公开(公告)号：US12255876B2

公开(公告)日：2025-03-18

申请号：US17597179

申请日：2020-06-22

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L9/00 ,  H04L9/40 ,  H04L67/561 ,  H04L67/563 ,  H04L69/164

Abstract: A method for managing communication between a first terminal and a second terminal in a communication network is disclosed. The method includes, at the first terminal: discovering at least one proxy node between the first terminal and the second terminal, the proxy node being capable of providing at least one service for the communication, and if the first terminal accepts the service, sending to the second terminal, in an establishment phase or during the communication, an encrypted proxy information message containing data identifying the at least one proxy node and a token intended to be provided to the second terminal by the at least one proxy node.

公开(公告)号：US12206704B2

公开(公告)日：2025-01-21

申请号：US17439267

申请日：2020-03-09

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L9/40 ,  B64U101/00

Abstract: Managing assistance to a communication network capable of routing traffic characteristic of a computer attack is disclosed. A method includes upon detecting a computer attack, identifying at least a first node of the network, requiring a mitigation intervention, and identifying a traffic routing policy in the network; controlling a movement of at least one mobile object comprising at least one communication interface, so as to connect the mobile object to at least a second node of the network determined relative to the first node according to the traffic routing policy; and controlling at least part of the traffic routed by the network, so as to redirect the part of the traffic to the mobile object via at least the second node of the network.

公开(公告)号：US20240430226A2

公开(公告)日：2024-12-26

申请号：US17619850

申请日：2020-06-18

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L61/251 ,  H04L61/4511

Abstract: A method for a client device to obtain an IP address in order to access a network resource via at least one IP network. The method includes: inserting, in a request for obtaining an IPv6 address in order to access the network resource intended for a DNS server, a piece of information representing an IP address type expected by the client device of the DNS server in response to the obtaining request if the network resource has an IPv4 connectivity; and sending the obtaining request to the DNS server.

公开(公告)号：US20240048576A1

公开(公告)日：2024-02-08

申请号：US18258918

申请日：2021-12-21

Applicant: ORANGE

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/20 ,  H04L63/0236

Abstract: Methods for traffic redirection, corresponding terminal, controller, authorization server, name resolution servers and computer program. A name resolution method implemented in a terminal connected to a communication network includes: transmitting, to a first name resolution server, a name resolution message via a secure communication channel between the terminal and the first name resolution server; if a redirection of the DNS traffic of the terminal is authorized, obtaining at least one identifier of a second name resolution server for the redirection; and executing at least one action for managing the redirection of the DNS traffic of the terminal to the second name resolution server, at least from among: verifying legitimacy of the second name resolution server, sending an indication of a failure of a connection of the terminal with the second name resolution server; and requesting deactivation of the redirection of the DNS traffic to the second name resolution server.

公开(公告)号：US11641307B2

公开(公告)日：2023-05-02

申请号：US17311092

申请日：2019-12-03

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: G06F15/16 ,  H04L41/0816 ,  H04L41/0823 ,  H04L41/08 ,  H04L45/028 ,  H04L45/42 ,  G06F15/173

Abstract: A method for configuring a first network node using a first autonomous system (AS) number in at least one session established with another node according to a dynamic routing protocol is described. The method is implemented by the first node and includes receiving a configuration message comprising at least one piece of information that is representative of a second AS number intended to be used by the first node as a replacement for the first number, configuring the first node with the second AS number, identifying at least one second node having at least one session according to the dynamic routing protocol, active with the first node, in which the first node is associated with the first AS number, and sending a control message to the at least one second node requesting the replacement of the first AS number with the second AS number by the at least one second node, such that, after the replacement, the first node is associated with the second AS number in the at least one active session.

