WO2009147163A1 - Procède de traçabilité et de résurgence de flux pseudonymises sur des réseaux de communication, et procède d'émission de flux informatif apte a sécuriser le trafic de données et ses destinataires - Google Patents
Procède de traçabilité et de résurgence de flux pseudonymises sur des réseaux de communication, et procède d'émission de flux informatif apte a sécuriser le trafic de données et ses destinataires Download PDFInfo
- Publication number
- WO2009147163A1 WO2009147163A1 PCT/EP2009/056786 EP2009056786W WO2009147163A1 WO 2009147163 A1 WO2009147163 A1 WO 2009147163A1 EP 2009056786 W EP2009056786 W EP 2009056786W WO 2009147163 A1 WO2009147163 A1 WO 2009147163A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- instance
- identity
- streams
- communication
- flows
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/60—Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
- H04M2203/6027—Fraud preventions
Definitions
- the present invention relates to a method of traceability and resurgence of pseudonymised flows in communication networks, in particular telecommunication and television broadcasting, capable of facilitating the detection of unauthorized flows, or sought for other reasons such as statistical processing or metrological analyzes. It also relates to a method of transmitting an information flow in such a network, able to secure traffic or access to data, its recipients and the terminal equipment used by them. It also relates to an interlocutor identity guarantee device capable of avoiding the use of the disclosure of real identities.
- the invention applies in particular to fight against illegal downloads of works of the mind (ascending or descending - "uploading", “downloading” - and any form of provision for a broadcast or a flow activation), as well as the sending of unsolicited messages or the massive solicitation of subscribers to encourage the recall of numbers actually billed in particular. It also applies to analyze and protect interdependencies in critical information and communication infrastructures. It also applies to build trust in relations between communicators.
- the word "flow” will mean, in particular, sending of files, documents, stream transmissions, letters, telephone calls, in analog or digital form, as well as a transmission via activation of its equipment by a third party, more whether they are available voluntarily or not.
- This flow can occur between all types of terminals or communication media. Activation such as recipients or stream content may or may not be desired, and chosen or random.
- server will denote as much a server, a computer, a computer machine, or any medium involved in a computer operation information distribution. This includes everything communication medium, any equipment capable of transmitting a stream over a telecommunication or television broadcasting network, such as mobile phones such as electronic diaries or networks of sensors or actuators. It more generally encompasses equipment that is ancillary to the first and likely to participate in this action, for example external electronic memories.
- Open or closed networks used in telecommunication for the transmission and circulation of all types of flows, see the coexistence of lawful or illicit, friendly or untimely uses. Their large number, in terms of diversity and speed, reduces the possibility of easily detecting these deviant uses. In addition to technical difficulties, there are legal, regulatory, ethical, cultural or economic constraints.
- ISPs internet service providers
- the "radars" placed at strategic points on the network to control the contents are only partially authorized, and with various restrictions, because they constitute the way open to the espionage of the contents on the networks of the convergence, assimilable often to illicit listening. Any process that is too intrusive and non-discriminating ethically is likely to trigger a response in advance to hard protection modes, such as data encryption, which in turn increases the difficulty of their observation and triggers a reciprocal escalation. means resulting in the coexistence of spaces with excess opacity or excess porosity.
- the invention instead aims to provide an open solution with sufficient durability to remove or limit the various illicit methods on the Internet while respecting the various constraints involved.
- Telecommunication networks experience a reduction in current usage costs but a concomitant sophistication of services so-called value-added.
- This divergence creates an asymmetry where the sending of messages or phone calls for the purpose of fraud, for example, costs the attacker less and less, but more and more to the victims through, inter alia, reminder numbers, high billing.
- servers are sometimes out of spatio-temporal scope. For example, they may be beyond the reach of a country's justice, for two reasons in particular: either the server is located abroad, or it is in the country or in a bordering zone but proceeds constantly by way of escape identity (“he zaps”): the life of the server is ephemeral, it is born, performs its misdeeds and disappears to reappear under another identity.
- escape identity he zaps
- a first particularity of the invention lies in its finding that better secure content distribution will require to be as much as possible both at the beginning and at the end of the chain of distribution, or at least at strategic points.
- networks where we can intervene or collect all the information.
- IP routing on the Internet allows great freedom of routing information packets within a network.
- the invention therefore aims to intervene or to distribute a secret at the beginning of the chain (or as far upstream as possible), for each approved interlocutor, and to find this intervention or this secret later, so as to know that these flows are listed and to be able to presume them less or more indifferent in the light of a search.
- this secret element lies in its ability to be periodically modified at intervals to be defined, random, correlated with a risk of discovery, or advantageously left to the discretion of the public. homologating body. These modifications take interest not to be predictable or reconstructible either in their moment of occurrence, or in the variation made to the scratching, as defined below. No limit to the brevity of existence of a secret is necessary, other than determined by the technical constraints of the marking device and auscultation.
- the invention particularly relates to a pseudonymized flow detection method.
- the electronic cryptonymes used in the method according to the invention define a set of technical possibilities of marking or encapsulation, either of a technical equipment, a file or a stream, or finally of all these elements (to As an extreme example, a scratch can also be a particular protocol such as IPsec, MPLS, etc.).
- the invention establishes a cryptonyme, or "masking cryptonyme" to emphasize the masking function, the true identity of the flow or its issuer. It provides a marking or encapsulation system separately affixable to both a transmitter and a file or stream, but without having the need to know by a real identity.
- Another advantage of the invention lies in its ability to create and enforce a pseudonymizing procedure. This procedure is based on coordination and complementarity between the means of creating this pseudonymisation, previously represented by the notion of "masking scratching", and the means of enforcing this pseudonymisation during an observation. flow, articulated around a segmentation of entities supplemented by a particular partitioning between these instances.
- the method comprises at least three steps: a step of assigning a cryptonymic identity to communication media by a homologous first instance A, the streams emitted by a medium carrying a clawing function of its cryptonyme, the cryptonyme of a medium being distinct from its real identity , the communication medium can not be definitively freed from scratching without an authorization signal from the first instance A;
- a step of reading, analyzing and sorting (filtering) the streams by a second instance B said analysis comprising a phase of identifying flows with their communication supports by searching for similarity between the "hiding masking" of the streams; and the cryptonymic identity of the media using a table referencing the cryptonymes, and a phase of observable characteristics of the flows through the network;
- a behavior defined by a set of characteristics, is declared typical or atypical compared to a given set of criteria, the cryptony table having no link with real identities.
