公开(公告)号：US08811405B2

公开(公告)日：2014-08-19

申请号：US12858631

申请日：2010-08-18

申请人： Pyung-Koo Park ,  Nam Seok Ko ,  Jong Dae Park ,  Sung Kee Noh ,  Soon Seok Lee ,  Sung Back Hong

发明人： Pyung-Koo Park ,  Nam Seok Ko ,  Jong Dae Park ,  Sung Kee Noh ,  Soon Seok Lee ,  Sung Back Hong

IPC分类号： H04L12/28

CPC分类号： H04L12/4633 ,  H04L12/1886 ,  H04L65/4076 ,  H04W28/06 ,  H04W80/04

摘要： In a system for providing an IPTV service, if a multicast address of an IPTV channel received from a head-end is a multicast address requested by a mobile node through a tunnel, an end router confirms a care of address (CoA) of the mobile node corresponding to the multicast address of the IPTV channel, sets the multicast address in the first header of broadcasting traffic, sets the CoA of the mobile node in the second header of the broadcasting traffic, and then sends the broadcasting traffic.

摘要翻译： 在用于提供IPTV服务的系统中，如果从头端接收到的IPTV频道的多播地址是移动节点通过隧道请求的多播地址，则终端路由器确认移动台的地址（CoA） 节点对应于IPTV信道的组播地址，设置广播业务的第一个报头中的组播地址，将广播业务的第二个报头中的移动节点的CoA设置，然后发送广播业务。

公开(公告)号：US20110085552A1

公开(公告)日：2011-04-14

申请号：US12904774

申请日：2010-10-14

申请人： Seungwoo HONG ,  Jong Dae Park ,  Sung Kee Noh ,  Ho Yong Ryu ,  Kyeong Ho Lee ,  Seong Moon ,  Pyung-Koo Park ,  Ho Sun Yoon ,  Nam Seok Ko ,  Sun Cheul Kim ,  Soon Seok Lee ,  Sung Back Hong

发明人： Seungwoo HONG ,  Jong Dae Park ,  Sung Kee Noh ,  Ho Yong Ryu ,  Kyeong Ho Lee ,  Seong Moon ,  Pyung-Koo Park ,  Ho Sun Yoon ,  Nam Seok Ko ,  Sun Cheul Kim ,  Soon Seok Lee ,  Sung Back Hong

IPC分类号： H04W40/00

CPC分类号： H04L12/4641 ,  H04L12/4633 ,  H04L63/0272 ,  H04W8/02 ,  H04W12/02

摘要： Technology for forming a virtual private network (VPN) is provided. A VPN gateway that supports mobility with a connection node having a virtual home address (HoA) and a care of address (CoA) includes a mobility support unit, a data security unit, and a virtual address converter. When a packet is transferred from the connection node, the mobility support unit sustains a binding relationship between a home address (HoA) of the connection node and the changed CoA, and processes a mobility tunnel for the packet, thereby generating a first conversion packet. The data security unit performs a security test of the first conversion packet. The virtual address converter converts the HoA of the connection node, which is a source address of the first conversion packet in which the security test is complete, to a private network internal address that can be used in the VPN, thereby generating a second conversion packet.

摘要翻译： 提供了形成虚拟专用网（VPN）技术。 支持具有虚拟归属地址（HoA）和托管地址（CoA）的连接节点的移动性的VPN网关包括移动性支持单元，数据安全单元和虚拟地址转换器。 当从连接节点传送分组时，移动性支持单元维持连接节点的归属地址（HoA）与改变的CoA之间的绑定关系，并处理分组的移动性隧道，从而生成第一转换分组。 数据安全单元执行第一个转换数据包的安全测试。 虚拟地址转换器将作为安全测试完成的第一转换分组的源地址的连接节点的HoA转换为可在VPN中使用的专用网络内部地址，从而生成第二转换分组 。

公开(公告)号：US20110044337A1

公开(公告)日：2011-02-24

申请号：US12858631

申请日：2010-08-18

申请人： Pyung-Koo Park ,  Nam Seok Ko ,  Jong Dae Park ,  Sung Kee Noh ,  Soon Seok Lee ,  Sung Back Hong

发明人： Pyung-Koo Park ,  Nam Seok Ko ,  Jong Dae Park ,  Sung Kee Noh ,  Soon Seok Lee ,  Sung Back Hong

IPC分类号： H04L12/56

CPC分类号： H04L12/4633 ,  H04L12/1886 ,  H04L65/4076 ,  H04W28/06 ,  H04W80/04

摘要： In a system for providing an IPTV service, if a multicast address of an IPTV channel received from a head-end is a multicast address requested by a mobile node through a tunnel, an end router confirms a care of address (CoA) of the mobile node corresponding to the multicast address of the IPTV channel, sets the multicast address in the first header of broadcasting traffic, sets the CoA of the mobile node in the second header of the broadcasting traffic, and then sends the broadcasting traffic.

