公开(公告)号：US08144603B2

公开(公告)日：2012-03-27

申请号：US12685736

申请日：2010-01-12

申请人： Hyoung-Kee Choi ,  Chan-Kyu Han

发明人： Hyoung-Kee Choi ,  Chan-Kyu Han

IPC分类号： H04L1/00

CPC分类号： H04L63/1416 ,  H04L41/0631 ,  H04L43/026 ,  H04L69/16 ,  H04L69/162

摘要： IP state-vector manager determines state vector value by updating token numbers of IP state vector according to source and destination IP addresses of the received packet, and obtains state number of state vector value by counting state vector value. Port-number state-vector manager determines state vector value by updating token numbers of port-number state vector according to source and destination token numbers of packet, and obtains state number of state vector value by counting state vector value. Entropy calculator calculates entropies related to IP address and port number, based on number and state number of state vector values related to IP state vector and port-number state vector. Anomalous event determiner determines whether there is anomalous event in network based on calculated entropies. Anomalous event can be efficiently detected with minimized false negative and positive rates.

摘要翻译： IP状态向量管理器通过根据接收到的分组的源和目的地IP地址更新IP状态向量的令牌号来确定状态向量值，并且通过计数状态向量值来获得状态向量值的状态数。 端口号状态向量管理器通过根据报文的源和目标令牌号更新端口号状态向量的令牌号来确定状态向量值，并通过计数状态向量值获取状态向量值的状态数。 熵计算器根据与IP状态向量和端口号状态向量相关的状态向量值的数量和状态数量，计算与IP地址和端口号相关的熵。 基于计算熵，异常事件确定器确定网络中是否存在异常事件。 可以以最小的假阴性和阳性率有效地检测异常事件。

公开(公告)号：US20110141915A1

公开(公告)日：2011-06-16

申请号：US12685736

申请日：2010-01-12

申请人： Hyoung-Kee CHOI ,  Chan-Kyu Han

发明人： Hyoung-Kee CHOI ,  Chan-Kyu Han

IPC分类号： H04L12/56 ,  H04L12/26

CPC分类号： H04L63/1416 ,  H04L41/0631 ,  H04L43/026 ,  H04L69/16 ,  H04L69/162

摘要： IP state-vector manager determines state vector value by updating token numbers of IP state vector according to source and destination IP addresses of the received packet, and obtains state number of state vector value by counting state vector value. Port-number state-vector manager determines state vector value by updating token numbers of port-number state vector according to source and destination token numbers of packet, and obtains state number of state vector value by counting state vector value. Entropy calculator calculates entropies related to IP address and port number, based on number and state number of state vector values related to IP state vector and port-number state vector. Anomalous event determiner determines whether there is anomalous event in network based on calculated entropies. Anomalous event can be efficiently detected with minimized false negative and positive rates.

摘要翻译： IP状态向量管理器通过根据接收到的分组的源和目的地IP地址更新IP状态向量的令牌号来确定状态向量值，并且通过计数状态向量值来获得状态向量值的状态数。 端口号状态向量管理器通过根据报文的源和目标令牌号更新端口号状态向量的令牌号来确定状态向量值，并通过计数状态向量值获取状态向量值的状态数。 熵计算器根据与IP状态向量和端口号状态向量相关的状态向量值的数量和状态数量，计算与IP地址和端口号相关的熵。 基于计算熵，异常事件确定器确定网络中是否存在异常事件。 可以以最小的假阴性和阳性率有效地检测异常事件。

公开(公告)号：US08145906B2

公开(公告)日：2012-03-27

申请号：US12391374

申请日：2009-02-24

申请人： Hyoung Kee Choi ,  Se Hwa Song ,  Eun Young Lee ,  Yi Jin Im ,  In Hwan Kim ,  Yae Hoe Kim

发明人： Hyoung Kee Choi ,  Se Hwa Song ,  Eun Young Lee ,  Yi Jin Im ,  In Hwan Kim ,  Yae Hoe Kim

IPC分类号： H04L29/06

CPC分类号： H04W12/12 ,  H04L63/1466 ,  H04W8/04 ,  H04W12/10 ,  H04W80/04

摘要： Provided is a binding update method in MIPv6 which includes: a first step of generating, with a mobile node, a HoTI (Home Test Init) message and transmitting the HoTI message to a corresponding node; a second step of generating a CoTI (Care of Test Init) message and transmitting the CoTI message to the corresponding node; a third step of generating, with the corresponding node, a HoT (Home of Test) message and transmitting the HoT message to the mobile node; a fourth step of generating a CoT (Care-of Test) message and transmitting the CoT message to the mobile node; a fifth step of generating, with the mobile node, a BU (Binding Update) message and transmitting the BU message to the corresponding node; and a sixth step of verifying, with the corresponding node, the BU message and transmitting a BA (Binding Ack) message to the mobile node.

