-
公开(公告)号:KR1020140071775A
公开(公告)日:2014-06-12
申请号:KR1020120139744
申请日:2012-12-04
Applicant: 한국전자통신연구원
CPC classification number: H04L9/0825 , H04L9/0866 , H04L9/0891 , H04L9/14 , H04L9/30 , H04L2209/16
Abstract: The present invention can prevent a malicious use of a terminal user or an internal attacker by dividing an encryption key of a user terminal into separate encryption key pieces and managing the separate encryption key pieces in order to provide a software based stable key management for an encryption key used in the user terminal in a platform operation environment such as a DRM, a game, Internet banking, and on-line shopping requiring reliability of a terminal by a server. Further, when a security key is upgraded due to a safety policy and other reasons, not in the case of exposing the security key, only a security key module can be separately updated without destroying a public key authentication.
Abstract translation: 本发明可以通过将用户终端的加密密钥划分成单独的加密密钥,并且管理单独的加密密钥件来防止恶意使用终端用户或内部攻击者,以便为加密提供基于软件的稳定密钥管理 在诸如DRM,游戏,网上银行的平台操作环境中使用的用户终端中的密钥,以及服务器需要终端的可靠性的在线购物。 此外,当由于安全策略和其他原因而升级安全密钥时,在公开安全密钥的情况下,只有安全密钥模块才能单独更新,而不会破坏公钥认证。
-
公开(公告)号:KR1020130093804A
公开(公告)日:2013-08-23
申请号:KR1020120001957
申请日:2012-01-06
Applicant: 한국전자통신연구원
CPC classification number: G06F21/12 , G06F3/048 , G06F9/451 , G06F9/45504 , G06F15/161 , G06F15/167
Abstract: PURPOSE: A runtime providing apparatus and a method for application service sealing execution provide a security virtualization interface layer for application service data requiring security consumption, and thereby maximize security of application service execution or application service data consumption. CONSTITUTION: A security virtualization interface layer (310) has an application service received through a user space (300) use hardware resources (450) and kernel services (432) of the lower part of a kernel space (340). A container parser (410) separates a virtualization security code and an application service from a service container received from a service providing server (100). A security virtualization interface generator (412) uses the virtualization security code and service policy to produce security virtualization interface. A virtualization service injector (414) stacks the application service in a VM (Virtual Machine) (420) through the security virtualization interface layer according to a policy in the security virtualization interface. [Reference numerals] (AA) Start; (BB) End; (S500) Receive a service container; (S502) Classification by Information in the service container; (S504) Deliver a virtualization security code and relevant information to an SVIF generator; (S506) Deliver a service(service data) to a VS injector; (S508) Generate a virtual interface after requesting and receiving a service policy; (S510) Separate application for the service required?; (S512) Request and receive the application; (S514) Inject the application service(application) to a virtual machine using a security virtualization interface; (S516) Is the security virtualization interface using code verification abnormal?; (S518) Request the implement or consumption of the application service(application); (S520) Stop the application service(application)
Abstract translation: 目的:提供应用程序服务密封执行的运行时提供设备和方法为需要安全性消耗的应用程序服务数据提供安全虚拟化接口层,从而最大化应用程序服务执行或应用程序服务数据消耗的安全性。 构成:安全虚拟化接口层(310)具有通过用户空间(300)接收的应用服务,使用内核空间(340)的下部的硬件资源(450)和内核服务(432)。 容器解析器(410)将虚拟化安全代码和应用服务与从服务提供服务器(100)接收的服务容器分离。 安全虚拟化接口发生器(412)使用虚拟化安全代码和服务策略来产生安全虚拟化接口。 虚拟化服务注入器(414)根据安全虚拟化接口中的策略通过安全虚拟化接口层堆叠在虚拟机(Virtual Machine)(420)中的应用服务。 (附图标记)(AA)开始; (BB)结束; (S500)接收服务容器; (S502)按照服务容器中的信息进行分类; (S504)向SVIF发生器提供虚拟化安全码和相关信息; (S506)向VS注入器提供服务(服务数据); (S508)请求和接收服务策略后生成虚拟接口; (S510)需要分开的服务申请吗? (S512)请求并接收应用程序; (S514)使用安全虚拟化接口将应用程序服务(应用程序)注入虚拟机; (S516)安全虚拟化接口是否使用代码验证异常? (S518)请求应用服务(应用)的实施或消费; (S520)停止应用服务(应用)
