公开(公告)号：KR100450405B1

公开(公告)日：2004-09-30

申请号：KR1020020047571

申请日：2002-08-12

Applicant: 한국전자통신연구원

Inventor： 김영수 ,  나중찬 ,  손승원

IPC: H04L12/22

Abstract: PURPOSE: A method for transmitting an access policy between routers by using identity is provided to correlate identity information as a public key with a personal key corresponding to the information by introducing a public key concept, thereby remarkably reducing calculations and transmissions without session keys. CONSTITUTION: An extension initializer(10) transmits a message to a policy manager(12)(S51). The policy manager(12) transmits a response message to the extension initializer(10)(S52). The extension initializer(10) transmits an encoded message, which is identity of a target router(11), to the target router(11)(S53). The target router(11) decodes the received message with a personal key, confirms an extension code and a policy, and transmits an encoded confirm message to the extension initializer(10) in order to inform the extension initializer(10) whether an extension is successfully installed(S54).

Abstract translation: 目的：提供一种通过使用身份在路由器之间传输访问策略的方法，通过引入公钥概念将作为公钥的身份信息与对应于该信息的个人密钥相关联，从而显着减少没有会话密钥的计算和传输。 构成：扩展初始化器（10）将消息发送给策略管理器（12）（S51）。 策略管理器（12）向扩展初始化器（10）发送响应消息（S52）。 扩展初始化器（10）向目标路由器（11）发送作为目标路由器（11）的标识的编码消息（S53）。 目标路由器（11）利用个人密钥对接收到的消息进行解码，确认扩展码和策略，并将扩展初始化器（10）发送编码的确认消息以通知扩展初始化器（10）扩展是 成功安装（S54）。

公开(公告)号：KR100419574B1

公开(公告)日：2004-02-19

申请号：KR1020010058236

申请日：2001-09-20

Applicant: 한국전자통신연구원

Inventor： 김영수 ,  나중찬 ,  손승원

IPC: H04L9/00

Abstract: PURPOSE: A method for transmitting a safe and an active packet between the active nodes in an active network is provided to transmit and process the packet in the network at the end terminal nodes as well as at the middle nodes. CONSTITUTION: A method for transmitting a safe and active packet between the active nodes in an active network includes the steps of: broadcasting(403) with creating the information to be transmitted by a first active node as the active packet by utilizing a symmetric key encryption method; requesting(407) a key for the decryption of the symmetric key encryption method with the first active node by the second active node to receive the active packet broadcasted; transmitting the key for the decryption of the symmetric key encryption method by the first active node in response to the key request received from the second node; and implementing the information including the active packet by decrypting the broadcasted active packet by the second active node receiving the key for the decryption of the symmetric key encryption method.

Abstract translation: 目的：提供一种用于在活动网络中的活动节点之间发送安全和活动分组的方法，以在终端节点处以及在中间节点处在网络中发送和处理分组。 用于在活动网络中的活动节点之间发送安全活动分组的方法包括以下步骤：通过利用对称密钥加密来广播（403）第一活动节点将要发送的信息作为活动分组 方法; 由第二活动节点向第一活动节点请求（407）用于解密对称密钥加密方法的密钥以接收广播的活动分组; 响应于从第二节点接收到的密钥请求，发送由第一活动节点解密对称密钥加密方法的密钥; 以及通过由接收用于对称密钥加密方法的解密的密钥的第二活动节点解密广播的活动分组来实现包括活动分组的信息。

公开(公告)号：KR1020040014825A

公开(公告)日：2004-02-18

申请号：KR1020020047571

申请日：2002-08-12

Applicant: 한국전자통신연구원

Inventor： 김영수 ,  나중찬 ,  손승원

IPC: H04L12/22

CPC classification number: H04L63/0428 ,  G06F21/55 ,  H04L63/061

Abstract: PURPOSE: A method for transmitting an access policy between routers by using identity is provided to correlate identity information as a public key with a personal key corresponding to the information by introducing a public key concept, thereby remarkably reducing calculations and transmissions without session keys. CONSTITUTION: An extension initializer(10) transmits a message to a policy manager(12)(S51). The policy manager(12) transmits a response message to the extension initializer(10)(S52). The extension initializer(10) transmits an encoded message, which is identity of a target router(11), to the target router(11)(S53). The target router(11) decodes the received message with a personal key, confirms an extension code and a policy, and transmits an encoded confirm message to the extension initializer(10) in order to inform the extension initializer(10) whether an extension is successfully installed(S54).

