公开(公告)号：US20070150954A1

公开(公告)日：2007-06-28

申请号：US11604229

申请日：2006-11-27

申请人： Tae-Shik Shon

发明人： Tae-Shik Shon

IPC分类号： G06F12/14

CPC分类号： H04L63/1416 ,  H04L63/1425

摘要： In a system and method for detecting network intrusion, the system comprises: a packet capturer which captures at least one packet on a network; a preprocessor which provides feature values dependent on features of each packet captured by the packet capturer; and a learning engine for classifying patterns dependent on the feature values provided by the preprocessor into two different pattern sets, and for selecting one pattern set having more elements from the pattern sets as a reference set so as to detect network intrusion. The network intrusion detection system and method do not depend on historical data according to known attack patterns, and thus not only detect a changed attack pattern but also efficiently detect network intrusion.

摘要翻译： 在用于检测网络入侵的系统和方法中，该系统包括：捕获网络上的至少一个分组的分组捕获器; 预处理器，其提供取决于由分组捕获器捕获的每个分组的特征的特征值; 以及学习引擎，用于根据预处理器提供的特征值将模式分类为两个不同的模式集合，并且用于从模式集合中选择具有更多元素的一个模式集作为参考集，以便检测网络入侵。 网络入侵检测系统和方法根据已知的攻击模式不依赖于历史数据，因此不仅可以检测更改的攻击格局，还可以有效地检测网络入侵。

公开(公告)号：US08477948B2

公开(公告)日：2013-07-02

申请号：US12949246

申请日：2010-11-18

申请人： Tae-Shik Shon ,  Yong-Suk Park ,  Jeong-Sik In

发明人： Tae-Shik Shon ,  Yong-Suk Park ,  Jeong-Sik In

IPC分类号： H04L29/06

CPC分类号： H04W12/04 ,  H04W12/06

摘要： A channel connection of a device that performs short range wireless communication is provided. If a public key that is broadcast by a specified device is received, the device encrypts its own UID (Unique Identifier) using the public key to transmit the encrypted UID to the specified device, transmits a pairing request to the specified device, and safely receives a key seed from the specified device using a security address included in a pairing device and the UID to form a security channel with the specified device.

摘要翻译： 提供了执行短距离无线通信的设备的信道连接。 如果接收到指定设备广播的公钥，则设备使用公钥对其自己的UID（唯一标识符）进行加密，将加密的UID发送到指定的设备，将配对请求发送到指定的设备，并安全接收 使用配对设备中包含的安全地址的指定设备的密钥种子，以及与指定设备形成安全通道的UID。

公开(公告)号：US08335918B2

公开(公告)日：2012-12-18

申请号：US12238578

申请日：2008-09-26

申请人： Tae-Shik Shon ,  Sun-Gi Kim ,  Hyo-Hyun Choi

发明人： Tae-Shik Shon ,  Sun-Gi Kim ,  Hyo-Hyun Choi

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/12 ,  H04L63/1466 ,  H04L63/162

摘要： A medium access control (MAC) frame provision method establishes security in an IEEE 802.15.4 network. A MAC frame is generated, which includes a MAC header, a payload field, and a frame check sequence (FCS) field, the payload field including relevant main data according to a frame type defined in the MAC header. A disguised decoy data sequence number (DSN) is generated and inserted into the MAC header. A real DSN, which is a corresponding transmission sequence number of the MAC frame, is generated and inserted into the payload field. The MAC frame is transmitted, including the encrypted payload field, to a counterpart node. A MAC ACK frame acknowledges reception of the transmitted MAC frame; and a DSN is compared in the received MAC ACK frame with the real DSN. An authentication of the counterpart node is performed when the received MAC ACK frame is equal to the real DSN.

摘要翻译： 介质访问控制（MAC）帧提供方法在IEEE 802.15.4网络中建立安全性。 生成MAC帧，其包括MAC头，有效载荷字段和帧校验序列（FCS）字段，所述有效负载字段根据在MAC报头中定义的帧类型包括相关主数据。 生成伪装的诱饵数据序列号（DSN）并将其插入到MAC头中。 产生作为MAC帧的相应传输序列号的真实DSN并将其插入到有效载荷字段中。 将MAC帧发送到对方节点，包括加密的有效载荷字段。 MAC ACK帧确认所发送的MAC帧的接收; 并且在接收到的MAC ACK帧中与DSN进行比较。 当接收的MAC ACK帧等于实际DSN时，执行对方节点的认证。

公开(公告)号：US20120020298A1

公开(公告)日：2012-01-26

申请号：US13189831

申请日：2011-07-25

申请人： Tae-shik SHON ,  Jeong-sik IN

发明人： Tae-shik SHON ,  Jeong-sik IN

IPC分类号： H04W92/00

CPC分类号： H04W48/18 ,  H04W88/06

摘要： A method and apparatus for selecting a wireless personal area network (WPAN) based adaptive radio frequency (RF) interface. The method includes obtaining RF interface information by establishing a WPAN based network connection with a target RF device; selecting an RF interface from among a plurality of RF interfaces using the obtained RF interface information, based on characteristics of applications and a network load; and establishing the selected RF interface by negotiating about the selected RF interface with the target RF device.

