公开(公告)号：US08144603B2

公开(公告)日：2012-03-27

申请号：US12685736

申请日：2010-01-12

申请人： Hyoung-Kee Choi ,  Chan-Kyu Han

发明人： Hyoung-Kee Choi ,  Chan-Kyu Han

IPC分类号： H04L1/00

CPC分类号： H04L63/1416 ,  H04L41/0631 ,  H04L43/026 ,  H04L69/16 ,  H04L69/162

摘要： IP state-vector manager determines state vector value by updating token numbers of IP state vector according to source and destination IP addresses of the received packet, and obtains state number of state vector value by counting state vector value. Port-number state-vector manager determines state vector value by updating token numbers of port-number state vector according to source and destination token numbers of packet, and obtains state number of state vector value by counting state vector value. Entropy calculator calculates entropies related to IP address and port number, based on number and state number of state vector values related to IP state vector and port-number state vector. Anomalous event determiner determines whether there is anomalous event in network based on calculated entropies. Anomalous event can be efficiently detected with minimized false negative and positive rates.

摘要翻译： IP状态向量管理器通过根据接收到的分组的源和目的地IP地址更新IP状态向量的令牌号来确定状态向量值，并且通过计数状态向量值来获得状态向量值的状态数。 端口号状态向量管理器通过根据报文的源和目标令牌号更新端口号状态向量的令牌号来确定状态向量值，并通过计数状态向量值获取状态向量值的状态数。 熵计算器根据与IP状态向量和端口号状态向量相关的状态向量值的数量和状态数量，计算与IP地址和端口号相关的熵。 基于计算熵，异常事件确定器确定网络中是否存在异常事件。 可以以最小的假阴性和阳性率有效地检测异常事件。

公开(公告)号：US08112065B2

公开(公告)日：2012-02-07

申请号：US12040247

申请日：2008-02-29

申请人： Hyoung-Kee Choi ,  Chan-Kyu Han

发明人： Hyoung-Kee Choi ,  Chan-Kyu Han

IPC分类号： H04M1/66

CPC分类号： H04L63/0869 ,  H04L63/0807 ,  H04L63/083 ,  H04W12/06 ,  H04W36/00

摘要： A method of mobile authentication with enhanced mutual authentication and handover security is disclosed. The method of mutual authentication in a mobile network in accordance with an embodiment of the present invention includes: generating at least one service ticket and session key corresponding to a mobile station in accordance with an authentication data request for the mobile station; encrypting the service ticket and the session key by using a user security key pre-assigned in accordance with the mobile station; sending the encrypted service ticket and session key to the mobile station by using a control message; and authenticating the mobile station by analyzing user mutual authentication information received from the mobile station. The present invention, therefore, can provide a more powerful and effective mutual authentication method in a mobile network.

摘要翻译： 公开了一种具有增强的相互认证和切换安全性的移动认证方法。 根据本发明的实施例的移动网络中的相互认证方法包括：根据移动台的认证数据请求生成对应于移动台的至少一个服务票证和会话密钥; 通过使用根据移动台预分配的用户安全密钥来加密服务票据和会话密钥; 通过使用控制消息将加密的服务票据和会话密钥发送到移动台; 并通过分析从移动台接收到的用户相互认证信息来认证移动台。 因此，本发明可以在移动网络中提供更强大和有效的相互认证方法。

公开(公告)号：US20090214043A1

公开(公告)日：2009-08-27

申请号：US12325958

申请日：2008-12-01

申请人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

发明人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

IPC分类号： H04L9/08 ,  H04L9/06

CPC分类号： H04L9/0833 ,  H04L9/0866 ,  H04L9/0869 ,  H04L2209/601 ,  H04L2209/80

摘要： A method of and an authentication server for distributing a key are disclosed. According to an embodiment of the present invention, the method of distributing a key, which is distributed by an authentication server connected with wireless terminals through a communication network, for encrypting and decrypting data in accordance with providing a service can include: obtaining characteristic information by decrypting encrypted characteristic information that has been received from each of n number of wireless terminals; generating a random key; generating a group key used for encrypting and decrypting data in accordance with providing a service; and generating a distribution key by using the random key, the group key and the characteristic information, and transmitting the distribution key to each wireless terminal.