- the analysis of behavior is for example carried out in priority on the streams having no masking scratching reported on a communication medium provided with a cryptonyme.
- a communication medium may provisionally or selectively omit a masking scratch without an authorization signal from the first instance.
- a communication medium may temporarily or selectively omit a masking scratch via an authorization signal from the first instance.
- the term dogging covers a function, which is to hide the real identity of a sender, since it functionally prohibits the instance B to search the latter on a given stream.
- B is entitled to look at or memorize a real identity after finding no scratching.
- the second instance B can perform stream reading at any point in the network, and can advantageously carry out this stream reading, for example at the input and / or the output of the communication media of the network operators, so as not to imply directly these.
- the flow analysis is for example performed on their communication protocols.
- the method may comprise a third step of receiving the signaling of typical or atypical behaviors, by a third instance C, said instance being able to verify the lawfulness of the corresponding flows.
- the instance C is for example able to check the contents of the corresponding flows.
- the instances A, B, C can be partitioned without mutual access to their respective data other than by requests, according to a predefined degree of authorization to issue or respond, offline or in real time.
- the process finds its full effectiveness of privacy in a strong compartmentalization between A, B and C.
- the method according to the invention will therefore simply inspect the network traffic, as regards for example its nature, its volume, its frequency, its form, its syntax or its complexity, and this without initially checking the content of users and without touching this content, regardless of applications and users.
- the invention thus differs from the usual control devices focused on content management (content labeling, fingerprint, electronic signature, "fingerprinting", “hash code”) since it makes it possible to identify prior behaviors during telecommunications, without need at certain stages to identify by name, by their real identity, neither their protagonists nor the contents exchanged.
- the invention is therefore intended to mark the container, but not the content of the communication. It does not initially affect the content of the information of the transmitters and receivers, nor so to mark them nor at first glance to access them in order to know them.
- This scratching will be done on the container of the communication, that is to say on the rules, the protocols used by the communication machines, independently of the physical actors. It is therefore not the responsibility of the end user or the issuer, but of a third party (A).
- this scratching largely escapes the wills and the actors, in the sense that these marks do not interact with the private life and in the behaviors of these actors. It also escapes pirate parades by encrypting content.
- the term "scratching" covers a procedure consisting of an addition, an amputation or a characteristic modification, on a communication protocol, while respecting the standard of this protocol. As such, because of this alteration, the mark can be considered a scratch carried to the original protocol, returning for a given moment to a single approved shipper. It is therefore also a claw in the sense of signature, but a signature does not refer directly to an identity real.
- This cryptonymic signature is advantageously chosen by the instance A.
- This scratching is only partially assimilable to an absolute secret, since its degree of readability, its ease or not to be detected, and more generally its capacity to be invisible, inaccessible or inaccessible. incomprehensible, will be at the discretion of the instance A.
- the claw brings to face of possible offenders an element of additional uncertainty, since they can not anticipate the degree of camouflage chosen at a given moment, and for a provisional duration .
- dogging must be understood in a broad sense, thus designating in particular:
- labeling • a labeling, a label, visible, erasable or indelible, a label of an IP packet or a stream (for example, labeling may consist in filling a field of a header of a protocol);
- a steganographic marking of spatial type for example marking in a field of the protocol, before or after the useful content of the user
- temporal for example specific use of the duration or the rate of transmission of the information, however respecting standards
- a server can scratch in a standard way with an MPLS VPN and another with an IPSec AH security association in transport mode, in particular to present very simple standard cases.
- the marking or encapsulation system proposed by the invention can be subdivided into two parts:
- the marking device itself.
- This device can be either in the communication medium of the transmitter, or at its output, or at a later point on the network, or at a predetermined intermediate, such as the instance A;
- the second part consists of a so-called secret element. This element belongs to two large families.
- the first family concerns the secret elements transmitted by A and materially then held by their approved carrier. It includes various types of potential carriers: o Technical support for issuance of the approved registrant, such as his computer or mobile phone.
- the secret element may for example be stored as a cookie in a temporary directory. It may also be several transmission media of the same declarant; o A removable or mobile support, such as a USB key, a smart card. This medium may be held in the name of a person or an approved structure such as a company, as a legal person, acting on behalf of its various members using the removable or mobile common medium; o A natural person knowing the secret element or a personal identifier activating it to carry out this marking; o Or any composition of these previous solutions.
- the secret element can be stored for as long as it is written dynamically, from data taken from outside each time, while leading to a marking of the flow by the sender equipment itself.
- the second family includes the secret elements kept in direct management: o by the entity A; o by a network operator or an access provider, as examples of intermediaries. o by a trusted third party chosen by the approved registrant.
- the secret element is activated in terms of marking when A or any delegated authority finds a connection to the network or a flow under a previously approved identity.
- the identity concerned may be in particular that of a communication medium (technical identity code), or that of a natural or legal person (such as a subscriber: individual or company).
- the bearer can therefore be as much a fixed as a mobile entity, as much a physical object as a logical one, as much a natural person as a moral person.
- the chosen security policy there will be available a range of choices, each with different qualities and weaknesses.
- Each security policy regarding the choice of the carrier is a search for optimum.
- the method does not aim at a total absence of risk of circumvention, but a reduction of this risk, in a constant optic of incitement not to circumvent it, for statistical interest.
- the resulting device may be labeled as "low security" in the sense that it aims to remain permanently sufficient to deter a significant number of offenders.
- a method according to the invention performs for example a marking of an informative nature, intended to produce a message, such as warning or warning about the harmfulness of the content.
- This marking will adopt the term "macaroon” in analogy with the usual function of macaroons in other areas of public life. It is for example affixed by the second instance B or the third C, on request or by referral to a moral authority.
- This mark may be made readable by a chosen communicant.
- it can be read by the receiving communication media of the stream.
- it may give rise to sending an informative message this time to the shipping address, for example to report remarks.
- the informative marking may be carried out by marking means at any remote point, such as a point of passage of the network.
- a real identity of flow emitter can be associated separately on the one hand with an invariant pseudonym, on the other hand with a variant cryptonyme, functionally dissimulating of the true identity, these two attributes benefiting from possible bridges between them, but neither their addition does not allow an outside party to ascend, by their knowledge or possession, to this real identity.
- Identities are personal and untransferable to third parties.
