-
公开(公告)号:KR1020140142951A
公开(公告)日:2014-12-15
申请号:KR1020130064743
申请日:2013-06-05
Applicant: 숭실대학교산학협력단
Abstract: 본 발명은 전자 금융 거래 시스템에서 사용자에 대한 인증을 하기 위한 OTP발생기에 관한 것으로, OTP발생기는 외부 서버로부터 챌린지값(C
0 )을 수신하고, PUF(Physically Unclonable Fuction)모듈이 상기 챌린지값(C
0 )에 대응하는 응답값(R
0 )을 생성하면, 시간 동기 정보 및 상기 응답값(R
0 )을 이용하여 OTP비밀번호를 생성한다. 이러한 OTP발생기는 원하는 정보를 PUF의 응답값을 비밀키로 이용하여 암호화하여 보호하므로 공격자들이 어떤 정보도 복원할 수 없도록 하는 효과를 갖는다.Abstract translation: 本发明涉及一种用于在电子金融交易系统中生成用于认证用户的OTP(一次密码)的装置,其中通过使用时间同步信息生成OTP密码和当用于生成的设备时产生回复值(R0) OTP从外部服务器接收到挑战值(C0),PUF(物理不可克隆功能)模块生成对应于挑战值(C0)的应答值(R0)。 用于生成OTP的装置通过使用PUF的回复值作为密码密钥加密信息来保护所需信息,使得攻击者无法恢复任何信息。
-
公开(公告)号:KR1020140091903A
公开(公告)日:2014-07-23
申请号:KR1020130003934
申请日:2013-01-14
Applicant: 숭실대학교산학협력단
Abstract: A system for managing wireless LAN security in a mobile terminal according to the present invention comprises a reception unit for receiving wireless LAN AP information; a reliability calculation unit for calculating reliability based on the wireless LAN AP information; a management unit for managing the access of the wireless LAN AP based on a threshold value for the calculated reliability; a storage unit for storing an AP list in which the threshold value for the reliability and the stored AP list exceeds; and an update unit for updating the AP list stored in the storage unit. The management unit connects to the wireless LAN AP included in the wireless LAN AP information received by the reception unit when the calculated reliability exceeds the threshold value. The management unit connects to a virtual private gateway when the calculated reliability does not exceed the threshold value.
Abstract translation: 根据本发明的用于管理移动终端中的无线LAN安全性的系统包括:用于接收无线LAN AP信息的接收单元; 可靠性计算单元,用于基于所述无线LAN AP信息来计算可靠性; 管理单元,用于基于所计算的可靠性的阈值来管理无线LAN AP的访问; 存储单元,用于存储其中可靠性和所存储的AP列表的阈值超过的AP列表; 以及更新单元,用于更新存储在存储单元中的AP列表。 当计算的可靠性超过阈值时,管理单元连接到由接收单元接收的无线LAN AP信息中包括的无线LAN AP。 当计算的可靠性不超过阈值时,管理单元连接到虚拟专用网关。
-
公开(公告)号:KR101404673B1
公开(公告)日:2014-06-09
申请号:KR1020130077104
申请日:2013-07-02
Applicant: 숭실대학교산학협력단
CPC classification number: G06K7/10257 , G06F21/602 , G06K19/07309 , G06Q20/3278 , G09C1/00 , H04L9/006 , H04L9/3263 , H04L9/3273 , H04L9/3278 , H04L2209/805
Abstract: A radio frequency identification (RFID) tag using a physically unclonable function (PUF) generates a response value corresponding to a challenge value, receives an ID of an RFID reader from the RFID reader, generates a first message authentication code for the ID of the RFID reader, the ID of the RFID tag, and time information by using the first response value corresponding to the first challenge value as a secrete key, and if the ID of the RFID reader is received, sends the first challenge value, the first message authentication code, and the time information of the RFID tag, which are tag identifying elements, to the RFID reader. The RFID tag shares the same message authentication code generation function as the RFID tag authentication server, the ID of the RFID tag, the first challenge value, and the first response value generated from the PUF module.
