公开(公告)号：US20090232313A1

公开(公告)日：2009-09-17

申请号：US12083178

申请日：2006-12-05

申请人： Jee Sook Eun ,  Kyeong Soo Han ,  Yool Kwon

发明人： Jee Sook Eun ,  Kyeong Soo Han ,  Yool Kwon

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04L12/2861 ,  H04L9/0841 ,  H04L63/04 ,  H04L63/1458

摘要： A method and device for controlling security of a communication channel between an OLT and an ONU in a secure channel control system of EPON formed of the OLT and the ONU having a cryptographic module, a key management module and a transmitter/receiver for transmitting/receiving frames, the method comprising the steps of: a) distributing a key between the OLT and the ONU; b) transferring the distributed key to the encryption modules of the OLT and ONU; c) activating a corresponding encryption module using the distributed key at one of the OLT and the ONU which starts a security function activation; d) transmitting an encryption module information message including activation state information of the corresponding encryption module from the side (transmitting side) having the activated encryption module to an opponent side (receiving side); and e) activating an encryption module by checking activation state information of the encryption module at the receiving side.

摘要翻译： 一种用于控制由OLT形成的EPON的安全信道控制系统中的OLT与ONU之间的通信信道的安全性的方法和装置，所述ONU具有密码模块，密钥管理模块和用于发送/接收的发送/接收 所述方法包括以下步骤：a）在所述OLT和所述ONU之间分配密钥; b）将分发的密钥传送到OLT和ONU的加密模块; c）使用启动安全功能激活的OLT和ONU之一的分布式密钥激活相应的加密模块; d）从具有激活的加密模块的一侧（发送侧）向对方（接收侧）发送包括对应的加密模块的激活状态信息的加密模块信息消息; 以及e）通过在接收侧检查加密模块的激活状态信息来激活加密模块。

公开(公告)号：US07724899B2

公开(公告)日：2010-05-25

申请号：US11634995

申请日：2006-12-07

申请人： Kyeong Soo Han ,  Jee Sook Eun ,  Yool Kwon

发明人： Kyeong Soo Han ,  Jee Sook Eun ,  Yool Kwon

IPC分类号： G06F11/00 ,  H04L9/00 ,  G06F7/04

CPC分类号： H04L9/12 ,  H04L63/068 ,  H04L63/164

摘要： A method for controlling a security channel for reducing system load by extending the use period of a security association key is provided. In this method, an upper bit initial value of an initialization vector of an encryption algorithm and a using range thereof are shared between a transmitting side and a receiving side when a security channel is created. Then, a secure association is created between a transmitting side and a receiving side by setting an association number, a next packet number which is a lower bit value of an initialization vector, and a secure association key. Afterward, a packet number is modified whenever a frame is transmitted until all of packet numbers are used. When all packet numbers are used, the upper bit value of the initialization vector changes.

摘要翻译： 提供了一种通过扩展安全关联密钥的使用周期来控制用于减少系统负载的安全信道的方法。 在该方法中，当创建安全信道时，在发送侧和接收侧之间共享加密算法的初始化向量的高位初始值及其使用范围。 然后，通过设置关联号码，作为初始化向量的较低位值的下一个分组号码和安全关联密钥，在发送侧和接收侧之间建立安全关联。 之后，每当发送帧直到使用所有分组号时，分组号被修改。 当使用所有分组号时，初始化向量的高位值变化。

公开(公告)号：US07730305B2

公开(公告)日：2010-06-01

申请号：US11119246

申请日：2005-04-29

申请人： Jee Sook Eun ,  Tae Whan Yoo ,  Yool Kwon ,  Kyeong Soo Han

发明人： Jee Sook Eun ,  Tae Whan Yoo ,  Yool Kwon ,  Kyeong Soo Han

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  H04L9/3236 ,  H04Q11/0067 ,  H04Q2011/0088

摘要： An authentication method for link protection between an OLT and an ONU newly connected thereto in an EPON, which is implemented in a data link layer to which cryptography is applied. First, an authentication key is distributed to both the OLT and an ONU. The OLT (or ONU) generates first and second random values, generates an authentication request frame containing the random values, and transmits it to the ONU (or OLT). The ONU generates a first hash value according to a hash function using the random values contained in the request frame, and transmits an authentication response frame containing the first hash value to the OLT. The OLT compares the first hash value with a second hash value calculated by it according to the has function using the two random values and an authentication key distributed to it, and transmits an authentication result frame to the ONU.