Abstract translation: 目的：提供一种通过使用身份在路由器之间传输接入策略的方法，通过引入公共密钥概念将身份信息作为公开密钥与对应于信息的个人密钥相关联，从而显着地减少没有会话密钥的计算和传输。 构成：扩展初始化器（10）向策略管理器（12）发送消息（S51）。 策略管理器（12）向扩展初始化器（10）发送响应消息（S52）。 扩展初始化器（10）将作为目标路由器（11）的身份的编码消息发送到目标路由器（11）（S53）。 目标路由器（11）用个人密钥对接收到的消息进行解码，确认扩展码和策略，并将编码的确认消息发送到扩展初始化器（10），以通知扩展初始化器（10）扩展是否为 成功安装（S54）。

公开(公告)号：KR1020030090084A

公开(公告)日：2003-11-28

申请号：KR1020020028077

申请日：2002-05-21

Applicant: 한국전자통신연구원

Inventor： 한민호 ,  나중찬 ,  손승원

IPC: H04L12/733

CPC classification number: H04L45/566 ,  H04L45/02 ,  H04L45/32

Abstract: PURPOSE: A network for active packet transmission and a method for operating the same are provided to distribute active network topology information by creating opaque LSAs having active network topology information, flooding them to nodes in an OSPF domain, and configuring a routing table for active packet transmission using the flooded opaque LSAs. CONSTITUTION: A network for active packet transmission is composed of a plurality of active nodes(100-103) and generic nodes(110/1-110/7) using an OSPF routing protocol. Each active node is allocated an opaque type for an active network, creates opaque LSAs having active network topology information, and distributes the created opaque LSAs to the other active nodes that exist in an OSPF domain.

Abstract translation: 目的：提供一种主动分组传输网络及其操作方法，通过创建具有活跃网络拓扑信息的不透明LSA，将其泛洪到OSPF域中的节点，配置活动分组路由表，分配活动网络拓扑信息 使用淹没的不透明LSA进行传输。 构成：使用OSPF路由协议，由多个活动节点（100-103）和通用节点（110 / 1-110 / 7）组成用于主动分组传输的网络。 为活动网络分配每个活动节点不透明类型，创建具有活动网络拓扑信息的不透明LSA，并将创建的不透明LSA分发到OSPF域中存在的其他活动节点。

公开(公告)号：KR1020030056651A

公开(公告)日：2003-07-04

申请号：KR1020010086925

申请日：2001-12-28

Applicant: 한국전자통신연구원

Inventor： 손선경 ,  김영수 ,  한민호 ,  이상수 ,  김동주 ,  김동영 ,  나중찬 ,  손승원

IPC: H04L12/851

CPC classification number: H04L47/2441 ,  H04L69/22

Abstract: PURPOSE: A mixed active network model and a packet processing method in an active network model are provided to classify packets into an 'Aflow' packet, a 'non-Aflow' packet, and a 'sigAflow' packet according to the continuity of a packet delivery cycle, so as to actively load resources necessary for performing active packets on an active node. CONSTITUTION: If an optional packet is received to a packet classifier(S200), the packet classifier decides whether a protocol field of a header of the packet is set as active(S202). If not, the packet classifier regards the received packet as a general IP(Internet Protocol) packet(S204), and if set as active, the packet classifier regards the received packet as an active packet(S206). The active packet is provided to a flow classifier(S208). The flow classifier decides whether the packet matches with a demux key field(S210). If so, the flow classifier classifies the packet as an 'Aflow' packet(S212). If the packet does not match with the demux key field, a performance environment block detects a type field of the active packet header(S214). If a detected type value is '0'(S216), the performance environment block classifies the packet as a 'sigAflow' packet(S218). And if the detected type value is '2'(S220), the performance environment block classifies the packet as a 'non-Aflow' packet(S222).