摘要翻译： 公开了一种用于分发密钥的方法和认证服务器。 根据本发明的实施例，通过通信网络与无线终端连接的认证服务器分发的密钥分配方法，用于根据提供服务对数据进行加密和解密，包括：通过以下方式获得特征信息： 解密从n个无线终端中的每一个接收到的加密特征信息; 产生随机密钥; 根据提供服务产生用于加密和解密数据的组密钥; 以及通过使用所述随机密钥，所述组密钥和所述特征信息来生成分发密钥，并将所述分发密钥发送到每个无线终端。

公开(公告)号：US08850205B2

公开(公告)日：2014-09-30

申请号：US12325958

申请日：2008-12-01

申请人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

发明人： Hyoung-Kee Choi ,  Jung-Yoon Kim ,  Do-Hyun Kwon ,  Eun-Young Lee ,  In-Hwan Kim ,  Se-Hwa Song

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04W12/04 ,  H04L9/08

CPC分类号： H04L9/0833 ,  H04L9/0866 ,  H04L9/0869 ,  H04L2209/601 ,  H04L2209/80

摘要： A method of and an authentication server for distributing a key are disclosed. According to an embodiment of the present invention, the method of distributing a key, which is distributed by an authentication server connected with wireless terminals through a communication network, for encrypting and decrypting data in accordance with providing a service can include: obtaining characteristic information by decrypting encrypted characteristic information that has been received from each of n number of wireless terminals; generating a random key; generating a group key used for encrypting and decrypting data in accordance with providing a service; and generating a distribution key by using the random key, the group key and the characteristic information, and transmitting the distribution key to each wireless terminal.

摘要翻译： 公开了一种用于分发密钥的方法和认证服务器。 根据本发明的实施例，通过通信网络与无线终端连接的认证服务器分发的密钥分配方法，用于根据提供业务对数据进行加密和解密，包括：通过以下方式获得特征信息： 解密从n个无线终端中的每一个接收到的加密特征信息; 产生随机密钥; 根据提供服务产生用于加密和解密数据的组密钥; 以及通过使用所述随机密钥，所述组密钥和所述特征信息来生成分发密钥，并将所述分发密钥发送到每个无线终端。

公开(公告)号：US08090350B2

公开(公告)日：2012-01-03

申请号：US12047503

申请日：2008-03-13

申请人： Hyoung-Kee Choi ,  Sung-Jae Cho

发明人： Hyoung-Kee Choi ,  Sung-Jae Cho

IPC分类号： H04M1/66

CPC分类号： H04W12/12 ,  G06Q20/3674 ,  H04W12/06 ,  H04W88/02

摘要： Provided is a resynchronization method of a mobile communication terminal. The resynchronization method for a mobile communication terminal connected to a home location register and a mobile communication network, includes: extracting a communication network serial number corresponding to a terminal authentication request instruction received from a mobile communication network; comparing the communication network serial number with a terminal serial number stored in a predetermined memory; generating nth terminal synchronization failure information if the communication network serial number is smaller than the terminal serial number, where n is a nature number; and transmitting the generated nth terminal synchronization failure information to the home location register. The home location register ends a resynchronization procedure if the nth terminal synchronization failure information is smaller than previously stored (n−1)th communication network synchronization failure information.

摘要翻译： 提供了一种移动通信终端的再同步方法。 连接到归属位置寄存器和移动通信网络的移动通信终端的再同步方法包括：提取与从移动通信网络接收的终端认证请求指令相对应的通信网络序列号; 将通信网络序列号与存储在预定存储器中的终端序列号进行比较; 如果通信网络序列号小于终端序列号，则生成第n个终端同步失败信息，其中n是性质号码; 以及将所生成的第n个终端同步失败信息发送到本地位置寄存器。 如果第n个终端同步失败信息小于先前存储的第（n-1）个通信网络同步失败信息，则归属位置寄存器结束重新同步过程。

公开(公告)号：US20090029678A1

公开(公告)日：2009-01-29

申请号：US12047503

申请日：2008-03-13

申请人： Hyoung-Kee Choi ,  Sung-Jae Cho

发明人： Hyoung-Kee Choi ,  Sung-Jae Cho

IPC分类号： H04M1/66 ,  H04J3/06

CPC分类号： H04W12/12 ,  G06Q20/3674 ,  H04W12/06 ,  H04W88/02

摘要： Provided is a resynchronization method of a mobile communication terminal. The resynchronization method for a mobile communication terminal connected to a home location register and a mobile communication network, includes: extracting a communication network serial number corresponding to a terminal authentication request instruction received from a mobile communication network; comparing the communication network serial number with a terminal serial number stored in a predetermined memory; generating nth terminal synchronization failure information if the communication network serial number is smaller than the terminal serial number, where n is a nature number; and transmitting the generated nth terminal synchronization failure information to the home location register. The home location register ends a resynchronization procedure if the nth terminal synchronization failure information is smaller than previously stored (n−1)th communication network synchronization failure information.

摘要翻译： 提供了一种移动通信终端的再同步方法。 连接到归属位置寄存器和移动通信网络的移动通信终端的再同步方法包括：提取与从移动通信网络接收的终端认证请求指令相对应的通信网络序号; 将通信网络序列号与存储在预定存储器中的终端序列号进行比较; 如果通信网络序列号小于终端序列号，则生成第n个终端同步失败信息，其中n是性质号码; 以及将所生成的第n个终端同步失败信息发送到本地位置寄存器。 如果第n个终端同步失败信息小于先前存储的第（n-1）个通信网络同步失败信息，则归属位置寄存器结束再同步过程。