- the pseudonym may be brought to the explicit knowledge of third parties by its holder, the cryptonym not being.
- an invariant pseudonym of a given identity and a variant cryptonyme of this same identity are for example in constant bijection, within the instance charged with this bijection, without intercession of this real identity at any time.
- the subject of the invention is also a method of transmitting a pseudonymized stream on a communication medium through telecommunication or television broadcasting networks able to secure the data traffic, the stream comprising a scratch representing a cryptonyme independent of the the real identity of its transmission communication medium and the content it conveys, said cryptonym being referenced in a first instance A, the referencing indicating the link with the corresponding real identity, and said cryptonym being identifiable by a second instance B does not have access to the corresponding real identity.
- the cryptonym is, for example, in the form of a secret element, considering that the methods of combating the illegal downloading or the broadcasting of dangerous messages must themselves be secured.
- the clawing is for example inserted in the format of the communication protocol used, such as for example in the protocol header, while respecting the protocol standard, without interfering with the user's own data.
- FIG. 3 an illustration of a marking authorization phase for communication media by a first instance
- FIG. 4 an illustration of a flow analysis phase by a second instance
- FIG. 5 an exemplary embodiment of a type of informative marking carried out by the method according to the invention.
- FIG. 6, an illustration of the different possible steps of a method according to the invention applied to an emitted stream
- - Figure 7 an example of access to a pseudonym from the possession or knowledge of a masking scratch
- FIG. 1 shows two major steps of a method according to the invention which will be largely detailed subsequently, on the one hand the creation 1 of cryptonymes of the emitters, translated by the use of masking scratches and on the other hand the segmentation 2 supervision of traffic and content, from scratches.
- multimedia traffic such as downloads of music or video as well as streaming such as "streaming" in particular
- multimedia traffic are too bulky so that we can easily afford to examine them explicitly, by a tattoo embedded in the content for example.
- an organization such as CNIL in France, the National Commission for Data Protection and Freedom, may not allow this type of direct reading for reasons of privacy protection.
- an Internet service provider or service provider may not wish to provide a filtering service for illegal content so as not to enter a spiral of new responsibilities. The method of the invention will therefore simply inspect the network traffic, without initially checking the content of users and without touching this content.
- the invention therefore uses on the one hand cryptonymes emitters, both arbitrary scratching and external sign referencing. These cryptonymes are separately apposable to both an issuer and a document or stream. These electronic claws used in the method according to the invention define a set of technical possibilities of marking or encapsulation, either of a technical equipment, a document or a flow, or finally of all these elements,
- the invention implements a segmentation of an entity for controlling or supervising traffic and content. For example, three separate instances can be used. These instances are partitioned in such a way that they do not have mutual or reciprocal access to their respective databases. Only certain predefined information can be transmitted directly or on request.
- the possible delegations mentioned below are to be considered as likely to weaken the qualities of the process, and can only be considered as technical palliatives to which then apply the same means and purposes partitioning.
- FIG. 2 shows these three instances 21, 22, 23.
- a first instance 21, hereinafter called instance A intervenes in the marking or encapsulation of the servers or communication media. She references the speakers. She accepts, refuses or withdraws a referencing, a referencing being source of marking by scratching. This clawing can be done at the transmitter on its equipment, directly or by possible delegation including through network operators, access providers or any other actor in charge of the organization or routing of flows on these networks.
- the marking of a transmitter uses a technical device causing the hiding masking of any document, and any flow, leaving this emitter.
- Such a marking system can be provided by the instance A, which here also has the function of a trusted third party, for example, with telecommunication system players such as ISPs, users or distributors.
- Scratching a file or stream can be effective regardless of the type of party who activated the sending, whether it is a communication manager or a third party. Enabling this sending can be done from the sending equipment both at a distance or at various points in the network from other facilities. This activation can be concomitant with the sending or programmed.
- Scratching a file or a stream is also possible during transfer by a dedicated support for this task and controlled by the instance A, or any authorized third party, anywhere in the network.
- the masking hiding of a stream can be read or recorded by an approved controller such as the instance B defined below, or by possible delegation an operator for example, at any time and at any stage of the transfer.
- Clawing documents can be made discreet, by a secret in particular, so that it can be read or detected only by an authorized instance.
- it identifies behaviors by relating fluxes to cryptonymes of emitters in the case of masking scratching. This is to identify behaviors that may be at fault or sought for any other reason.
- This instance searches in priority for the presence or absence of masking scratching: in case of presence, it is content to conduct its analyzes from this cryptonyme, and search for a real identity in its absence.
- scratching is functionally comparable to a carnival mask that does not remove a face but covers it in the eyes of an appointed observer, with no right for the latter to remove it. He can only observe behavior during the carnival.
- Instance B does not have the authorization nor the access to the real identities referenced by their clawings, these identities being only known from the instance A.
- the instance B only has for example a directory, or table, cryptonymes in particular to bring the transmitted streams closer to their communications medium, or transmitters, respectively.
- This directory can be updated in real time, in view of the need to rely on the permutation of scratching by the instance A.
- the instance B also does not have the possibility to check if a suspicion of fault is exact or no, this role being vested in the following instance 23.
- a second type of marking may also have the function of bringing to the attention of communicators, such as recipients or intermediaries of the stream, a message including an alert on this stream.
- This message says macaron, can be expressed in any form such as sound or visual for example. It can be explicitly formulated or reduced to possibly standardized signage.
- a third instance 23, hereinafter referred to as instance C, is receptive of the reports of behavioral findings sought because, for example, being atypical or presumed to be at fault, issued by the instance B.
- instance C does not have access to the data found by instance B about an issuer's detailed behavior. It does not know if these data are considered representative of an unlawful or lawful behavior, typical or atypical, and useful or indifferent with regard to the search criteria of BC
- the instance C is ideally informed only of the desire to verify, accompanied by possible hypotheses on a possible supposable or sought-after content.
- Figure 3 illustrates a first phase of implementation of the invention. More particularly, it illustrates the masking scratch in association with the first supervision instance 21, the instance A.
- the invention uses the system scratching. This use of scratching makes it possible to separate the traffic on the networks in two. On the one hand are the servers that distribute content with a scratch and the other content, without scratching, which can be considered a priori more suspicious. A analysis can thus be carried out in priority on these contents without masking scratching.
