公开(公告)号：KR1020120070667A

公开(公告)日：2012-07-02

申请号：KR1020100132076

申请日：2010-12-22

Applicant: 한국전자통신연구원

Inventor： 임재덕

IPC: G06T7/00

CPC classification number: G06F17/30867

Abstract: PURPOSE: A multimedia content harmfulness determining method is provided to reduce determining error due to harmfulness determining restriction of mechanical learning. CONSTITUTION: A deciding result confirmation unit updates a continuous decision result value and a continuous decision result number by comparison of a stored local decision result(S205,S209). The deciding result confirmation unit confirms whether a temporary buffer unit is full with a local decision result(S211,S215). A global deciding unit stores the local decision result in a final result buffer unit(S221).

Abstract translation: 目的：提供一种多媒体内容有害因素确定方法，以减少由于机械学习限制的有害因素导致的确定误差。 构成：决定结果确认单元通过比较存储的本地决定结果来更新连续判定结果值和连续判定结果号（S205，S209）。 决定结果确认单元确认临时缓冲单元是否满了本地决定结果（S211，S215）。 全局判定单元将本地判定结果存储在最终结果缓冲器单元（S221）中。

公开(公告)号：KR1020110073238A

公开(公告)日：2011-06-29

申请号：KR1020100107618

申请日：2010-11-01

Applicant: 한국전자통신연구원

Inventor： 한승완 ,  임재덕 ,  최병철 ,  정병호

IPC: G06T7/40

CPC classification number: H04N21/454 ,  G06T7/90

Abstract: PURPOSE: According to the kind and category of a video, a harmful video blocking apparatus and method based on multimodal and multiscale features are provided to perform multi-stage harmfulness filtering suitable for each scale. CONSTITUTION: A multiscale feature analysis unit(110) creates multiscale features. A harmfulness classification model generator(120) creates multilevel harmfulness classification models. A harmfulness decision unit(130) decides the harmfulness of a video with comparison between at least one of the multiscale feature of the input video and at least one of the multilevel harmfulness classification model. In case the video is harmful, a harmful video blocking unit(140) secludes the input video.

Abstract translation: 目的：根据视频的种类和类别，提供了一种基于多模态和多尺度特征的有害视频拦截装置和方法，以执行适合每个尺度的多级有害滤波。 构成：多尺度特征分析单元（110）创建多尺度特征。 有害分类模型生成器（120）创建多级有害分类模型。 危害判定单元（130）通过比较输入视频的多尺度特征中的至少一个和多级有害性分类模型中的至少一个来判断视频的有害性。 如果视频有害，则有害视频阻挡单元（140）隐藏输入视频。

公开(公告)号：KR1020110073225A

公开(公告)日：2011-06-29

申请号：KR1020100084657

申请日：2010-08-31

Applicant: 한국전자통신연구원

Inventor： 임재덕 ,  한승완 ,  최병철 ,  정병호

IPC: G06F9/44 ,  G06F15/00 ,  G06F17/00 ,  G11B20/10

CPC classification number: G06F17/3089 ,  G06F9/4494 ,  G06F9/453 ,  G06F15/00 ,  G06F17/2229 ,  G06F17/30867 ,  G06F17/30902 ,  G11B2020/1099

Abstract: PURPOSE: A device and method for analyzing obscene content based on audio data are provided to block the section of content in which obscene grade is marked while reproducing the content by marking the obscene grade on the obscene section. CONSTITUTION: A content input unit(110) inputs content. An input data buffering unit(121) stores the content corresponding to the analysis section longer than the preset analysis section. An obscenity analyzer and obscenity decider(133, 145) determine the obscenity of the analysis section for the audio data extracted from the content. If the content is obscene, the obscene grade is marked in the analysis section. A content player(140) blocks the analysis section in which obscene grade is marked and reproduces the content.

Abstract translation: 目的：提供一种用于基于音频数据分析淫秽内容的装置和方法，以通过标记色情部分上的淫秽等级来再现内容来阻止在其中标记色情等级的内容部分。 构成：内容输入单元（110）输入内容。 输入数据缓冲单元（121）存储与分析单元相对应的内容比预设分析单元长。 淫秽分析器和淫秽判定器（133,145）确定从内容中提取的音频数据的分析部分的淫秽。 如果内容是淫秽的，淫秽等级在分析部分被标记。 内容播放器（140）阻止其中标记淫秽等级的分析部分并再现内容。

公开(公告)号：KR1020100069398A

公开(公告)日：2010-06-24

申请号：KR1020080128069

申请日：2008-12-16

Applicant: 한국전자통신연구원

Inventor： 박소희 ,  최병철 ,  임재덕 ,  김정녀

IPC: G06F21/62 ,  G06F21/33

CPC classification number: G06F21/6245 ,  G06F21/33

Abstract: PURPOSE: A method of user information protect using an anonymous ID and a web service system having a protecting function are provided to protect the privacy of a user by classifying user information into multi-stages and restricting the range which can be retrieved through a real or anonymous ID. CONSTITUTION: An anonymous ID generator(21) generates an anonymous ID matched a real ID which passes through a real name authentication. A user information database(25) stores the user information and the right information into plural groups classified according to importance. The right information stores not only the retrieval allowance information using the real and anonymous IDs but also retrieval allowance information depending on the level of web service provider. An information management unit(24) controls the retrieval of the user information according to the agreement of the user and the right information.

