Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
  • H04L63/105—Multiple levels of security
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities

Definitions

• the present invention relates to a method of securing a bidirectional communication channel between at least one originating network and a destination network through a transit network of a lower security level than the departure and destination networks, comprising the following steps:
• the interconnection of secure networks is generally achieved through other non-dedicated communications networks and may have lower levels of security, for example a public network of Telecom operator.
• the transport of data between two secure networks through a transit network generally requires an exchange of signaling and control data between the transit network and the secure networks.
• These signaling and control data which are notably used by the IP and Ethernet protocols, are for example reception acknowledgments or Resource ReSerVation Protocol (RSVP) signaling flows for managing the quality of service of data transmission sessions.
• RSVP Resource ReSerVation Protocol
• the systematic encryption of the data transmitted by the secure networks prevents the exchange of signaling and control data between the secured networks and the transit network, so that a requested service for a session between the secured networks can not be satisfied. only on these secure networks, and not on the entire path of the data exchanged.
• An alternative solution is to allow certain types of data to be transmitted in clear and uncontrolled through the transit network, ie to create an additional communication channel for certain types of data, but this solution includes risks because an attacker can exploit this channel to leak information from a secure network.
• the patent application FR 2 924 552-A1 discloses a method for securing a bidirectional communication channel, making it possible to secure this additional communication channel.
• the data to be transmitted are analyzed by a switching module which determines whether these data are of a type authorized to transit in clear on the transit network. If this is the case, for example if these data are signaling or control data, this data is filtered, so as to prevent the creation of a hidden channel between the secure networks, and transmitted in clear on the network of data. transit then to the destination network. If not, the data is encrypted and then transmitted to the destination network via the transit network.
• This method while improving the interoperability between networks of different security levels and preventing the creation of a hidden channel between the originating network and the transit network, does not, however, offer satisfactory security. .
• this method does not make it possible to guarantee the confidentiality of the data of the secured networks, because the data sent after filtering to the network may contain sensitive information.
• an RSVP request is issued by a terminal transmitting the originating network to a receiving terminal of the destination network and to the transit network, to initiate a communication between these sending and receiving terminals, this request contains in particular the IP addresses of the sending and receiving terminals, which may be confidential .
• this information is transmitted in clear on the transit network.
• the transit network can access sensitive or confidential information that is incompatible with its security level.
• the method described in the patent application FR 2 924 552-A1 allows the transmission of data from the transit network to the destination network at the initiative of the transit network.
• the filtered data transmitted by the originating network are transmitted to the transit network, which then transmits this data to the destination network. Therefore, a terminal placed on the transit network may, on its own initiative, transmit data to the destination network, for example by simulating a sending by the originating network, and possibly disturbing or making unavailable the destination network or the equipment computer network.
• the destination network can not determine whether these data are consistent with the data originally issued by the originating network, or if these data were actually issued by these networks.
• the invention therefore aims to secure the transmission of data between two networks, through a network of lower security level, while allowing interoperability between these networks.
• the subject of the invention is a security method of the aforementioned type, characterized in that it furthermore comprises, during the transmission of said first data from the originating network to the transit network and to the destination network. , the following steps:
• the security method according to the invention also comprises the following characteristics, taken separately or in combination:
• said first filtering step comprises a step of substitution of sensitive information included in said first data, incompatible with the security level of the transit network, with information compatible with the security level of the transit network; said first filtering step comprises a backup of a first connection context associated with said first data;
• said second filtering step comprises the introduction into said second data of said substituted sensitive information during said substitution step.
• the invention also relates to a device for securing a bidirectional communication channel between at least one originating network and a destination network through a transit network of a lower security level than the originating networks and destination, comprising:
• a first filtering module comprising means for applying at least one analysis filter to data to be transmitted from the originating network to the transit network, to counter the creation of a hidden communication channel
• a cryptographic data protection module able to protect data to be transmitted from the originating network to the destination network, through the transit network, said system being characterized in that it furthermore comprises at least one data module; switching, able to direct first data to be transmitted from the originating network to the transit network and to the destination network, to said first filtering module, to duplicate said first data, and to refer said first duplicate data to said module cryptographic protection.
• the securing device according to the invention also comprises the following features, taken separately or in combination:
• said first filtering module comprises means for substituting sensitive information included in said first data, which is incompatible with the security level of the transit network, with information compatible with the security level of the transit network; said first filtering module comprises means for saving a first connection context associated with said first data;
• a second filtering module comprising:
• said second filtering module comprises means for introducing into said second data said sensitive information substituted by said first filtering module.
• FIG. 1 is a diagram illustrating the overall architecture of networks adapted to the implementation of the method according to the invention
• FIG. 2 is a diagram of a security device according to one embodiment of the invention.
• FIG. 3 is a block diagram illustrating steps of the method according to one embodiment of the invention, implemented by the securing device of FIG. 2;
• FIG. 4 is a block diagram illustrating other steps of the method according to one embodiment of the invention, implemented by the securing device of FIG. 2;
• FIG. 5 is a block diagram illustrating the implementation of a security method according to one embodiment of the invention, between the networks illustrated in FIG.
• FIG. 1 shows the overall architecture of networks adapted to the implementation of the method according to one embodiment of the invention.
• Two secure telecommunication networks N1 and N3, hereinafter referred to respectively as departure and destination networks, are able to communicate through a transit network N2, with a lower security level than the secure networks N1 and N3.
• the secure networks N1 and N3 are, for example, internal corporate networks, and the transit network N2 a public network such as the Internet.
• the originating network N1 comprises at least one transmitting terminal 3 and a securing device 5, connected by a wired or wireless connection 7 to the transmitting terminal 3.
• the transmitting terminal 3 for example a computer, is able to exchange data with the transit network N2 and the destination network N3 via the security device 5, and in particular signaling and control data.
• the security device 5 is cut off between the originating network N1 and the transit network N2, so that all the data exchanged between the sending terminal 3 and the transit network N2 necessarily pass through the security device 5.
• the security device 5 is able to analyze the data transmitted by the sending terminal 3 to the transit network N2 or the destination network N3, to determine whether they are of a type authorized to transit in the clear on the network N2 of transit.
• confidential data will be called data which are not of a type authorized to transit in the clear over the transit network N2, and non-confidential data of a type authorized to transit in clear on the N2 transit network.
• Non-confidential data is, for example, signaling or control data, for example data associated with Session Initialization Protocol (SIP) requests, RSVP resource reservation requests, or Domain Name System (DNS) queries.
• SIP Session Initialization Protocol
• RSVP Resource reservation requests
• DNS Domain Name System
• the security device 5 is able to encrypt data deemed confidential issued by the transmitting terminal 3 and to transmit these data, once encrypted, to the destination network N3 through the N2 transit network. Moreover, the security device 5 is able to duplicate the data deemed non-confidential, to filter on a first copy of this data and to transmit the filtered data to the transit network N2. The security device 5 is also able to encrypt a second copy of these data and to transmit these encrypted data to the destination network N3.
• the security device 5 is able to receive all the data transmitted by the transit network N2 or the destination network N3 to the transmitting terminal 3 and to transmit these data to the transmitting terminal 3 after filtering or decrypting these data. data. More specifically, the security device 5 is able to decrypt encrypted data transmitted by the destination network N3 and to transmit the decrypted data to the transmitter terminal 3. Moreover, the security device 5 is able to apply filtering on data transmitted in clear by the transit network N2, to block these data if they present a risk for the originating network N1, and to transmit the filtered data to the transmitting terminal 3 in the opposite case.
• This security device 5 will be described in more detail with reference to FIG.
• the destination network N3 comprises at least one receiver terminal 9 and a security device 11, connected by a wired or wireless connection 13 to the transmitter terminal 3.