- Figure 3 illustrates Internet actors 31, 32, 33 symbolized by proper names Barnabe, Paul and John. They emit files, phone calls, mails, or any other flow as defined above. They can also provide equipment to emit these flows.
- the three actors in Figure 3 illustrate three different cases.
- Barnabe 31 requests a referencing to the instance A, that is to say the authorization to mark its flows of a scratching.
- instance A denies this permission to Barnabe.
- Paul 32 requests an authorization of referencing which is granted to him by the instance A.
- Jean 33 does not ask the use of scratches.
- Paul's server 32 receives for example a secure element, with a secret.
- This secure element can be installed and stored on the computer for example on a USB key, a smart card or stored as a "cookie" cookie in a temporary directory, or in any other way that is both physical and logical. .
- the secrecy may be modified according to periods of time to be defined or left to the discretion of the homologating authority, for example every day, randomly or on request.
- This secret is a means of identifying and authenticating flows, packets, entities circulating on a network, in particular an application, a session, a connection, a stream, IP packets, MPLS packets, etc. For this purpose, the entities are marked by a scratch 34 which contains this secret.
- MPLS acts as input to the server and output to the ISP server.
- the virtual private network is only a security association.
- the actors 31, 32, 33 will issue streams 36 to other actors 37, 38, 39 who are receivers passive or active. For example, they are active when they execute a download.
- the streams are transmitted via a network managed by an ISP 35.
- Instance A does not have the function of detecting the presence of scratches in the streams, it only interacts with the content distribution managers, such as Barnabe, Paul or Jean, automatically or not. Request for claw requests can for example be done automatically from the servers of the actors 31, 32, 33 to a server constituting the instance A.
- the instance A is able to homologate the identity of servers, or of all communication media, by authorizing scratches on the one hand on these communication media and on the other hand on any stream sent by these entities.
- the instance A may thus be receptive of declarations of existence likely to emanate from all types of communication media capable of transmitting streams.
- a declaration may result as much from a legal, regulatory or contractual obligation as from an optional option. It can for example be:
- Instance A accepts or refuses the use of scratching. For this purpose, it is possible to initiate activity checks and identity or behavioral inquiries prior to granting a cryptonyme.
- the acceptance triggers a scratching of the technical support of emission of the authorized declarant, Paul in the example of figure 3.
- the grafts awarded and the identity of their beneficiaries are for example registered in an updated directory.
- the instance A may perform an approval of the technical codes indicating the identity of the transmitters, such as the address field of the source or IP packet, for example.
- the homologated identities are for example gathered in an updated directory.
- Cryptony directories are provided to instance B, or by delegation for example to network managers, access providers or any actor in charge of the organization, regulation, routing or control of flows on these networks.
- these interlocutors do not have access to the exhaustive directory but transmit to the instance
- instance A then the only holder of the directory the copies of the masking marks collected, for verification purposes for example of their authenticity or their validity.
- the instance sends a response on each individual request.
- a black box made available to the instance B or a delegated third party, this provision being made by the instance A.
- the black box remains under the control of this instance A for managing and modifying the data it contains.
- instance B or any delegated third party will have available updated copy, in direct access and management.
- FIG. 4 illustrates the activity analysis phase exerted by the instance B.
- the secret issued by the instance A generates a marking by a so-called masking scratch.
- This clawing is inserted in the format of the communication protocols, for example at the level of the IP fields, and not on the own contents of the users.
- the instance B will therefore observe these protocols at strategic points preferably on the paths taken by the flows.
- observation systems such as probes are located at these points.
- FIG. 4 illustrates this check for the actors 31, 32, 33 of FIG. In the example of FIG. 4, the positions of the reading points are upstream 41 and downstream 42 of the ISP or any other network or access manager.
- Masks can be read by instance B, or any other delegated authorized actor such as network managers or access providers.
- the reading can be automated by the use in particular of protocol analyzers. It can be conducted on the occasion of already existing relays on the networks, either by operation for example bypass established at any point of this network.
- FIG. 5 illustrates a second type of marking established by the invention, called informative marking, intended to produce a message, possibly brought back to a sign, displayed at one of the communicators, automatically or at its request, or as a corollary intended to remain invisible to some third parties or unwanted intermediary receivers in the information circle.
- Some flows 36, approved or not, can be provided after their analysis 40, 41, 42 informative macaroons 100, intended in particular to prevent the recipient 37, 38, 39 of a possible danger to him, this particular when the content identified by C or the behavior of the sender found by B, suggests a desire to nuisance, or conversely indicate that the issuer or its stream has a label of confidence a priori.
- the decision to affix this computer badge can be delegated to a third entity 101, here named "moral authority”, in order not to give the B and C instances a power of judgment, nor an analysis capacity on the opportunity.
- the recipient of the informative badge may also be the sender as indicated in the protocol fields, to communicate remarks.
- the invention generally elaborates a marking system whose role depends on the variety of possible functions of a mark, depending also on the time and place where it is affixed, as well as on whether or not it is voluntarily apparent. social or technical actor.
- the instance B monitors and analyzes, at any possible point in the network, and advantageously at the reading points 41, 42, the traffic of the masking scratches. It also monitors and often prioritizes flows that are not marked by scratching.
- Instance B monitors and analyzes preferentially outside the boundaries of each of the entities, these entities ranging from distribution servers to end users through ISPs.
- the analysis phase allows instance B to identify behaviors.
- the instance B can carry out censuses of kinship between emitters and emitted flows.
- the instance B has means for reading and processing data. These means thus report, for purposes of comparison, the clawing of the sending to a parallel marking of the sender. In this way, the instance B can identify behaviors reported to each communicant without knowing the corresponding identities.
- a behavior is the set of observable characteristics relating to one or more flows. To characterize typical or atypical behavior, these characteristics can then be compared with a set of criteria or reference characteristics.
- behaviors can therefore be reflected in the following characteristics, for example by the number of shipments, the volume of the items or their recurrence, their schedules, their timing, their automated appearance, and more generally by any character likely to translate a behavior. underlying or an intention.
- the method according to the invention therefore relies, as indicated above, on the search for similarities, or relatedness, between a scratch listed as being affixed to the transmitter and the same clipping affixed to a flowing file or to a stream, always without knowing the actual identity of the sender or the content of the feed.
- This identification of behaviors can be done either at a given moment, simultaneous or a posteriori, or over time on all exchanges or only part of the exchanges.
- the analysis can be quantitative or temporal type.
