-
公开(公告)号:KR101436536B1
公开(公告)日:2014-09-01
申请号:KR1020130070480
申请日:2013-06-19
Applicant: 숭실대학교산학협력단 , 주식회사 안랩
Abstract: The present invention relates to a file server, a program file transmitting method using the same, and a program file falsification preventing system. According to the present invention, the file server includes: a file separating part separating a program file into a general file and a core file composed of a core code to be protected from falsification; an encoding part selectively obfuscating the general file and the core file or encoding the files using a secret key; a communication part transmitting the obfuscated or encoded general file to a user client; and a storage part storing the obfuscated or encoded core file. The communication part transmits the obfuscated or encoded core file to the user client in accordance to a request of the user client. According to the present invention, an obfuscating technique is distributed to a client and a server so that a reverse engineering level increases. Moreover, a falsification detection routine is inserted into a software program distributed from the server so that the reliability of the falsification detection routine increases; and a decoding secret key of the encoded core code is dynamically generated and transmitted to an extra channel such as an SMS so that a key is prevented from being exposed on a network.
Abstract translation: 本发明涉及文件服务器,使用该文件服务器的程序文件发送方法和程序文件伪造防止系统。 根据本发明,文件服务器包括:将程序文件分离成一般文件的文件分离部分和由要保护的核心代码伪造的核心文件; 编码部分选择性地模糊所述一般文件和所述核心文件或使用秘密密钥对所述文件进行编码; 通信部件,将混淆或编码的通用文件发送给用户客户机; 以及存储部分,存储所述混淆或编码的核心文件。 通信部件根据用户客户端的请求将模糊化或编码的核心文件发送给用户客户机。 根据本发明,将混淆技术分配给客户端和服务器,使得逆向工程级别增加。 此外,伪造检测程序被插入到从服务器分发的软件程序中,使得伪造检测程序的可靠性增加; 并且编码的核心码的解密秘密密钥被动态地生成并发送到诸如SMS的附加信道,从而防止密钥暴露在网络上。
-
公开(公告)号:KR101427303B1
公开(公告)日:2014-08-06
申请号:KR1020130088112
申请日:2013-07-25
Applicant: 숭실대학교산학협력단
CPC classification number: G06F21/36 , G06F3/04842 , G06F3/04886 , G06F21/46
Abstract: The preset invention relates to an apparatus to authenticate a user and a method thereof. An apparatus to authenticate a user of the present invention includes: a user input/output unit to provide a plurality of cells having a grid cell structure on a touchscreen and to receive cell selection information of a user; a password setting unit to receive selection information about a plurality of password cells selected from the cells by the user in order to set a user password; and an authentication unit to provide an arbitrary starting cell selected from the cells, and sequentially comparing a selection direction of the adjacent cells selected by the user based on the starting cell with an arrow direction displayed on the password cells corresponding to the priority of the password cells to determine whether the selection direction is identical to the arrow direction, thereby approving user authority. According to the present invention, since a location of a real password cell cannot be recognized even though all the process of authenticating a user is recorded, it may be expected to prevent a user password from being easily seized. In addition, since the arrows are randomly output to the cells of each grid for every authentication, a very powerful security may be expected.