Abstract translation: 目的：提供一种使用匿名ID进行用户信息保护的方法和具有保护功能的Web服务系统，以便通过将用户信息分为多级来限制用户信息的隐私，并限制可通过实际或 匿名ID。 构成：匿名ID生成器（21）生成与通过实名认证的实际ID相匹配的匿名ID。 用户信息数据库（25）将用户信息和权利信息存储为根据重要性分类的多个组。 正确的信息不仅存储使用真实和匿名ID的检索容许信息，还存储取决于Web服务提供商的级别的检索容许信息。 信息管理单元（24）根据用户的一致性和正确的信息来控制用户信息的检索。

公开(公告)号：KR100932122B1

公开(公告)日：2009-12-16

申请号：KR1020070110104

申请日：2007-10-31

Applicant: 한국전자통신연구원

Inventor： 임재덕 ,  최병철 ,  박소희 ,  김정녀

IPC: G06F21/00

Abstract: 본 발명은 클러스터 시스템에 관한 것으로, 특히 외부침입으로 변조된 운영체계나 프로그램의 운용을 방지할 수 있도록 한 클러스터 시스템 및 그의 프로그램 관리방법에 관한 것이다. 이를 위하여 본 발명은 유사성을 갖는 하나 이상의 노드의 프로그램을 통합 운영하는 클러스터 시스템에 있어서, 고유 ID를 할당받아 프로그램을 운용하는 하나 이상의 노드와; 상기 고유 ID를 할당하고, 상기 프로그램에 서명을 추가하여 상기 노드로 분배하는 보안관리 서버를 포함하는 클러스터 시스템 및 이를 통해 수행되는 클러스터의 프로그램을 관리하는 방법을 제공한다.
클러스터, OS프로그램, 운용 프로그램, 노드

Abstract translation: 集群系统和程序管理方法技术领域本发明涉及集群系统，并且更具体地涉及用于防止操作系统或由外部入侵调制的程序的操作的集群系统和程序管理方法。 为此，本发明提供了一种用于整体地操作具有相似性的一个或多个节点的程序的集群系统，该集群系统包括：一个或多个节点，其被分配了唯一的ID以操作程序; 以及安全管理服务器，用于分配唯一ID，向程序添加签名并将签名分发给节点，以及用于管理通过集群系统执行的集群的程序的方法。

公开(公告)号：KR1020080050194A

公开(公告)日：2008-06-05

申请号：KR1020070029347

申请日：2007-03-26

Applicant: 한국전자통신연구원

Inventor： 정보흥 ,  임재덕 ,  류승호 ,  김영호 ,  김환국 ,  김기영

IPC: H04L12/22 ,  H04L12/24 ,  H04L12/28

CPC classification number: H04L63/1416 ,  H04L41/22 ,  H04L61/6086

Abstract: An apparatus and a method for integratedly managing invasion detection rules in an IPv4 and IPv6 combined network are provided to easily re-use an already developed IPv4 and IPv6 intrusion detection system by using a framework of an invasion detection rule integrated management. A GUI(Graphic User Interface)(110) receives an intrusion detection rule from the exterior. A correlation analyzer(120) analyzes the correlation between an IPv4 and an IPv6 included in the received intrusion detection rule, and automatically converts the received intrusion detection rule by using the analyzed results. A storage unit(150) stores the correlation information between the converted intrusion detection rule and the IPv4 and the IPv6 in a corresponding database. An IPv4 intrusion detection rule manager(130) manages an intrusion detection rule of an IPv4 and transfers the intrusion detection rule of the IPv4 and the previously stored correlation information to an IPv4-based IDS(Intrusion Detection System)(20). An IPv6 intrusion detection rule manager(140) manages an intrusion detection rule of the IPv6, and transfers the intrusion detection rule of the IPv6 and the previously stored correlation information to an IPv6-based IDS(10).

