Abstract: A method and system for authenticating a user to provide access to a secure application configured on a mobile device are disclosed. The method includes receiving an input from the user. The input is associated with a plurality of parameters. The method includes extracting a biometric pattern based on the input. The biometric pattern may be generated from the plurality of parameters associated with the input. The method may include comparing the biometric pattern with a plurality of reference patterns. The plurality of reference patterns are pre-defined by an owner of the mobile device. Furthermore, the method may include authenticating the user when the biometric pattern matches a reference pattern associated with the secure application from the plurality of reference patterns. Moreover, the method includes allowing the user to access the secure application, based on the authentication.

Abstract: An exemplary technique is provided for detecting a hijacking of computer resources, located in an internal network implementing security criteria and confidentiality criteria specific to the internal network, connected to an external network with no security criteria and confidentiality criteria, through a connection managed by a service provider.

Abstract: A method and system for authenticating a user to provide access to a secure application configured on a mobile device are disclosed. The method includes receiving an input from the user. The input is associated with a plurality of parameters. The method includes extracting a biometric pattern based on the input. The biometric pattern may be generated from the plurality of parameters associated with the input. The method may include comparing the biometric pattern with a plurality of reference patterns. The plurality of reference patterns are pre-defined by an owner of the mobile device. Furthermore, the method may include authenticating the user when the biometric pattern matches a reference pattern associated with the secure application from the plurality of reference patterns. Moreover, the method includes allowing the user to access the secure application, based on the authentication.

Abstract: To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC1), a control server (SC) capable of communicating with the publication server (SP) and the terminal provide the latter with an application (App) that is downloaded and implemented on the terminal. The application makes it possible to define the control parameters (ParC) associated with the digital content, said parameters comprising a period of validity for the content and a list of web sites authorised to publish the digital content, generate a key (Kc) associated with the digital content, encrypt the digital content with said key, and store the control parameters (ParC), the generated key (Kc), and the encrypted digital content in various databases. The application then generates a reference (Ref) associated with the digital content and requires the publication of the reference by the publication server in place of the digital content.

Abstract: A technique is provided for detecting unauthorized use or abnormal activities of a targeted system of a network. The technique includes a comparison of captured data that relates to a targeted system with attack signatures to generate a security alert when the captured data and an attack signature match, a comparison of assurance metrics data from a monitored targeted perimeter with assurance references to generate assurance information when the assurance metrics data and an assurance reference match, a generation of a verified security alarm when the security alert and associated preconditions match a corresponding assurance information, a filtering of the security alert when no match has been found between the associated retrieved preconditions and the corresponding assurance information, and an emitting of a non verified security alert when no preconditions have been retrieved for the security alert and/or no assurance reference corresponding to the preconditions has been defined.

Abstract: The present invention provides a method for detecting the hijacking of computer resources, located on an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network with no such security and confidentiality criteria, through a connection managed by a service provider, comprising: storing a connection parameter implemented by the computer resources to communicate with the external network; processing the stored parameter based on an irreversible function to generate a unique code that corresponds to said stored parameter but which does not allow the identification of said parameter from the corresponding generated code; and sending said generated code to a server located on the external network so that the server can analyze the activity of the computer resources from said unique code to detect any hijacking of the computer resources.

Abstract: A method for reserving resources in a packet communication network, preferably an IP protocol network. The method includes sending an active packet containing a request for reservation of resources for an active data flow, receiving the packet by an active node in the network, and reserving resources of the node according to the request. In this method, an active packet communication network node, in particular an IP active router, reserves resources for processing data of an active data flow according to a resource reservation request for this active data flow contained in this active packet received by the node.

Abstract: Intrusion detection method for detecting unauthorized use or abnormal activities of a targeted system of a network, comprising the steps: creating defined preconditions for each vulnerability related to the targeted system and/or for each attack that exploit one or several vulnerabilities; creating assurance references corresponding to said defined preconditions and considering the targeted perimeter capturing data related to the targeted system; comparing captured data with attack signatures for generating at least one security alert when captured data and at least one attack signature match; capturing assurance data from monitoring of the targeted perimeter comparing assurance data, issued from assurance monitoring of the targeted perimeter, with assurance references for generating assurance information when said data issued from assurance monitoring and at least one assurance reference match retrieving the preconditions of the generated security alert checking if assurance information corresponding to said

Abstract: Method for classification of traffic on telecommunications networks, said method including a stage for the capture of traffic and a stage for detailed packet analysis, said method also including a stage for the statistical classification of traffic using a statistically-generated decision tree.

Abstract: A device (D) is dedicated to controlling the transfer of units of connection time for a communication network (N1) having accounting and/or billing equipment (ABE1).