Abstract translation: 目的：提供一种主动网络模型中的混合有源网络模型和分组处理方法，以根据分组的连续性将分组分类为“Aflow”分组，“非Aflow”分组和“sigAflow”分组 交付周期，以便主动加载在主动节点上执行活动分组所需的资源。 构成：如果对分组分类器接收到可选分组（S200），则分组分类器决定分组报头的协议字段是否被设置为活动（S202）。 如果不是，则分组分类器将接收到的分组视为通用IP（因特网协议）分组（S204），如果设置为活动，则分组分类器将接收到的分组视为活动分组（S206）。 将活动分组提供给流分类器（S208）。 流分类器决定分组是否与解码密钥字段匹配（S210）。 如果是，则流分类器将分组分类为“Aflow”分组（S212）。 如果分组与解密密钥字段不匹配，则性能环境块检测活动分组报头的类型字段（S214）。 如果检测到的类型值为“0”（S216），则性能环境块将该分组分类为“sigAflow”分组（S218）。 如果检测到的类型值为“2”（S220），则性能环境块将该分组分类为“非Aflow”分组（S222）。

公开(公告)号：KR1020030027181A

公开(公告)日：2003-04-07

申请号：KR1020010056831

申请日：2001-09-14

Applicant: 한국전자통신연구원

Inventor： 김주한 ,  이주영 ,  나중찬 ,  조현숙

IPC: G06F17/00 ,  G06F21/24

Abstract: PURPOSE: A method for encoding and decoding an electronic document is provided to assure the safety of an electronic commerce by supplying secrecy for an XML(Extensible Markup Language) electronic document and a conventional general electronic document through an XML encoding and decoding procedure about various electronic documents. CONSTITUTION: An electronic document to be coded is selected(301). If the electronic document is for partial encryption(302), the selected electronic document is encoded(304) and compressed(305). If a multiple access is supported for the electronic document(306), a user or a group to be decoded is selected(307) and a specific key is created(308). The created specific key is coded as a public key(312), the coded specific key is encoded(313), and an access unit is created(314). An XML encryption template is finally created by information selectively inputted according to a result of a multiple access to the coded and encoded electronic document(317).

Abstract translation: 目的：提供一种用于编码和解码电子文档的方法，以通过向XML（可扩展标记语言）电子文档和常规通用电子文档提供关于各种电子的XML编码和解码过程的保密来确保电子商务的安全性 文档。 规定：选择要编码的电子文件（301）。 如果电子文档用于部分加密（302），则所选择的电子文档被编码（304）并压缩（305）。 如果电子文档（306）支持多重访问，则选择用户或要解码的组（307），并创建特定的键（308）。 创建的特定密钥被编码为公钥（312），编码的特定密钥被编码（313），并且创建访问单元（314）。 最终通过根据对编码和编码的电子文档（317）的多次访问的结果有选择地输入的信息来创建XML加密模板。

公开(公告)号：KR1020020096616A

公开(公告)日：2002-12-31

申请号：KR1020010035306

申请日：2001-06-21

Applicant: 한국전자통신연구원

Inventor： 이재승 ,  김영수 ,  이주영 ,  김주한 ,  나중찬 ,  손승원

IPC: G06F15/02

Abstract: PURPOSE: A device and method for creating/verifying an electronic signature of an XML(eXtensible Markup Language) format is provided to integrate an XML electronic signature software module with an XML security platform structure by performing a procedure for creating and verifying an XML electronic signature and embodying the procedure as a software form. CONSTITUTION: An API function is called from each function unit, and an XML electronic signature function is performed. An interface with a JAVA encryption unit is embodied by an API in accordance with the SUN JCA(Java Cryptography Architecture)/JCE(Java Cryptography Extension) standard. A transform processing module performs a transform processing function with respect to a document. A digest processing module performs a digest processing function with respect to a document. A canonicalization processing module performs a canonicalization processing function with respect to a document to be signed. An electronic signature processing module calls 'Java Crypto' library in accordance with the SUN JCA/JCE structure from the JAVA encryption unit, and performs a procedure for calculating or verifying 'Signature Value' with respect to a document. A key transmitting and processing module performs a transmitting and processing function of various key information. An XML electronic signature creating and verifying module calls a necessary module and performs a creation and verification function of an XML electronic signature.

Abstract translation: 目的：提供用于创建/验证XML（可扩展标记语言）格式的电子签名的设备和方法，以通过执行用于创建和验证XML电子签名的过程来将XML电子签名软件模块与XML安全平台结构集成 并将程序体现为软件形式。 构成：从每个功能单元调用API函数，并执行XML电子签名功能。 与JAVA加密单元的接口由符合SUN JCA（Java加密体系结构）/ JCE（Java加密扩展）标准的API体现。 变换处理模块对文档执行变换处理功能。 摘要处理模块执行关于文档的摘要处理功能。 规范化处理模块对要签名的文档执行规范化处理功能。 电子签名处理模块根据来自JAVA加密单元的SUN JCA / JCE结构调用“Java Crypto”库，并执行相对于文档计算或验证“签名值”的过程。 密钥发送和处理模块执行各种密钥信息的发送和处理功能。 XML电子签名创建和验证模块调用必要的模块并执行XML电子签名的创建和验证功能。