摘要翻译： 提供了一种MIPv6中的绑定更新方法，其包括：用移动节点生成HoTI（家庭测试初始化​​）消息并将HoTI消息发送到对应节点的第一步骤; 产生CoTI（关心测试初始化​​）消息并将CoTI消息发送到对应节点的第二步骤; 用对应的节点生成HoT（测试家庭）消息并向移动节点发送HoT消息的第三步骤; 生成CoT（转交测试）消息并向移动节点发送CoT消息的第四步骤; 用移动节点生成BU（绑定更新）消息并将BU消息发送到对应节点的第五步骤; 以及第六步骤，用对应的节点验证BU消息并向移动节点发送BA（绑定确认）消息。

公开(公告)号：US20090214043A1

公开(公告)日：2009-08-27

申请号：US12325958

申请日：2008-12-01

申请人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

发明人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

IPC分类号： H04L9/08 ,  H04L9/06

CPC分类号： H04L9/0833 ,  H04L9/0866 ,  H04L9/0869 ,  H04L2209/601 ,  H04L2209/80

摘要： A method of and an authentication server for distributing a key are disclosed. According to an embodiment of the present invention, the method of distributing a key, which is distributed by an authentication server connected with wireless terminals through a communication network, for encrypting and decrypting data in accordance with providing a service can include: obtaining characteristic information by decrypting encrypted characteristic information that has been received from each of n number of wireless terminals; generating a random key; generating a group key used for encrypting and decrypting data in accordance with providing a service; and generating a distribution key by using the random key, the group key and the characteristic information, and transmitting the distribution key to each wireless terminal.

摘要翻译： 公开了一种用于分发密钥的方法和认证服务器。 根据本发明的实施例，通过通信网络与无线终端连接的认证服务器分发的密钥分配方法，用于根据提供服务对数据进行加密和解密，包括：通过以下方式获得特征信息： 解密从n个无线终端中的每一个接收到的加密特征信息; 产生随机密钥; 根据提供服务产生用于加密和解密数据的组密钥; 以及通过使用所述随机密钥，所述组密钥和所述特征信息来生成分发密钥，并将所述分发密钥发送到每个无线终端。

公开(公告)号：US20090029677A1

公开(公告)日：2009-01-29

申请号：US12040247

申请日：2008-02-29

申请人： Hyoung-Kee CHOI ,  Chan-Kyu Han

发明人： Hyoung-Kee CHOI ,  Chan-Kyu Han

IPC分类号： H04M1/66

CPC分类号： H04L63/0869 ,  H04L63/0807 ,  H04L63/083 ,  H04W12/06 ,  H04W36/00

摘要： A method of mobile authentication with enhanced mutual authentication and handover security is disclosed. The method of mutual authentication in a mobile network in accordance with an embodiment of the present invention includes: generating at least one service ticket and session key corresponding to a mobile station in accordance with an authentication data request for the mobile station; encrypting the service ticket and the session key by using a user security key pre-assigned in accordance with the mobile station; sending the encrypted service ticket and session key to the mobile station by using a control message; and authenticating the mobile station by analyzing user mutual authentication information received from the mobile station. The present invention, therefore, can provide a more powerful and effective mutual authentication method in a mobile network.

摘要翻译： 公开了一种具有增强的相互认证和切换安全性的移动认证方法。 根据本发明的实施例的移动网络中的相互认证方法包括：根据对移动台的认证数据请求生成对应于移动台的至少一个服务票证和会话密钥; 通过使用根据移动台预分配的用户安全密钥来加密服务票据和会话密钥; 通过使用控制消息将加密的服务票据和会话密钥发送到移动台; 并通过分析从移动台接收到的用户相互认证信息来认证移动台。 因此，本发明可以在移动网络中提供更强大和有效的相互认证方法。

公开(公告)号：US08850205B2

公开(公告)日：2014-09-30

申请号：US12325958

申请日：2008-12-01

申请人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

发明人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04W12/04 ,  H04L9/08

CPC分类号： H04L9/0833 ,  H04L9/0866 ,  H04L9/0869 ,  H04L2209/601 ,  H04L2209/80

摘要： A method of and an authentication server for distributing a key are disclosed. According to an embodiment of the present invention, the method of distributing a key, which is distributed by an authentication server connected with wireless terminals through a communication network, for encrypting and decrypting data in accordance with providing a service can include: obtaining characteristic information by decrypting encrypted characteristic information that has been received from each of n number of wireless terminals; generating a random key; generating a group key used for encrypting and decrypting data in accordance with providing a service; and generating a distribution key by using the random key, the group key and the characteristic information, and transmitting the distribution key to each wireless terminal.

