公开(公告)号：US20070136590A1

公开(公告)日：2007-06-14

申请号：US11635181

申请日：2006-12-07

申请人： Jae Nah ,  Hyeok Kwon ,  Jong Jang

发明人： Jae Nah ,  Hyeok Kwon ,  Jong Jang

IPC分类号： H04L9/00

CPC分类号： H04L9/0844 ,  H04L9/321 ,  H04L61/203 ,  H04L61/6059 ,  H04L63/0272 ,  H04L63/062 ,  H04L63/08 ,  H04L63/0892 ,  H04L63/164 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04 ,  H04W12/06 ,  H04W80/04

摘要： Provided is a network system using diameter authentication, authorization and accounting (AAA) infrastructure to support the bootstrapping of a Mobile Internet Protocol version 6 (IPv6) mobile node. The network system includes a mobile node equipped with Mobile IPv6, an attendant which is accessed by the mobile node when the mobile node moves toward a new network, an AAA local server which supports AAA processes for the mobile node in a local network, an AAA home server which supports AAA processes for the mobile node in a home network, and supports initial settings during the bootstrapping of the mobile node, and a home agent which handles binding update (BU) and binding acknowledgement (BA) regarding the mobile node. The AAA home server can configure initial settings for the mobile node that is authenticated by the AAA local server so that the mobile node can be effectively bootstrapped. Then, the AAA home server can distribute an IPsec SA to the mobile node and a home agent, and perform BU and BA based on the initial settings.

摘要翻译： 提供了一种使用直径认证，授权和计费（AAA）基础设施来支持移动互联网协议版本6（IPv6）移动节点的引导的网络系统。 该网络系统包括移动节点，该移动节点配备有移动IPv6，当移动节点向新网络移动时被移动节点接入的话务员，支持本地网络中的移动节点的AAA进程的AAA本地服务器，AAA 家庭服务器，其支持归属网络中的移动节点的AAA进程，并且在移动节点的引导期间支持初始设置，以及处理关于移动节点的绑定更新（BU）和绑定确认（BA）的归属代理。 AAA家庭服务器可以配置由AAA本地服务器认证的移动节点的初始设置，从而可以有效地引导移动节点。 然后，AAA家庭服务器可以向移动节点和归属代理分配IPsec SA，并且基于初始设置来执行BU和BA。

公开(公告)号：US20070147382A1

公开(公告)日：2007-06-28

申请号：US11635245

申请日：2006-12-07

申请人： Byoung Kim ,  Kwang Baik ,  Jin Oh ,  Jong Jang ,  Sung Sohn

发明人： Byoung Kim ,  Kwang Baik ,  Jin Oh ,  Jong Jang ,  Sung Sohn

IPC分类号： H04L12/56

CPC分类号： H04L12/5602

摘要： A method of storing a pattern matching policy and a method of controlling an alert message are provided. The method includes (a) generating a content structure as a sub-structure of a header combination structure of a stored traffic pattern which is a policy to be newly applied to a pattern matching apparatus; (b) determining whether a content of the stored traffic pattern is identical to a content of an original traffic pattern stored in advance in the pattern matching apparatus; (c) allocating a content index of the content of the original traffic pattern to the content of the stored traffic pattern if the content of the stored traffic pattern is identical to the content of the original traffic pattern; and (d) determining whether a header combination structure of the original traffic pattern comprises only one content structure or more than one content structure and allocating a header index of the header combination structure of the stored traffic pattern to the header combination structure of the original traffic pattern if the header combination structure of the original traffic pattern is found to comprise only one content structure. Accordingly, it is possible to efficiently use hardware memories with limited storage capacities and effectively perform a pattern matching function.

摘要翻译： 提供了一种存储模式匹配策略的方法和一种控制警报消息的方法。 该方法包括：（a）生成内容结构作为作为新应用于模式匹配装置的策略的存储的流量模式的头部组合结构的子结构; （b）确定存储的业务模式的内容是否与预先存储在模式匹配装置中的原始业务模式的内容相同; （c）如果存储的业务模式的内容与原始业务模式的内容相同，则将原始业务模式的内容的内容索引分配给所存储的业务模式的内容; 和（d）确定原始业务模式的报头组合结构是否仅包含一个内容结构或多于一个内容结构，并且将所存储的业务模式的报头组合结构的报头索引分配给原始业务的报头组合结构 如果发现原始流量模式的头组合结构仅包含一个内容结构，则模式。 因此，可以有效地使用具有有限存储容量的硬件存储器并且有效地执行模式匹配功能。