摘要翻译： 一种用于选择基于无线个域网（WPAN）的自适应射频（RF）接口的方法和装置。 该方法包括通过与目标RF设备建立基于WPAN的网络连接来获得RF接口信息; 基于应用的特征和网络负载，使用所获得的RF接口信息从多个RF接口中选择RF接口; 以及通过与目标RF设备协商关于所选择的RF接口来建立所选择的RF接口。

公开(公告)号：US20110126015A1

公开(公告)日：2011-05-26

申请号：US12954279

申请日：2010-11-24

申请人： Tae-Shik SHON ,  Yong-Suk Park ,  Kyu-Suk Han ,  Kwang-Jo Kim ,  Jang-Seong Kim

发明人： Tae-Shik SHON ,  Yong-Suk Park ,  Kyu-Suk Han ,  Kwang-Jo Kim ,  Jang-Seong Kim

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： H04W12/06 ,  H04L63/0884

摘要： A system is provided for authentication between a mobile device (MD) and a sink using a mobile communication network. If a sink authentication request for the sink is received from the MD, a base station (BS) sends a sink authentication response including sink authentication information for the sink, to the MD. The MD forwards the sink authentication request for the sink to the BS, and if a sink authentication response is received from the BS, authenticates the sink using the received sink authentication information. The sink performs authentication with the MD.

摘要翻译： 提供了一种用于使用移动通信网络在移动设备（MD）和接收机之间进行认证的系统。 如果从MD接收到宿的接收器认证请求，则基站（BS）向MD发送包括宿的接收认证信息的接收认证响应。 MD将宿的接收认证请求转发给BS，并且如果从BS接收到接收器认证响应，则使用接收的接收认证信息来认证接收器。 接收端用MD执行认证。

公开(公告)号：US20100332831A1

公开(公告)日：2010-12-30

申请号：US12823694

申请日：2010-06-25

申请人： Tae-Shik SHON ,  Yong-Suk Park ,  Soon-Seob Han ,  Kwang-Jo Kim ,  Kyu-Suk Han ,  Jang-Seong Kim

发明人： Tae-Shik SHON ,  Yong-Suk Park ,  Soon-Seob Han ,  Kwang-Jo Kim ,  Kyu-Suk Han ,  Jang-Seong Kim

IPC分类号： H04L9/32

CPC分类号： H04L9/0833 ,  H04L9/3213 ,  H04L2209/805

摘要： A method and apparatus for authenticating a sensor node in a sensor network. The method for authenticating a sensor node by a first sink node in a sensor network includes receiving an authentication request using an authentication ticket from the sensor node, identifying a second sink node which has issued the authentication ticket, decoding the authentication ticket using a group key, which is previously stored in correspondence to the second sink node to confirm the validity of the authentication ticket, when the second sink node is included in a neighboring node list, normally processing authentication for the sensor node, generating an authentication ticket using a group key of the first sink node, and transmitting the generated authentication ticket to the sensor node.

摘要翻译： 一种用于认证传感器网络中的传感器节点的方法和装置。 用于通过传感器网络中的第一汇点认证传感器节点的方法包括使用来自传感器节点的认证券接收认证请求，识别发出认证券的第二接收节点，使用组密钥解码认证券 ，当第二宿节点被包括在相邻节点列表中时，通常对传感器节点进行处理认证，使用组密钥生成认证券 并且将所生成的认证券发送到所述传感器节点。

公开(公告)号：US20100088510A1

公开(公告)日：2010-04-08

申请号：US12572959

申请日：2009-10-02

申请人： Tae-Shik SHON ,  Hyo-Hyun Choi ,  Bon-Hyun Koo

发明人： Tae-Shik SHON ,  Hyo-Hyun Choi ,  Bon-Hyun Koo

IPC分类号： H04L9/00

CPC分类号： H04L63/20 ,  H04L67/125 ,  H04L67/303 ,  H04W84/18

摘要： An apparatus and method for providing data packet security in a wireless sensor network including a plurality of sensor nodes. The apparatus includes a memory unit for storing a plurality of node characteristic information and a plurality of settable security status information, each of the node characteristic information corresponding to at least one of the settable security status information; and a control unit for examining the node characteristic information of the control unit, if a data packet generation request is made, detecting the security status information corresponding to the examined node characteristic information from the memory unit, and generating data packets including the detected security status information.

