公开(公告)号：KR101213160B1

公开(公告)日：2012-12-17

申请号：KR1020060113438

申请日：2006-11-16

Applicant: 삼성전자주식회사

Inventor： 김대엽 ,  허미숙 ,  정태철 ,  김환준

IPC: H04L9/14 ,  H04L9/08

CPC classification number: H04L9/0836 ,  H04L9/0891

Abstract: 바이너리트리(binary tree)에상응하는그룹의멀티탈퇴(multi leave)에대한그룹키 업데이트방법및 장치가개시된다. 본발명의일실시예에따른그룹키 업데이트방법은상기바이너리트리상의노드들중 서브루트노드를선택하는단계; 상기서브루트노드의타입에따라상기그룹에대한노드체인지(node change)를수행하여변화된바이너리트리를생성하는단계; 및상기변화된바이너리트리에대하여노드키 업데이트를수행하는단계를포함하는것을특징으로한다. 따라서, 효율적으로멀티탈퇴에대한그룹키 업데이트를수행할수 있다.

公开(公告)号：KR1020120100046A

公开(公告)日：2012-09-12

申请号：KR1020110018664

申请日：2011-03-02

Applicant: 삼성전자주식회사

Inventor： 김대엽

IPC: H04L9/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3247 ,  H04L9/008 ,  H04L9/0643 ,  H04L9/0825 ,  H04L9/0861 ,  H04L9/088 ,  H04L63/061 ,  H04L63/101 ,  H04L2209/38 ,  H04L2209/60 ,  H04L2463/062

Abstract: PURPOSE: An apparatus and method for controlling access to contents in a distributed environment network are provided to classify rights to read and write the contents in the distributed environment network by generating keys through classification of the keys for reading and writing. CONSTITUTION: A list generation part(111) generates an access control list which includes one or more items of user information and access right information. A first key generation part(112) generates a first key corresponding to a key for a writing right. A second key generation part(113) generates a key for a reading right, a second key, using the first key. A first key distribution part(114) codes the first key using each public key of members who have the writing right among the members who are included in the access control list. A second key distribution part(115) decodes the second key using each public key of the members who have the reading right among the members who are included in the access control list. [Reference numerals] (110) Control part; (111) List generation part; (112) First key generation part; (113) Second key generation part; (114) First key distribution part; (115) Second key distribution part; (120) Communication part; (130) Storage part

Abstract translation: 目的：提供一种用于控制分布式环境网络中内容访问的装置和方法，用于通过分类密钥进行读写分类，生成密钥来分类读写分布式环境网络内容的权限。 构成：列表生成部（111）生成包含一个或多个用户信息项和访问权限信息的访问控制列表。 第一密钥生成部分（112）生成对应于写入权限的密钥的第一密钥。 第二密钥生成部分（113）使用第一密钥生成用于读取权限的密钥，第二密钥。 第一密钥分配部分（114）使用包括在访问控制列表中的成员中具有书面权限的成员的每个公钥来对第一密钥进行编码。 第二密钥分发部件（115）使用在访问控制列表中包括的成员中具有读取权限的成员的每个公钥来解码第二密钥。 （附图标记）（110）控制部; （111）列表生成部分; （112）第一关键代码部分; （113）第二关键生成部分; （114）第一钥匙分配部分; （115）第二密钥分发部分; （120）通讯部分; （130）储存部分

公开(公告)号：KR1020110083886A

公开(公告)日：2011-07-21

申请号：KR1020100003858

申请日：2010-01-15

Applicant: 삼성전자주식회사

Inventor： 김대엽

IPC: H04W12/06 ,  H04L9/30 ,  H04W88/02 ,  H04W12/08

CPC classification number: H04L63/08 ,  G06F21/33 ,  G06F2221/2129 ,  H04W12/06 ,  H04L9/30 ,  H04W12/08 ,  H04W88/02

Abstract: PURPOSE: An apparatus for authenticating other portable terminal in a mobile terminal and a method thereof are provided to issue an authentication in a mobile terminal through an authentication channel such as an LLC(Location-limited Channel). CONSTITUTION: A method for authenticating other portable terminal in a mobile terminal comprises steps of: receiving a first seed from an authentication response terminal through an authentication channel and transmitting a second seed to the authentication response terminal; creating the first seed, the second seed, and an opened key; and transmitting the authentication to the authentication response terminal.