摘要翻译： 在用于提供IPTV服务的系统中，如果从头端接收到的IPTV频道的多播地址是移动节点通过隧道请求的多播地址，则终端路由器确认移动台的地址（CoA） 节点对应于IPTV信道的组播地址，设置广播业务的第一个报头中的组播地址，将广播业务的第二个报头中的移动节点的CoA设置，然后发送广播业务。

公开(公告)号：US20110072515A1

公开(公告)日：2011-03-24

申请号：US12882557

申请日：2010-09-15

申请人： Pyung-Koo PARK ,  Tae Ho Lee ,  Soon Seok Lee ,  Sung Back Hong

发明人： Pyung-Koo PARK ,  Tae Ho Lee ,  Soon Seok Lee ,  Sung Back Hong

IPC分类号： G06F11/00 ,  G06F15/173

CPC分类号： H04L63/1458

摘要： A method and apparatus for collaboratively protecting against a Distributed Denial of Service (DDoS) attack are provided. The method performed by a network apparatus includes detecting data suspected as being used in the DDoS attack by monitoring traffic forwarded to a service server, notifying a security apparatus that the detected data is suspected as being used in the DDoS attack, and performing at least one of a first operation and a second operation, the first operation being receiving an analysis result for the detected data from the security apparatus and controlling the traffic based on the analysis result, and the second operation being controlling, prior to the first operation, the traffic based on a rule set in advance.

摘要翻译： 提供了一种用于协同防御分布式拒绝服务（DDoS）攻击的方法和装置。 由网络装置执行的方法包括通过监视转发到服务服务器的流量来检测疑似被用于DDoS攻击中的数据，通知安全设备所检测到的数据被怀疑在DDoS攻击中被使用，以及执行至少一个 在第一操作和第二操作中，第一操作是从安全装置接收检测到的数据的分析结果，并且基于分析结果来控制流量，第二操作在第一操作之前控制流量 基于事先设定的规则。

公开(公告)号：US08984618B2

公开(公告)日：2015-03-17

申请号：US13611925

申请日：2012-09-12

申请人： Ho Sun Yoon ,  Sung Back Hong ,  Jung Sik Kim ,  Seong Moon ,  Sun Cheul Kim ,  Seung Woo Hong ,  Sang Jin Hong ,  Pyung Koo Park ,  Young Soo Shin ,  Ho Yong Ryu ,  Soon Seok Lee

发明人： Ho Sun Yoon ,  Sung Back Hong ,  Jung Sik Kim ,  Seong Moon ,  Sun Cheul Kim ,  Seung Woo Hong ,  Sang Jin Hong ,  Pyung Koo Park ,  Young Soo Shin ,  Ho Yong Ryu ,  Soon Seok Lee

IPC分类号： G06F21/00 ,  H04L29/06

CPC分类号： G06F21/00 ,  H04L12/4633 ,  H04L12/4641 ,  H04L61/2514 ,  H04L61/2539 ,  H04L61/2592 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0245 ,  H04L63/0263 ,  H04L63/0272 ,  H04L63/104

摘要： Disclosed are a system for managing virtual private networks (VPNs) includes: terminals configured to transmit user data; a manager configured to transmit information for concealing networks and managing the VPNs; border gateways configured to decrypt the user data and perform a network address translation (NAT) procedure and a filtering procedure on the decrypted user data based on the information; and servers configured to receive the user data subjected to the NAT procedure and the filtering procedure, wherein the filtering procedure is a procedure discarding the user data to be transferred to the servers that are not allowed so as to allow the terminals to access only the allowed servers, the NAT procedure is a procedure changing an Internet protocol (IP) address used in a first network to an IP address used in a second network, and the first network and the second network are different networks.