公开(公告)号：KR1020000033997A

公开(公告)日：2000-06-15

申请号：KR1019980051092

申请日：1998-11-26

Applicant: 한국전자통신연구원

Inventor： 나중찬 ,  김명준

IPC: H04L9/32

CPC classification number: H04L63/08

Abstract: PURPOSE: A security apparatus in the path interlocking the web and an information provider and the method thereof are provided to receive and transmit desired information to an information provider safely, by providing security service, integrating complementarily the web and an information provider. CONSTITUTION: An information user client daemon is on standby for web client request(S301). If a user login request message is arrived(S309), dllogin CGI program transfers the request message to the information user client daemon. The information user client daemon generates a child processor, and the child processor calls a security interface for authentication(S310). The child processor tries connection with a security server, and requests the authentication(S311). If the requested authentication is failed, the child processor is finished(S304). Dlget CGI or dlimage CGI transfers a request sentence to the information user client daemon(S312), calls a function related with the service number(S313), and proceeds function for encryption and decoding(S314).

Abstract translation: 目的：通过互联网络和信息提供商及其方法的路径中的安全装置，通过提供安全服务，互补地整合网络和信息提供者来安全地接收和发送所需信息到信息提供者。 构成：信息用户客户端守护程序处于待机状态以进行Web客户端请求（S301）。 如果到达用户登录请求消息（S309），则dllogin CGI程序将请求消息传送到信息用户客户端守护进程。 信息用户客户端守护程序生成子处理器，并且子处理器调用安全接口进行认证（S310）。 子处理器尝试与安全服务器的连接，并请求认证（S311）。 如果所请求的认证失败，则子处理器完成（S304）。 CGI或CGI CGI或CGI将请求语句传送给信息用户客户端守护程序（S312），调用与服务号码相关的功能（S313），并进行加密和解码功能（S314）。

公开(公告)号：KR100243657B1

公开(公告)日：2000-02-01

申请号：KR1019960062618

申请日：1996-12-06

Applicant: 한국전자통신연구원

Inventor： 나중찬

IPC: G06F17/30

Abstract: 1. 청구 범위에 기재된 발명이 속한 기술분야
본 발명은 정보 검색 시스템에서의 보안 유지 방법에 관한 것임.
2. 발명이 해결하려고 하는 기술적 과제
본 발명은 정보 검색 시스템에서 정보 검색 요구문과 응답문에 대하여 암호화 및 복호화하며, 정보 검색을 하려는 이용자의 접근 허용 여부를 결정하여 정보 검색에 있어서 보안을 유지하는 보안 유지 방법을 제공하고자 함.
3. 발명의 해결방법의 요지
본 발명은 신원이 인증된 정보 검색 고객은 정보 검색 요구문을 암호화하여 정보 검색 보안 서버로 전송하고, 정보 검색 요구 메시지를 수신하면 접근 허용 여부를 결정한 후에 정보 검색 서버로 요구문을 전송하여 응답을 수신한 다음에 응답 정보를 암호화하여 고객에게 전달하며, 응답문을 수신하면 응답문을 복호화하여 정보 검색 브라우져로 전달하여 고객에게 보여주는 것을 특징으로 한다.
4. 발명의 중요한 용도
본 발명은 정보 검색 시스템의 보안 유지에 이용됨.

公开(公告)号：KR100237386B1

公开(公告)日：2000-01-15

申请号：KR1019960064198

申请日：1996-12-11

Applicant: 한국전자통신연구원

Inventor： 나중찬 ,  김경범

IPC: G06F15/16

Abstract: 본 발명은 분산 시스템 자원에 대한 성능 관리방법에 관한 것으로서, 본 발명에서 제공하는 방법은 동시에 여러 사용자 접속 프로세스의 요구를 수용하여 처리할 수 있는 형태로 구성되어 관리 대상 정보를 수집하는 단계와, 상기 단계에서 수집된 관리 대상 정보에 대한 성능 관리를 수행하는 단계로 구성되어, 분산 시스템 자원에 대한 성능 관련 데이터에 대해 데이터베이스에 저장하지 않고 관리 대상 시스템으로부터의 성능 데이터를 사용자 접속 모듈에 직접 전달하도록 하여 보다 빠른 분산 시스템 자원에 대한 성능을 관리함과 동시에 미래의 성공을 예측할 수 있다는 장점이 있다.