-
公开(公告)号:KR100759819B1
公开(公告)日:2007-09-18
申请号:KR1020060047542
申请日:2006-05-26
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1416 , H04L61/6059 , H04L69/22
Abstract: An apparatus and a method for inspecting the extension header of an IPv6(Internet Protocol version6) packet are provided to enable a user to perform inspection for a packet as the user wants by enabling rule technique for inspecting the extension header of the IPv6 packet and apply the rule technique to invasion detection, invasion interception, and a fire wall. An apparatus for inspecting the extension header of an IPv6(Internet Protocol version6) packet(110) comprises the followings: a rule representing unit(10) which represents an inspection rule including at least one inspection condition for the extension header; and an inspection unit(12) which inspects the extension header of the IPv6(Internet Protocol version6) packet according to the inspection rule. The inspection rule is represented by a tag including an extension header type identifier, a comparing item identifier of the extension header, and a comparing expression for inspecting the comparing item.
Abstract translation: 提供了一种用于检查IPv6(因特网协议版本6)分组的扩展报头的装置和方法,以使用户能够通过启用规则技术来检查IPv6分组的扩展报头并应用 入侵检测,入侵拦截和防火墙的规则技术。 一种用于检查IPv6(因特网协议版本6)分组(110)的扩展报头的装置包括以下:表示单元(10)的规则,其表示检查规则,其包括用于扩展报头的至少一个检查条件; 以及根据检查规则检查IPv6(因特网协议版本6)分组的扩展报头的检查单元(12)。 检查规则由包括扩展头类型标识符,扩展头的比较项标识符和用于检查比较项的比较表达式的标签表示。
-
公开(公告)号:KR1020070024957A
公开(公告)日:2007-03-08
申请号:KR1020050080628
申请日:2005-08-31
Applicant: 한국전자통신연구원
Abstract: An apparatus and a method for intercepting packets are provided to carry out packet processing, such as packet interception, under an IPv6 network environment just as a network manager intended, even though the address of a node within an internal network, a state of the node or an address prefix is changed. An apparatus for intercepting packets comprises a network address management part(210), a host address management part(220), a receiving part(230), an updating part(240), and a packet processing part(250). The network address management part(210) intercepts and manages the packets supplied to an internal network from an external network. The host address management part(220) intercepts or manages packets in transmitting packets to a host from an external network. The receiving part(230), in case a network address is changed into the IP address of a host in an internal network or a network prefix is changed, receives an IP address change notification or a network prefix change notification. The updating part(240) updates the network address management part(210) and the host address management part(220) when the receiving part(230) receives the IP address change notification or the network prefix change notification. In transmitting packets to an internal network from an external network, the packet processing part(250) intercepts packets if the validity of the network prefix expired. However, in case the network prefix is valid, the packet processing part(250) transmits packets on the basis of the updated network address management part(210).
Abstract translation: 提供一种用于截取分组的装置和方法,用于在IPv6网络环境下像网络管理者一样进行分组处理,例如分组拦截,即使内部网络中的节点的地址,节点的状态 或更改地址前缀。 拦截分组的装置包括网络地址管理部分(210),主机地址管理部分(220),接收部分(230),更新部分(240)和分组处理部分(250)。 网络地址管理部分(210)拦截并管理从外部网络提供给内部网络的分组。 主机地址管理部分(220)拦截或管理从外部网络向主机发送分组的分组。 在网络地址改变为内部网络中的主机的IP地址或网络前缀的情况下,接收部分(230)被改变,接收IP地址改变通知或网络前缀改变通知。 当接收部分(230)接收到IP地址改变通知或网络前缀改变通知时,更新部分(240)更新网络地址管理部分(210)和主机地址管理部分(220)。 在从外部网络向内部网络发送分组时,如果网络前缀的有效性已过期,则分组处理部分(250)拦截分组。 然而,在网络前缀有效的情况下,分组处理部(250)基于更新后的网络地址管理部(210)发送分组。
-
公开(公告)号:KR100687746B1
公开(公告)日:2007-02-27
申请号:KR1020050069079
申请日:2005-07-28
Applicant: 한국전자통신연구원
Abstract: 본 발명은 주소 충돌 방지 장치 및 방법에 관한 것으로, N개의 고정적인 주소를 할당하는 주소 관리 서버에서 주소 충돌을 방지하기 위한 장치에서, 프로미스큐오스 모드를 이용하여 수신한 패킷의 헤더를 기초로 패킷이 네이버 요청(NS) 메세지를 포함한 경우 상기 패킷을 수신하는 수신부; 수신된 네이버 요청(NS) 메세지 내에 포함된 사용하고자 하는 주소와 N 개의 고정적인 주소가 일치하는지 여부를 판단하는 유일성 판단부; N개의 고정적인 주소 중 아직 할당되지 않은 주소와 사용하고자 하는 주소가 일치하는 경우, 사용하고자 하는 주소가 중복됨을 표시하는 네이버 선언(NA) 메세지를 전송하는 충돌알림부;를 포함한다. 이로써 비상태기반 주소 자동 할당 기법을 통해 다양한 이동 단말과 가전등의 네트워크 연결시 충돌을 방지 한다.