- the tracing carried out by the instance B consists therefore in particular to discover, find, follow and analyze the marks or their absence in order to detect early abnormalities or atypical behavior, and more generally than any desired behavior.
- a learning period may be necessary to apprehend the effervescence of the movement and the agitation of all these marks or scratches.
- Conventional traffic analysis tools generally used in large networks can be used here.
- Statistical laws can be erected during time to evolve, if necessary, the criteria for assessing atypical behavior.
- FIG. 6 illustrates all the possible steps for implementing the method according to the invention as described above.
- the figure illustrates the case of the transmission of a stream 36 by Paul's communication medium 32 to the Astrid receiving communication medium 37.
- the first instance 21, the instance A has allowed Paul's communication medium to mark the outgoing flows of a claw 34 indicating the cryptonymic identity of the transmission medium 32.
- the instance A is the only instance that knows the real identity of the medium 32, by referencing. This real identity may be the identity of the person responsible Paul, natural or legal person, or any identity to unambiguously identify the communication medium 32, in particular its location.
- the second instance 22, the instance B makes a finding of activated without knowing the real identity of Paul nor the content conveyed by the stream.
- Instance B only has access to Paul's cryptonym, represented for example by a secret element contained in the masking scratch, this secret element being able to be modified periodically.
- Instance B performs the identification of relatives 53 between the claws of the containers, that is to say the streams, and the transmitters, Paul's communication medium in the example of the figure.
- Instance B also performs behavior analysis, primarily on flows without scratches, but the analysis can also include fluxes with masking scratches, for example in less dense sampling than in fluxes without grafting. .
- the following instance 23, the instance C can at the end of the analyzes of behavior carried out by the instance B, to initiate procedures of verification in particular of content of flows suspects or sought.
- a suspicious or searched flow is a flow, with or without a claw, whose behavior is considered as typical or atypical following the analysis of the instance B.
- the instance C does not know 54 that the only communicants to the behaviors noted by B as being sought. It may also be unaware of how this behavior was considered typical or atypical, particularly in cases where initial suspicion or research would ultimately be unfounded.
- C may not be aware of the overall behavior concerned, eg ignore other flows from the same source, or to the same destination, but not found to be wanted or suspected, as well as data can help to know this global behavior, such as the schedules, numbers, degree of regularity and repetitiveness of these flows, or even help to deduce a real identity, individual or related to an identifiable community.
- the instance C itself can be internally fragmented so that the officiants in charge of the observation of the content and those who participate in the prior action of interception or storage the flow concerned do not communicate, so that the first ignore the identities (cryptonymic or real) of the senders and receivers of the flow.
- the C instance may communicate, automatically or not, information concerning a flow a priori illicit to an authority with a judicial power capable of initiating a formal investigation procedure. This is able to cross-check the global behaviors collected by the B instance, and the analysis for example of the content conducted by the C instance.
- This authority with a power such as judicial for example may be the sole final holder of information from the three instances:
- the inverted order from which this authority with judicial power is preferentially activatable makes it possible in this case to not grasp it and give it the possibility of merging all the information, once the process of analysis has been advanced. less until the B instance, and ideally until the C instance. The latter is intended to be after finding the contents, the most legitimate to seize the authority with judicial powers.
- the invention thus establishes several types of authorities, different according to their functions and their attributions. These authorities will be in charge of receiving requests or reports, and more generally all information, coming in whole or part of the entities A, B or C, in order to process them and possibly to follow up.
- - a second form of authority, previously called "moral authority", with or without judicial powers, and likely to judge the advisability of attaching an informative mark to a stream, in order to indicate to a communicant, such as its receiver, elements relating, for example, to any alleged innocuousness or dangerousness;
- - a third form of authority, with no judicial power and informative marking capability to the receiver.
- This authority is enabled in the case of searches on the streams and users of networks not related to their lawfulness. It is vested with the right to receive the data, for example essentially from the B instance. This is to interface with users the collected statistical data, for example for sociological, statistical or even metrological research.
- a fourth, named “anonymization authority”, will function to manage pseudonyms, according to the reason explained below.
- the non-real identity relating to the issuer of a stream, is capable of being subdivided into two, both of which are indirectly related since related to a single real sender identity, but responding to different functions, modes of modification and access modes.
- the interest of this process resting in the ability of one or the other identity to give access to the other, under the restriction of prior authorizations, without having to go by revealing or knowing the real identity: the first identity, already seen above, being present on the stream and corresponding to the masking scratch itself, remains protected as much as desired, in particular in the sense of undetectable, indelible, inaccessible or unintelligible to any actor or receiver other that the instances A, B and possibly C.
- This part can be modified periodically and without logical sequence at the discretion of A, and thus not being stable nor predictable or reconstitutable in its formal expression;
- the management of the pseudonym and the cryptonyme expressed by a scratching refers to partitions between three entities: the instance A 21, the anonymizing authority 72, and an entity 81 subsequently named Z.
- the instance Z is dedicated the only management of the link between a real identity and his pseudonym, without explicit knowledge of graffiti.
- An approved transmitter 82 receives a proposal to choose a pseudonym, either from the instance A, or from Z.
- Z will be the recipient of this choice, except for the instance A, which has not no vocation to know it.
- the Z instance is functionally unable to locate a scratch in emails or other streams it receives from the transmitter.
- the anonymizing authority 72 transmits the chosen pseudonym to the anonymizing authority 72, accompanied by the electronic mail or other stream coming from the transmitter and specifying this choice, this mail bearing a scratch awarded by A, but that Z can not detect and read.
- the anonymizing authority has the functional ability to detect scratches, which are its priority search, but their presence prevents it from then ascertaining the real identity of this transmitter. anonymisation thus receives both the pseudonym and the clawing of an issuer, whose real identity it does not intend to know.
- Instance A then transmits to the anonymization authority the updated versions of this scratch, without referring to the real identity of its transmitter, but referring either to a previous scratching of this transmitter, or to original scratching here named mother scratching, either to an arbitrary identifier coupled to this genealogy of scratching.
- the anonymizing authority has once received a copy of this parent scratch or one of its subsequent variations through the Z instance.
- the anonymizing authority cross-checks between its two sources. It emerges from this device:
- the instance Z knows the real identity of a transmitter and its pseudonym, without knowing how to detect and read its clawing; - that the authority of anonymisation 72 knows the pseudonym and the genealogy of the grafts, without having functionally access to the true identity concerned.
