-
公开(公告)号:KR1020150016802A
公开(公告)日:2015-02-13
申请号:KR1020130092698
申请日:2013-08-05
Applicant: 한국전자통신연구원
Abstract: 본 발명은 모바일 단말에 임베디드 하드웨어 보안 장치를 적용하고, 보안 장치를 포함하는 모바일 단말에 저장된 데이터를 안전하게 다른 모바일 단말로 이동 시키는 방법에 관한 것이다. 구체적으로, 제1 단말의 보안 장치 내 데이터를 제2 단말로 이동하는 방법은 서버가 제2 단말로부터 제2 백업용 비밀키와 제2 백업용 공개키로 구성된 키 쌍에 해당하는 데이터 백업용 정보 중 제2 백업용 공개키를 전달받는 단계, 제1 단말로부터 제1 백업용 비밀키와 제1 백업용 공개키로 구성된 키 쌍에 해당하는 데이터 백업용 정보 중 제1 백업용 공개키를 전달받는 단계, 제2 백업용 공개키를 제1 백업용 공개키로 암호화하고, 암호화된 제2 백업용 공개키를 제1 단말로 전달하는 단계, 제2 백업용 공개키를 이용하여 암호화한 데이터를 제1 단말로부터 전달받는 단계 및 암호화된 데이터를 제2 단말로 이동시키는 단계를 포함한다.
Abstract translation: 本发明涉及一种将嵌入式硬件安全装置应用于移动终端的方法,并将存储在包括安全装置的移动终端中的数据安全地移动到另一移动终端。 更具体地说,一种用于将存储在第一终端的安全设备中的数据移动到第二终端的方法包括以下步骤:由服务器接收用于备份的第二公钥,用于与由密钥对组成的密钥对相对应的数据备份信息 备份的第二秘密密钥和用于从第二终端备份的第二公钥; 由服务器接收用于备份的用于备份的用于数据备份的第一公钥,所述信息对应于由用于备份的第一秘密密钥和从第一终端备份的第一公钥的密钥对; 由所述服务器使用所述第一公钥进行备份的第二公共密钥进行备份,并将所述加密的第二公钥发送给所述第一终端; 由所述服务器从所述第一终端接收使用所述第二公钥进行备份的加密数据; 并且由服务器将加密数据移动到第二终端。
-
公开(公告)号:KR101469894B1
公开(公告)日:2014-12-08
申请号:KR1020110080381
申请日:2011-08-12
Applicant: 한국전자통신연구원
CPC classification number: G06F21/53
Abstract: 본발명은모바일단말에서안전한소프트웨어실행환경을제공하기위한방법및 장치에있어서, 가상화기반의도메인분리를통해서독립적인두 개의실행환경을구성하고, 분리된도메인간 보안서비스채널을통해안전서비스를제공함으로써, 단말에서실행되는소프트웨어에대한보안성을높이고외부의불법적인접근으로부터내부정보를보호할수 있다.
-
公开(公告)号:KR1020140079530A
公开(公告)日:2014-06-27
申请号:KR1020120146776
申请日:2012-12-14
Applicant: 한국전자통신연구원
Abstract: The present invention relates to a secure distributed file system for various devices. The secure distributed file system according to the present invention includes: a user unit which sets whether to protect data according to the importance of the data set by application program driven on a mobile device; and a kernel unit which provides a means for accessing a file generated by an application program belonging to the user unit or previously generated. The secure distributed file system exposes key pieces more than a threshold, and makes impossible the reconfiguration of original data unless all devices sharing corresponding file pieces are obtained, even when a situation capable of key restoration occurs. The present invention provides the merits of overcoming the inefficiency of an existing protection technique encrypting the entire file, the burden of a cost on the configuration of a distributed file system relying on a central server, and the security vulnerability to files stored in a single device.