• the receiving terminal 9 for example a computer, is able to exchange data with the transit network N2 and the originating network N1 via the security device 11.
• the security device 1 1 is installed in a cutoff between the transit network N2 and the destination network N3. It is identical in structure and operation to the device 5 for securing the originating network N1.
• the transit network N2 comprises in particular several routers Ri, R 2 , R 3 , R n , interconnected by a mesh of links 13, which are for example wired links or radio links. Moreover, at least one router R ⁇ is connected to the security device 5 for securing the originating network N1, and at least one router R n is connected to the securing device of the destination network N3.
• the routers Ri, R 2 , R3, Rn are capable of passing data between the devices 5, 1 1 for securing the networks N1, N3 of departure and destination, to receive signaling and control requests. transmitted by these devices 5, 1 1 of security, and to respond to these requests.
• FIG. 2 illustrates, in a simplified manner, the architecture of a security device 5, placed in a cutoff between the sending terminal 3 and the router Ri of the transit network N2, both represented schematically.
• the security device 5 comprises a first switching module 20, a cryptographic protection module 22, and a first filtering module 24, as well as a second switching module 26, a cryptographic verification module 28 and a second module 30 filtering.
• the device 5 comprises a first input 5a connected to the transmitter terminal 3 by the link 7, a second input 5b connected to the router R 1; a first output 5c and a second output 5d connected to the transmitter terminal 3 by the link 7, a third output 5e and a fourth output 5f connected to the router
• the first switching module 20 comprises an input 20a and two outputs 20b, 20c, its input 20a being connected to the first input 5a of the device 5.
• the second Referring module 26 comprises an input 26a and two outputs 26b, 26c, its input 26a being connected to the second input 5b of the device 5.
• the cryptographic protection module 22 comprises an input 22a, connected to the first output 20b of the first switching module 20, and an output 22b, connected to the third output 5e of the device 5.
• the cryptographic verification module 28 comprises an input 28a. connected to the first output 26b of the second switching module 26, and an output 28b connected to the first output 5c of the device 5.
• the first filtering module 24 comprises an input 24a, connected to the second output 20c of the first switching module, and two outputs 24b, 24c, its first output 24b being connected to the fourth output 5f of the device 5.
• the second filtering module 30 comprises a first input 30a, connected to the second output 26c of the second switching module, a second input 30b, connected to the second output of the first filtering module 24, and an output 30c, connected to the second output 5d of the device 5.
• the first switching module 20 is adapted to receive data transmitted by the transmitting terminal 3 to the receiving terminal 9, and to analyze these data to determine whether they must also be transmitted to the network N2.
• the first routing module 20 is able to analyze the metadata associated with this data by the transport protocol used, and to determine from these metadata the nature of the data transmitted by the sending terminal 3.
• This metadata is by for example, Open Source Interconnection (OSI) layer 3 IP protocol metadata including IP addresses, protocol numbers of the sender and receiver terminals, and the communication ports used.
• OSI Open Source Interconnection
• IP protocol metadata including IP addresses, protocol numbers of the sender and receiver terminals, and the communication ports used.
• certain IP addresses and / or communication port numbers are associated with services or types of flows, for example signaling flows, authorized to transit through the N2 transit network. Other types of flows are dedicated to transfers of confidential information, thus requiring systematic cryptographic protection.
• the first routing module 20 is able to duplicate the data to be transmitted both to the network N2 and the receiver terminal 9, to transmit a first copy of this data to the first filtering module 24, and to transmit a second copy of this data to the encryption module 22.
• the first routing module 20 is able to transmit the data to the cryptographic protection module 22 if they must be transmitted only to the network N3.
• the cryptographic protection module 22 comprises means for analyzing data transmitted by the first routing module 20, according to a predefined security policy, to determine whether this data is authorized to be transmitted to the destination network N3 and which type of protection cryptographic needs to be applied, depending on the level of confidentiality of these data. IPsec mechanisms are an example of applicable cryptographic protection.
• the cryptographic protection module 22 also comprises means of cryptographic protection of the data authorized to be transmitted to the destination network N3, according to a certain type of cryptographic protection, and to transmit protected data, for example encrypted, to the destination network N3. , through the N2 network.
• the cryptographic protection module 22 is furthermore capable of blocking unauthorized data to be transmitted to the destination network N3.