- Instance B is only interested in the first identity, corresponding to the masking scratch. It does not search for the second, corresponding to the pseudonym, just as it does not conduct any research on the real identity of the stream and its issuer.
- a first use is the access to the pseudonym from the possession or knowledge of masking dogging as illustrated for example in Figure 7.
- Paul 32 is provided with a scratch and a pseudonym. He asks for access to the site of Julie 39 who wants to know if he has a homologation giving scratching and if he has already come to his site.
- This pseudonym can be communicated or made punctually accessible, visible or readable in the eyes of some interlocutors such as for example a website of Julie 39 who would make a request in good standing. Requirement can be accompanied for example by transmitting a copy of the protocol header 71 of the communication protocol, or a more general copy of the carrier flow of the claw. Access to the pseudonym will be obtained from those authorized to keep it as well as to communicate it: o in a first variant, by or with an anonymizing authority 72; o in a second variant, by a third party, trustworthy, that he has delegated for this purpose; o in a third variant, by or from the anonymization authority, with visibility permission granted by the issuer of the stream.
- a second possible use is restricted on the part of the anonymizing authority either to inform a pseudonym but simply to confirm it, namely to confirm that such pseudonym known by a receiver, corresponds to the clawing contained in a message. claiming this pseudonym.
- the fact that the issuer has not made known his pseudonym to the recipient prevent the latter to access his knowledge by obtaining the authority of anonymization. It is thus one of the cases where the acceptance, by the issuer, that his pseudonym is known by a third 83, is preliminary, indispensable, even nominative.
- Another way is that the issuer authorizes the anonymizing authority to communicate later to a designated third party or such type of third, as previously indicated in said third variant.
- the advantage of this process is that the receiver would be certain however that the stable pseudonym is related to any masking scratch, in the sense that it emanates from an unspecified transmitter but has been deemed worthy of approval, or to a precise masking scratch, in the sense that it actually corresponds to the issuer of such message.
- the receiver benefits from the guarantee provided by the anonymisation authority that it is indeed the same issuer as during a previous contact, even if the scribbling of this transmitter would have been meanwhile modified by the instance A.
- This guarantee of interlocutor can be carried out as well on an asymmetrical mode, as in the previous case where only one of the two interlocutors request guarantee, that in a symmetrical mode.
- This device presenting originality not to rely on real identities, but on identities with the triple complementary feature of being artificial, stable and unique.
- Another use is to obtain a confirmation of possession by Paul of a grading homologation, from the possession or knowledge of the pseudonym.
- the pseudonym can be used by addressing its owning proxy authority, or any delegated third party.
- the authority can confirm the reality of possession of a scratch by the sender, without specifying the content.
- This confirmation of approval of interlocutor can be conducted in both asymmetric and symmetrical mode.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011512109A JP2011522336A (ja) | 2008-06-03 | 2009-06-03 | 通信ネットワーク上の仮名にされたストリームの追跡および復活方法、およびデータトラフィックおよびそのアドレスを安全に保護することができる情報ストリームの送信方法 |
EP09757544A EP2294761A1 (fr) | 2008-06-03 | 2009-06-03 | Procède de traçabilité et de résurgence de flux pseudonymises sur des réseaux de communication, et procède d'émission de flux informatif apte a sécuriser le trafic de données et ses destinataires |
US12/995,620 US9225618B2 (en) | 2008-06-03 | 2009-06-03 | Method of tracing and of resurgence of pseudonymized streams on communication networks, and method of sending informative streams able to secure the data traffic and its addressees |
CN2009801262225A CN102084624A (zh) | 2008-06-03 | 2009-06-03 | 跟踪和再现通信网络中的假名流的方法,以及发送能够保障数据流量及其接收者的信息流的方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0853675A FR2932043B1 (fr) | 2008-06-03 | 2008-06-03 | Procede de tracabilite et de resurgence de flux pseudonymises sur des reseaux de communication, et procede d'emission de flux informatif apte a securiser le trafic de donnees et ses destinataires |
FR0853675 | 2008-06-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009147163A1 true WO2009147163A1 (fr) | 2009-12-10 |
Family
ID=40470018
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2009/056786 WO2009147163A1 (fr) | 2008-06-03 | 2009-06-03 | Procède de traçabilité et de résurgence de flux pseudonymises sur des réseaux de communication, et procède d'émission de flux informatif apte a sécuriser le trafic de données et ses destinataires |
Country Status (6)
Country | Link |
---|---|
US (1) | US9225618B2 (fr) |
EP (1) | EP2294761A1 (fr) |
JP (1) | JP2011522336A (fr) |
CN (1) | CN102084624A (fr) |
FR (1) | FR2932043B1 (fr) |
WO (1) | WO2009147163A1 (fr) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2960671A1 (fr) * | 2010-06-01 | 2011-12-02 | Inst Telecom Telecom Paris Tech | Procede de securisation de donnees numeriques et d'identites notamment au sein de processus utilisant des technologies de l'information et de la communication |
US9100714B2 (en) | 2012-02-21 | 2015-08-04 | Viaccess | Audience-measuring method |
EP3499858A1 (fr) * | 2017-12-15 | 2019-06-19 | Araxxe | Procédé et système de détection de numéros d'appel utilisés par des simbox pour solliciter des communications téléphoniques |
US20210368336A1 (en) * | 2008-10-06 | 2021-11-25 | Canon Kabushiki Kaisha | Communication apparatus, control method of communication apparatus, computer program, and storage medium |