Abstract translation: 目的：提供一种用于认证移动终端中的其他便携式终端的装置及其方法，用于通过诸如LLC（位置限制信道）的认证信道在移动终端中发出认证。 构成：用于在移动终端中认证其他便携式终端的方法包括以下步骤：通过认证信道从认证响应终端接收第一种子，并将第二种子发送到认证响应终端; 创建第一个种子，第二个种子和一个打开的钥匙; 并将认证发送到认证响应终端。

公开(公告)号：KR1020080083874A

公开(公告)日：2008-09-19

申请号：KR1020070024659

申请日：2007-03-13

Applicant: 삼성전자주식회사

Inventor： 김대엽

IPC: H04N21/266 ,  H04N21/4623 ,  H04N21/6334

CPC classification number: H04N7/1675 ,  H04N21/2347 ,  H04N21/26609 ,  H04N21/4181 ,  H04N21/4334 ,  H04N21/4405 ,  H04N21/4623

Abstract: A security system based on a conditional access system and a method for processing a conditional access service using the same are provided to enable a smart card to check whether a subscriber has permission if the subscriber starts recording, decode an encrypted CW, transmit the decoded CW to a receiver, and generate and store right configuration condition information and a CEK, and transmit a program ID(Identification) and the CEK to the receiver, and enable the receiver to encrypt a recording program using the CEK and store the encrypted recording program with the program ID. A security system includes a transmitter(100), a receiver(200), and a smart card(300). The transmitter generates and outputs an ECM(Entitlement Control Message) or an EMM(Entitlement Management Message), and performs the scrambling of broadcast data through a CW(Control Word) or a CEK(Contents Encryption Key) to output the scrambled broadcast data. The receiver receives, analyzes, and processes the scrambled broadcast data, the ECM, the EMM outputted from the transmitter, performs the descrambling of the scrambled broadcast data with the CW or the decoded CEK to output the descrambled broadcast data to a receiving terminal(500), or encodes and stores the descrambled broadcast data. The smart card includes a code/authentication processor and an entitlement message processor. The code/authentication processor compares the EMM with information about the scrambled broadcast data to determine whether a subscriber has permission to the broadcast data, and decodes the encoded CEK of the EMM and outputs the decoded CEK to the receiver.

Abstract translation: 提供了一种基于条件访问系统的安全系统和使用该安全系统处理条件访问服务的方法，以使得智能卡能够在用户开始记录，解密加密的CW，传送解码的CW 并且生成和存储正确的配置条件信息和CEK，并且向接收者发送程序ID（Identification）和CEK，并且使接收器能够使用CEK加密记录程序并将加密的记录程序存储在 程序ID。 安全系统包括发射机（100），接收机（200）和智能卡（300）。 发送器产生并输出ECM（授权控制消息）或EMM（授权管理消息），并且通过CW（控制字）或CEK（内容加密密钥）执行广播数据的加扰，以输出加扰的广播数据。 接收机接收，分析和处理加扰的广播数据，ECM，从发射机输出的EMM，用CW或解码的CEK对加扰的广播数据进行解扰，以将解扰的广播数据输出到接收终端（500 ），或编码并存储解扰的广播数据。 智能卡包括代码/认证处理器和授权消息处理器。 代码/认证处理器将EMM与有关加扰的广播数据的信息进行比较，以确定用户是否具有广播数据的许可，并对EMM的编码CEK进行解码并将解码的CEK输出到接收机。