公开(公告)号：US20070130188A1

公开(公告)日：2007-06-07

申请号：US11634731

申请日：2006-12-06

申请人： Hwa Moon ,  Sungwon Yi ,  Jintae Oh ,  Jong Jang ,  Changhoon Kim

发明人： Hwa Moon ,  Sungwon Yi ,  Jintae Oh ,  Jong Jang ,  Changhoon Kim

IPC分类号： G06F7/00

CPC分类号： G06F21/64 ,  G06F7/02 ,  H04L9/3231 ,  H04L9/3236 ,  Y10S707/99942 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

摘要： Provided are a data hashing method, a data processing method, and a data processing system using a similarity-based hashing (SBH) algorithm in which the same hash value is calculated for the same data and the more similar data, the smaller difference in the generated hash values. The data hashing method includes receiving computerized data, and generating a hash value of the computerized data using the SBH algorithm in which two data are the same if calculated hash values are the same and two data are similar if the difference of calculated hash values is small. Therefore, a search, comparison, and classification of data can be quickly processed within a time complexity of O(1) or O(n) since the similarity/closeness of data content are quantified by that of the corresponding hash values.

摘要翻译： 提供了一种使用基于相似度的散列（SBH）算法的数据散列方法，数据处理方法和数据处理系统，其中针对相同数据计算相同的散列值，并且提供了更相似的数据， 生成的哈希值。 数据散列方法包括接收计算机数据，并使用SBH算法生成计算机化数据的哈希值，其中如果计算的散列值相同，则两个数据相同，并且如果计算的散列值的差异小则两个数据相似 。 因此，可以在O（1）或O（n）的时间复杂度内快速地处理数据的搜索，比较和分类，因为数据内容的相似/接近由相应散列值的相似度/接近度量化。

公开(公告)号：US20070016576A1

公开(公告)日：2007-01-18

申请号：US11397581

申请日：2006-04-03

申请人： Chi Jeong ,  Seung Han ,  Su Choi ,  Taek Nam ,  Jong Jang

发明人： Chi Jeong ,  Seung Han ,  Su Choi ,  Taek Nam ,  Jong Jang

IPC分类号： G06F17/30

CPC分类号： G06F21/6209 ,  G06F21/606 ,  G06F21/85 ,  G06Q10/00

摘要： A method and apparatus for blocking harmful multimedia information are provided. The apparatus for blocking harmful multimedia information includes: a harmful information classification model training unit analyzing multimedia training information whose grade of harmfulness is known in advance, extracting characteristics from the information, and then by applying machine training, generating a harmful information classification model; a harmful information grade classification unit determining a harmfulness grade of multimedia input information by using the harmful information classification model; and a harmful information blocking unit blocking the multimedia input information if the determined harmfulness grade of the multimedia input information is included in a preset range. According to the method and apparatus, the increase of databases containing harmful multimedia information can be prevented and the time taken for determining harmfulness can be reduced.

摘要翻译： 提供了一种用于阻止有害的多媒体信息的方法和装置。 用于阻止有害多媒体信息的装置包括：有害信息分类模型训练单元，分析事先知道有害度等级的多媒体训练信息，从信息中提取特征，然后应用机器训练，生成有害信息分类模型; 有害信息等级分类单位通过使用有害信息分类模型确定多媒体输入信息的有害等级; 以及如果所确定的多媒体输入信息的有害等级被包括在预设范围内，则阻止多媒体输入信息的有害信息阻挡单元。 根据该方法和装置，可以防止含有有害的多媒体信息的数据库的增加，并且可以减少确定有害性的时间。

公开(公告)号：US20060101261A1

公开(公告)日：2006-05-11

申请号：US11220887

申请日：2005-09-07

申请人： Sang Lee ,  Yong Jeon ,  Young Kim ,  Jeong Kim ,  Jong Jang

发明人： Sang Lee ,  Yong Jeon ,  Young Kim ,  Jeong Kim ,  Jong Jang

IPC分类号： H04L9/00

CPC分类号： H04L9/3226 ,  H04L63/083 ,  H04L63/1416

摘要： Provided are a security router system for a network and a method of authenticating a user who connects to the system. The security routing system includes: a plurality of physical link ports inputting/outputting packets; a physical layer matching unit transmitting/receiving packets to the physical link ports and generating a media access control (MAC) frame; and a network processor including routing processing means that establishes a transport route for input packets via the physical layer matching unit and processes routing protocols, packet forwarding means that forward the input packets to their destinations, intrusion detection means that classify the input packets based on a packet classification standard and determine whether the input packets are attacks from outside, and user authentication means that determine whether a user is authorized to connect to a router, thereby reducing expenses required to build a network while maintaining security in comparison with a conventional firewall or intrusion detection system, and increasing reliability and safety of the network by preventing harmful traffic since each router performs a network security function.