Abstract translation: 本发明涉及一种用于各种设备的安全分布式文件系统。 根据本发明的安全分发文件系统包括:用户单元,其根据在移动设备上驱动的应用程序的数据集的重要性来设置是否保护数据; 以及内核单元,其提供用于访问由属于所述用户单元的应用程序生成的或之前生成的文件的装置。 安全的分布式文件系统暴露了多于一个门限的密钥,并且不可能重新配置原始数据,除非获得共享相应文件的所有设备,即使能够进行密钥恢复的情况也是如此。 本发明提供克服加密整个文件的现有保护技术的低效率,依赖于中央服务器的分布式文件系统的配置成本的负担以及存储在单个设备中的文件的安全漏洞的优点 。
-
公开(公告)号:KR1020140044972A
公开(公告)日:2014-04-16
申请号:KR1020120102303
申请日:2012-09-14
Applicant: 한국전자통신연구원
CPC classification number: G06F21/6218 , G06F21/53 , G06F2221/2105 , G06F2221/2149
Abstract: The present invention is a mobile computing system for providing an execution environment with outstanding security. This mechanism separates the execution environment by using a virtualization technique within the same mobile terminal, and it facilitates the protection of individual privacy by managing the execution environment for each user through the same hardware security module. [Reference numerals] (110,120) Owner execution environment; (111,121,) Operating system; (112,122) Application; (113,123) Hardware security module device driver; (130) Hardware security module; (140) Virtual hardware security module device driver
Abstract translation: 本发明是用于提供具有突出安全性的执行环境的移动计算系统。 该机制通过使用同一移动终端内的虚拟化技术来分离执行环境,并且通过通过相同的硬件安全模块管理每个用户的执行环境来促进个人隐私的保护。 (附图标记)(110,120)所有者执行环境; (111,121,)操作系统; (112,122)申请; (113,123)硬件安全模块设备驱动程序; (130)硬件安全模块; (140)虚拟硬件安全模块设备驱动程序
-
公开(公告)号:KR1020130092136A
公开(公告)日:2013-08-20
申请号:KR1020120013667
申请日:2012-02-10
Applicant: 한국전자통신연구원
CPC classification number: H04B5/00 , H04B5/0031 , H04B5/0037 , Y02D70/166
Abstract: PURPOSE: An apparatus and a method for providing near field communication for a mobile device is provided to minimize the power consumption of a mobile terminal for a non-contact service by providing the non-contact service only through one near field communication device of a chip or an IC card type. CONSTITUTION: A USB signal processing unit (100) converts signals of a mobile terminal into processible information in a central processing unit (108). The USB signal processing unit converts the value offered from the central processing unit into signals to be transmitted to a USB interface. An analog signal processing unit (102) converts analog signals from external devices into digital signals. The analog signal processing unit converts digital signals from the central processing unit into analog signals and transmits the signals to an antenna. A non-contact digital signal processing unit (104) converts the processed value in the central processing device unit into digital signals and transmits signals. A reset signal control unit (106) generates a system reset signal in response to a non-contact reset signal generated from the analog signal processing unit. [Reference numerals] (100) USB signal processing unit; (102) Analog signal processing unit; (104) Non-contact signal processing unit; (106) Reset signal control unit; (108) Central processing unit; (112) Password processing unit; (AA) Power (Vcc); (BB,CC) System reset; (DD) Non-contact state; (EE) Antenna +; (FF) Antenna -; (GG) Non-contact reset; (HH) Non-contact click; (II) Non-contact TX; (JJ) Non-contact RX; (K1,K2,K3,K4) Reset; (LL) Cluck; (MM) Memory control unit; (NN) Non-volatile memory / Safe storage space
