordered series of connectors selected according to the obtained connectivity parameter.

Abstract: Method for resolving name identifiers. Existing naming identifier resolution solutions give priority to one aspect, performance of a service or protection of privacy, over the other without it being possible to deviate therefrom. This lack of flexibility is detrimental to the user's quality of experience. This also impacts resource management for various communication equipment involved in the resolution of naming identifiers. The proposed solution makes it possible to give priority to performance or respecting privacy on a case-by-case basis. On the basis of an authorization to share a location of the equipment, the resolver gives priority to transmitting either a network address of a server associated with the naming identifier to be resolved requiring location information of the equipment, giving priority to performance, or a network address of a server associated with the naming identifier to be resolved not requiring location information of the equipment, giving priority to respecting privacy.

Abstract: A content distribution network is made up of terminals and servers that are connected as a network and cooperate in order to make content or data available to users. In order to be able to control access to the content via certain terminals, a solution called “URL signing” has been discussed. A “URL signing” solution requires establishing an active connection between a terminal requesting content and an originating server associated with the requested content. The solution relates to a method for accessing content implemented by a cache server, thus dispensing with the need for an active connection between a terminal requesting content and the originating server associated with the requested content.

Abstract: A method for managing an uninterrupted connection of a moving device to at least one attachment entity of at least one operator of a communication network. The method is implemented by a mediation entity capable of communicating with the at least one attachment entity. The method includes receiving a connection request comprising an identifier of the device and information relating to the movement of the device; determining at least one offer of connection to the at least one attachment entity on the basis of a communication feature, with the transmission of a proposal including the at least one determined connection offer. Determining, by the mediation entity, the connection of the device before its movement enables the movement of the device to be correlated with its connection and enables information relating to the operator or else to the mediation entity not to be disclosed.

Abstract: The field of the system and method is that of updating, within a first telecommunication network, access policies to a second telecommunication network. Edge computing thus minimises bandwidth requirements between devices and data processing centres. Generally, the access policy depends on the access rights negotiated between the operator of a communication network MNO and the operator of the communication network MEC (edge computing). However, these policies are most often static and do not allow for flexible management of the changing needs of the parties concerned. By establishing direct communication between a device in a communication network MEC and a device in a communication network MNO, the system and method enables the implementation of a more flexible and dynamic procedure for updating the access policy to the communication network MEC.

Abstract: A method for managing resources of a converged fixed access and mobile radio telecommunications network is disclosed. Each operator of a plurality of mobile operators has at least one base station connected to a mobile radio part of the network. According to such a method, a centralized resource allocation management module carries out: receiving at least one request for resources, called mobile client request, emitted either by a mobile radio resource management module of each of the mobile operators, or by a first centralized resource request management module from at least one mobile radio service request previously received from the mobile radio resource management module of each of the mobile operators; and sending at least one resource allocation offer to the mobile radio resource management modules according to the at least one mobile client request and at least one predetermined resource allocation offer rule.

Abstract: A method for routing data of a session initialized between a terminal and a server, over a first network slice corresponding to a set of data-processing functions of a communication infrastructure, implemented by the terminal. This method includes receiving from the server at least one routing identifier determined as a function of at least one communication parameter of the session, configuring session information as a function of the at least one identifier received, and emitting to the server subsequent data routed over at least one second slice corresponding to the configured information.

Abstract: A method for measuring reputation of paths visiting nodes in a communication network and including, for each node visited by a current path of the network: a) assigning a security score for the node; b) estimating a first trust index based on: a cumulative on the current path of the successive scores of the nodes visited by the current path; and a number of nodes visited by the current path, the estimation of the first trust index providing a reputation measurement for the current path.

Abstract: Devices and methods for accessing and for controlling access of a node, called “challenged node”, that has already been authenticated and is provisionally connected to a network of nodes, the network including at least one node, called “challenging node”. The method for controlling access, implemented by a challenging node, includes: defining a personalized test that must be executed by the challenged node; sending the test to the challenged node; receiving, from the challenged node, at least one result of the execution of the test; and authorizing or refusing the access of the challenged node to the network, at least on the basis of the result.

Abstract: A method allowing execution of transmission functions hosted in intermediate pieces of equipment of a path established between two pieces of communication equipment. End-to-end encryption systems are designed to resist any surveillance or tampering attempt, as no third party can decrypt or modify the communicated data. There is a solution which, depending on the connection opening requests of the applications, allows to select and assemble the transport protocols necessary for the operation of the application. However, this method is local: this protocol stack is only assembled at the pieces of communication equipment constituting the ends of the connections. Consequently, the requests emitted by these applications are not transmitted to the intermediate pieces of equipment which host the desired functions.

Abstract: A method for routing data of a session initialized between a terminal and a server, over a first network slice corresponding to a set of data-processing functions of a communication infrastructure, implemented by the terminal. This method includes receiving from the server at least one routing identifier determined as a function of at least one communication parameter of the session, configuring session information as a function of the at least one identifier received, and emitting to the server subsequent data routed over at least one second slice corresponding to the configured information.

Abstract: A method for allocating resources of a network infrastructure in order to provide a telecommunication service is disclosed. The method includes receiving, by a resource orchestrator, a request to instantiate virtualized functions on servers; determining servers to be allocated and resources of the network infrastructure enabling connectivity between the servers, based on the instantiation request; sending, to the determined resources, a configuration request enabling connectivity between the determined servers; and sending, to the determined servers, a request to allocate computing means on the determined servers.

Abstract: In known implementations of distributed ledgers, all of the transactions linked to a service are archived in nodes involved in the implementation of the service. This makes it possible to verify the authenticity and the integrity of the transactions and to ensure that the service that is provided is compliant. This poses a problem for nodes having limited storage capacities, some ledgers possibly reaching a significant size and ultimately potentially making it impossible for some modes to be able to record new transactions, thus causing a problem in terms of controlling the actual execution of the operations linked to these transactions. The present solution allows some nodes involved in the implementation of a service to be able to empty their local ledgers without this jeopardizing the correct operation of the associated distributed ledger. The transparency and the permanence of the transactions relating to the service are thus guaranteed.

Abstract: A method and device for providing a certificate to an item of equipment in an “edge computing” environment, which may be deployed in distributed infrastructures and in which equipment may be reconfigured, suspended, removed, reactivated or even reassigned to another master node depending on the requirements to be met. The method and device for providing a certificate make it possible, by reusing components that are already present in a communication network, to reliably authenticate such an item of equipment by providing it with a certificate the integrity of which cannot be called into question since a trusted third party that issued the certificate is an operator managing the communication network.