• the first filter module 24 is able to receive data transmitted by the first switching module 20, to determine the nature of these data, to apply several filters to these data, depending on the nature of these data, in particular a filter syntactical analysis, a semantic analysis filter and a substitution filter, to transmit these data, after filtering, to the transit network N2, or to block the transmission of these data if the parsing filters, or semantic analysis detect an anomaly.
• the first filter module 24 comprises for this purpose a database of filters, each filter corresponding to a type of data to be checked.
• a filter is formed, for example, of a set of parameters and / or software components.
• the database includes a filter for controlling RSVP protocol resource reservation requests.
• the filters for parsing, semantic analysis and substitution are able to counter the creation of a hidden communication channel.
• the parsing filter is able to verify that the data to be transmitted respect the format defined in the standards and standards of the protocol used, and that no field of these data is diverted from its object.
• the parsing filter is able to detect anomalies in the values of the fields, which could hide a data leak.
• the semantic analysis filter is able to check the automaton of the possible states for a given protocol, and the consistency of the sequences of these states, and to detect any hidden meaning concealed in a query. For example, the semantic analysis filter is able to prohibit the transmission of data corresponding to a state intermediary of the protocol used if the data corresponding to the previous states have not been transmitted.
• the semantic analysis filter is able to extract data to transmit a connection context associated with them, to save this context and to transmit it to the second filtering module 30.
• the substitution filter is able to replace sensitive information contained in the data to be transmitted, a level of security incompatible with the security level of the transit network N2, with information of a level of security compatible with the network N2. , so as to reduce the risk of information leakage from the network N1 to the network N2, and to transmit these sensitive information substituted for the second filtering module 30.
• this data may contain information considered as sensitive, which must not be communicated to the network N2, for example the IP addresses of the sending and receiving terminals, the telephone numbers of these terminals if they are telephones, or any other information relating to the identity of the transmitter and the receiver.
• the substitution filter is thus able to substitute the IP addresses of the transmitter 3 and receiver terminals 9 by the respective IP addresses of the security devices 5 and 11.
• the second switching module 26 is able to receive data transmitted by router R1 to the network N1, for example from the transmitting terminal 3. These data are for example encrypted data transmitted by the receiving terminal 9, via the device 11. security, or unencrypted data transmitted by the network N2. The second switching module 26 is thus able to direct the cryptographically protected data to the cryptographic verification module 28, and the unprotected data to the second filtering module 30.
• the cryptographic verification module 28 is able to apply a cryptographic processing, according to the data transmitted by the second routing module 26, and to transmit these data, once decrypted, to the transmitting terminal 9.
• the second filter module 30 is adapted to receive data transmitted by the second switching module 26, to determine the nature of these data, to apply several filters to these data, depending on their nature, in particular an analysis filter. syntax, a semantic analysis filter and a transposition filter, to transmit these data, after filtering, to the transmitting terminal 9, or to block the transmission of these data if the parsing or semantic analysis filters detect a anomaly. Furthermore, the second filtering module 30 is adapted to receive connection contexts transmitted by the first filtering module 24 and to save them.
• the second filtering module 30 also comprises a filter database, each filter corresponding to a type of data to be checked.
• the parsing filter is similar to the parsing filter of the first filtering module 24.
• the semantic analysis filter is able to compare the connection context of the data to be transmitted to one or more saved connection contexts and block the transmission of these data if these contexts are inconsistent, that is to say if these data do not correspond to a response to a request sent by the transmitting terminal 3.
• the semantic analysis filter is therefore able to prevent the transmission to the sending terminal 3, hence on the network N1, of requests initiated by the network N2.
• the transposition filter is able to introduce in the data to be transmitted the sensitive information replaced by the substitution filter of the first filtering module 24, for example the IP addresses of the transmitting terminal 3 and the receiving terminal 9, so that these data can subsequently be transmitted to the transmitting terminal 3.
• the security device 5 is preferably installed in a controlled space, for example in an enclosure of the network N1, to physically protect its inputs and outputs against potential attackers.
• the securing device 5 is physically shielded, in particular, to prevent attacks by auxiliary channels, in particular by analyzing the electric current consumed by the device or the electromagnetic radiation emitted by the device.
• FIG. 3 shows the steps implemented by the security device 5 when it receives data D transmitted by the transmitting terminal 3 to the receiving terminal 9, the data D being transmitted according to a given protocol P.