주소 충돌 방지, 주소 자동할당-
公开(公告)号:KR100656403B1
公开(公告)日:2006-12-11
申请号:KR1020050113849
申请日:2005-11-26
Applicant: 한국전자통신연구원
IPC: H04L12/22
Abstract: An intrusion detecting method in a network system is provided to perform pattern matching by re-assembling a fragmented packet, currently arriving, with continuous fragmented packets which has previously arrived and stored in a packet buffer, thereby predicting a size of a search buffer necessary for pattern reassembling and according enabling an administrator to easily manage the search buffer. An intrusion detecting method in a network system comprises the following steps of: merging a payload part of a fragmented packet, which currently arrives, with contents stored in a packet buffer and storing the merged contents in a search buffer(220); initializing the packet buffer if the fragmented packet, currently arriving, is the last fragmented pack(250); copying a part, set as a cut-off area, to the packet buffer and updating the contents of the packet buffer if the fragmented packet, which currently arrives, is not the last fragmented pack(240); and performing a predetermined pattern matching algorithm on the contents stored in the search buffer and searching whether a malicious code has intruded or not(260).
Abstract translation: 提供了一种网络系统中的入侵检测方法,用于通过将当前到达的碎片分组重新组装成先前到达并存储在分组缓冲器中的连续碎片分组来执行模式匹配,从而预测 模式重新组合,并使管理员能够轻松管理搜索缓冲区。 网络系统中的入侵检测方法包括以下步骤:将当前到达的分段分组的有效载荷部分与存储在分组缓冲区中的内容合并,并将合并的内容存储在搜索缓冲区中(220); 如果当前到达的分段分组是最后的分段包(250),则初始化分组缓冲器; 如果当前到达的分段数据包不是最后一个分段数据包(240),则将设置为截止区域的部分复制到分组缓冲器并更新分组缓冲器的内容; 以及对存储在搜索缓冲器中的内容执行预定的模式匹配算法,并搜索恶意代码是否已经侵入(260)。
-
公开(公告)号:KR1020030082187A
公开(公告)日:2003-10-22
申请号:KR1020020020800
申请日:2002-04-17
Applicant: 한국전자통신연구원
IPC: G06F12/14
CPC classification number: G06F21/6209 , G06F21/6218
Abstract: PURPOSE: A method for controlling access using a token having security attribute on a computer system is provided to keep security even if a storing device is flown out by storing a file after encryption using an encryption attribute, and to put no special limitation for conventional operation while keeping the security by making a system manager read only the encrypted contents for backup. CONSTITUTION: The computer system gives the token having the security attribute to a user permitted to access to a file(S101). A user process checks an access request for the file. It is judged that the access requested file has the token having the security attribute(S103). If the file has the token, the access to the file is permitted. If not, the access is permitted or refused by judging that the user requesting the access has the same token(S104).
