公开(公告)号：KR1020130033691A

公开(公告)日：2013-04-04

申请号：KR1020110097521

申请日：2011-09-27

Applicant: 에스케이텔레콤 주식회사 ,  숭실대학교산학협력단

Inventor： 정인장 ,  한창문 ,  배성수 ,  김지훈 ,  정수환 ,  채강석

IPC: H04W12/06 ,  H04W88/02 ,  H04L9/32

CPC classification number: H04W12/06 ,  H04L9/32 ,  H04W12/08 ,  H04W88/02

Abstract: PURPOSE: A terminal device for a network access security reinforcement system and an authorization supporting device thereof are provided to allow a security relay device to relay data traffic corresponding to the terminal device outside through a security channel. CONSTITUTION: A security level determination unit(110) determines whether the security level of a connected network relay device is under a specific security level. When security level of the network relay device is under a specific security level, an authentication control unit(130) forms a security channel and a specific security relay channel using an authentication information generated based on the acquired specific authentication information. A data control unit(140) transmits and receives data traffic corresponding to the network relay device through the security channel. The security level determination unit determines the security level of the network relay device based on the authentication method or an encryption method of the network relay device. [Reference numerals] (110) Security level determination unit; (120) Security warning unit; (130) Authentication control unit; (140) Data control unit;

Abstract translation: 目的：提供一种用于网络访问安全加强系统的终端设备及其授权支持设备，以允许安全中继设备通过安全信道中继对应于终端设备的数据业务。 构成：安全级别确定单元（110）确定所连接的网络中继设备的安全级别是否处于特定安全级别。 当网络中继设备的安全级别处于特定安全级别时，认证控制单元使用基于所获取的特定认证信息生成的认证信息，形成安全信道和特定安全中继信道。 数据控制单元（140）通过安全信道发送和接收对应于网络中继设备的数据业务。 安全级别确定单元基于网络中继设备的认证方法或加密方法来确定网络中继设备的安全级别。 （附图标记）（110）安全等级确定单元; （120）安全警告单位; （130）认证控制单元; （140）数据控制单元;

公开(公告)号：KR1020120076282A

公开(公告)日：2012-07-09

申请号：KR1020110041027

申请日：2011-04-29

Applicant: 숭실대학교산학협력단

Inventor： 정수환 ,  정서현 ,  채강석

IPC: H04L12/22 ,  H04L12/26 ,  H04W92/02

CPC classification number: H04L69/08 ,  H04L63/0227

Abstract: PURPOSE: A secret information leakage prevention apparatus using tethering and method thereof are provided to prevent the leakage of secret information by combining with an effective protection system and by securing network traffic. CONSTITUTION: A wireless network control unit(110) receives data from a tethering apparatus. The wireless network control unit changes the data according to an IP(Internet Protocol). The tethering apparatus receives the data transmitted from an in-company apparatus connected through an inner network to an external network. A traffic classification unit(120) selectively transmits security maintenance target data maintained by a firewall to a gateway.

Abstract translation: 目的：提供一种使用系链的秘密信息泄漏防护装置及其方法，通过结合有效的保护系统和保护网络流量来防止秘密信息的泄漏。 构成：无线网络控制单元（110）从系链装置接收数据。 无线网络控制单元根据IP（因特网协议）改变数据。 系链装置接收从通过内部网络连接的公司内装置发送到外部网络的数据。 流量分类单元（120）选择性地将由防火墙维护的安全维护目标数据传送到网关。

公开(公告)号：KR1020160131971A

公开(公告)日：2016-11-16

申请号：KR1020160115558

申请日：2016-09-08

Applicant: 에스케이텔레콤 주식회사 ,  숭실대학교산학협력단

Inventor： 정인장 ,  한창문 ,  배성수 ,  김지훈 ,  정수환 ,  채강석

IPC: H04W12/06 ,  H04W88/02 ,  H04L9/32 ,  H04W12/08

Abstract: 본발명은, 보안인증되지않은네트워크중계장치를통해 WiFi 네트워크에접속할때 보안성을개선할수 있는방안을제시하는네트워크접속보안강화시스템및 방법이개시되어있다. 본발명의네트워크접속보안강화시스템은, 단말장치가기 정의된특정보안수준이하의네트워크중계장치에접속한경우, 특정인증관련정보보유여부에따라상기인증관련정보를요청하고, 이에인증지원장치가상기단말장치로부터의요청에따라, 상기단말장치에대응하는상기인증관련정보를생성하여상기단말장치로제공하고상기인증관련정보를기반으로생성되는상기단말장치의인증정보를특정보안중계장치로제공하며, 상기단말장치가상기특정인증관련정보를기반으로생성되는인증정보를이용하여상기특정보안중계장치와의보안채널을형성하고, 상기네트워크중계장치에대응되는데이터트래픽을상기보안채널을통해송수신하며, 상기보안중계장치가상기보안채널을통해상기단말장치에대응하는데이터트래픽을외부로중계하는구성을포함한다.