摘要翻译： 提供了一种用于网络的安全路由器系统和用于认证连接到系统的用户的方法。 安全路由系统包括：多个物理链路端口输入/输出分组; 物理层匹配单元向物理链路端口发送/接收分组并生成媒体接入控制（MAC）帧; 以及网络处理器，包括经由所述物理层匹配单元建立用于输入分组的传输路由并处理路由协议的路由处理装置，将所述输入分组转发到其目的地的分组转发装置，基于所述输入分组对所述输入分组进行分类的入侵检测装置 分组分类标准，并确定输入分组是否是外部的攻击，用户认证意味着确定用户是否被授权连接到路由器，从而与常规防火墙或入侵相比，降低了构建网络所需的开销，同时保持了安全性 检测系统，以及由于每个路由器执行网络安全功能，防止有害的流量，从而提高网络的可靠性和安全性。

公开(公告)号：US20060095758A1

公开(公告)日：2006-05-04

申请号：US11103510

申请日：2005-04-12

申请人： Geon Kim ,  Sun Lim ,  Sang Lee ,  Ki Kim ,  Jeong Kim ,  Jong Jang

发明人： Geon Kim ,  Sun Lim ,  Sang Lee ,  Ki Kim ,  Jeong Kim ,  Jong Jang

IPC分类号： H04L9/00

CPC分类号： H04L63/04 ,  H04L63/061

摘要： Provided are a method and apparatus for providing a security mechanism guaranteeing transparency at a transport layer. The method includes: receiving a data packet from an application program, and searching key information corresponding to the data packet in key information database; determining whether to request a key exchange module of an application layer for a new key negotiation according to a result obtained by searching key information; and performing encrypting/decrypting based on key information when the key exchange module stores key negotiation information obtained by the new key negotiation in a kernel. The apparatus encrypts/decrypts the data packet at the transport layer of the kernel, thereby providing the application program with security transparency, effectively controlling and making it easily expansible.

公开(公告)号：US20050141423A1

公开(公告)日：2005-06-30

申请号：US11004426

申请日：2004-12-03

申请人： Jong Lee ,  Jintae Oh ,  Jong Jang ,  Sung Sohn

发明人： Jong Lee ,  Jintae Oh ,  Jong Jang ,  Sung Sohn

IPC分类号： H04L12/28 ,  H04L12/24 ,  H04L12/26

CPC分类号： H04L41/0896 ,  H04L43/026

摘要： A method of and an apparatus for sorting data traffic based on a predetermined priority such as a bandwidth and a liveliness is provided. The method includes operations of: receiving the data flows; sorting the data flows based on bandwidth by defining a plurality of bandwidth ranges and classifying the sorted data flows according to the bandwidth ranges to which the bandwidth of each data flow belongs; and sorting the classified data flows based on liveliness representing frequency of occurrence of the data flows. The sorting of the classified data lows determines that the data flow which is recently received has the higher liveliness and sorts the data flows based on the determination. The method and apparatus facilitates selecting data flows which are possible hostile attack attempts from a vast amount of data traffic and allowing selective and intensive monitoring of the selected data flows.

摘要翻译： 提供了一种基于诸如带宽和活力之类的预定优先级对数据业务排序的方法和装置。 该方法包括：接收数据流; 通过定义多个带宽范围，根据带宽分配数据流，并根据每个数据流的带宽所属的带宽范围对排序的数据流进行分类; 并根据表示数据流出现频率的生物活动对分类数据流进行排序。 分类数据低的排序确定最近接收的数据流具有更高的活力并且基于确定对数据流进行排序。 所述方法和装置有助于从大量的数据业务中选择可能的敌对攻击尝试的数据流，并允许选择性和密集地监视所选数据流。

公开(公告)号：US20070132847A1

公开(公告)日：2007-06-14

申请号：US11598361

申请日：2006-11-13

申请人： Young Kim ,  Nam Park ,  Taek Nam ,  Jong Jang

发明人： Young Kim ,  Nam Park ,  Taek Nam ,  Jong Jang

IPC分类号： H04N7/18

CPC分类号： H04N7/163 ,  H04N21/25875 ,  H04N21/4415 ,  H04N21/4532 ,  H04N21/84

摘要： A system for adult verification in a mobile RFID environment and a method thereof, more particularly, a system which strongly protects privacy and a method thereof are provided. The system comprising a RFID tag, a user terminal, an adult verification request processor, and a content provider (CP) includes: a rating information reader reading adult verification rating information of adult content recorded in an RFID tag; an adult verification rating determiner determining a final rating of the read rating information; and a service rating verification validity checker determining whether the adult content corresponding to the final rating is provided to a user of the terminal on the basis of the determined final rating and the age of the user.