Abstract translation: 提供了一种综合管理IPv4和IPv6组合网络入侵检测规则的装置和方法，通过使用入侵检测规则集成管理框架，轻松重用已开发的IPv4和IPv6入侵检测系统。 GUI（图形用户界面）（110）从外部接收入侵检测规则。 相关分析器（120）分析接收到的入侵检测规则中包含的IPv4与IPv6之间的相关性，并通过使用分析结果自动转换接收到的入侵检测规则。 存储单元（150）在相应的数据库中存储转换的入侵检测规则与IPv4与IPv6之间的相关信息。 IPv4入侵检测规则管理器（130）管理IPv4的入侵检测规则，并将IPv4的入侵检测规则和先前存储的相关信息传送到基于IPv4的IDS（入侵检测系统）（20）。 IPv6入侵检测规则管理器（140）管理IPv6的入侵检测规则，并将IPv6的入侵检测规则和先前存储的相关信息传输到基于IPv6的IDS（10）。

公开(公告)号：KR100723864B1

公开(公告)日：2007-05-31

申请号：KR1020050108290

申请日：2005-11-12

Applicant: 한국전자통신연구원

Inventor： 임재덕 ,  김영호 ,  류승호 ,  정보흥 ,  김기영

IPC: H04L12/22 ,  H04L12/70 ,  H04L12/28 ,  H04L12/56

CPC classification number: H04L63/1416 ,  H04L63/101 ,  H04L69/16 ,  H04L69/161

Abstract: A method of blocking network attacks using information included in a packet, and an apparatus thereof are provided. The method includes: receiving a packet containing information on the packet including at least information on a source from which the packet is sent, and information on a destination to which the packet is sent; and extracting the information on the packet included in the packet, comparing the information with a predetermined access control condition, and blocking or passing the packet. By doing so, a packet being transferred with a routing header capable of bypassing a security device as in an Internet Protocol version 6 (IPv6) network can be appropriately blocked or passed. Accordingly, security problems caused by the routing header can be overcome, and as a result, usage of the routing header can be promoted. Also, since a routing header can be used for transmitting a packet along a desired path, the routing header can be widely used without security problems, and can ease network security concerns relating to IPv6 networks that are expected to come into increasingly wide use.

公开(公告)号：KR1020070014440A

公开(公告)日：2007-02-01

申请号：KR1020050069079

申请日：2005-07-28

Applicant: 한국전자통신연구원

Inventor： 임재덕 ,  정보흥 ,  한민호 ,  류승호 ,  김영호 ,  김기영

IPC: H04L12/28 ,  H04L29/06

Abstract: An apparatus and a method for preventing conflict of addresses are provided to previously prevent possibility of the address conflict which can be generated when a stateful address autoconfiguration technique and a stateless address autoconfiguration technique are simultaneously provided in the IPv6(Internet Protocol version 6) network environment and when an arbitrary address is manually configured instead of the stateless address autoconfiguration technique, thereby preventing the conflict during network connection of various mobile terminals and home appliances through the stateless address autoconfiguration technique. An apparatus(100) for preventing conflict of addresses comprises the followings: a receiver(110) for receiving a packet if the packet includes an NS(Neighbor Solicitation) message for confirming whether the addresses is used or not on the basis of a header of the packet received by using a promiscuous mode; a uniqueness determiner(120) for determining whether an address, which is included within the received NS message and will be used, is consistent with N number of fixed addresses; and a conflict informer(130) which transmits an NA(Neighbor Advertisement) message showing that the address, which will be used, is redundant if the address which will be used is consistent with an address, which is not configured yet, among the N number of fixed addresses.

Abstract translation: 提供了一种用于防止地址冲突的装置和方法，以防止在IPv6（因特网协议版本6）网络环境中同时提供有状态地址自动配置技术和无状态地址自动配置技术时可能产生的地址冲突的可能性 并且当手动配置任意地址而不是无状态地址自动配置技术时，从而通过无状态地址自动配置技术来防止各种移动终端和家用电器的网络连接期间的冲突。 一种用于防止地址冲突的装置（100）包括以下内容：接收机（110），用于如果所述分组包括用于确认地址是否被使用的NS（邻居请求）消息，则基于标题 使用混杂模式接收到的数据包; 用于确定包含在所接收的NS消息中并且将被使用的地址是否与N个固定地址一致的唯一性确定器（120） 以及发送NA（邻居广播）消息的冲突报告器（130），其表示如果将要使用的地址与N中未配置的地址一致，则将使用将被使用的地址是冗余的 固定地址数。