摘要翻译： 公开了一种用于分发密钥的方法和认证服务器。 根据本发明的实施例，通过通信网络与无线终端连接的认证服务器分发的密钥分配方法，用于根据提供业务对数据进行加密和解密，包括：通过以下方式获得特征信息： 解密从n个无线终端中的每一个接收到的加密特征信息; 产生随机密钥; 根据提供服务产生用于加密和解密数据的组密钥; 以及通过使用所述随机密钥，所述组密钥和所述特征信息来生成分发密钥，并将所述分发密钥发送到每个无线终端。

公开(公告)号：US08090350B2

公开(公告)日：2012-01-03

申请号：US12047503

申请日：2008-03-13

申请人： Hyoung-Kee Choi ,  Sung-Jae Cho

发明人： Hyoung-Kee Choi ,  Sung-Jae Cho

IPC分类号： H04M1/66

CPC分类号： H04W12/12 ,  G06Q20/3674 ,  H04W12/06 ,  H04W88/02

摘要： Provided is a resynchronization method of a mobile communication terminal. The resynchronization method for a mobile communication terminal connected to a home location register and a mobile communication network, includes: extracting a communication network serial number corresponding to a terminal authentication request instruction received from a mobile communication network; comparing the communication network serial number with a terminal serial number stored in a predetermined memory; generating nth terminal synchronization failure information if the communication network serial number is smaller than the terminal serial number, where n is a nature number; and transmitting the generated nth terminal synchronization failure information to the home location register. The home location register ends a resynchronization procedure if the nth terminal synchronization failure information is smaller than previously stored (n−1)th communication network synchronization failure information.

摘要翻译： 提供了一种移动通信终端的再同步方法。 连接到归属位置寄存器和移动通信网络的移动通信终端的再同步方法包括：提取与从移动通信网络接收的终端认证请求指令相对应的通信网络序列号; 将通信网络序列号与存储在预定存储器中的终端序列号进行比较; 如果通信网络序列号小于终端序列号，则生成第n个终端同步失败信息，其中n是性质号码; 以及将所生成的第n个终端同步失败信息发送到本地位置寄存器。 如果第n个终端同步失败信息小于先前存储的第（n-1）个通信网络同步失败信息，则归属位置寄存器结束重新同步过程。

公开(公告)号：US20100031356A1

公开(公告)日：2010-02-04

申请号：US12391374

申请日：2009-02-24

申请人： Hyoung Kee CHOI ,  Se Hwa SONG ,  Eun Young LEE ,  Yi Jin IM ,  In Hwan KIM ,  Yae Hoe KIM

发明人： Hyoung Kee CHOI ,  Se Hwa SONG ,  Eun Young LEE ,  Yi Jin IM ,  In Hwan KIM ,  Yae Hoe KIM

IPC分类号： G06F21/00

CPC分类号： H04W12/12 ,  H04L63/1466 ,  H04W8/04 ,  H04W12/10 ,  H04W80/04

摘要： A binding update method in MIPv6 is provided which includes: a first step of allowing a mobile node to generate a HoTI (Home Test Init) message including a HoA (Home Address) encoded with a product of a first prime number and a second prime number and to transmit the HoTI message to a corresponding node through a home agent along with a first index; a second step of allowing the mobile node to generate a CoTI (Care of Test Init) message including a CoA (Care-of Address) encoded with a product of the first prime number and a third prime number and to transmit the CoTI message directly to the corresponding node along with a second index; a third step of allowing the corresponding node to generate a HoT (Home of Test) message including a first nonce and to transmit the HoT message to the mobile node through the home agent; a fourth step of allowing the corresponding node to generate a CoT (Care-of Test) message including a second nonce and to transmit the CoT message to the mobile node; a fifth step of allowing the mobile node to generate a BU (Binding Update) message by adding the first prime number to the first nonce and the second nonce included in the HoT message and the CoT message and to transmit the BU message to the corresponding node; and a sixth step of allowing the corresponding node to verify the BU message using an exclusive OR operation and a factorization operation in prime numbers with the first prime number and to transmit a BA (Binding Ack) message to the mobile node.