Abstract translation: 目的:提供一种使用计算机系统上具有安全属性的令牌来控制访问的方法,以便即使通过使用加密属性在加密之后存储文件来存储存储设备,也保持安全性,并且对常规操作没有特别限制 同时通过使系统管理员只读取加密的内容进行备份来保持安全性。 构成:计算机系统向允许访问文件的用户给出具有安全属性的令牌(S101)。 用户进程检查文件的访问请求。 判断访问请求文件具有具有安全属性的令牌(S103)。 如果文件有令牌,则允许访问该文件。 如果不是,则通过判断请求访问的用户具有相同的令牌来允许或拒绝该访问(S104)。
-
Patent Agency Ranking
公开(公告)号:KR1020030054657A
公开(公告)日:2003-07-02
申请号:KR1020010084866
申请日:2001-12-26
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A role based access control method is provided to control an access request based on a user role at a kernel level for preventing or intercepting a system hacking. CONSTITUTION: The method comprises several steps. A process selects effective roles among current roles by checking whether the roles, whose current member is the process, exist with the data on all the generated roles stored at a role data file(S1). The generation number of the effective roles, stored at the role data file, is compared with that of the roles, stored at an object security database, and a permission value of the role defined at an object is regarded as meaningless in a case that the two generation numbers are not same(S2). An OR operation is applied to attribute values defined at the object corresponding to the remaining roles processed via the steps, S1 and S2, it is checked whether a requested attribute value exists at the object, and an access permission result is output according to the check result(S3).
Abstract translation: 目的:提供一种基于角色的访问控制方法,以根据内核级别的用户角色来控制访问请求,以防止或拦截系统黑客。 构成:该方法包括几个步骤。 过程通过检查当前成员是进程的角色是否存在于角色数据文件(S1)中存储的所有生成的角色上的数据,来选择当前角色中的有效角色。 存储在角色数据文件中的有效角色的生成次数与存储在对象安全数据库中的角色的生成次数进行比较,并且在对象的定义角色的权限值被认为是无意义的, 两代数不相同(S2)。 对与通过步骤S1和S2处理的剩余角色相对应的对象定义的属性值应用OR操作,检查对象是否存在请求的属性值,并且根据检查输出访问许可结果 结果(S3)。
-
-
-
公开(公告)号:KR1020170112663A
公开(公告)日:2017-10-12
申请号:KR1020160040025
申请日:2016-04-01
Applicant: 한국전자통신연구원
Abstract: 본발명의실시예에따른사물인터넷중계시스템은사물인터넷환경에서원격관리서버와연동하는사물인터넷중계시스템에있어서, 통신이가능한복수개의사물기기; 및상기원격관리서버와상기복수개의사물기기중 적어도하나이상과의사이를중계하는사물인터넷중계장치를포함하고, 상기사물기기는상기사물인터넷중계장치로부터의요청을수행하고그 결과를상기사물인터넷중계장치로전송할수 있다.
Abstract translation: 在观光中继系统的互联网和与远程管理服务器协作根据本发明实施例的对象因特网广播系统是对象因特网,多个能够进行通信的对象设备的; 和远程管理服务器,并且包括最小和多个对象单元中的至少一个之间的继电器,该对象单元正在执行的观光中继器robuteoui请求因特网联网中继装置,从而使物联网中继 它可以被发送到设备。
-
公开(公告)号:KR1020170103318A
公开(公告)日:2017-09-13
申请号:KR1020160025945
申请日:2016-03-03
Applicant: 한국전자통신연구원
Abstract: IoT 디바이스를위한보안장치및 방법이개시된다. 본발명에따른보안장치는 IoT(Internet Of Things) 디바이스의부팅과정에서, 상기 IoT 디바이스에상응하는펌웨어(firmware)의해시값을기반으로무결성검사를수행하는무결성검사부; 상기무결성검사가성공한경우에상기 IoT 디바이스의패스워드를체크하여패스워드검사를수행하는패스워드검사부; 상기무결성검사가실패한경우및 상기패스워드검사가실패한경우중 적어도하나의경우에상기부팅을중단하는부팅중단부; 및패스워드보안강도및 패스워드변경주기중 적어도하나를기반으로상기 IoT 디바이스의사용자에게경고알람을제공하는경고알림부를포함한다.
Abstract translation: 公开了一种用于IoT设备的安全装置和方法。 根据本发明的完整性检测单元,其基于由所述装置(物联网)的IoT,固件对应的IoT装置(固件)的引导过程的时间值的完整性检查安全装置; 密码检查单元,如果完整性检查成功,则检查物联网设备的密码并执行密码检查; 引导中断单元,用于在完整性检查失败并且密码检查失败的情况中的至少一个中停止引导; 以及警报通知单元,用于基于密码安全强度和密码更改周期中的至少一个向IoT设备的用户提供警告警报。
-
-
-
-
-
-
-
-
-
Search Results
101
records
(took 0.023 seconds)