公开(公告)号：KR101658657B1

公开(公告)日：2016-09-23

申请号：KR1020110097521

申请日：2011-09-27

Applicant: 에스케이텔레콤 주식회사 ,  숭실대학교산학협력단

Inventor： 정인장 ,  한창문 ,  배성수 ,  김지훈 ,  정수환 ,  채강석

IPC: H04W12/06 ,  H04W88/02 ,  H04L9/32

Abstract: 본발명은, 보안인증되지않은네트워크중계장치를통해 WiFi 네트워크에접속할때 보안성을개선할수 있는방안을제시하는네트워크접속보안강화시스템및 방법이개시되어있다. 본발명의네트워크접속보안강화시스템은, 단말장치가기 정의된특정보안수준이하의네트워크중계장치에접속한경우, 특정인증관련정보보유여부에따라상기인증관련정보를요청하고, 이에인증지원장치가상기단말장치로부터의요청에따라, 상기단말장치에대응하는상기인증관련정보를생성하여상기단말장치로제공하고상기인증관련정보를기반으로생성되는상기단말장치의인증정보를특정보안중계장치로제공하며, 상기단말장치가상기특정인증관련정보를기반으로생성되는인증정보를이용하여상기특정보안중계장치와의보안채널을형성하고, 상기네트워크중계장치에대응되는데이터트래픽을상기보안채널을통해송수신하며, 상기보안중계장치가상기보안채널을통해상기단말장치에대응하는데이터트래픽을외부로중계하는구성을포함한다.

公开(公告)号：KR1020130057271A

公开(公告)日：2013-05-31

申请号：KR1020110123101

申请日：2011-11-23

Applicant: 에스케이텔레콤 주식회사 ,  숭실대학교산학협력단

Inventor： 정인장 ,  한창문 ,  배성수 ,  김지훈 ,  정수환 ,  채강석

IPC: H04W48/06 ,  H04W24/04

CPC classification number: H04W48/06 ,  H04W24/04 ,  H04W28/20

Abstract: PURPOSE: A wireless network access control method and a device thereof are provided to selectively connect users to a network by authenticating the users again. CONSTITUTION: A policy setting unit(220) confirms the number of specific terminal devices which are connected in a current state according to a confirmation result. The policy setting unit sets an access selection policy based on the number of the confirmed specific terminal devices. An access control unit(230) releases the connection for the terminal devices. The access control unit identifies whether the terminal device is the determined specific terminal device. The access control unit allows the identified terminal device to access a network according to the access selection policy set based on the identification result. [Reference numerals] (210) State determination unit; (220) Policy setting unit; (230) Access control unit

Abstract translation: 目的：提供无线网络接入控制方法及其设备，以便通过再次认证用户来选择性地将用户连接到网络。 构成：策略设定部（220）根据确认结果确认在当前状态下连接的特定终端装置的数量。 策略设置单元基于所确认的特定终端设备的数量来设置访问选择策略。 访问控制单元（230）释放用于终端设备的连接。 访问控制单元识别终端设备是否是确定的特定终端设备。 访问控制单元允许所识别的终端设备根据基于识别结果设置的访问选择策略来访问网络。 （附图标记）（210）状态确定单元; （220）策略设定单位; （230）门禁控制单元

公开(公告)号：KR101131929B1

公开(公告)日：2012-04-03

申请号：KR1020100043514

申请日：2010-05-10

Applicant: 숭실대학교산학협력단

Inventor： 정수환 ,  최재덕 ,  김대훈 ,  채강석

IPC: H04L9/30 ,  H04L9/32

Abstract: PURPOSE: Public key based authentication apparatus and method are provided to improve the safety with respect to man-in-the-middle attach by authenticating public values which are used in a password algorithm. CONSTITUTION: An authentication value generating part(110) calculates an initial hash key and the first initial result value of a hash function. The authentication value generating part calculates a first authentication value based on the first initial result value. A transmission parameter calculating part(120) generates a first hash public value and a hash function input message. The transmission parameter calculating part calculates a first collision value. A communicating part(130) the first hash public value, the first collision value, first current time information, the first authentication value, and a first public key to a second communication node. A receiving parameter calculation part(140) calculates the hash function result value of the second communication node. A security key generating part(150) generates a security key for transmitting and receiving data with respect to the second communication node.