• the data D transmitted by the transmitting terminal 3 are received by the first switching module 20.
• the latter analyzes the data D to determine whether they are to be transmitted or not to the network N2.
• the first routing module 20 sends them to the module 22 cryptographic protection.
• the cryptographic protection module 22 encrypts the data D, then transmits these encrypted data in a step 44 to the network N3, through the network N2.
• the first routing module 20 duplicates the data D, sends a first copy Di of these data to the cryptographic protection module 22 and a second copy D 2 to the first filtering module 24.
• a request sent by a resource reservation service from the transmitting terminal 3 to intermediate relay equipment, some of which are located on the network N2, is directed to the first filter module 24 before being transmitted to N2 network equipment.
• This same request is also directed to the encryption module 22 so that it can be transmitted, securely, to the remote network N3 security level higher than N2.
• This example can, of course, be extended to a multitude of services.
• the data is then encrypted and sent to the network N3 following steps 42 and 44.
• the data D 2 is received by the first filtering module 24, which applies, during a first filtering step 48, several filters to these data, notably a parsing filter, a semantic analysis filter and a substitution filter, as described with reference to FIG.
• the first filtering module 24 verifies that the data D 2 respect the format defined in the standards and standards of the protocol P, and that no field of these data D 2 n ' is diverted from his object.
• the first filtering module 24 checks the automaton of the possible states for the protocol P, and the coherence of the sequences of these states, and detects a possible hidden meaning concealed in these data. In addition, during step 52, the first filtering module 24 extracts data D 2 from the connection context associated with them, saves this context and transmits it to the second filtering module 30.
• the first filtering module 24 replaces the sensitive information contained in the data D 2 , a security level incompatible with the security level of the network N2, by information of a level of security compatible with the N2 network.
• the first filtering module 24 transmits the substituted sensitive information to the second filtering module.
• the parsing or semantic analysis filters detect an anomaly, the data is blocked at 56 and not transmitted to the network N2. If no anomaly is detected, the first filtering module transmits during a step 58 the data obtained after the filtering 48 to the network N2.
• FIG. 4 also shows the steps implemented by the security device 5 when it receives data D transmitted by the receiving terminal. 9 or N2 network to the transmitter terminal 3, following a data transmission as described with reference to Figure 3.
• Data D ' is received by the second switching module 30.
• the second routing module 30 transmits the data D 'to the cryptographic verification module 28 if it is cryptographically protected, and to the second filtering module 30 if it is not.
• the cryptographic verification module 28 applies a cryptographic verification process (for example, a decryption) on the data D'. Then, in a step 64, it transmits the data resulting from the processing to the transmitting terminal 3.
• a cryptographic verification process for example, a decryption
• the second filtering module 30 applies on these data, during a second filtering step 66, a parsing filter, a semantic analysis filter and a transposition filter. .
• the second filtering module 30 verifies that the data D 'respect the format defined in the standards and standards of the protocol P, and that no field of these data D' n ' is diverted from his object.
• the second filtering module 30 compares the connection context of the data D 'to the connection context transmitted by the first filtering module 24 during the step 52.
• the second filtering module blocks at 72 the transmission of data D'.
• the second filtering module 30 reintroduces into the data D the sensitive information replaced by the first filtering module 24 during the step 54, for example the IP addresses of the sending terminal 3 and the receiving terminal 9.
• the second filtering module 30 transmits the filtered data to the transmitting terminal 3.
• FIG. 5 is a diagram illustrating an exemplary implementation of the method according to the invention, during the initiation of a resource reservation communication between the sending terminal 3 of the network N1 and the receiving terminal 9 of the network N3, then during the transmission of the data of this communication between the transmitter 3 and receiver 9 terminals.
• Routers R 1, R 2 , R 3, R n of the transit network N 2 are not represented in this figure.
• the transmitting terminal 3 transmits an RSVP message M, requesting a reservation of resources between the transmitting terminal 3 and the receiving terminal 9.
• the RSVP message M must therefore be transmitted both on the network N2, between the security devices 5 and 1 1, so as to reserve the necessary resources between the routers of the network N2, and on the network N3, to reserve the necessary resources between the device 1 1 security and receiving terminal 9.
• This RSVP message M is sent by the sending terminal 3 to establish the list of routers of the path that will be followed by the data of the communication. It comprises a header, including in particular a field indicating that it is a message of "Path" type, and several objects indicating the IP address of the sending terminal 3, denoted IP 3 , the IP address of the receiver terminal 9, denoted IP 9 , the port numbers of the transmitter terminals 3 and receiver 9, denoted respectively P 3 and P 9 , and the quantity Q of resources to be reserved.