Abstract: A security-procuring method for making an item of communications equipment (E) secure, said item of communications equipment comprising an operating system core (K) and a set of software applications (A), said core including at least one IPv6 protocol stack (PS) making it possible to transmit incoming data packets from an input port (PIN) to an application (A) and to transmit outgoing data packets from an application (A) to an output port (POUT), said protocol stacks including a set of interfaces (HPRE, HIN, HOUT, HPOST) organized to enable external modules connected to them to access said data packets transmitted by said at least one protocol stack at determined points associated with said interfaces.

Abstract: We describe an active node, which receives an active message containing an active application identifier, transmits the active application identifier to an active applications server. receives associated code from the active applications server, and executes the associated code. The active node also may transmit to the active applications server information relating to its own environment, and information relating to whether it is an edge node or core node in the network, enabling the active applications server to determine the associated code to return to the active node.

Abstract: Example embodiments disclose a prefix assignment device for use in network equipments of an Internet Protocol communication network, the device including a processing module. The processing module of the prefix assignment device may determine a node Nj associated with an unassigned prefix Pj of length L(Pj) equal to L(Rk)?m. The processing module may also assign prefix Pj to the network equipment Rk if m is equal to 0 and/or perform successive m loops if m is greater than 0. The module may select one of the two prefixes with lengths equal to L(Rk) for assignment to the network equipment Rk.

Abstract: A communication equipment for an Internet Protocol communication network including a set of interfaces each connected to one or more other communication equipments and having means for receiving an address prefix from a first other communication equipment. It further includes allocation means for allocating to at least a portion of the other communication equipments to which the first other equipment does not belong a sub-prefix formed of the address prefix concatenated with an individual identifier whose length depends on the total number of other communication equipments.

Abstract: A security-procuring method for making an item of communications equipment (E) secure, said item of communications equipment comprising an operating system core (K) and a set of software applications (A), said core including at least one IPv6 protocol stack (PS) making it possible to transmit incoming data packets from an input port (PIN) to an application (A) and to transmit outgoing data packets from an application (A) to an output port (POUT), said protocol stacks including a set of interfaces (HPRE, HIN, HOUT, HPOST) organized to enable external modules connected to them to access said data packets transmitted by said at least one protocol stack at determined points associated with said interfaces.

Abstract: A device (D) is dedicated to controlling the transfer of units of connection time for a communication network (N1) having accounting and/or billing equipment (ABE1).

Abstract: A device is dedicated to assigning prefixes for network equipments of an Internet Protocol communication network. It comprises processing means which, in the event of a request to assign a prefix of length L(Rk) for a network equipment Rk, determine a node Nj associated with an unallocated prefix Pj of length L(Pj) equal to L(Rk)?m, m?0, in order to assign that prefix to the network equipment Rk if the value of m is equal to 0 or, if the value of m is greater than 0, to perform successively m loops each consisting in fragmenting the current prefix P into two prefixes P1 and P2 with lengths equal to L(P)+1 and then select one of the two prefixes P1 and P2 as the current prefix for the next loop, until there are obtained in the last of the m loops two prefixes with lengths equal to L(Rk), followed by the selection of one of them for assignment to the network equipment Rk.

Abstract: A method is dedicated to dynamically assigning interface network identifiers for interfaces of network equipments connected to an Internet Protocol communication network including a DHCP network identifier server. In this method, when a network equipment requires an interface network identifier for one of its interfaces, designated by an interface identifier and connected to a link: i) there is generated in the network equipment and sent to the server a request for the assignment of an interface network identifier specifying the identifier of the interface that is the subject of the request and the identifiers of the other interfaces connected to the link; ii) on receipt of the request in the server, there is determined for the interface that is the subject of the request an interface network identifier common to all the interfaces connected to the same link; iii) the interface network identifier thus determined is sent to the network equipment that requested it so that it can configure the interface.

Abstract: A gateway (G) between an Internet network (N) and a local network (NL) associated with a building constituted by a plurality of private premises and at least one common area; the common area and at least some of the private premises having multimedia terminals (T1, T2, T3, TP, . . . ) connected to the local network (NL). The gateway is characterized in that it comprises execution means for executing extended services downloaded from a server (S) accessible via said Internet network (N).

Abstract: The operating process for an active node (1) of a packet-switched communication network, and in particular of an active IP router, includes the following successive steps: a) receipt of an active packet sent by a terminal (2); b) execution of a request contained in the active packet, this request being intended to configure packet processing functions; c) and then execution of a program contained or identified in the active packet, this program being intended to control packet processing functions. The active packet can also be sent by the router to a recipient terminal (3). The invention also proposes an active node, in particular an IP router, implementing the process. The invention also proposes a data packet which includes a request and a program or an identifier for a program, the request and the program being intended for execution by an active node.