公开(公告)号：KR1020040039845A

公开(公告)日：2004-05-12

申请号：KR1020020068066

申请日：2002-11-05

Applicant: 한국전자통신연구원

Inventor： 두소영 ,  유준석 ,  임재덕 ,  은성경 ,  김정녀 ,  손승원

IPC: H04L9/00

CPC classification number: H04L63/08 ,  H04L63/0428 ,  H04L63/105

Abstract: PURPOSE: An apparatus and a method for encrypting user authentication information and data using MAC(Mandatory Access Control) and RBAC(Role Based Access Control) are provided to perform an encrypting process corresponding to a grade of the user information by encrypting selectively a transmitting file according to an important grade of the transmitting file. CONSTITUTION: An apparatus for encrypting user authentication information and data using MAC and RBAC includes an FTP client program(10), a kernel layer(20), an FTP demon program(15), and a security database(30). The FTP client program(10) provides a user authentication information request and a server connection request. The kernel layer(20) is used for requesting the user authentication according to the server connection request of the FTP client program. In addition, the kernel layer is used for performing an encrypting/decrypting processing data of the FTP client program when being connected by a grade of MAC corresponding to the user authentication request. The FTP demon program(15) is used for analyzing the encrypted user authentication information and performing a user authentication process according to the grade of MAC. The security database(30) is used for storing the grade of MAC for the client and the grade of MAC for the data.

Abstract translation: 目的：提供一种使用MAC（强制访问控制）和RBAC（基于角色的访问控制）加密用户认证信息和数据的装置和方法，用于通过有选择地加密发送文件来执行与用户信息等级对应的加密处理 根据传输文件的重要等级。 构成：使用MAC和RBAC加密用户认证信息和数据的装置包括FTP客户端程序（10），内核层（20），FTP恶魔程序（15）和安全数据库（30）。 FTP客户端程序（10）提供用户认证信息请求和服务器连接请求。 内核层（20）用于根据FTP客户端程序的服务器连接请求请求用户认证。 此外，当通过与用户认证请求相对应的MAC级别连接时，内核层用于执行FTP客户端程序的加密/解密处理数据。 FTP恶魔程序（15）用于分析加密的用户认证信息，并根据MAC的等级进行用户认证过程。 安全数据库（30）用于存储客户端的MAC级别和数据的MAC级别。

公开(公告)号：KR1020040037583A

公开(公告)日：2004-05-07

申请号：KR1020020066130

申请日：2002-10-29

Applicant: 한국전자통신연구원

Inventor： 임재덕 ,  유준석 ,  은성경 ,  두소영 ,  김정녀 ,  손승원

IPC: H04L12/22

CPC classification number: H04L63/0428 ,  H04L63/162 ,  H04L63/164

Abstract: PURPOSE: An apparatus and a method for providing a reliable channel in a security OS(Operating System) to which MAC(Mandatory Access Control) is applied is provided to offer a new header for independently encoding a packet used in communication by a security level of the MAC and minimize network performance degradation using the security level of the MAC. CONSTITUTION: If data according to a communication request provided from a transmission-side user(S1) are for a packet transmission request, a reliable channel subsystem(12) judges whether a reliable channel is applied. If the reliable channel is applied, the reliable channel subsystem(12) composes a reliable channel header, encodes a specific portion of a packet, stores authentication information in the reliable channel header, and transmits the packet through a network(A). A MAC module(20) provides MAC information for indicating whether the reliable channel is applied. A kernel memory(30) provides an encryption key and an authentication key necessary for encoding a reliable channel application host address and the packet and generating authentication data. A reliable channel subsystem(12-1) retrieves the authentication data of the reliable channel header before decoding the packet received through the network(A). If the authentication data are valid, the reliable channel subsystem(12-1) decodes the encoded packet. If process for the reliable channel is ended, the reliable channel subsystem(12-1) transmits the packet to an upper level to transmit the packet to a reception-side user(S2). A kernel memory provides an authentication key and an encryption key necessary for checking authentication with respect to the packet encoded by the reliable channel subsystem(12) and decoding the packet.

Abstract translation: 目的：提供一种用于在应用MAC（强制访问控制）的安全OS（操作系统）中提供可靠信道的装置和方法，以提供用于通过安全级别独立地编码通信中使用的分组的新标题 MAC，并使用MAC的安全级别最小化网络性能下降。 构成：如果从发送侧用户（S1）提供的根据通信请求的数据用于分组发送请求，则可靠的信道子系统（12）判断是否应用了可靠的信道。 如果可靠的信道被应用，可靠的信道子系统（12）构成可信的信道报头，对分组的特定部分进行编码，将认证信息存储在可信的信道报头中，并通过网络（A）发送分组。 MAC模块（20）提供用于指示是否应用可靠信道的MAC信息。 内核存储器（30）提供对可靠的信道应用主机地址和分组进行编码所需的加密密钥和认证密钥，并生成认证数据。 可靠的信道子系统（12-1）在对通过网络（A）接收的分组进行解码之前检索可靠信道报头的认证数据。 如果验证数据有效，则可靠的信道子系统（12-1）解码编码的分组。 如果可靠信道的处理结束，则可靠信道子系统（12-1）将分组发送到上层，将分组发送给接收侧用户（S2）。 内核存储器提供验证密钥和加密密钥，用于检查关于由可靠信道子系统（12）编码的分组的认证并对分组进行解码。