Abstract translation: 本发明涉及用于认证用户的装置及其方法。 用于认证本发明的用户的装置包括:用户输入/输出单元,用于在触摸屏上提供具有网格单元结构的多个单元,并且接收用户的小区选择信息; 密码设置单元,用于接收关于由用户从所述单元格中选择的多个密码单元的选择信息,以便设置用户密码; 以及认证单元,用于提供从所述单元格中选择的任意的起始单元,并且依次将所述用户基于所述起始单元选择的相邻单元的选择方向与所述密码优先级对应的所述密码单元上显示的箭头方向依次进行比较 确定选择方向是否与箭头方向相同,从而批准用户权限。 根据本发明,即使记录了认证用户的全部处理,也不能识别真实密码单元的位置,因此可以预期不会容易地检测用户密码。 另外,由于每次认证都将箭头随机地输出到每个网格的单元格,所以可以预期非常强大的安全性。
-
公开(公告)号:KR1020140037575A
公开(公告)日:2014-03-27
申请号:KR1020120103897
申请日:2012-09-19
Applicant: 숭실대학교산학협력단
CPC classification number: G06F21/32 , G06F3/017 , G06F3/0346
Abstract: The present invention relates to a password authentication apparatus using sensing information and a method thereof. The password authentication apparatus using the sensing information according to an embodiment of the present invention comprises: a password input recognition unit which recognizes motion information, sensed from a user terminal, as at least one password input; a final password input determination unit which determines the recognized password input as a final password input by using proximity information sensed from the rear of the user terminal; and an authentication processing unit which authenticates the final password input by comparing the determined final password input with a preset password. Since a user does not directly touch or operate a screen of the user terminal when inputting a password of the user terminal, it is possible to prevent the password from being exposed or hacked by observation of a third party. [Reference numerals] (110) Password input recognition unit; (120) Final password input determination unit; (130) Authentication processing unit
Abstract translation: 本发明涉及使用感测信息的密码认证装置及其方法。 使用根据本发明的实施例的感测信息的密码认证装置包括:密码输入识别单元,其识别从用户终端感测的运动信息作为至少一个密码输入; 最终密码输入确定单元,其通过使用从用户终端的后部感测的接近度信息来确定输入的识别密码作为最终密码输入; 以及认证处理单元,通过将确定的最终密码输入与预设密码进行比较来认证最终密码输入。 由于在输入用户终端的密码时用户不直接触摸或操作用户终端的屏幕,所以可以防止通过观察第三方来暴露或被黑客入侵。 (附图标记)(110)密码输入识别单元; (120)最终密码输入确定单元; (130)认证处理单元
-
公开(公告)号:KR101328012B1
公开(公告)日:2013-11-13
申请号:KR1020130095155
申请日:2013-08-12
Applicant: 숭실대학교산학협력단
CPC classification number: G06F21/14 , G06F21/125 , G06F21/602
Abstract: The present invention relates to an apparatus for obfuscation of an application code and a method for the same. The apparatus according to the present invention comprises: an input unit for receiving codes used for application; a code division unit for analyzing the input code to divide the analyzed code into important codes, which need to be protected from application forgery or modulation attack, and general codes including calling codes for calling the important code; a code conversion unit for converting the important code into a native code form; an encryption unit for encrypting the important code and inserting the address information of an important code connector which stores each address information of the important code; a control unit for separating the calling code from the general code, registering the separated calling code in a management server, and adding a calling code loading routine for request of the calling code and a vector table loading routine for request of a vector table which includes the vector information of the called important code; and a code combination unit for combining the obfuscated general code and important code to generate application. According to the present invention, important codes among codes constituting the application are converted into native codes, and reverse engineering vulnerability existing in the managed code is complemented by applying the encryption by code protection techniques based on self conversion to the converted important code in order to improve the security against application forgery