摘要翻译： 一种用于在包括多个传感器节点的无线传感器网络中提供数据分组安全性的装置和方法。 该装置包括存储单元，用于存储多个节点特征信息和多个可设置的安全状态信息，每个节点特征信息对应于可设置的安全状态信息中的至少一个; 以及控制单元，用于检查所述控制单元的节点特征信息，如果进行数据分组生成请求，则从所述存储器单元检测与所检查的节点特征信息相对应的安全状态信息，以及生成包括检测到的安全状态的数据分组 信息。

公开(公告)号：US20100026686A1

公开(公告)日：2010-02-04

申请号：US12262291

申请日：2008-10-31

申请人： Bon Hyun KOO ,  Wook Choi ,  Hyo Hyun Choi ,  Tae Shik Shon

发明人： Bon Hyun KOO ,  Wook Choi ,  Hyo Hyun Choi ,  Tae Shik Shon

IPC分类号： H04L12/28 ,  G06T11/20

CPC分类号： H04W24/00 ,  H04L41/12 ,  H04L41/22 ,  H04W84/18

摘要： A method, apparatus and system for displaying topology information of a wireless sensor network includes a plurality of sensor nodes. The method typically includes: receiving node information collected and extracted from the sensor nodes; comparing the received node information with stored node information; computing, when the received node information is unequal to the stored node information, visualization information on a sensor node whose information is not present in the stored node information; and displaying the sensor nodes on concentric circles using the visualization information.

摘要翻译： 用于显示无线传感器网络的拓扑信息的方法，装置和系统包括多个传感器节点。 该方法通常包括：从传感器节点接收收集和提取的节点信息; 将接收到的节点信息与存储的节点信息进行比较; 当所接收的节点信息不等于所存储的节点信息时，计算其信息不存在于所存储的节点信息中的传感器节点上的可视化信息; 并使用可视化信息在同心圆上显示传感器节点。

公开(公告)号：US20090185538A1

公开(公告)日：2009-07-23

申请号：US12354875

申请日：2009-01-16

申请人： Hyo Hyun Choi ,  Sun Gi Kim ,  Tae Shik Shon ,  Jin Ho Kim ,  Choong Seon Hong

发明人： Hyo Hyun Choi ,  Sun Gi Kim ,  Tae Shik Shon ,  Jin Ho Kim ,  Choong Seon Hong

IPC分类号： H04W4/00 ,  H04W84/12

CPC分类号： H04W8/02 ,  H04W48/14 ,  H04W80/04 ,  H04W84/005 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/22

摘要： A mobility management system and method is provided for efficiently support mobility to an IPv6 based LoWpan. The mobility management method for Internet Protocol version 6 (IPv6) based personal area network (PAN) moving with a mobile router according to the present invention includes detecting, at a mobile terminal, movement of the mobile router; determining whether the movement is an intra-network movement or an inter-network movement, transmitting, when the movement is an intra-network movement, a neighbor discovery request message to a gateway of a currently attached network and receiving a neighbor discovery response message containing a temporary address transmitted by the gateway in response to the neighbor discovery request message. When the movement is an inter-network movement, the gateway receives the binding acknowledgement message from a home agent and establishes a bidirectional tunnel with the home agent.

摘要翻译： 提供了一种移动性管理系统和方法，用于有效地支持基于IPv6的LoWpan的移动性。 根据本发明的用移动路由器移动的基于互联网协议版本6（IPv6）的个人区域网（PAN）的移动性管理方法包括在移动终端处检测移动路由器的移动; 确定移动是网络内移动还是网络间移动，当移动是网络内移动时，向当前附接网络的网关发送邻居发现请求消息，并且接收包含以下内容的邻居发现响应消息： 由所述网关响应于所述邻居发现请求消息而发送的临时地址。 当移动是网络间移动时，网关从归属代理接收绑定确认消息，并与归属代理建立双向隧道。

公开(公告)号：US20090089577A1

公开(公告)日：2009-04-02

申请号：US12238578

申请日：2008-09-26

申请人： Tae-Shik SHON ,  Sun-Gi Kim ,  Hyo-Hyun Choi

发明人： Tae-Shik SHON ,  Sun-Gi Kim ,  Hyo-Hyun Choi

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/12 ,  H04L63/1466 ,  H04L63/162

摘要： A medium access control (MAC) frame provision method establishes security in an IEEE 802.15.4 network. A MAC frame is generated, which includes a MAC header, a payload field, and a frame check sequence (FCS) field, the payload field including relevant main data according to a frame type defined in the MAC header. A disguised decoy data sequence number (DSN) is generated and inserted into the MAC header. A real DSN, which is a corresponding transmission sequence number of the MAC frame, is generated and inserted into the payload field. The MAC frame is transmitted, including the encrypted payload field, to a counterpart node. A MAC ACK frame acknowledges reception of the transmitted MAC frame; and a DSN is compared in the received MAC ACK frame with the real DSN. An authentication of the counterpart node is performed when the received MAC ACK frame is equal to the real DSN.

摘要翻译： 介质访问控制（MAC）帧提供方法在IEEE 802.15.4网络中建立安全性。 生成MAC帧，其包括MAC头，有效载荷字段和帧校验序列（FCS）字段，所述有效负载字段根据在MAC报头中定义的帧类型包括相关主数据。 生成伪装的诱饵数据序列号（DSN）并将其插入到MAC头中。 产生作为MAC帧的相应传输序列号的真实DSN并将其插入到有效载荷字段中。 将MAC帧发送到对方节点，包括加密的有效载荷字段。 MAC ACK帧确认所发送的MAC帧的接收; 并且在接收到的MAC ACK帧中与DSN进行比较。 当接收的MAC ACK帧等于实际DSN时，执行对方节点的认证。