• the message M transmitted by the transmitting terminal 3 is transmitted to the security device 5, and more precisely to the first routing module 20.
• the latter analyzes the message M and determines that it is a signaling flow that must be transmitted to the network N2.
• the first routing module 20 duplicates the message M, and transmits first a first copy of this message to the first filtering module 24 and a second copy of this message to the cryptographic protection module 22.
• the first filtering module 24 determines the nature of this message, in this case detects that it is a reservation message, and applies the syntax and semantic analysis filters of its base. data adapted to the reservation messages.
• the parsing filter thus verifies that the message M respects the format defined in the standards and standards of the RSVP protocol used.
• the semantic analysis filter determines the connection context of the message M, in particular the fact that it is a reservation request of the "Path" type, and transmits this connection context to the second module 30. filtering.
• the first filtering module 24 then applies to the message M a substitution filter, which replaces, in the message M, the IP address 3 and the IP address 9. transmitter terminals 3 and receiver 9 by the IP addresses of the security devices 5 and 1 1, denoted IP 5 and IPn.
• the first filtering module 24 transmits a filtered message
• M (Path, IP 5 , IP 1 1 , P 3 , P 9 , Q) to the transit network N2.
• the filtered message M contains no sensitive information relating to the identity of the transmitter 3 and receiver 9 terminals, so that this information does not circulate in clear on the network N2.
• this filtered message M includes only the IP addresses 5 and IPn of the devices 5 and 1 1 securing, it is only transmitted on the network N2 between these devices 5 and 1 1, and is not transmitted at any time. in the N3 network.
• the filtered message M is therefore a request for reservation of resources between the devices 5 and 1 1 of securing. It is transmitted on the network N2 via at least some of the routers Ri, R 2 , R 3 , R n , until the device 1 1 of securing, and the reservation of the requested resources is performed on the network N 2. It is never transmitted on the N3 network.
• the message E is received by the second routing module 26, which transmits it to the second filtering module 30 since this message E is not encrypted.
• the second filtering module 30 analyzes the message E to counter any attempt to create a hidden communication channel and intrusion on the network N1 by the network N2.
• the second filter module 20 applies a semantic filter to the message E and verifies that its connection context corresponds to a saved connection context.
• the message E actually being a response to a request sent by the security device 5, it is authorized to be transmitted to the transmitting terminal 3.
• the second filtering module 20 applies a transposition filter to the message E, so as to reintroduce in this message the IP 3 and IP 9 addresses of the transmitter 3 and receiver 9 terminals.
• the encrypted message M f (Path, IP 3 , IP 9 , P 3 , P 9 , Q) is transmitted through the network N2 to the network N3.
• This message M is received by the referral module of the device 1 1 security, which transmits it to the cryptographic verification module of this device.
• the encrypted message M is then decrypted, and the decrypted message M transmitted on the network N3 to the receiving terminal 9.
• the necessary resources are then reserved between the device 1 1 and the receiving terminal 9.
• the sending terminal 3 If the sending terminal 3 does not receive an error message indicating a failure when reserving resources, it then transmits the DM data for which the resources have been reserved.
• the device 11 then decrypts this data, then transmits the decrypted data DM to the receiving terminal 9.
• the verification of the connection context associated with any data transmitted by the network N2 to the network N1 or to the network N3 makes it possible to prevent any communication, potentially dangerous, at the initiative of the network N2.
• the method according to the invention can therefore be seen as a cryptographic protection method with controlled interoperability.
• the level of interoperability with less secure networks is configured according to the proportion of services allowed to transmit information to the N2 network of lesser security via the filtering step and according to the context of use and the associated level of threats.
• the security method is implemented between more than two secured networks, through several networks of lower security levels, each of the secured networks being equipped with at least one security device. according to the invention.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Hardware Design (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Data Exchanges In Wide-Area Networks (AREA)
• Computer And Data Communications (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=43921085

Family Applications (1)

Country Status (3)

Families Citing this family (2)

Family Cites Families (4)

• 2010
  • 2010-07-13 FR FR1002958A patent/FR2962868B1/fr active Active
• 2011
  • 2011-07-13 EP EP11743114.8A patent/EP2594048A1/de not_active Withdrawn
  • 2011-07-13 WO PCT/FR2011/051676 patent/WO2012007693A1/fr active Application Filing

Non-Patent Citations (2)

Also Published As

Similar Documents

Legal Events