Abstract: Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

Abstract: Method of gaining secure access from a host (13) to Intranet resources provided by at least a content server (18) in a data transmission system wherein the host is connected to the content server through a gateway (17). Such a method consists in generating and sending at predetermined transmission instants from either the host or the gateway verification messages wherein each verification message contains a signature which depends upon the data exchanged between the host and the gateway since the preceding verification message, the host and the gateway also called peer devices having at their disposal same algorithm defining which of them sends a verification message at each of the predetermined instants.

Abstract: A hardware device for processing the tasks of an algorithm of the type having a number of processes the execution of some of which depend on binary decisions has a plurality of task units (10, 12, 14), each of which are associated with a task defined as being either one process or one decision or one process together with a following decision. A task interconnection logic block (16) is connected to each task unit for communicating actions from a source task unit to a destination task unit. Each task unit includes a processor (18) for processing the steps of the associated task when a received action requests such a processing.

Abstract: A method and apparatus for flow based load balancing are disclosed. For example, the present method receives at least one packet from a flow. If the flow has not being previously classified, then the flow is classified based on the characteristics of the flow. Once classified, the present method matches the flow to at least one matched path from a plurality of available paths in accordance with the characteristics of the flow and characteristics of the at least one matched path. Once matched, the present method forwards the packet from the flow to the at least one matched path for processing.

Abstract: Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

Abstract: Method of gaining secure access from a host (13) to Intranet resources provided by at least a content server (18) in a data transmission system wherein the host is connected to the content server through a gateway (17). Such a method consists in generating and sending at predetermined transmission instants from either the host or the gateway verification messages wherein each verification message contains a signature which depends upon the data exchanged between the host and the gateway since the preceding verification message, the host and the gateway also called peer devices having at their disposal a same algorithm defining which of them sends a verification message at each of the predetermined instants.

Abstract: A method and system for reserving a virtual connection from a source workstation to a destination workstation. Packets of data are transmitted over a network between an ingress node of the source workstation and an egress node of the destination workstation. In accordance with the method of the present invention, a reservation request is delivered from the source workstation to a reservation server. The reservation server includes a user database for storing the identification of each user allowed to access to the reservation server and also stores the rights of each user. The reservation server further includes a network database for storing the information describing a network capacity required to set up the virtual connection. A verification is then performed to determine whether or not the reservation request may be validated in view of user information within said source workstation.

Abstract: Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

Abstract: Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

Abstract: A security system for preventing unauthorized use of a computer device. An extractable security piece includes an extractable main private key and a main PC public key. A PC security area which is a non-extractable part of the computer device includes a PC private key and an extractable main public key, which, together with the keys of the extractable security piece, constitute a Public Key Infrastructure. The extractable security piece and the PC security area include processing means for mutual authentication of the extractable security piece and the PC security area after the extractable security piece, which had been previously removed, has been reinserted in the computer device, thereby enabling the authorized user to access data stored in the computer device.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: In a remote computer, a method for providing a file comprises the steps of receiving a request for this file, identifying this file as being stored in a distant server, requesting the distance server to send the file, identifying this file as being used, and forwarding this file. Further, in a local server, a method for transferring a file from a home server comprises the steps of receiving a request for this file, this request comprising the home server identification, checking that this file is not locally stored, requesting this file to the home server, identifying the file as being locally used, and forwarding this file.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: Method for validating an electronic payment by a credit card in a transaction system comprising a seller terminal (12) for registering a sale of one or several articles by a buyer (10 or 11) using a credit card associated with a plurality of PIN codes and an electronic payment center (14) connected to the seller terminal by the Internet network (16). The method consists for the electronic payment center to check that a buyer PIN code which is provided by the buyer to the center is associated with the number of the credit card provided by the buyer to the seller terminal and is characterized in that it comprises a step automatically carried out by the electronic payment center of checking with a third party whether the buyer PIN code is valid.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: A method including formatting an advertisement message having a dedicated preferred route to one of a first physical entity and a first logical entity of a first autonomous system (“AS”), the dedicated preferred route being based on at least two routing attributes, and transmitting the advertisement message from the first AS to a second AS. A routing device including a formatting module formatting an advertisement message having a dedicated preferred route to one of a first physical entity and a first logical entity of a first autonomous system (“AS”), the dedicated preferred route being based on at least two routing attributes, and a transmitting module transmitting the advertisement message from the first AS to a second AS.

Abstract: A method for validating an electronic payment by a credit/debit card in a transaction system. The method includes registering a purchase of an article by a buyer using a credit/debit card associated with at least one PIN code, checking that the at least one PIN code is associated with the number of said credit/debit card provided by said buyer to said seller terminal, checking, by said electronic payment center, whether or not said at least one PIN code is valid, and one of: after the at least one PIN code is found to be valid, checking, by said electronic payment center, whether the electronic payment center has received a pre-validation from a third party; after the at least one PIN code is found to be valid, contacting a third party via a communication network and requesting that the third party validate the purchase; and after the at least one PIN code is found to be valid, contacting a third party via a communication network and requesting said at least one PIN code from the third party.

Abstract: The present invention relates to computer viruses and more particularly to a method and system for requesting a virus-free certificate associated with a file of a file server and downloading this virus-free file certificate or a file including this virus-free file certificate from the file server. The method, for use in a client system (100), comprises the steps of: sending (401) a request to a file server for a virus-free certificate associated with a file to download from the file server, the request comprising one or a plurality of requirements (301 . . . 307) for the virus-free certificate; downloading (403) the file and the associated virus-free certificate, the virus-free certificate comprising a file signature (207) for certifying that the file is declared virus-free by a virus-free certificate authority (102).

Abstract: According to the invention, a device for transferring data between two workstations connected to a network is provided. This device comprises means for distributing data among a plurality of links of the network. Preferentially, the device comprises a dual-port memory for storing the data. In a preferred embodiment, the device further comprises a high speed interface for transmitting data from a workstation to the memory, associated with each link, a low speed interface for transmitting a part of the data from the memory to this link, and a controller for monitoring the data flow between the workstation and the plurality of links, by controlling the memory and the interfaces.

Abstract: A method and system are disclosed for generating and using a virus-free file certificate integrated in a file.