-
公开(公告)号:KR1020130065278A
公开(公告)日:2013-06-19
申请号:KR1020110132070
申请日:2011-12-09
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1408 , H04L63/0823 , H04L63/101 , H04L63/1458 , H04L2463/146
Abstract: PURPOSE: An authentication method for blocking and detecting forgery packets and a device thereof are provided to fundamentally defend a source area from malicious attacks by forwarding normal packets from a router. CONSTITUTION: A packet reception unit(102) receives packets from a user host or a previous node. A self-guarantee ID(Identity) generation unit(112) generates a self-guarantee ID for a source area node of the received packet. A self-guarantee ID verification unit(104) determines the forgery state of a source area address by using the self-guarantee ID. A packet transmission unit(106) transmits a packet in which the source area is verified to a next network node. [Reference numerals] (102) Packet reception unit; (104) Self-guarantee ID verification unit; (106) Packet transmission unit; (108) White list storage unit; (110) Self-guarantee ID generation unit; (112) Blacklist storage unit; (AA) Origin non-verified packet; (BB) Origin verified packet
Abstract translation: 目的:提供一种用于阻止和检测伪造报文的认证方法及其设备,从根本上保护源区域免受恶意攻击,转发来自路由器的正常报文。 构成:分组接收单元(102)从用户主机或先前节点接收分组。 自保护ID(身份)生成单元(112)生成接收到的分组的源区域节点的自保证ID。 自保证ID验证单元(104)通过使用自担保ID来确定源区域地址的伪造状态。 分组发送单元(106)将源区域被验证的分组发送到下一个网络节点。 (附图标记)(102)分组接收单元; (104)自我保证身份验证单位; (106)分组传输单元; (108)白名单存储单元; (110)自我保证ID生成单元; (112)黑名单存储单元; (AA)原始未验证包; (BB)原始验证包
-
公开(公告)号:KR1020130058813A
公开(公告)日:2013-06-05
申请号:KR1020110124760
申请日:2011-11-28
Applicant: 한국전자통신연구원
IPC: G06F21/00
CPC classification number: H04L63/0407 , G06F21/6245 , G06F21/6254 , G06F21/6263 , H04L63/1441 , G06F21/00
Abstract: PURPOSE: An agent device for sharing security information based an anonymous identifier among security management domains and a method thereof are provided to share security information based on an identifier based on hash, thereby preventing leakage of personal information included in the security information. CONSTITUTION: An identifier conversion unit(220) converts a real name identifier included in security information into an anonymous identifier and converts security information based on the real name identifier into security information based on the anonymous identifier. A security information communication unit(240) transmits the security information based on the anonymous identifier to the outside of a security management domain in order that security management domains share the security information. The identifier conversion unit converts the real name identifier included in the security information into a hash identifier which is the anonymous identifier by using a one-way hash function. [Reference numerals] (210) Security information providing unit; (220) Identifier conversion unit; (230) Identifier mapping information storage unit; (242) Security information transmitting unit; (244) Security analyzing information receiving unit; (250) Security analyzing information processing unit; (312) Security information receiving unit; (314) Security analyzing information transmitting unit; (320) Identifier reference storage unit; (330) Security information analyzing unit; (340) Reception agent device determination unit; (AA) Anonymous based security information; (BB) Anonymous based security information analyzing result