摘要翻译： 提供了一种用于移动RFID环境中的成人验证的系统及其方法，更具体地，提供了强烈保护隐私的系统及其方法。 包括RFID标签，用户终端，成人验证请求处理器和内容提供商（CP）的系统包括：评级信息读取器，读取记录在RFID标签中的成人内容的成人验证评级信息; 成人验证评级确定器确定读取评分信息的最终评级; 以及服务评价验证有效性检查器，其基于确定的最终评级和用户的年龄，确定对应于最终评级的成人内容是否被提供给终端的用户。

公开(公告)号：US20070101126A1

公开(公告)日：2007-05-03

申请号：US11520172

申请日：2006-09-13

申请人： Byeong Choi ,  Dong Seo ,  Jong Jang

发明人： Byeong Choi ,  Dong Seo ,  Jong Jang

IPC分类号： H04L9/00

CPC分类号： H04L9/085 ,  H04L9/3226 ,  H04L9/3263

摘要： User/service authentication methods and apparatuses using split user authentication keys are provided. A user authentication key is generated using user's personal information including an identification number and bio information, the generated user authentication key is split into a plurality of keys, and a request for authentication of a user that uses a first user authentication key provided to the user from among the plurality of split user authentication keys is authenticated using the other user authentication keys. After the authentication is successful, a service authentication is performed according to a result obtained by recombining the split user authentication keys, so that when some of distributed service authentication keys are lost or stolen, since original user authentication information cannot be restored, user information is prevented from being exposed, damage caused by a lost or stolen authentication key owing to double authentication is reduced, security protection is reinforced using a security channel formed through the service authentication, and communication exchanges such as electronic commerce over Internet are safer.

摘要翻译： 提供了使用分割用户验证密钥的用户/服务认证方法和装置。 使用用户的个人信息（包括识别号码和生物信息）生成用户认证密钥，所生成的用户认证密钥被分割成多个密钥，以及使用提供给用户的第一用户认证密钥的用户的认证请求 从多个分离用户认证密钥中使用其他用户认证密钥进行认证。 认证成功后，根据分离的用户认证密钥进行重组而获得的结果进行业务认证，从而当一些分散业务认证密钥丢失或被盗时，由于原始用户认证信息无法恢复，用户信息为 防止暴露，由于双重身份验证而导致的丢失或被盗验证密钥造成的损害减少，使用通过服务认证形成的安全通道来加强安全保护，并且诸如因特网上的电子商务的通信交换更安全。

公开(公告)号：US20060126848A1

公开(公告)日：2006-06-15

申请号：US11298209

申请日：2005-12-08

申请人： Nam Park ,  Ki Moon ,  Jong Jang

发明人： Nam Park ,  Ki Moon ,  Jong Jang

IPC分类号： H04L9/00

CPC分类号： H04L9/0844 ,  H04L9/0891 ,  H04L9/3228 ,  H04L9/3271 ,  H04L63/06 ,  H04L63/0838 ,  H04L2463/081

摘要： Provided are a key authentication/service system and method using one-time authentication code. In the system and method, a key management client sends a key management server a message requesting transmission of a message for generating authentication code required to request a key management service. Next, the key management server creates a challenge message based on a challenge/response method using the received message. Next, the key management client generates the one-time authentication code using the challenge message and transmits it along with a message requesting a key management service to the key management server. Next, the key management server receives the one-time authentication code from the key management client and checks whether the one-time authentication code is certified to determine whether the key management client has a right to use the key management service. Then, the key management server provides the key management service to the key management client when it is determined that the key management client has a right to use this service.

摘要翻译： 提供一种使用一次性认证码的密钥认证/服务系统和方法。 在系统和方法中，密钥管理客户端向密钥管理服务器发送请求发送用于生成请求密钥管理服务所需的认证码的消息的消息。 接下来，密钥管理服务器基于使用接收到的消息的质询/响应方法创建质询消息。 接下来，密钥管理客户端使用挑战消息生成一次性认证码，并将其与请求密钥管理服务的消息一起发送给密钥管理服务器。 接下来，密钥管理服务器从密钥管理客户端接收一次性认证码，并检查一次认证码是否被认证，以确定密钥管理客户端是否具有使用密钥管理服务的权利。 然后，当确定密钥管理客户端有权使用该服务时，密钥管理服务器向密钥管理客户端提供密钥管理服务。