or modulation. Additionally, the control flow is converted by the dynamic vector, and calling codes for calling the important code, which is converted into the native code, and a vector table for connecting the calling code are separately managed to dynamically load the calling code and the vector table if the application is executed. Thus, the resistance to reverse engineering analysis can be enhanced. [Reference numerals] (AA) Start;(BB) End;(S210) Input the code of an application;(S220) Distinquish important codes from ordinary codes;(S230) Convert the important codes into native codes;(S235) Add a starting routine;(S240) Scramble the identifiers of the converted important codes and ordinary codes;(S245) Obfuscate the converted important codes;(S250) Create the address of a connection unit for important codes;(S255) Separate calling codes from the ordinary codes;(S260) Transmit and register the calling codes;(S270) Add a calling code loading routine and a vector table loading routine to the important codes;(S275) Compile and encode the converted important codes;(S280) Create executable files by compiling the ordinary codes;(S290) Create combined files by combining the executable files and the native codes
Abstract translation: 本发明涉及一种用于混淆应用代码的装置及其方法。 根据本发明的装置包括:输入单元,用于接收用于应用的代码; 用于分析输入代码以将分析的代码划分成需要被保护以防止应用伪造或调制攻击的重要代码的代码分割单元和包括用于调用重要代码的调用代码的一般代码; 用于将重要代码转换成本地代码形式的代码转换单元; 加密单元,用于加密重要代码并插入存储重要代码的每个地址信息的重要代码连接器的地址信息; 控制单元,用于将呼叫代码与一般代码分离,将分离的呼叫代码注册到管理服务器中,以及添加用于请求呼叫代码的呼叫代码加载例程和用于向量表的请求的向量表加载例程,所述向量表包括 被叫重要代码的向量信息; 以及用于组合模糊的一般代码和重要代码以生成应用的代码组合单元。 根据本发明,构成应用的代码中的重要代码被转换为本地代码,并且通过基于自身转换的代码保护技术将加密应用到转换的重要代码来补充托管代码中存在的逆向工程漏洞,以便 提高安全性,防止应用伪造或调制。 另外,通过动态向量转换控制流,分别调用转换为本地代码的呼叫代码和用于连接调用代码的向量表,动态加载调用代码和向量 表如果应用程序被执行。 因此,可以提高对逆向工程分析的抵抗力。 (参考号)(AA)开始;(BB)结束;(S210)输入应用程序的代码;(S220)从普通代码中分离重要代码;(S230)将重要代码转换为本地代码;(S235)添加 (S240)对转换的重要代码和普通代码的标识符进行加扰;(S245)对转换的重要代码进行混淆;(S250)为重要代码创建连接单元的地址;(S255)从普通的代码中分离出来的代码 代码;(S260)发送和注册主叫代码;(S270)向主要代码添加一个调用代码加载例程和一个向量表加载例程;(S275)对转换的重要代码进行编译和编码;(S280)创建可执行文件 编译普通代码;(S290)通过组合可执行文件和本机代码来创建组合文件
-
公开(公告)号:KR101094275B1
公开(公告)日:2011-12-19
申请号:KR1020100000744
申请日:2010-01-06
Applicant: 숭실대학교산학협력단
Abstract: 본 발명은 아이피티브이 서비스에 가입한 사용자가 댁내에서 이동 가능한 아이피티브이 서비스 가용 단말 즉, 스마트 폰, PDA, 노트북 등 소형 이동 단말을 통해 아이피티브이 서비스를 댁내 및 댁외로 이동할 경우에도 사용할 수 있도록 지원하는 인증 방법 및 장치에 관한 것이다.
-
Patent Agency Ranking
公开(公告)号:KR1020110080490A
公开(公告)日:2011-07-13
申请号:KR1020100000744
申请日:2010-01-06
Applicant: 숭실대학교산학협력단
Abstract: PURPOSE: An authentication system for a mobile terminal in an IPTV environment is provided for an IPTV service subscriber to receive an IPTV service, which has been provided to the premises with the mobile terminal, outside the premises on the move. CONSTITUTION: TA(Trust Authority)(201) certifies and registers an STB(Set Top Box)(204) and creates a signature for entrusting a signature creation right with the STB. The STB verifies the signature. An MD1(206) creates a share key. The STB registers the MD1 and creates a signature. The STB transfers the signature to the MD1. The MD1 requests an IPTV service. The STB transfers an encoded service key to the MD1. The MD1 receives the IPTV service with the service key.
Abstract translation: 目的:为IPTV业务用户提供一种用于IPTV环境中的移动终端的认证系统,用于接收在移动终端之外的移动终端提供给房屋的IPTV服务。 规定:TA(信托机构)(201)认证并注册STB(机顶盒)(204),并创建一个委托签名创建权的签名与STB。 STB验证签名。 MD1(206)创建共享密钥。 STB注册MD1并创建签名。 STB将签名传输到MD1。 MD1请求IPTV服务。 STB将编码的服务密钥传送到MD1。 MD1使用服务密钥接收IPTV服务。
-
公开(公告)号:KR102218327B1
公开(公告)日:2021-02-22
申请号:KR1020190102171
申请日:2019-08-21
Applicant: 숭실대학교산학협력단
IPC: G06F21/56
Abstract: 어플리케이션에적용되어있는분석회피기법을판별하는단계; 상기분석회피기법이적용되어있는변조지점을설정하는단계; 상기변조지점에대해우회코드를생성하는단계; 및상기우회코드를어플리케이션의프레임워크에전달하여상기우회코드로변조되는프레임워크가실행되도록하는단계를포함하는, 분석회피기법우회방법을제공한다.