公开(公告)号：KR100699467B1

公开(公告)日：2007-03-26

申请号：KR1020050090696

申请日：2005-09-28

Applicant: 삼성전자주식회사

Inventor： 성맹희 ,  진원일 ,  김대엽 ,  김환준

IPC: G06K17/00

CPC classification number: H04L9/3271 ,  H04L2209/805

Abstract: An RFID(Radio Frequency IDentification) tag, and a system and a method for protecting RFID privacy are provided to protect RFID tag information by transmitting a real RFID to only the RFID reader authenticated based on a pseudo ID. A tag storing part(540) stores the pseudo ID used for authenticating the RFID reader. A determiner(530) determines whether the stored pseudo ID is matched with the pseudo ID generated by using a received key in case that the key is received in response to the pseudo ID transmitted by an information transmission request signal of the RFID reader. A tag controller(520) transmits the RFID of the tag to the RFID reader through a transmitter(550) in case that the stored pseudo ID is matched with the generated pseudo ID. The tag storing part stores a common pseudo ID generated by using a common key of an RFID privacy protection system.

Abstract translation: 提供RFID（射频识别）标签，以及用于保护RFID隐私的系统和方法，以通过仅向基于伪ID认证的RFID读取器发送真实RFID来保护RFID标签信息。 标签存储部（540）存储用于认证RFID阅读器的伪ID。 在由RFID读取器的信息发送请求信号发送的伪ID响应于接收到密钥的情况下，确定器（530）确定存储的伪ID是否与通过使用接收的密钥生成的伪ID相匹配。 标签控制器（520）在所存储的伪ID与生成的伪ID匹配的情况下，通过发送器（550）将RFID标签的RFID发送到RFID读取器。 标签存储部存储通过使用RFID隐私保护系统的公共密钥生成的公共伪ID。

公开(公告)号：KR1020060049340A

公开(公告)日：2006-05-18

申请号：KR1020050100726

申请日：2005-10-25

Applicant: 삼성전자주식회사

Inventor： 김대엽 ,  김환준 ,  박성준 ,  천정희 ,  진원일 ,  김명환 ,  조남수 ,  유은선

IPC: H04N21/2347 ,  H04N21/6334 ,  H04L9/32 ,  G06F15/00

CPC classification number: H04L9/0869 ,  H04L9/0643 ,  H04L9/0822 ,  H04L9/0827 ,  H04L9/083 ,  H04L9/0836 ,  H04L9/0891 ,  H04L2209/38 ,  H04L2209/601 ,  H04N7/162 ,  H04N7/1675 ,  H04N21/2585 ,  H04N21/26613

Abstract: 브로드캐스트 암호화를 위한 사용자 키 관리 방법이 개시된다. 본 발명은 순차적으로 배열된 각 노드에 노드 패스 아이디(Node Path ID)를 부여하는 단계, 각 노드에 노드 패스 아이디에 따라 임의의 씨드 키(Seed Value Key)를 부여하는 단계, 부여된 임의의 씨드 키에 해쉬함수를 반복적으로 적용하여 키값들을 생성하는 단계, 및 생성된 키값들을 각 노드들에 순차적으로 부여하는 단계를 통해 구현된다. 본 발명에 의하면, 브로드캐스트 암호화에서 가장 중요한 전송량을 r 미만으로 줄일 수 있게 된다. 또한, 본 발명의 실시예들에서는 현재까지 가장 좋은 방법으로 알려진 SD와 비교하여 전송량이 크게 줄일 수가 있다는 장점이 있다.
브로드캐스트 암호화, 해쉬 함수, 씨드 키, 해쉬 체인,계층구조

公开(公告)号：KR1020060031257A

公开(公告)日：2006-04-12

申请号：KR1020040080218

申请日：2004-10-08

Applicant: 삼성전자주식회사

Inventor： 김환준 ,  박성준 ,  김대엽 ,  진원일

IPC: H04L9/28

CPC classification number: G06Q20/3829 ,  H04L9/0836 ,  H04L9/0891 ,  H04L2209/601

Abstract: An apparatus and method for generating a key for a broadcast encryption. The apparatus includes a node secret generator for managing a user that receives broadcast data in a tree structure and for generating a unique node secret for each node in the tree structure. The apparatus also includes an instant key generator for temporarily generating an instant key used at all nodes in common in the tree structure, and a node key generator for generating a node key for each node by operating the node secret generated at the node secret generator and the instant key generated at the instant key generator. Thus, key update can be efficiently achieved.

