Patents by Inventor Paolo De Lutiis
Paolo De Lutiis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9015473Abstract: In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network.Type: GrantFiled: November 30, 2005Date of Patent: April 21, 2015Assignee: Telecom Italia S.p.A.Inventors: Luciana Costa, Paolo De Lutiis, Federico Frosali
-
Patent number: 8670316Abstract: A method to control communication traffic in a communication network. The traffic includes application-level messages between a client and a server having a private network address. The method includes the steps of: sending by the client a request message requesting a service to the server using a first public network address associated with the server; processing the request message at an intermediate logic unit logically positioned between the client and the server; and receiving an alert signal at the intermediate unit. Upon receipt of said alert signal, the method provides for: mapping the private network address of the server to a second public network address associated with the server; and instructing the client to send the request message to the second public network address of the server, routing to the server only request messages directed to the second public network address.Type: GrantFiled: December 28, 2006Date of Patent: March 11, 2014Assignee: Telecom Italia S.p.A.Inventors: Paolo De Lutiis, Luca Viale, Vito Pistillo
-
Patent number: 8572382Abstract: A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.Type: GrantFiled: May 15, 2006Date of Patent: October 29, 2013Assignee: Telecom Italia S.p.A.Inventors: Paolo De Lutiis, Corrado Moiso, Gaetano Di Caprio
-
Patent number: 8510793Abstract: A method of providing telecommunication services includes generating fictitious contact information univocally associated with a telephone number assigned to a subscriber; and storing the fictitious contact information in a database, like an ENUM database. Responsive to a request, received from a requester, of a contact information corresponding to the telephone number and adapted to allow contacting over the Internet the subscriber assignee of the telephone number, the method includes having the database providing the fictitious contact information; and conditioning a resolution of the fictitious contact information for the provisioning of the contact information to the satisfaction of at least one security rule adapted to assess properties of at least one among the requester and the request. In a case that the request from the requester satisfies the at least one security rule, the method resolves the fictitious contact information and provides the requester with the contact information.Type: GrantFiled: October 5, 2010Date of Patent: August 13, 2013Assignee: Telecom Italia S.p.A.Inventors: Paolo De Lutiis, Francesco Silletta
-
Patent number: 8490159Abstract: A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code.Type: GrantFiled: November 3, 2008Date of Patent: July 16, 2013Assignee: Telecom Italia S.p.A.Inventors: Luciana Costa, Roberta D'Amico, Paolo De Lutiis, Manuel Leone, Maurizio Valvo, Paolo Solina
-
Patent number: 8413209Abstract: A system for enforcing security policies on mobile communications devices is adapted to be used in a mobile communications network in operative association with a subscriber identity module. The system having a client-server architecture includes a server operated by a mobile communications network operator and a client resident on a mobile communications device on which security policies are to be enforced. The server is adapted to determine security policies to be applied on said mobile communications device, and to send thereto a security policy to be applied. The client is adapted to receive the security policy to be applied from the server, and to apply the received security policy.Type: GrantFiled: March 27, 2006Date of Patent: April 2, 2013Assignee: Telecom Italia S.p.A.Inventors: Carlo Aldera, Paolo De Lutiis, Maria Teresa Grillo, Manuel Leone, Alessandro Basso, Michele Miraglia
-
Patent number: 8356350Abstract: For managing denial of service situations at an application level in a communications network receiving message data, the message data are monitored in a sensor that sends an event message when detecting an alarm condition; a control logic detects a first analysis to be performed associated with the received event message and generates a request; an analysis module receives the request of analysis, performs the analysis and sends a result message; the control logic receives the result message and detects an action to be taken associated with the result message, the action being a countermeasure or a further analysis. For determining the analysis to be performed and the action to be taken, the control logic browses rules stored in a memory, each rule including a conditional clause and an associated action to be taken.Type: GrantFiled: November 29, 2004Date of Patent: January 15, 2013Assignee: Telecom Italia S.p.A.Inventors: Luca Buriano, Fabrizio Caffaratti, Paolo De Lutiis, Fabia Ferreri