US20220150174A1 (en) * | 2020-07-13 | 2022-05-12 | Innovium, Inc. | Automatic flow management |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7162035B1 (en) | 2000-05-24 | 2007-01-09 | Tracer Detection Technology Corp. | Authentication method and system |
US8171567B1 (en) | 2002-09-04 | 2012-05-01 | Tracer Detection Technology Corp. | Authentication method and system |
US7995196B1 (en) | 2008-04-23 | 2011-08-09 | Tracer Detection Technology Corp. | Authentication method and system |
CN104380653B (zh) | 2012-06-08 | 2017-07-11 | 诺基亚技术有限公司 | 用于参与式感测系统的隐私保护 |
US11070523B2 (en) * | 2017-04-26 | 2021-07-20 | National University Of Kaohsiung | Digital data transmission system, device and method with an identity-masking mechanism |
US20190294820A1 (en) * | 2018-03-20 | 2019-09-26 | Entit Software Llc | Converting plaintext values to pseudonyms using a hash function |
Family Cites Families (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6334121B1 (en) * | 1998-05-04 | 2001-12-25 | Virginia Commonwealth University | Usage pattern based user authenticator |
US7140035B1 (en) * | 2000-02-01 | 2006-11-21 | Teleran Technologies, Inc. | Rule based security policy enforcement |
US6834382B2 (en) * | 2000-06-29 | 2004-12-21 | Lockheed Martin Corporation | Message parser and formatter |
US6880090B1 (en) * | 2000-04-17 | 2005-04-12 | Charles Byron Alexander Shawcross | Method and system for protection of internet sites against denial of service attacks through use of an IP multicast address hopping technique |
US20020032793A1 (en) * | 2000-09-08 | 2002-03-14 | The Regents Of The University Of Michigan | Method and system for reconstructing a path taken by undesirable network traffic through a computer network from a source of the traffic |
US20020089989A1 (en) * | 2000-10-04 | 2002-07-11 | Christensen Morten Jagd | Method and system for analysing a data packet or frame |
CN1488115A (zh) * | 2001-01-26 | 2004-04-07 | 布莱迪卡姆公司 | 用于提供服务和虚拟编程接口的系统 |
WO2002093436A1 (fr) * | 2001-05-11 | 2002-11-21 | Swisscom Mobile Ag | Procede d'emission par un consommateur d'une demande anonyme a destination d'un fournisseur de contenu ou de services par l'intermediaire d'un reseau de telecommunication |
DE10124800A1 (de) * | 2001-05-21 | 2002-12-12 | Siemens Ag | Prozessautomatisierungssystem und Prozessgerät für ein Prozessautomatisierungssystem |
US7472423B2 (en) * | 2002-03-27 | 2008-12-30 | Tvworks, Llc | Method and apparatus for anonymously tracking TV and internet usage |
JP4113462B2 (ja) | 2002-06-11 | 2008-07-09 | 松下電器産業株式会社 | コンテンツ通信履歴解析システム及びデータ通信制御装置 |
FR2845222B1 (fr) * | 2002-09-26 | 2004-11-19 | Gemplus Card Int | Identification d'un terminal aupres d'un serveur |
JP2005044277A (ja) * | 2003-07-25 | 2005-02-17 | Fuji Xerox Co Ltd | 不正通信検出装置 |
KR100561628B1 (ko) * | 2003-11-18 | 2006-03-20 | 한국전자통신연구원 | 통계적 분석을 이용한 네트워크 수준에서의 이상 트래픽감지 방법 |
WO2005088504A1 (fr) * | 2004-03-17 | 2005-09-22 | Fidelitygenetic Limited | Transaction securisee de donnees d'adn |
US20050246434A1 (en) * | 2004-04-05 | 2005-11-03 | International Business Machines Corporation | Services for capturing and modeling computer usage |
US20050234920A1 (en) * | 2004-04-05 | 2005-10-20 | Lee Rhodes | System, computer-usable medium and method for monitoring network activity |
US7603718B2 (en) * | 2005-03-31 | 2009-10-13 | Microsoft Corporation | Systems and methods for protecting personally identifiable information |
US7606801B2 (en) * | 2005-06-07 | 2009-10-20 | Varonis Inc. | Automatic management of storage access control |
US7761310B2 (en) * | 2005-12-09 | 2010-07-20 | Samarion, Inc. | Methods and systems for monitoring quality and performance at a healthcare facility |
US20070180521A1 (en) * | 2006-01-31 | 2007-08-02 | International Business Machines Corporation | System and method for usage-based misinformation detection and response |
US20070213992A1 (en) * | 2006-03-07 | 2007-09-13 | International Business Machines Corporation | Verifying a usage of a transportation resource |
US20080005194A1 (en) * | 2006-05-05 | 2008-01-03 | Lockheed Martin Corporation | System and method for immutably cataloging and storing electronic assets in a large scale computer system |
US7934253B2 (en) * | 2006-07-20 | 2011-04-26 | Trustwave Holdings, Inc. | System and method of securing web applications across an enterprise |
CN101136922B (zh) * | 2007-04-28 | 2011-04-13 | 华为技术有限公司 | 业务流识别方法、装置及分布式拒绝服务攻击防御方法、系统 |
US8181221B2 (en) * | 2007-08-16 | 2012-05-15 | Verizon Patent And Licensing Inc. | Method and system for masking data |
KR20090038683A (ko) * | 2007-10-16 | 2009-04-21 | 한국전자통신연구원 | 자동 취약점 진단 웹 방화벽 및 이를 이용한 취약점 진단방법 |
US20090228439A1 (en) * | 2008-03-07 | 2009-09-10 | Microsoft Corporation | Intent-aware search |
US8220054B1 (en) * | 2008-10-31 | 2012-07-10 | Trend Micro, Inc. | Process exception list updating in a malware behavior monitoring program |
-
2008
- 2008-06-03 FR FR0853675A patent/FR2932043B1/fr active Active
-
2009
- 2009-06-03 EP EP09757544A patent/EP2294761A1/fr not_active Withdrawn
- 2009-06-03 CN CN2009801262225A patent/CN102084624A/zh active Pending
- 2009-06-03 JP JP2011512109A patent/JP2011522336A/ja not_active Ceased
- 2009-06-03 US US12/995,620 patent/US9225618B2/en not_active Expired - Fee Related
- 2009-06-03 WO PCT/EP2009/056786 patent/WO2009147163A1/fr active Application Filing
Non-Patent Citations (3)
Title |
---|
JIANQING ZHANG ET AL: "Outsourcing Security Analysis with Anonymized Logs", SECURECOMM AND WORKSHOPS, 2006, IEEE, PI, 1 August 2006 (2006-08-01), pages 1 - 9, XP031087509, ISBN: 978-1-4244-0422-3 * |
PANG R; ALLMAN M; PAXSON V; LEE J: "The devil and packet trace anonymization", ACM- COMPUTER COMMUNICATION REVIEW, vol. 36, no. 1, January 2006 (2006-01-01), USA, pages 29 - 38, XP002521824, ISSN: 0146-4833 * |
