-
公开(公告)号:KR100463842B1
公开(公告)日:2004-12-29
申请号:KR1020010085757
申请日:2001-12-27
Applicant: 한국전자통신연구원
IPC: G06F9/06
CPC classification number: G06F21/6218 , G06F2221/2107 , G06F2221/2113
Abstract: A file security system uses a security class set by an access control module. The file security system includes a disk, a kernel memory and an encryption file system. The disk includes a key file in which an encryption key corresponding to the security class is stored and a file encoded by the encryption key. The encryption key stored in the disk is loaded into the kernel memory when the file security system starts operating. The encryption file system extracts an encryption key corresponding to a security class of a file that a user intends to read or store; decodes or encodes the file by using the extracted encryption key; and then provides the decoded file to the user or stores the encoded file in the disk.
Abstract translation: 文件安全系统使用由访问控制模块设置的安全类别。 文件安全系统包括磁盘,内核内存和加密文件系统。 该盘包括其中存储了与安全级别对应的加密密钥的密钥文件和由加密密钥编码的文件。 当文件安全系统开始运行时,存储在磁盘中的加密密钥将加载到内核内存中。 加密文件系统提取与用户想要读取或存储的文件的安全等级对应的加密密钥; 通过使用提取的加密密钥对文件解码或编码; 然后将解码的文件提供给用户或将编码的文件存储在磁盘中。
-
公开(公告)号:KR1020020054196A
公开(公告)日:2002-07-06
申请号:KR1020000083019
申请日:2000-12-27
Applicant: 한국전자통신연구원
IPC: G06F12/14
Abstract: PURPOSE: An access control system and method is provided to secure a secrecy irrespective of an openness of a system OS, and to maintain a security against a system hacking by using a daemon determining an access authority and a security kernel performing a communication with the daemon via a character process device. CONSTITUTION: The method comprises steps of generating a packet to be requested via a system call module within a security kernel(S411), inserting the packet into a request list(S412), waking up a process sleeping at a read queue of a character process queue(S413), making the process sleep at a write process queue(S414), enabling a daemon, having an access authority and sleeping at the write queue of the character process device, to receive a request from a corresponding character process device and bring a corresponding packet from the request list(S421), checking if the corresponding packet exists at the request list(S422), if the corresponding packet exists at the request list, copying the brought packet at a user mode space(S423), if it does not, sleeping at the read queue(S424), if the security kernel wakes up a process sleeping at the read queue, instantly processing the request transmitted to the packet(S425), copying a response packet from the user space to a kernel space(S426), waking up the process sleeping at the write queue, and then executing the security kernel for receiving the result(S427), and giving back an execution result to a kernel module requesting an access control approval(S415).
Abstract translation: 目的:提供一种访问控制系统和方法,以保护系统OS的开放性,并且通过使用确定访问权限的守护进程和执行与守护进程通信的安全内核来维护针对系统黑客的安全性 通过字符处理设备。 构成:该方法包括以下步骤:通过安全内核内的系统调用模块生成要请求的分组(S411),将分组插入到请求列表(S412)中,唤醒在字符处理的读队列处睡眠的进程 队列(S413),使得进程在写入进程队列中休眠(S414),使具有访问权限的守护进程和在字符处理设备的写队列处睡眠,从相应的字符处理设备接收请求并带来 来自请求列表的相应分组(S421),如果在请求列表中存在对应的分组,则检查对应的分组是否存在(S422),如果相应的分组存在于请求列表,则在用户模式空间复制带来的分组(S423),如果 (S424),如果安全内核唤醒在读队列中睡眠的进程,则立即处理发送到分组的请求(S425),将响应分组从用户空间复制到内核空间 (S426) 唤醒在写入队列中睡眠的进程,然后执行安全内核以接收结果(S427),并将执行结果返回给请求访问控制许可的内核模块(S415)。
-
公开(公告)号:KR1020020051131A
公开(公告)日:2002-06-28
申请号:KR1020000080615
申请日:2000-12-22
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: An access control method for an access control system using identification base is provided to flexibly and efficiently compose permission groups by being expanded to a specific user and a specific group and providing the permission of a corresponding object to the expanded specific user and specific group. CONSTITUTION: An access control list regarding a corresponding object(250) is stored in a security DB(240). The object(250) is classified into other user except for a user and a group, a specific user, and a specific group. The access control list is provided to the classified user and specific group. The access control list of the corresponding object(250) is stored in the security DB(240) using an NDBM(New DataBase Manager).