Abstract translation: 目的:提供一种用于为移动设备提供近场通信的装置和方法,以通过仅通过芯片的一个近场通信设备提供非接触服务来最小化用于非接触服务的移动终端的功率消耗 或IC卡类型。 构成:USB信号处理单元(100)将移动终端的信号转换为中央处理单元(108)中的可处理信息。 USB信号处理单元将从中央处理单元提供的值转换为要发送到USB接口的信号。 模拟信号处理单元(102)将来自外部设备的模拟信号转换为数字信号。 模拟信号处理单元将来自中央处理单元的数字信号转换为模拟信号,并将信号发送到天线。 非接触数字信号处理单元(104)将中央处理设备单元中的处理值转换为数字信号并发送信号。 复位信号控制单元(106)响应于从模拟信号处理单元产生的非接触复位信号产生系统复位信号。 (附图标记)(100)USB信号处理单元; (102)模拟信号处理单元; (104)非接触信号处理单元; (106)复位信号控制单元; (108)中央处理单位; (112)密码处理单元; (AA)功率(Vcc); (BB,CC)系统复位; (DD)非接触状态; (EE)天线+; (FF)天线 - ; (GG)非接触式复位; (HH)非联系点击; (二)非接触式TX; (JJ)非接触RX; (K1,K2,K3,K4)复位; (LL)Cluck; (MM)存储器控制单元; (NN)非易失性存储器/安全存储空间
-
Patent Agency Ranking
公开(公告)号:KR1020120014533A
公开(公告)日:2012-02-17
申请号:KR1020100132869
申请日:2010-12-22
Applicant: 한국전자통신연구원
CPC classification number: G06K9/00885 , G06K9/20 , H04L9/32
Abstract: PURPOSE: A long distance personal authentication system and method thereof are provided to offer a personal authentication service which privacy is reinforced by comparing biometric data acquired by a portable security token apparatus with standard biometric data. CONSTITUTION: A storage unit(120) stores the secret information and biometric information of a user An electronic signature processing unit(170) authenticates the electronic signature of the user by using the secret information. A communication unit(110) receives the biometric information of the user sensed by a long distance biometric data collection apparatus. A control unit(130) authenticates the user by comparing the received biometric data with the stored biometric data. The communication unit transmits the personal authentication result of the control unit to the biometric information collection apparatus. The storage unit stores the biometric information including face, iris, or voice information.
Abstract translation: 目的:提供一种长距离个人认证系统及其方法,提供个人认证服务,通过将便携式安全令牌设备获取的生物特征数据与标准生物特征数据进行比较来加强隐私。 构成:存储单元(120)存储用户的秘密信息和生物体信息电子签名处理单元(170)通过使用秘密信息认证用户的电子签名。 通信单元(110)接收由长距离生物体数据收集装置感测到的用户的生物体信息。 控制单元(130)通过将所接收的生物统计数据与存储的生物统计数据进行比较来认证用户。 通信单元将控制单元的个人认证结果发送到生物体信息收集装置。 存储单元存储包括脸部,虹膜或语音信息的生物特征信息。
-
公开(公告)号:KR1020110132834A
公开(公告)日:2011-12-09
申请号:KR1020100052393
申请日:2010-06-03
Applicant: 한국전자통신연구원
CPC classification number: G06K9/6215 , A61B5/1172 , G06F11/10
Abstract: PURPOSE: A method for recognizing a fingerprint is provided to protect an original feature point from a fingerprint by adding a plurality of fake fingerprints. CONSTITUTION: A reference feature point(310) is selected from the extracted original feature point. A feature shape is formed based on the information of the selected reference feature point. A space between feature points(330) is calculated by determining the number of fake feature points to be added to the shape. A fingerprint template is generated by adding the fake feature points with the calculated space.