Abstract translation: 使用物理不可克隆功能(PUF)的射频识别(RFID)标签产生对应于挑战值的响应值,从RFID读取器接收RFID读取器的ID,生成用于RFID的ID的第一消息认证码 读取器,RFID标签的ID和通过使用与第一挑战值相对应的第一响应值作为分离密钥的时间信息,并且如果接收到RFID读取器的ID,则发送第一询问值,第一消息认证 代码和作为标签识别元件的RFID标签的时间信息发送给RFID读取器。 RFID标签共享与RFID标签认证服务器相同的消息认证码生成功能,RFID标签的ID,第一询问值和从PUF模块生成的第一响应值。
-
公开(公告)号:KR1020140059485A
公开(公告)日:2014-05-16
申请号:KR1020120125990
申请日:2012-11-08
Applicant: 숭실대학교산학협력단
Abstract: Disclosed is a device authenticating apparatus which authenticates a plurality of devices with physical unclonable function (PUF) circuits via an authentication server. An authentication requesting part transmits a first ID of a first device to the authentication server to authenticate the first device and requests the server to authenticate the first device. A first authentication information part receives first set authentication information, using a first response value corresponding to an arbitrary first challenge value on the first ID as a private key, from the authentication server. A second authentication information part generates a second response value in the PUF circuit based on the first challenge value extracted from the first authentication information and transmits second set authentication information including the second response value to the authentication server. An authentication checking part receives data on whether the first response value is identical to the second response value from the authentication server and authenticates the first device. The present invention authenticates a device by using a challenge-response value which plays a role like a fingerprint of a device in various fields, thereby may defense sham attacks from a malicious device and effectively cope with various security attacks which may occur afterwards.
Abstract translation: 公开了一种通过认证服务器认证具有物理不可克隆功能(PUF)电路的多个设备的设备认证设备。 认证请求部分向认证服务器发送第一设备的第一ID,以对第一设备进行认证,并请求服务器认证第一设备。 第一认证信息部分从认证服务器接收使用与第一ID上的任意第一询问值对应的第一响应值作为私钥的第一设置认证信息。 第二认证信息部分基于从第一认证信息提取的第一询问值在PUF电路中生成第二响应值,并将包括第二响应值的第二集合认证信息发送给认证服务器。 认证检查部件从认证服务器接收关于第一响应值是否与第二响应值相同的数据,并认证第一设备。 本发明通过使用具有诸如各种领域中的设备的指纹的角色的质询响应值来认证设备,从而可以防止来自恶意设备的假冒防御,并且有效地应对可能发生的各种安全攻击。
-
Patent Agency Ranking
公开(公告)号:KR1020160026101A
公开(公告)日:2016-03-09
申请号:KR1020140113996
申请日:2014-08-29
Applicant: 숭실대학교산학협력단
CPC classification number: H04L9/32
Abstract: 인증서버와액세스포인트간의비밀키업데이트시, 인증서버가새로사용할공유비밀키를생성하고, 사전에액세스포인트와약속된공유비밀키를사용하여암호화된새로사용할공유비밀키를포함하는비밀키업데이트메시지를생성하고, 생성한비밀키업데이트메시지를상기액세스포인트로전송하고, 액세스포인트로부터비밀키업데이트메시지에대응하는비밀키업데이트응답메시지를수신하고, 비밀키업데이트응답메시지를수신하면새로사용할공유비밀키를약속된공유비밀키로업데이트한다.
Abstract translation: 本发明提供了一种用于更新秘密密钥的系统和方法,其中可以一次更新认证服务器和接入点之间的共享秘密密钥。 在认证服务器与接入点之间的秘密密钥更新期间,认证服务器生成新使用的共享密钥,生成包含新使用的共享密钥的秘密密钥更新消息,该秘密密钥更新消息已被 使用预先为接入点指定的共享秘密密钥,将生成的秘密密钥更新消息发送到接入点,从接入点接收与秘密密钥更新消息对应的秘密密钥更新响应消息,并更新共享秘密密钥 如果接收到密钥更新响应消息,则用指定的共享密钥重新使用。
-
公开(公告)号:KR101489178B1
公开(公告)日:2015-02-03
申请号:KR1020130109983
申请日:2013-09-12
Applicant: 숭실대학교산학협력단 , 주식회사 안랩
CPC classification number: H04L63/1408 , H04L43/10 , H04L61/103 , H04L61/20 , H04L63/1466
Abstract: ARP스푸핑 감지단말은 서버로부터 인가된 호스트의 ARP정보를 수신하고, ARP정보로부터 맥 주소 및 아이피 주소를 수집하고, ARP테이블에 인가된 호스트의 맥 주소 및 아이피 주소를 정적 할당하고, 인가된 호스트와 동일한 아이피 주소에 대한 ARP응답 패킷을 수신한 경우, ARP스푸핑 공격으로 감지한다.