Abstract translation: 目的:提供一种用于在安全管理域之间基于匿名标识符共享安全信息的代理装置及其方法,用于基于散列来分配基于标识符的安全信息,从而防止安全信息中包含的个人信息的泄漏。 构成:标识符转换单元(220)将安全信息中包含的真实姓名标识符转换为匿名标识符,并且基于匿名标识符将基于真实姓名标识符的安全信息转换成安全信息。 安全信息通信单元(240)将安全信息基于匿名标识符发送到安全管理域的外部,以便安全管理域共享安全信息。 标识符转换单元通过使用单向散列函数将包括在安全信息中的实名标识符转换为匿名标识符的散列标识符。 (附图标记)(210)安全信息提供单元; (220)标识符转换单元; (230)标识符映射信息存储单元; (242)安全信息发送单元; (244)安全分析信息接收单元; (250)安全分析信息处理单元; (312)安全信息接收单元; (314)安全分析信息发送单元; (320)标识符参考存储单元; (330)安全信息分析单元; (340)接收代理设备确定单元; (AA)基于匿名的安全信息; (BB)基于匿名的安全信息分析结果
-
公开(公告)号:KR1020120070771A
公开(公告)日:2012-07-02
申请号:KR1020100132217
申请日:2010-12-22
Applicant: 한국전자통신연구원
CPC classification number: G06F21/577
Abstract: PURPOSE: An apparatus and a method for quantitative security policy evaluation are provided to quantitatively evaluate a security polity on a heterogeneous network through a quantitative evaluation model. CONSTITUTION: A security policy analyzing unit(102) analyzes a security policy of a network. An estimation reference defining unit(104) defines an evaluation standard. An estimation result calculating unit(106) calculates an evaluation result of each security component. A weight calculating unit(108) groups the security components according to a security function. A quantitative estimating unit(110) estimates a security polity of each group.
Abstract translation: 目的:提供定量安全策略评估的设备和方法,通过定量评估模型定量评估异构网络上的安全策略。 构成:安全策略分析单元(102)分析网络的安全策略。 估计参考定义单元(104)定义评估标准。 估计结果计算单元(106)计算每个安全组件的评估结果。 权重计算单元(108)根据安全功能对安全组件进行分组。 定量估计单元(110)估计每个组的安全性。
-
Patent Agency Ranking
公开(公告)号:KR1020110067375A
公开(公告)日:2011-06-22
申请号:KR1020090123947
申请日:2009-12-14
Applicant: 한국전자통신연구원
CPC classification number: G06F21/6281 , G06F11/3006
Abstract: PURPOSE: A method and apparatus for preventing leakage and misuse for the client's derivative personal information are provided to protect the client's derivative information from the leakage and misuse by the internal operator by automatically analyzing the work action of a service operator according to the security policy of the service provider and detecting the abnormal action of the service operator in real-time. CONSTITUTION: An method for preventing leakage and misuse for the client's derivative personal information includes the steps of: monitoring the Internet service operator's information search, the combination of the searched information with other information, and the usage of the derivative personal information derived from the searched information; and, if the matters on the violation of work by an operator is detected, executing handling of the violation of work for the individual Internet service operator(320). The range of using the client's information is different depending on the level of the client registered to the service and the level of the service operator.
Abstract translation: 目的:提供一种用于防止客户衍生个人信息泄漏和误用的方法和装置,以根据安全策略自动分析服务运营商的工作动作,保护客户的衍生信息免受内部运营商的泄漏和误用 服务提供商,并实时检测服务运营商的异常动作。 构成:用于防止客户衍生个人信息泄漏和误用的方法包括以下步骤:监控互联网服务运营商的信息搜索,搜索信息与其他信息的组合以及从搜索到的衍生个人信息的使用 信息; 并且如果检测到操作者违反工作的事项,则执行对个人互联网服务运营商(320)的违反工作的处理。 使用客户端信息的范围根据注册到服务的客户端的级别和服务运营商的级别而有所不同。
-
公开(公告)号:KR1020110064487A
公开(公告)日:2011-06-15
申请号:KR1020090121128
申请日:2009-12-08
Applicant: 한국전자통신연구원
CPC classification number: H04L63/12 , H04L63/0442 , H04N21/83
Abstract: PURPOSE: A method and apparatus for providing data freshness check of media data are provided to configure an SVC(Scalable Video Coding) and conversion information as a message digest with a feature and control information by layer. CONSTITUTION: A scalable media transmitter(100) transmits feature information and control information which are extracted from the encoded and converted scalable media data. A scalable media receiver(300) verifies the integrity of the scalable media. A secure directory(400) stores the characteristic information and control information. A scalable media reuse device(500) requests the retransmission of the scalable media to the scalable media receiver.