-
Patent number: 8145057Abstract: A method for localizing an optical network termination (ONT) of a passive optical network is disclosed. The passive optical network comprises an optical line terminal (OLT) and an optical distribution network (ODN) having a plurality of optical links. The ONT is connectable to the OLT by a given optical link of the optical distribution network. The method includes the steps of detecting that the ONT has been connected to the OLT by an optical link of the optical distribution network; determining length information indicative of a length of the optical link; comparing the length information with a reference length information indicative of a length of the given optical link; and if the length information matches the reference length information, localizing the ONT by confirming that it is connected to the OLT by the given optical link.Type: GrantFiled: December 29, 2008Date of Patent: March 27, 2012Assignee: Telecom Italia S.p.A.Inventors: Luciana Costa, Roberta D'Amico, Paolo De Lutiis, Luca Viale
-
Publication number: 20110262139Abstract: A method for localizing an optical network termination (ONT) of a passive optical network is disclosed. The passive optical network comprises an optical line terminal (OLT) and an optical distribution network (ODN) having a plurality of optical links. The ONT is connectable to the OLT by a given optical link of the optical distribution network. The method includes the steps of detecting that the ONT has been connected to the OLT by an optical link of the optical distribution network; determining length information indicative of a length of the optical link; comparing the length information with a reference length information indicative of a length of the given optical link; and if the length information matches the reference length information, localizing the ONT by confirming that it is connected to the OLT by the given optical link.Type: ApplicationFiled: December 29, 2008Publication date: October 27, 2011Applicant: TELECOM ITALIA S.P.A.Inventors: Luciana Costa, Roberta D'Amico, Paolo De Lutiis, Luca Viale
-
Publication number: 20110214160Abstract: A method for security in a passive optical network is disclosed. The method includes, at an optical line termination (OLT): detecting an optical termination device and establishing a connection with the device; generating a first authentication message including a first random number; and transmitting the first authentication message through the established connection. At the optical termination device, the method may include: receiving the first authentication message; calculating a first authentication code by using the first random number and a secret code stored at the device; and generating and transmitting to the OLT a second authentication message including the first authentication code.Type: ApplicationFiled: November 3, 2008Publication date: September 1, 2011Applicant: TELECOM ITALIA S.P.A.Inventors: Luciana Costa, Roberta D'Amico, Paolo De Lutiis, Manuel Leone, Maurizio Valvo, Paolo Solina
-
Patent number: 7954141Abstract: A system and method for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network.Type: GrantFiled: September 30, 2005Date of Patent: May 31, 2011Assignee: Telecom Italia S.p.A.Inventors: Paolo De Lutiis, Gaetano Di Caprio, Corrado Moiso
-
Publication number: 20110019547Abstract: A method to control communication traffic in a communication network. The traffic includes application-level messages between a client and a server having a private network address. The method includes the steps of: sending by the client a request message requesting a service to the server using a first public network address associated with the server; processing the request message at an intermediate logic unit logically positioned between the client and the server; and receiving an alert signal at the intermediate unit. Upon receipt of said alert signal, the method provides for: mapping the private network address of the server to a second public network address associated with the server; and instructing the client to send the request message to the second public network address of the server, routing to the server only request messages directed to the second public network address.Type: ApplicationFiled: December 28, 2006Publication date: January 27, 2011Inventors: Paolo De Lutiis, Luca Viale, Vito Pistillo
-