Abstract translation: 地址解析协议(ARP)欺骗检测终端接收从服务器应用的主机的ARP信息,从ARP信息中收集媒体访问控制(MAC)地址和网际协议(IP)地址,静态分配应用的MAC地址, 主机的IP地址,并且当接收到与应用的主机IP地址相同的IP地址的ARP响应分组时,识别ARP欺骗攻击。
-
公开(公告)号:KR101449611B1
公开(公告)日:2014-10-14
申请号:KR1020130085509
申请日:2013-07-19
Applicant: 숭실대학교산학협력단
CPC classification number: H04L9/3278 , H04L2209/805
Abstract: A radio frequency identification (RFID) tag generates a random number, stores a private key, ID of the RFID tag and a first random number generated in a random number generator in advance, receives ID of an RFID reader from the RFID reader, generates a first message authentication code with respect to the RFID reader ID and time information by using the RFID tag ID as a private key, and encrypts first and second random numbers using the private key. If the RFID tag receives the ID of the RFID reader, the RFID tag transmits the first random number, first message authentication code, ID of the RFID reader, time information, first and second random numbers encrypted with the private key, which are tag identification elements, to the RFID reader. In this case, the RFID tag shares the same message authentication code generating function, private key, RFID tag ID and first random number with the RFID tag authentication server.
Abstract translation: 射频识别(RFID)标签产生随机数,预先存储私钥,RFID标签的ID和随机数发生器中生成的第一随机数,从RFID读取器接收RFID读取器的ID,生成 通过使用RFID标签ID作为私钥,关于RFID读取器ID和时间信息的第一消息认证码,并使用私钥对第一和第二随机数进行加密。 如果RFID标签接收到RFID读取器的ID,则RFID标签发送作为标签识别的第一随机数,第一消息认证码,RFID读取器的ID,时间信息,用私钥加密的第一和第二随机数 元素,到RFID阅读器。 在这种情况下,RFID标签与RFID标签认证服务器共享相同的消息认证码生成功能,私钥,RFID标签ID和第一随机数。
-
公开(公告)号:KR101585413B1
公开(公告)日:2016-01-14
申请号:KR1020140137693
申请日:2014-10-13
Applicant: 숭실대학교산학협력단
IPC: H04L12/937 , H04L29/06
Abstract: 본발명의일 실시예에따른소프트웨어정의네트워크기반클라우드컴퓨팅시스템에서의오픈플로우컨트롤러는클라우드컴퓨팅시스템에포함된하나이상의가상머신의정보및 가상머신의포워딩경로가저장된데이터베이스, 재해복구애플리케이션이저장된스토리지장치및 재해복구애플리케이션을실행시키는프로세서를포함한다. 이때, 프로세서는클라우드컴퓨팅시스템에포함된가상머신이라이브마이그레이션되면, 재해복구애플리케이션을실행시킴에따라라이브마이그레이션된가상머신을탐지하고, 라이브마이그레이션된가상머신에대응하는포워딩경로를추출하고, 추출된포워딩경로에기초하여저장된포워딩경로를업데이트하며, 추출된포워딩경로에대응하는오픈플로우스위치를검색하고, 검색된오픈플로우스위치에추출된포워딩경로를업데이트한다.
-
公开(公告)号:KR1020140076125A
公开(公告)日:2014-06-20
申请号:KR1020120144303
申请日:2012-12-12
Applicant: 숭실대학교산학협력단
CPC classification number: H04L9/32 , H04L9/0861 , H04L63/166
Abstract: Disclosed is an apparatus for authenticating secure sockets layer/transport layer security (SSL/TLS). A private key generator generates a plurality of private keys associated with each other using SSL/TLS private keys to separately store the private keys in a first cloud and a second cloud. A protocol unit receives an SSL/TLS generation request message from a web browser to start an SSL/TLS handshake protocol. A private key operating unit enables the first cloud to transmit a private key operation request message to the second cloud, and the second cloud receives the private key operation request message to transmit a private key operation result message to the first cloud. An SSL/TLS channel forming unit shares a private key with the web browser based on the private key operation result message received by the first cloud to form an SSL/TLS channel. The present invention may stably protect the private key from malicious access of a public cloud in a cloud environment and form a stable SSL/TLS channel to stably protect a web user and a web server.
Abstract translation: 公开了一种用于认证安全套接层/传输层安全性(SSL / TLS)的装置。 私钥生成器使用SSL / TLS专用密钥生成彼此相关联的多个私钥,以将私钥分别存储在第一云和第二云中。 协议单元从Web浏览器接收SSL / TLS生成请求消息以启动SSL / TLS握手协议。 私钥操作单元使得第一云能够向第二云发送私钥操作请求消息,并且第二云接收私钥操作请求消息以将私钥操作结果消息发送到第一云。 SSL / TLS通道形成单元基于由第一云接收到的私钥操作结果消息与web浏览器共享私钥以形成SSL / TLS信道。 本发明可以稳定地保护私钥免受云环境中的公共云的恶意访问,并形成稳定的SSL / TLS信道,以稳定地保护web用户和web服务器。
-
-
-
-
-
-
-
-
Search Results
19
records
(took 0.017 seconds)