公开(公告)号：KR101584987B1

公开(公告)日：2016-01-13

申请号：KR1020090050392

申请日：2009-06-08

Applicant: 삼성전자주식회사

Inventor： 김대엽

IPC: G06F21/64 ,  H04L9/00 ,  H04W12/04 ,  H04W12/06

CPC classification number: H04L9/3242 ,  H04L63/126 ,  H04L2209/60

Abstract: 데이터송수신장치및 방법이개시된다. 데이터송신장치는전송하고자하는메시지에대한메시지인증코드를복수의암호키로암호화하여제1 암호문및 제2 암호문을생성하고, 생성된제1 암호문및 제2 암호문을데이터수신장치로송신한다.

公开(公告)号：KR101213161B1

公开(公告)日：2012-12-17

申请号：KR1020060053638

申请日：2006-06-14

Applicant: 삼성전자주식회사

Inventor： 김환준 ,  허미숙 ,  김대엽 ,  원치선 ,  김성민

IPC: H04N19/467 ,  H04N21/8358

CPC classification number: H04N19/467 ,  G06T1/0035 ,  G06T2201/0053

Abstract: 본발명은비디오워터마킹장치및 그방법에관한것으로, 특히비디오의재 압축에강인한압축영역에서의비디오워터마킹장치및 그방법에관한것이다. 본발명의비디오워터마킹장치는, 비디오부호화부에의해압축된비트스트림을수신하고, 상기비트스트림을구성하는코드워드에대한영상의공간영역에대한정보를추출하는공간영역정보분석부, 상기공간영역정보분석부에서추출한상기공간영역에대한정보를기초로하여상기코드워드를공간영역에서분할된기 결정된영역별로그룹핑하는영역구분부, 상기각 영역의부호를결정하는영역부호결정부및 상기영역부호결정부에서결정된부호에따라상기각 영역에워터마크를삽입하는워터마크비트삽입부를포함하는것을특징으로한다.

公开(公告)号：KR1020120054839A

公开(公告)日：2012-05-31

申请号：KR1020100116167

申请日：2010-11-22

Applicant: 삼성전자주식회사

Inventor： 김은아 ,  김대엽 ,  허미숙

IPC: H04L9/30 ,  H04L9/32

CPC classification number: H04L9/0825 ,  G06F21/6218 ,  G06F2221/2141 ,  H04L9/32 ,  H04L63/101 ,  H04L63/16 ,  H04L2463/062 ,  H04L63/00 ,  H04L9/30

Abstract: PURPOSE: A method and an apparatus for controlling access to data based a layered structure are provided to update an access control list by adding only the information of a new terminal to a pre-generated access control list without additionally changing resources. CONSTITUTION: A terminal authentication unit(710) obtains the identifying information of a terminal and a public key of the terminal by authenticating the terminal. An encryption unit(720) encrypts the hierarchical key of a target layer to give an access privilege to a terminal by using a public key of the terminal. An ACL(Access Control List) generating unit(730) generates an ACL based on the identifying information of the terminal and the encrypted hierarchical key. An ACL copy generating unit(740) generates the copy of the ACL based on the link information of the encrypted hierarchical key and the identifying information of the terminal.

Abstract translation: 目的：提供一种用于基于分层结构来控制对数据的访问的方法和装置，用于仅通过将新终端的信息仅添加到预先生成的访问控制列表来更新访问控制列表而不额外地改变资源。 构成：终端认证单元（710）通过认证终端来获得终端的识别信息和终端的公开密钥。 加密单元（720）通过使用终端的公钥对目标层的层级密钥进行加密，从而给终端提供访问权限。 ACL（访问控制列表）生成单元（730）基于终端的识别信息和加密的分层密钥生成ACL。 ACL复制生成单元（740）基于加密分层关键字的链接信息和终端的识别信息生成ACL的副本。