Abstract translation: 目的:提供一种用于识别指纹的方法,通过添加多个假指纹来保护原始特征点免受指纹的影响。 构成:从提取的原始特征点中选择参考特征点(310)。 基于所选择的参考特征点的信息形成特征形状。 通过确定要添加到形状的假特征点的数量来计算特征点(330)之间的空间。 通过将假特征点与计算空间相加来生成指纹模板。
-
公开(公告)号:KR1020110109147A
公开(公告)日:2011-10-06
申请号:KR1020100028739
申请日:2010-03-30
Applicant: 한국전자통신연구원
CPC classification number: G08B13/19669 , G08B13/1966 , G08B25/10 , H04N7/18
Abstract: 본 발명은 방범 시스템에 관한 것으로, 영상 촬영 장치를 통해 촬영된 촬영 영상이 현장 제어 장치에 입력되면 해당 촬영 영상에서 이벤트가 발생하는지를 체크하고, 이벤트가 발생하지 않은 경우 네트워크 전송 용량에 따라 축소 인코딩된 촬영 영상을 실시간으로 전송하여 출력하거나, 이벤트가 발생한 경우 해당 촬영 영상에 대한 이벤트 정보, 클리핑 영상 및 축소 인코딩된 촬영 영상을 전송하고, 이러한 이벤트 발생에 따른 이벤트 경보를 원격 관제 장치에서 출력하며, 해당 클리핑 영상 및 촬영 영상을 출력함으로써, 고해상도 영상을 출력할 수 있는 방범 시스템을 쉽게 구축할 수 있는 것이다.
-
公开(公告)号:KR1020100073123A
公开(公告)日:2010-07-01
申请号:KR1020080131711
申请日:2008-12-22
Applicant: 한국전자통신연구원
IPC: H04N21/835 , G06F21/20 , G06Q30/02
CPC classification number: H04L9/3263 , G06F21/33 , H04L9/321 , H04L2209/601
Abstract: PURPOSE: A user information management method of a user terminal and a user terminal are provided to reinforce self-determination right and a control power of a user about exposure and use of user information, thereby safely and efficiently managing the user information. CONSTITUTION: A user terminal requests issuance of authentication certificate(S200). A certification agency issues the certificate(S210). If the user terminal requests joining the member to a web service provider, the web service provider requests information necessary for joining the member(S220,S230). A certificate generation unit generates a certificate(S240). The web service provider certifies a user through the certificate in the certificate(S260). The web service provider transmits authentication result to the user terminal(S270).
Abstract translation: 目的:提供用户终端和用户终端的用户信息管理方法,以增强用户关于用户信息的曝光和使用的自我决定权和控制权,从而安全而有效地管理用户信息。 构成:用户终端请求颁发认证证书(S200)。 认证机构发放证书(S210)。 如果用户终端请求加入该成员到Web服务提供商,则该Web服务提供商请求加入该成员所需的信息(S220,S230)。 证书生成单元生成证书(S240)。 Web服务提供商通过证书中的证书证明用户(S260)。 网络服务提供商将认证结果发送给用户终端(S270)。
-
公开(公告)号:KR1020100069398A
公开(公告)日:2010-06-24
申请号:KR1020080128069
申请日:2008-12-16
Applicant: 한국전자통신연구원
CPC classification number: G06F21/6245 , G06F21/33
Abstract: PURPOSE: A method of user information protect using an anonymous ID and a web service system having a protecting function are provided to protect the privacy of a user by classifying user information into multi-stages and restricting the range which can be retrieved through a real or anonymous ID. CONSTITUTION: An anonymous ID generator(21) generates an anonymous ID matched a real ID which passes through a real name authentication. A user information database(25) stores the user information and the right information into plural groups classified according to importance. The right information stores not only the retrieval allowance information using the real and anonymous IDs but also retrieval allowance information depending on the level of web service provider. An information management unit(24) controls the retrieval of the user information according to the agreement of the user and the right information.
Abstract translation: 目的:提供一种使用匿名ID进行用户信息保护的方法和具有保护功能的Web服务系统,以便通过将用户信息分为多级来限制用户信息的隐私,并限制可通过实际或 匿名ID。 构成:匿名ID生成器(21)生成与通过实名认证的实际ID相匹配的匿名ID。 用户信息数据库(25)将用户信息和权利信息存储为根据重要性分类的多个组。 正确的信息不仅存储使用真实和匿名ID的检索容许信息,还存储取决于Web服务提供商的级别的检索容许信息。 信息管理单元(24)根据用户的一致性和正确的信息来控制用户信息的检索。
-
-
-
-
-
-
-
-
-
Search Results
207
records
(took 0.035 seconds)