Abstract translation: 目的:提供一种用于提供媒体数据的数据新鲜度检查的方法和装置,用于将SVC(可缩放视频编码)和转换信息逐个配置为具有特征和控制信息的消息摘要。 构成:可扩展媒体发送器(100)发送从编码和转换的可伸缩媒体数据中提取的特征信息和控制信息。 可扩展媒体接收器(300)验证可伸缩媒体的完整性。 安全目录(400)存储特征信息和控制信息。 可扩展媒体重用设备(500)请求将可伸缩媒体重传到可伸缩媒体接收器。
-
公开(公告)号:KR1020110061415A
公开(公告)日:2011-06-09
申请号:KR1020090118059
申请日:2009-12-01
Applicant: 한국전자통신연구원
IPC: H04N21/2347 , H04N21/44 , H04N21/4405 , H04N21/266
CPC classification number: Y02W30/827 , H04N21/23476 , H04N21/234327 , H04N21/26613 , H04N21/44055
Abstract: PURPOSE: A real time content service method and an apparatus for the same are provided to secure a safety for whole service section by regulating security intensity based on a single security mechanism. CONSTITUTION: A secure memory generator(114) creates security message which recognizes encryption information of a media content. The media content is extracted by layers through an SVC(Scalable Video Coding) content layer extracting unit(112). A bit stream transmitter(116) transmits the security message and a media content extracted by the layers into a bit stream type. An interconnector(400) changes the media content into a reusable content.
Abstract translation: 目的:提供实时内容服务方法及其设备,以通过基于单个安全机制调节安全强度来确保整个服务部分的安全。 构成:安全存储器生成器(114)产生识别媒体内容的加密信息的安全消息。 通过SVC(可缩放视频编码)内容层提取单元(112),通过层提取媒体内容。 比特流发送器(116)将安全消息和由层提取的媒体内容发送到比特流类型。 互连器(400)将媒体内容更改为可重用的内容。
-
公开(公告)号:KR1020070061287A
公开(公告)日:2007-06-13
申请号:KR1020060083569
申请日:2006-08-31
Applicant: 한국전자통신연구원
CPC classification number: H04L63/0227 , G06Q20/206 , H04L63/101 , H04L63/1408
Abstract: A device and a method for protecting credit information and IP of a user against information denial attack are provided to block intrusion of malicious information, prevent illegal information leakage, prevent illegal action of an authorized user, and prevent an unauthorized user from malicious using the information by monitoring inbound/outbound contents in a network level. An inbound processor(201) blocks a harmful traffic by determining whether the harmful traffic is included in the inbound contents by using a black list. An integrated IAM(ID and Access Management)/NAM(Network Access Management) solution part(203) detects/blocks an internal abnormal action or fraud attack for the credit information and the IP by controlling user and device access. An outbound manager(202) prevents leakage of the credit information and the IP in the outbound contents by using a white list. The inbound processor determines the attack by combining a rule-based using a rule database and action-based attack determination result using a traffic action pattern.
Abstract translation: 提供了一种用于保护用户免受信息拒绝攻击的信用信息和IP的设备和方法,以阻止恶意信息的入侵,防止非法信息泄露,防止授权用户的非法操作,并防止未经授权的用户使用该信息进行恶意 通过监视网络级别的入站/出站内容。 入站处理器(201)通过使用黑名单来确定有害通信是否包括在入站内容中来阻止有害通信。 集成的IAM(ID和访问管理)/ NAM(网络访问管理)解决方案部分(203)通过控制用户和设备访问来检测/阻止信用信息和IP的内部异常动作或欺诈攻击。 出站管理器(202)通过使用白名单来防止信用信息和出站内容中的IP的泄漏。 入站处理器通过使用规则数据库和使用业务动作模式的基于动作的攻击确定结果组合基于规则的来确定攻击。
-
-
-
-
-
-
-
-
-
Search Results
106
records
(took 0.032 seconds)