摘要翻译： 在EPON中与OLT新连接的ONU之间的链路保护的认证方法，其实现在应用了密码术的数据链路层中。 首先，向OLT和ONU分配认证密钥。 OLT（或ONU）生成第一和第二随机值，生成包含随机值的认证请求帧，并发送给ONU（或OLT）。 ONU使用包含在请求帧中的随机值根据散列函数生成第一散列值，并向OLT发送包含第一散列值的认证响应帧。 OLT根据具有两个随机值的功能和分配给它的认证密钥，将第一哈希值与其计算出的第二哈希值进行比较，并将认证结果帧发送给ONU。

公开(公告)号：US07840003B2

公开(公告)日：2010-11-23

申请号：US11116675

申请日：2005-04-27

申请人： Kwang Ok Kim ,  Kyeong Soo Han ,  Tae Whan Yoo ,  Yool Kwon

发明人： Kwang Ok Kim ,  Kyeong Soo Han ,  Tae Whan Yoo ,  Yool Kwon

IPC分类号： H04L9/00

CPC分类号： H04L9/0637 ,  H04L9/3242 ,  H04L2209/125

摘要： A high-speed Galois Counter Mode-Advanced Encryption Standard (GCM-AES) block cipher apparatus and method is provided. The apparatus can operate at a low clock frequency of 125 MHz and provide a 2 Gbps link encryption function in an Optical Line Termination (OLT) and an Optical Network Unit (ONU) of an Ethernet Passive Optical Network (EPON). 11-round block cipher of 128- bit input data is implemented using an 8-round Counter-AES (CTR-AES) block cipher module and a 3-round CTR-AES block cipher module, so that it is possible to provide a 1 Gbps link security function for an input frequency of 62.5 MHz and a 2 Gbps link security function for an input frequency of 125 MHz.

摘要翻译： 提供了高速Galois计数器模式 - 高级加密标准（GCM-AES）块密码设备和方法。 该装置可以在125MHz的低时钟频率下工作，并在以太网无源光网络（EPON）的光线路终端（OLT）和光网络单元（ONU）中提供2 Gbps链路加密功能。 128位输入数据的11位块密码使用8轮计数器AES（CTR-AES）块加密模块和3轮CTR-AES块加密模块实现，因此可以提供1 输入频率为62.5 MHz的Gbps链路安全功能以及125 MHz输入频率的2 Gbps链路安全功能。

公开(公告)号：US07245641B2

公开(公告)日：2007-07-17

申请号：US10247174

申请日：2002-09-19

申请人： Chan Kim ,  Kyeong Soo Han ,  Je Soo Ko ,  Tae Whan Yoo ,  Jong Hyun Lee

发明人： Chan Kim ,  Kyeong Soo Han ,  Je Soo Ko ,  Tae Whan Yoo ,  Jong Hyun Lee

IPC分类号： H04J3/04 ,  H04J3/02 ,  H04L12/50 ,  H04Q11/00

CPC分类号： H04L49/606 ,  H04L49/25 ,  H04L49/30 ,  H04L49/40 ,  H04L49/608 ,  H04L2012/562 ,  H04L2012/5651

摘要： Disclosed herein is a variable length packet switching system. The variable length packet switching system includes at least two switching means, a plurality of multiplexing units and a plurality of demultiplexing units. The switching means switch ATM cells or variable length packet data in parallel. The multiplexing means are arranged upstream of the switching means for multiplexing data inputted from a line card to the switching means in packet units and dividing a packet into packets of a number corresponding to the number of the switching means. The demultiplexing means are arranged downstream of the switching means for combining packets inputted after being switched in parallel by the at least two switching means and outputting the combined packet converted into a format adequate to the line card.

摘要翻译： 这里公开了一种可变长度分组交换系统。 可变长度分组交换系统包括至少两个切换装置，多个复用单元和多个解复用单元。 切换装置并行切换ATM信元或可变长度分组数据。 复用装置设置在切换装置的上游，用于将从线卡输入的数据以分组单元复用到切换装置，并将分组划分成与切换装置的数量相对应的数目的分组。 解复用装置设置在切换装置的下游，用于组合由至少两个切换装置并行切换之后输入的分组，并输出转换成适合于线卡的格式的组合分组。

公开(公告)号：US08813131B2

公开(公告)日：2014-08-19

申请号：US13584908

申请日：2012-08-14

申请人： Kyeong Soo Han ,  Eun Hee Hyun

发明人： Kyeong Soo Han ,  Eun Hee Hyun

IPC分类号： H04N5/445

CPC分类号： H04N21/4725 ,  H04N21/812

摘要： A method and an apparatus of interactive advertising service are provided. The method includes: receiving first advertising contents from a broadcasting advertisement platform; displaying broadcasting according to the first advertising contents on the overall screen together with at least one second advertisement contents interactive indicator indicating that the first advertising contents are linked with second advertising contents; receiving indicated information triggering at least one second advertising contents interactive indicator from an input device; receiving the second advertising contents indicated by the at least one second advertising contents interactive indicator from the broadcasting advertisement platform; and displaying broadcasting according to the second advertisement contents. According to an exemplary embodiment of the present invention, it is possible to introduce opportunity of goods information acquisition and purchasing behaviors distributed to media other than broadcasting into a smart TV while improving concentration for advertisements in bidirectional digital broadcast.