-
公开(公告)号:KR1020200144033A
公开(公告)日:2020-12-28
申请号:KR1020190102171
申请日:2019-08-21
Applicant: 숭실대학교산학협력단
IPC: G06F21/56
Abstract: 어플리케이션에적용되어있는분석회피기법을판별하는단계; 상기분석회피기법이적용되어있는변조지점을설정하는단계; 상기변조지점에대해우회코드를생성하는단계; 및상기우회코드를어플리케이션의프레임워크에전달하여상기우회코드로변조되는프레임워크가실행되도록하는단계를포함하는, 분석회피기법우회방법을제공한다.
-
29.发明授权
公开(公告)号:KR101833220B1
公开(公告)日:2018-02-28
申请号:KR1020170094054
申请日:2017-07-25
Applicant: 올댓소프트 코. , 숭실대학교산학협력단
CPC classification number: G06F21/563 , G06F21/629 , G06F2221/033 , G06F2221/2125
Abstract: 애플리케이션코드의역난독화검증장치는입력데이터파싱모듈, 데이터추출모듈, 유사도검증모듈및 결과표시장치를포함한다. 상기입력데이터파싱모듈은애플리케이션의원본코드및 역난독화된코드를입력받고, 상기원본코드및 상기역난독화된코드중 데이터를파싱한다. 상기데이터추출모듈은상기입력데이터파싱모듈에의해파싱된데이터중 난독화종류에따라상기난독화종류의역난독화의검증에필요한데이터를추출한다. 상기유사도검증모듈은상기원본코드로부터추출된데이터와상기역난독화된코드로부터추출된데이터의유사도를판단한다. 상기결과표시장치는상기유사도검증모듈의유사도판단결과를정량적으로사용자에게표시한다.
Abstract translation: 应用程序代码寄生验证装置包括输入数据解析模块,数据提取模块,相似度验证模块和结果显示装置。 输入数据解析模块接收应用程序的原始代码和反向混淆代码,并解析反向混淆代码的原始代码和数据。 数据提取模块在由输入数据解析模块解析的数据中提取根据混淆类型来验证混淆类型歧义混淆所需的数据。 相似性验证模块确定从原始代码提取的数据与从反向模糊代码提取的数据之间的相似性。 结果显示装置定量地向用户显示相似性验证模块的相似性确定结果。
-
公开(公告)号:KR1020170086926A
公开(公告)日:2017-07-27
申请号:KR1020160006571
申请日:2016-01-19
Applicant: 삼성전자주식회사 , 숭실대학교산학협력단
Abstract: 본발명은애플리케이션의정량적수치를제공해줌으로써보안취약성에대한객관적인데이터를제공하는애플리케이션의보안취약성평가기기및 그평가방법이제공된다. 본발명의애플리케이션의보안취약성평가방법은, 평가대상인애플리케이션에사용되는적어도하나의 API (APPLICATION PROGRAMING INTERFACE)를결정하는단계와; 상기결정된API의특성정보에기초하여상기 API 에대한배타적정보에의접근정도를결정하는단계와; 상기결정된API의배타적정보에의접근정도에기초하여상기애플리케이션의보안취약성을평가하는단계를포함하는것을특징으로한다.
Abstract translation: 本发明提供了一种安全漏洞评估装置及其评估方法,用于通过提供应用程序的量化值来提供关于安全漏洞的客观数据。 本发明应用的安全漏洞评估方法包括:确定待评估应用中使用的至少一个应用编程接口(API) 基于确定的API的属性信息来确定对API的独占信息的访问程度; 并根据所确定的对API专有信息的访问程度来评估应用程序的安全漏洞。
-
-
-
-
-
-
-
-
-
Search Results
58
records
(took 0.023 seconds)