XIAOXIN SHAO ET AL: "SANTT: Sharing Anonymized Network Traffic Traces among Researchers", NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, 2006. NOMS 2006. 10TH IEE E/IFIP VANCOUVER, BC, CANADA 03-07 APRIL 2006, PISCATAWAY, NJ, USA,IEEE, 3 April 2006 (2006-04-03), pages 527 - 533, XP010935710, ISBN: 978-1-4244-0142-0 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210368336A1 (en) * | 2008-10-06 | 2021-11-25 | Canon Kabushiki Kaisha | Communication apparatus, control method of communication apparatus, computer program, and storage medium |
US20230276232A1 (en) * | 2008-10-06 | 2023-08-31 | Canon Kabushiki Kaisha | Communication apparatus, control method of communication apparatus, computer program, and storage medium |
US11678179B2 (en) * | 2008-10-06 | 2023-06-13 | Canon Kabushiki Kaisha | Communication apparatus, control method of communication apparatus, computer program, and storage medium |
CN103229476A (zh) * | 2010-06-01 | 2013-07-31 | 巴黎矿业电信学院 | 特别在应用信息与通信技术的过程中检测和保护数据和身份的方法 |
WO2011151066A1 (fr) * | 2010-06-01 | 2011-12-08 | Institut Telecom-Telecom Paris Tech | Procede de securisation de donnees numeriques et d'identites notamment au sein de processus utilisant des technologies de l'information et de la communication |
JP2013534654A (ja) * | 2010-06-01 | 2013-09-05 | アンスティテュ ミーヌ−テレコム | 特に情報技術および通信技術を用いるプロセスにおいて、デジタルデータおよび識別情報をセキュリティ保護する方法 |
JP2013535045A (ja) * | 2010-06-01 | 2013-09-09 | アンスティテュ ミーヌ−テレコム | 特に情報および通信技術を用いた処理内でのデータおよび身元を確認および保護する方法 |
US8959592B2 (en) | 2010-06-01 | 2015-02-17 | Institut Mines-Telecom | Method for securing digital data and identities in particular in a process using information and communication technologies |
US9003178B2 (en) | 2010-06-01 | 2015-04-07 | Institut Mines-Telecom | Method of checking and protecting data and identity especially within processes using information and communication technologies |
FR2960671A1 (fr) * | 2010-06-01 | 2011-12-02 | Inst Telecom Telecom Paris Tech | Procede de securisation de donnees numeriques et d'identites notamment au sein de processus utilisant des technologies de l'information et de la communication |
WO2011151388A1 (fr) * | 2010-06-01 | 2011-12-08 | Institut Telecom-Telecom Paris Tech | Procede de controle et de protection de donnees et d'identite notamment au sein de processus utilisant des technologies de l'information et de la communication |
CN103124974A (zh) * | 2010-06-01 | 2013-05-29 | 巴黎矿业电信学院 | 特别在应用信息与通信技术的过程中保障数字数据和身份的方法 |
US9100714B2 (en) | 2012-02-21 | 2015-08-04 | Viaccess | Audience-measuring method |
EP3499858A1 (fr) * | 2017-12-15 | 2019-06-19 | Araxxe | Procédé et système de détection de numéros d'appel utilisés par des simbox pour solliciter des communications téléphoniques |
FR3075539A1 (fr) * | 2017-12-15 | 2019-06-21 | Araxxe | Procede et systeme de detection de numeros d'appel utilises par des simbox pour solliciter des communications telephoniques |
US11652750B2 (en) * | 2020-07-13 | 2023-05-16 | Innovium, Inc. | Automatic flow management |
US20220150174A1 (en) * | 2020-07-13 | 2022-05-12 | Innovium, Inc. | Automatic flow management |
Also Published As
Publication number | Publication date |
---|---|
JP2011522336A (ja) | 2011-07-28 |
US9225618B2 (en) | 2015-12-29 |
CN102084624A (zh) | 2011-06-01 |
US20110307691A1 (en) | 2011-12-15 |
EP2294761A1 (fr) | 2011-03-16 |
FR2932043A1 (fr) | 2009-12-04 |
FR2932043B1 (fr) | 2010-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009147163A1 (fr) | Procède de traçabilité et de résurgence de flux pseudonymises sur des réseaux de communication, et procède d'émission de flux informatif apte a sécuriser le trafic de données et ses destinataires | |
EP1899887B1 (fr) | Procede et systeme de reperage et de filtrage d'informations multimedia sur un reseau | |
Reedy | Interpol review of digital evidence 2016-2019 | |
EP2023533B1 (fr) | Procédé et installation de classification de trafics dans les réseaux IP | |
US20070139231A1 (en) | Systems and methods for enterprise-wide data identification, sharing and management in a commercial context | |
US20080159146A1 (en) | Network monitoring | |
US8577680B2 (en) | Monitoring and logging voice traffic on data network | |
WO2006027495A1 (fr) | Protection et controle de diffusion de contenus sur reseaux de telecommunications | |
CA2676106A1 (fr) | Systeme et procede pour ajouter du contexte afin d'eviter les pertes de donnees sur un reseau informatique | |
Iqbal et al. | Machine learning for authorship attribution and cyber forensics | |
Roberts et al. | The EU data retention directive in an era of internet surveillance | |
EP1435032A1 (fr) | Procede et systeme d'identification et de verification du contenu de documents multimedia | |
Warren et al. | How might crime-scripts be used to support the understanding and policing of cloud crime? | |
US9497205B1 (en) | Global commonality and network logging | |
Parsons | Deep packet inspection and its predecessors | |
Iqbal et al. | A study of detecting child pornography on smart phone | |
Patil et al. | A comparative analysis of various techniques of data leakage detection in different domains | |
WO2007081960A2 (fr) | Systèmes et procédés d'identification, partage et gestion des données à l'échelle de l'entreprise dans un contexte commercial | |
Ho | Towards a privacy-enhanced social networking site | |
Kayem | Theories and intricacies of information security problems | |
Tran | Finding Electronic Evidence | |
Heemsbergen et al. | Distributing Journalism: Digital Disclosure, Secrecy, and Crypto-Cultures | |
Gauntlett | Net spies | |
FR2835331A1 (fr) | Procede de controle de l'exploitation de contenus numeriques par un module de securite ou une carte a puce comprenant ledit module | |
WO2023237259A1 (fr) | Procede d'enregistrement renforce d'un fichier numerique |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200980126222.5 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09757544 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011512109 Country of ref document: JP |
|
REEP | Request for entry into the european phase |
Ref document number: 2009757544 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009757544 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12995620 Country of ref document: US |