Abstract translation: 目的:提供一种使用识别库的访问控制系统的访问控制方法,通过扩展到特定用户和特定组,并向扩展的特定用户和特定组提供相应对象的许可来灵活高效地组成权限组 。 构成:关于相应对象(250)的访问控制列表存储在安全DB(240)中。 除了用户和组,特定用户和特定组之外,对象(250)被分类为其他用户。 访问控制列表提供给分类用户和特定组。 使用NDBM(New DataBase Manager)将对应对象(250)的访问控制列表存储在安全DB(240)中。
-
公开(公告)号:KR1020000038113A
公开(公告)日:2000-07-05
申请号:KR1019980052975
申请日:1998-12-03
Applicant: 한국전자통신연구원
IPC: G06F1/04
Abstract: PURPOSE: A method for multi-computer system's real time clock management is disclosed to enable the use of consistent time of day clock between different computers by capacitating a master processor to work as a click processor and to process all clock reading and writing requests using remote interrupt. CONSTITUTION: A method for multi-computer system's real time clock management is composed of initialization, allocation, and reading of date and time. Allocation of system's realtime clocklock called rtc_mutex determines initialization(301). If allocated, initialization is unnecessary, if not, initialized(302) by allocating to rtc_mutex. Lock is canceled after confirming acquisition of clocklock(303) and performing hardware dependency process routine(304). Confirmation is made by the (304)'s value(317), if successful, 0 is returned (318),if not, 1 is returned(319). (304) checks if hardware dependency(HD) lock structure is allocated(305), if not, initialization of HD is processed(306). When HD lock is achieved(307), BIOS to read date is called(308) and read. If read(309), BIOS to read time is called(310) and read. If read(311), 0(314) and appropriate information returned. If not, lock is canceled and -1 is returned(315).
Abstract translation: 目的:公开了一种用于多计算机系统的实时时钟管理的方法,以使得能够通过将主处理器作为点击处理器进行容忍来处理不同计算机之间的一致的时钟时钟,并使用远程处理器处理所有时钟读取和写入请求 打断。 构成:多计算机系统的实时时钟管理方法由日期和时间的初始化,分配和读取组成。 称为rtc_mutex的系统实时时钟锁的分配决定了初始化(301)。 如果被分配,初始化是不必要的,如果没有,则通过分配给rtc_mutex来初始化(302)。 确认获取时钟锁(303)并执行硬件依赖关系处理程序(304)后,锁定被取消。 通过(304)的值(317)进行确认,如果成功,返回0(318),否则返回1(319)。 (304)检查硬件依赖(HD)锁定结构是否被分配(305),否则,处理HD的初始化(306)。 当达到HD锁定(307)时,BIOS被读取(308)并读取。 如果读取(309),BIOS读取时间称为(310)并读取。 如果读取(311),则返回0(314)和适当的信息。 如果没有,则取消锁定,返回-1(315)。
-
公开(公告)号:KR1020000038110A
公开(公告)日:2000-07-05
申请号:KR1019980052972
申请日:1998-12-03
Applicant: 한국전자통신연구원
Abstract: PURPOSE: A formation method for multi node system's entire region of dynamic and united address area is disclosed to automatically select memory approach area of each node's memory and address areas of devices in the vicinity depending on the size and the shape of the memory and to distinguish the corresponding addresses of operating system's addresses. CONSTITUTION: A formation method for multi node system's entire region of dynamic and united address area is composed of collection, preservation, usage, and selection. Information necessary for address translation is collected and saved in the form it will be used in(501). Physical addresses loaded by discretionary node bus of operating system uses the saved information and selects appropriate resource approach path(502). This method eliminates the minimum size requirement of the memory and because identification of objected node is done through fixed examination and one OR calculation, conversion process is expedited.
Abstract translation: 目的:针对多节点系统动态和联合地址区域的整个区域的形成方法,根据存储器的大小和形状自动选择每个节点存储器的存储器接口区域和附近的设备地址区域,并区分 操作系统地址的相应地址。 构成:多节点系统整体动态联合地址区域的形成方法由收集,保存,使用和选择组成。 收集并保存地址转换所需的信息(501)中使用的形式。 通过操作系统的任意节点总线加载的物理地址使用保存的信息并选择适当的资源路径(502)。 该方法消除了存储器的最小尺寸要求,并且由于通过固定检查和一个OR计算来完成对象节点的识别,加速了转换过程。
-
Patent Agency Ranking
-
-
-
公开(公告)号:KR101907486B1
公开(公告)日:2018-10-12
申请号:KR1020120102303
申请日:2012-09-14
Applicant: 한국전자통신연구원
CPC classification number: G06F21/6218 , G06F21/53 , G06F2221/2105 , G06F2221/2149
Abstract: 본발명은보안성이우수한실행환경을제공하는이동컴퓨팅시스템에관한것으로, 동일한이동단말내에서가상화기술을기반으로실행환경을분리하고, 동일한하드웨어보안모듈을이용하여사용자별실행환경을관리함으로써개인프리이버시보호가용이하도록한 것이다.
-
公开(公告)号:KR1020170112663A
公开(公告)日:2017-10-12
申请号:KR1020160040025
申请日:2016-04-01
Applicant: 한국전자통신연구원
Abstract: 본발명의실시예에따른사물인터넷중계시스템은사물인터넷환경에서원격관리서버와연동하는사물인터넷중계시스템에있어서, 통신이가능한복수개의사물기기; 및상기원격관리서버와상기복수개의사물기기중 적어도하나이상과의사이를중계하는사물인터넷중계장치를포함하고, 상기사물기기는상기사물인터넷중계장치로부터의요청을수행하고그 결과를상기사물인터넷중계장치로전송할수 있다.
Abstract translation: 在观光中继系统的互联网和与远程管理服务器协作根据本发明实施例的对象因特网广播系统是对象因特网,多个能够进行通信的对象设备的; 和远程管理服务器,并且包括最小和多个对象单元中的至少一个之间的继电器,该对象单元正在执行的观光中继器robuteoui请求因特网联网中继装置,从而使物联网中继 它可以被发送到设备。
-
-
-
-
-
-
-
-
-
Search Results
207
records
(took 0.025 seconds)
