Frederic Gariador

Bio: Frederic Gariador is an academic researcher from Alcatel-Lucent. The author has contributed to research in topics: Node (networking) & Wireless network. The author has an hindex of 6, co-authored 16 publications receiving 233 citations.

Secure communication methods and systems

Abstract: Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections, illustratively between a first system and an intermediate system and between a second system and an intermediate system. The multiple secure connections may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.

Method of authenticating a mobile network node in establishing a peer-to-peer secure context between a pair of communicating mobile network nodes

Abstract: Methods for authenticating peer mobile network nodes for establishing a secure peer-to-peer communications context in an ad-hoc network are presented. The methods include accessing wireless infrastructure network entities at low bandwidth and for a short time duration to obtain cryptographic information regarding a peer mobile network node for the purpose of establishing secure peer-to-peer communications therewith ad-hoc network. Having received cryptographic information regarding a peer mobile network node, the method further includes challenging the peer network node with a challenge phrase derived from the cryptographic information received, receiving a response, and establishing a secure communications context to the peer mobile network node based on the validity of the received response. Advantages are derived from addressing security threats encountered in provisioning ad-hoc networking, by leveraging wireless infrastructure network security architecture, exemplary deployed in UMTS/GSM infrastructure networks, enabling seamless mobile network node authentication through the existing UMTS and/or GSM authentication infrastructure, while pervasively communicating with peer mobile network nodes in an ad-hoc network.

Protection for wireless devices against false access-point attacks

Abstract: Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.

Identity verification for secure e-commerce transactions

Abstract: A method and apparatus are provided for providing authentication of an e-commerce server to a user engaging in e-commerce transactions. When the user begins an e-commerce session, the e-commerce server requests an authentication token from an authentication proxy with which it has registered. If the authentication proxy recognizes the e-commerce server, the authentication proxy generates an authentication token in the form of a simple image, and sends the authentication token to the e-commerce server over a trusted path. The e-commerce server sends the authentication token to the user. The authentication proxy also sends a copy of the authentication token to the user over a second trusted path to a second device or application accessible by the user. The user can then see that the authentication token presented by the e-commerce server matches the authentication token presented by the authentication proxy. Since the user has received the two authentication proxies over separate channels, one of which is typically secure, the user can be assured that the e-commerce server has been authenticated by the authentication proxy, and that the e-commerce server is therefore legitimate.

Mechanism for detection of attacks based on impersonation in a wireless network

Abstract: An impersonation detection system for a wireless node of a wireless communication network is described. The system comprises an intrusion detection module for correlating the original data frames transmitted by the wireless node with incoming data frames received over the air interface. The wireless node is connected to the intrusion detection module over a secure link, for receiving a copy of the original data frames. A method for detecting impersonation based attacks at a wireless node is also disclosed.

Multifactorial optimization system and method

Abstract: A method for providing unequal allocation of rights among agents while operating according to fair principles, comprising assigning a hierarchal rank to each agent; providing a synthetic economic value to a first set of agents at the a high level of the hierarchy; allocating portions of the synthetic economic value by the first set of agents to a second set of agents at respectively different hierarchal rank than the first set of agents; and conducting an auction amongst agents using the synthetic economic value as the currency. A method for allocation among agents, comprising assigning a wealth generation function for generating future wealth to each of a plurality of agents, communicating subjective market information between agents, and transferring wealth generated by the secure wealth generation function between agents in consideration of a market transaction. The method may further comprise the step of transferring at least a portion of the wealth generation function between agents.

Service Plan Design, User Interfaces, Application Programming Interfaces, and Device Management

Abstract: Disclosed herein are methods, systems, and apparatuses to enable subscribers of mobile wireless communication devices to view, research, select and customize service plans; to create and manage device groups, share and set permission controls for service plans among devices in device groups; to manage communication services through graphical user interfaces; to sponsor and promote service plans; and to design, manage, and control communication services through application programming interfaces.

Device-Assisted Services for Protecting Network Capacity

Abstract: Device Assisted Services (DAS) for protecting network capacity is provided. In some embodiments, DAS for protecting network capacity includes monitoring a network service usage activity of the communications device in network communication; classifying the network service usage activity for differential network access control for protecting network capacity; and associating the network service usage activity with a network service usage control policy based on a classification of the network service usage activity to facilitate differential network access control for protecting network capacity.

System and Method for Providing User Notifications

Abstract: A method performed by an end user device associated with a service plan having a limit on usage of a network service, the method comprising storing one or more notification actions corresponding to one or more notification requests; performing a device action that reflects a past or intended use of the network service; receiving one of the one or more notification requests from a network element in response to the device action; performing one of the one or more notification actions in response to the notification request, the notification action causing the end user device to retrieve at least a portion of a notification message associated with a status of the use, the at least a portion of the notification message being separate from the one of the one or more notification requests; and presenting the notification message on a user interface of the end user device.

Universal secure registry

Abstract: A secure registry system and method for the use thereof are provided which permits secure access to a database containing selected data on a plurality of entities, at least portions of which database has restricted access. Mechanisms are provided for controlling access to restricted access portions of the database are provided, such access being determined by at least one of the identity of the requesting entity and the entity's status. A multicharacter public code may be provided which the system can map to provide permit delivery of items, complete telephone calls and perform other functions for entities. The system may also be utilized to locate an individual based on limited biological data. Organizations utilizing the system may have custom software facilitating their access and use of the system.