Publication number: 20110016145Abstract: A method of providing telecommunication services includes generating a fictitious contact information univocally associated with a telephone number assigned to a subscriber; and storing the fictitious contact information in a database, like an ENUM database. Responsive to a request, received from a requester, of a contact information corresponding to the telephone number and adapted to allow contacting over the Internet the subscriber assignee of the telephone number, the method includes having the database providing the fictitious contact information; and conditioning a resolution of the fictitious contact information for the provisioning of the contact information to the satisfaction of at least one security rule adapted to assess properties of at least one among the requester and the request. In a case that the request from the requester satisfies the at least one security rule, the method resolves the fictitious contact information and provides the requester with the contact information.Type: ApplicationFiled: November 30, 2007Publication date: January 20, 2011Applicant: TELECOM ITALIA S.P.A.Inventors: Paolo De Lutiis, Francesco Silletta
-
Patent number: 7636848Abstract: Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.Type: GrantFiled: November 27, 2003Date of Patent: December 22, 2009Assignee: Telecom Italia S.p.A.Inventors: Ettore Elio Caprella, Paolo De Lutiis, Manuel Leone, Pier Luigi Zaccone
-
Publication number: 20090210707Abstract: A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.Type: ApplicationFiled: May 15, 2006Publication date: August 20, 2009Inventors: Paolo De Lutiis, Corrado Moiso, Gaetano Di Caprio
-
Publication number: 20090158032Abstract: In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network.Type: ApplicationFiled: November 30, 2005Publication date: June 18, 2009Applicant: TELECOM ITALIA S.P.A.Inventors: Luciana Costa, Paolo De Lutiis, Federico Frosali
-
Publication number: 20080127320Abstract: A system and method for authenticating a subscriber of a first network to access application services through a second network, wherein the second network is a packet data network.Type: ApplicationFiled: September 30, 2005Publication date: May 29, 2008Inventors: Paolo De Lutiis, Gaetano Di Caprio, Corrado Moiso
-
Publication number: 20080040801Abstract: For managing denial of service situations at an application level in a communications network receiving message data, the message data are monitored in a sensor that sends an event message when detecting an alarm condition; a control logic detects a first analysis to be performed associated with the received event message and generates a request; an analysis module receives the request of analysis, performs the analysis and sends a result message; the control logic receives the result message and detects an action to be taken associated with the result message, the action being a countermeasure or a further analysis. For determining the analysis to be performed and the action to be taken, the control logic browses rules stored in a memory, each rule including a conditional clause and an associated action to be taken.Type: ApplicationFiled: November 29, 2004Publication date: February 14, 2008Inventors: Luca Buriano, Fabrizio Caffaratti, Paolo De Lutiis, Fabia Ferreri
-
Publication number: 20070233883Abstract: A method and a system for accessing services provided by network resources in communication networks. Access to service capabilities is controlled at the application level by controlling the access through a gateway wherein an object-oriented service architecture based on abstracted application programming interfaces is implemented. Preferably, the service architecture is defined in OSA/Parlay standards. Access control is carried out by means of a logical entity, the service reference monitor, which is linked to the gateway and configured so that it intercepts all the communications passing between the client applications and the gateway. The service reference monitor captures the object reference to the service capability and assigns to the object reference a lifetime. At the expiration of the lifetime, the service reference monitor destroys the service capability. The probability of a malicious attack is lowered by limiting the time window of the life of access to a service.Type: ApplicationFiled: May 4, 2004Publication date: October 4, 2007Inventors: Paolo De Lutiis, Gaetano Di Caprio, Corrado Moiso
-
Publication number: 20070071241Abstract: Communication between an administrator device and an administered device in a network is arranged in the form of a chain of digitally signed communication items including messages sent from an originator device to a recipient device. Each message has an associated respective digitally signed receipt, and the originator device is configured not to send a new item toward the recipient device in the absence of a respective digitally signed receipt for a previously sent item. With at least one, and preferably by both of the administrator device and the administered device, there is stored a history record of communication items exchanged therebetween. The history record is agreed upon and signed by both the administrator device and the administered device.Type: ApplicationFiled: November 27, 2003Publication date: March 29, 2007Inventors: Ettore Caprella, Paolo De Lutiis, Manuel Leone, Pier Zaccone