公开(公告)号：US20220272079A1

公开(公告)日：2022-08-25

申请号：US17597122

申请日：2020-06-24

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L9/40 ,  H04L67/56 ,  H04L69/18 ,  H04L69/165 ,  H04W12/102

Abstract: A method for communication in a network is disclosed, between a first and second terminal between which is established a first encrypted connection for transmitting data. The method comprises at the first terminal: storing, in association with the first connection, at least one second connection between the first terminal and the second terminal via an intermediate processing function intended to be applied between the first terminal and the second terminal to a part of the data referred to as eligible for the second connection, and a filter characterizing the data eligible for the second connection, the second connection being encrypted between the first terminal and the intermediate processing function, and sending, via the second connection, a message intended for the intermediate function and carrying data for the second terminal corresponding to the filter, the first message sent comprising information according to which the data are intended for the second terminal.

公开(公告)号：US20180109473A1

公开(公告)日：2018-04-19

申请号：US15567265

申请日：2016-04-15

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L12/931 ,  H04L12/713 ,  H04L12/707 ,  H04L12/715 ,  H04L12/721

CPC classification number: H04L49/70 ,  H04L45/24 ,  H04L45/586 ,  H04L45/64 ,  H04L45/70

Abstract: A method of emulating a multipath connection, in which data packets sent or received by a given user equipment are intercepted by a plurality of concentrators situated in at least one network to which the user equipment is connected. Each concentrator serves to aggregate connections making use of a plurality of paths that can be used by the user equipment. One of the concentrators is designated in dynamic manner as being “primary” concentrator, and the other concentrator(s) are designated as being “secondary” concentrator(s). The primary concentrator or a secondary concentrator: a) receives a data packet sent by the user equipment to a correspondent; b) when necessary, removes all of the multipath options from the received packet; c) replaces the source address of the received packet with an address of the primary concentrator; and d) sends the packet as modified in this way to the correspondent.

公开(公告)号：US20170142233A1

公开(公告)日：2017-05-18

申请号：US15322922

申请日：2015-06-26

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L29/06 ,  H04L12/24 ,  H04L29/14

Abstract: A transmission control protocol (TCP) communication method includes: a) a first client device or a first relay device connected to the first client device sending to a second client device or to a second relay device connected to the second client device a message for initializing a TCP connection on a “first” path, the message including a TCP option indicating that the first client device or the first relay device seeks to participate both in a TCP connection and in a multipath connection over the first path; b) the devices participating in a TCP connection and in a multipath connection over the first path; and c) if at least one of the two client devices or one of the two relay devices observes an anomaly concerning the multipath connection, the first client device and the second client device using the TCP connection to exchange payload data.

公开(公告)号：US20240422552A1

公开(公告)日：2024-12-19

申请号：US18708806

申请日：2022-11-08

Applicant: ORANGE

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04W12/67 ,  H04W12/088

Abstract: A method for identifying sensitive data in at least one data packet emitted by at least one terminal connected to a network, items of identification information relating to an identity and/or environment of an entity to which the at least one terminal belongs being able to be determined from sensitive data having been inserted into the at least one packet before it reaches a destination equipment item. The method includes steps implemented by a searching device, including: receiving the at least one data packet, searching for sensitive data in the at least one data packet, and, where applicable, providing the entity with items of information about the detected sensitive data.

公开(公告)号：US12105798B2

公开(公告)日：2024-10-01

申请号：US17780266

申请日：2020-11-26

Applicant: Orange

Inventor： Mohamed Boucadair ,  Christian Jacquenet

IPC: H04L9/40 ,  G06F21/55 ,  H04L29/06

CPC classification number: G06F21/554 ,  G06F2221/034

Abstract: A method for coordinating mitigation of a cyber attack, an associated device and system. The coordination method is implemented by a device managing resources in a computing domain, wherein the resources are protected by a plurality of services protecting against cyber attacks. The method includes: producing mitigation plans implemented by protection services from the plurality of protection services in response to a cyber attack targeting at least one of the resources in the computing domain; and following a detection of at least one incompatibility between the mitigation plans produced, coordinating an adjustment to all or some of the incompatible mitigation plans, among the protection services that have implemented the incompatible mitigation plans, so as to eliminate the incompatibility.