摘要翻译： 提供了一种MIPv6中的绑定更新方法，其包括：允许移动节点生成包含用第一素数和第二素数的乘积编码的HoA（归属地址）的HoTI（家庭测试初始化​​）消息的第一步骤 并且通过归属代理与第一索引一起将HoTI消息发送到对应的节点; 允许移动节点生成包含用第一素数和第三素数的乘积编码的CoA（转交地址）的CoTI（关怀测试初始）消息的第二步骤，并且将CoTI消息直接发送到 相应的节点连同第二个索引; 允许对应节点生成包括第一随机数的HoT（测试归属）消息并通过归属代理向移动节点发送HoT消息的第三步骤; 允许对应节点生成包括第二随机数的CoT（转交测试）消息并将CoT消息发送到移动节点的第四步骤; 第五步骤，通过将包括在HoT消息和CoT消息中的第一随机数和第二随机数添加第一素数并允许移动节点向相应节点发送BU消息来产生BU（绑定更新）消息 ; 以及允许相应节点使用异或运算和具有第一素数的质数的分解操作来验证该BU消息并向移动节点发送BA（绑定确认）消息的第六步骤。

公开(公告)号：US20090029678A1

公开(公告)日：2009-01-29

申请号：US12047503

申请日：2008-03-13

申请人： Hyoung-Kee Choi ,  Sung-Jae Cho

发明人： Hyoung-Kee Choi ,  Sung-Jae Cho

IPC分类号： H04M1/66 ,  H04J3/06

CPC分类号： H04W12/12 ,  G06Q20/3674 ,  H04W12/06 ,  H04W88/02

摘要： Provided is a resynchronization method of a mobile communication terminal. The resynchronization method for a mobile communication terminal connected to a home location register and a mobile communication network, includes: extracting a communication network serial number corresponding to a terminal authentication request instruction received from a mobile communication network; comparing the communication network serial number with a terminal serial number stored in a predetermined memory; generating nth terminal synchronization failure information if the communication network serial number is smaller than the terminal serial number, where n is a nature number; and transmitting the generated nth terminal synchronization failure information to the home location register. The home location register ends a resynchronization procedure if the nth terminal synchronization failure information is smaller than previously stored (n−1)th communication network synchronization failure information.

摘要翻译： 提供了一种移动通信终端的再同步方法。 连接到归属位置寄存器和移动通信网络的移动通信终端的再同步方法包括：提取与从移动通信网络接收的终端认证请求指令相对应的通信网络序号; 将通信网络序列号与存储在预定存储器中的终端序列号进行比较; 如果通信网络序列号小于终端序列号，则生成第n个终端同步失败信息，其中n是性质号码; 以及将所生成的第n个终端同步失败信息发送到本地位置寄存器。 如果第n个终端同步失败信息小于先前存储的第（n-1）个通信网络同步失败信息，则归属位置寄存器结束再同步过程。

公开(公告)号：US08112065B2

公开(公告)日：2012-02-07

申请号：US12040247

申请日：2008-02-29

申请人： Hyoung-Kee Choi ,  Chan-Kyu Han

发明人： Hyoung-Kee Choi ,  Chan-Kyu Han

IPC分类号： H04M1/66

CPC分类号： H04L63/0869 ,  H04L63/0807 ,  H04L63/083 ,  H04W12/06 ,  H04W36/00

摘要： A method of mobile authentication with enhanced mutual authentication and handover security is disclosed. The method of mutual authentication in a mobile network in accordance with an embodiment of the present invention includes: generating at least one service ticket and session key corresponding to a mobile station in accordance with an authentication data request for the mobile station; encrypting the service ticket and the session key by using a user security key pre-assigned in accordance with the mobile station; sending the encrypted service ticket and session key to the mobile station by using a control message; and authenticating the mobile station by analyzing user mutual authentication information received from the mobile station. The present invention, therefore, can provide a more powerful and effective mutual authentication method in a mobile network.

摘要翻译： 公开了一种具有增强的相互认证和切换安全性的移动认证方法。 根据本发明的实施例的移动网络中的相互认证方法包括：根据移动台的认证数据请求生成对应于移动台的至少一个服务票证和会话密钥; 通过使用根据移动台预分配的用户安全密钥来加密服务票据和会话密钥; 通过使用控制消息将加密的服务票据和会话密钥发送到移动台; 并通过分析从移动台接收到的用户相互认证信息来认证移动台。 因此，本发明可以在移动网络中提供更强大和有效的相互认证方法。