摘要翻译： 提供了交互式广告服务的方法和装置。 该方法包括：从广播广告平台接收第一广告内容; 根据第一广告内容在整个屏幕上显示广播以及指示第一广告内容与第二广告内容相关联的至少一个第二广告内容交互式指示符; 从输入设备接收触发至少一个第二广告内容交互式指示符的指示信息; 从所述广播广告平台接收由所述至少一个第二广告内容交互式指示符指示的所述第二广告内容; 以及根据第二广告内容显示广播。 根据本发明的示例性实施例，可以将分发给广播以外的媒体的商品信息获取和购买行为的机会引入智能电视，同时提高双向数字广播中的广告的集中度。

公开(公告)号：US20060136715A1

公开(公告)日：2006-06-22

申请号：US11266627

申请日：2005-11-03

申请人： Kyeong Soo Han ,  Kwang Ok Kim ,  Tae Whan Yoo

发明人： Kyeong Soo Han ,  Kwang Ok Kim ,  Tae Whan Yoo

IPC分类号： H04L9/00

CPC分类号： H04L63/126 ,  H04L9/0631 ,  H04L9/0637 ,  H04L9/3242 ,  H04L63/1458

摘要： An apparatus and method for providing a security function of frames transmitted between optical network terminals (OLTs) and optical network units (ONUs) in an Ethernet passive optical network (EPON) providing media access control (MAC) services are provided. The apparatus includes: a frame classifier distinguishing the type of a frame, and based on the logical link identifier (LLID) of the distinguished frame, determining whether or not the frame is a security link to which a security function is to be applied; a bypass unit delaying a no-security-function frame so that a processing time for converting the security-function-applied frame classified in the frame classifier into an encrypted frame is the same as a time for processing the no-security-function frame; and a parameter generation unit transmitting in relation to each of the LLIDs, a parameter set value including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal.

摘要翻译： 提供了一种在提供媒体访问控制（MAC）服务的以太网无源光网络（EPON）中提供在光网络终端（OLT）和光网络单元（ONU）之间传输的帧的安全功能的装置和方法。 该装置包括：区分帧的类型的帧分类器，并且基于识别帧的逻辑链路标识符（LLID），确定帧是否是要应用安全功能的安全链路; 旁路单元延迟无安全功能帧，使得将分类在帧分类器中的安全功能应用帧转换为加密帧的处理时间与用于处理无安全功能帧的时间相同; 以及相关于每个所述LLID发送的参数生成单元，包括在所述帧的加密，解密和认证中使用的安全功能应用设置信号的参数设置值，帧解密信号，加密模式选择信号， 和认证强度调整信号。

公开(公告)号：US07797745B2

公开(公告)日：2010-09-14

申请号：US11266627

申请日：2005-11-03

申请人： Kyeong Soo Han ,  Kwang Ok Kim ,  Tae Whan Yoo

发明人： Kyeong Soo Han ,  Kwang Ok Kim ,  Tae Whan Yoo

IPC分类号： G06F12/14

CPC分类号： H04L63/126 ,  H04L9/0631 ,  H04L9/0637 ,  H04L9/3242 ,  H04L63/1458

摘要： An apparatus and method for providing a security function of frames transmitted between optical network terminals (OLTs) and optical network units (ONUs) in an Ethernet passive optical network (EPON) providing media access control (MAC) services are provided. The apparatus includes: a frame classifier distinguishing the type of a frame, and based on the logical link identifier (LLID) of the distinguished frame, determining whether or not the frame is a security link to which a security function is to be applied; a bypass unit delaying a no-security-function frame so that a processing time for converting the security-function-applied frame classified in the frame classifier into an encrypted frame is the same as a time for processing the no-security-function frame; and a parameter generation unit transmitting in relation to each of the LLIDs, a parameter set value including a security-function-application setting signal used in the encryption, decryption and authentication of the frame, a frame decryption signal, an encryption mode selection signal, and an authentication intensity adjustment signal.

摘要翻译： 提供了一种在提供媒体访问控制（MAC）服务的以太网无源光网络（EPON）中提供在光网络终端（OLT）和光网络单元（ONU）之间传输的帧的安全功能的装置和方法。 该装置包括：区分帧的类型的帧分类器，并且基于识别帧的逻辑链路标识符（LLID），确定帧是否是要应用安全功能的安全链路; 旁路单元延迟无安全功能帧，使得将分类在帧分类器中的安全功能应用帧转换为加密帧的处理时间与用于处理无安全功能帧的时间相同; 以及相关于每个所述LLID发送的参数生成单元，包括在所述帧的加密，解密和认证中使用的安全功能应用设置信号的参数设置值，帧解密信号，加密模式选择信号， 和认证强度调整信号。