摘要翻译： 公开了一种用于管理虚拟专用网络（VPN）的系统，包括：被配置为传送用户数据的终端; 配置为传送隐藏网络和管理VPN的信息的管理器; 边界网关被配置为基于该信息解密用户数据并对解密的用户数据执行网络地址转换（NAT）过程和过滤程序; 以及被配置为接收经历了NAT过程和过滤过程的用户数据的服务器，其中，过滤程序是丢弃要传送到不允许的服务器的用户数据以允许终端仅访问允许的用户数据 服务器，NAT过程是将第一网络中使用的因特网协议（IP）地址改变为在第二网络中使用的IP地址的过程，并且第一网络和第二网络是不同的网络。

公开(公告)号：US20110080830A1

公开(公告)日：2011-04-07

申请号：US12899310

申请日：2010-10-06

申请人： Nam Seok KO ,  Soon Seok Lee ,  Hyunjoo Kang ,  Seong Moon ,  Jong Dae Park ,  Seungwoo Hong ,  Kyeong Ho Lee

发明人： Nam Seok KO ,  Soon Seok Lee ,  Hyunjoo Kang ,  Seong Moon ,  Jong Dae Park ,  Seungwoo Hong ,  Kyeong Ho Lee

IPC分类号： H04L12/26

CPC分类号： H04L45/38 ,  H04L45/30 ,  H04L47/2441

摘要： A device for providing forwarding and QoS information in a flow based network environment acquires first information and second information from a flow table therein on the basis of status information of a predetermined flow in order to provide dynamically updated information in a flow based network environment. When it is determined that first information and second information acquired based on a route ID of a series of information are updated, the flow table is updated and the updated information is provided.

摘要翻译： 用于在基于流的网络环境中提供转发和QoS信息的设备基于预定流的状态信息从其流表中获取第一信息和第二信息，以便在基于流的网络环境中提供动态更新的信息。 当确定基于一系列信息的路由ID获取的第一信息和第二信息被更新时，更新流表并提供更新的信息。

公开(公告)号：US08514714B2

公开(公告)日：2013-08-20

申请号：US12899310

申请日：2010-10-06

申请人： Nam Seok Ko ,  Soon Seok Lee ,  Hyunjoo Kang ,  Seong Moon ,  Jong Dae Park ,  Seungwoo Hong ,  Kyeong Ho Lee

发明人： Nam Seok Ko ,  Soon Seok Lee ,  Hyunjoo Kang ,  Seong Moon ,  Jong Dae Park ,  Seungwoo Hong ,  Kyeong Ho Lee

IPC分类号： H04L12/26

CPC分类号： H04L45/38 ,  H04L45/30 ,  H04L47/2441

摘要： A device for providing forwarding and QoS information in a flow based network environment acquires first information and second information from a flow table therein on the basis of status information of a predetermined flow in order to provide dynamically updated information in a flow based network environment. When it is determined that first information and second information acquired based on a route ID of a series of information are updated, the flow table is updated and the updated information is provided.

摘要翻译： 用于在基于流的网络环境中提供转发和QoS信息的设备基于预定流的状态信息从其流表中获取第一信息和第二信息，以便在基于流的网络环境中提供动态更新的信息。 当确定基于一系列信息的路由ID获取的第一信息和第二信息被更新时，更新流表并提供更新的信息。

公开(公告)号：US20120054837A1

公开(公告)日：2012-03-01

申请号：US13168277

申请日：2011-06-24

申请人： Sunghyun Yoon ,  Ho Sun Yoon ,  Seong Moon ,  Jong Dae Park ,  Young Boo Kim ,  Soon Seok Lee

发明人： Sunghyun Yoon ,  Ho Sun Yoon ,  Seong Moon ,  Jong Dae Park ,  Young Boo Kim ,  Soon Seok Lee

IPC分类号： G06F17/30

CPC分类号： G06Q20/027

摘要： A network control method for controlling a client-and-server based high-reliability session for secure payment using a multi interface user terminal in the wired or wireless Internet is provided. The network control method establishes an active and standby secure channel between a client equipped to a terminal including a plurality of network interfaces and a server to control each terminal based on a terminal identifier (ID). The method continuously receives terminal state information through the secure channel, and identifies a homogeneous or heterogeneous access network and the secure channel to which a user terminal connects based on the terminal state information, thereby securely authenticating the user terminal requesting payment to a payment gateway (PG) system. Accordingly, the PG system may securely authenticate the user terminal and perform the payment.

摘要翻译： 提供了一种用于使用有线或无线因特网中的多接口用户终端来控制基于客户机和服务器的高可靠性会话以进行安全支付的网络控制方法。 网络控制方法在配备到包括多个网络接口的终端的客户端和服务器之间建立主动和备用安全通道，以基于终端标识符（ID）来控制每个终端。 该方法通过安全信道连续接收终端状态信息，并且基于终端状态信息来识别用户终端连接的均匀或异构接入网络和安全信道，由此安全地认证向支付网关请求支付的用户终端（ PG）系统。 因此，PG系统可以安全地认证用户终端并进行支付。

公开(公告)号：US20110069606A1

公开(公告)日：2011-03-24

申请号：US12887785

申请日：2010-09-22

申请人： Jong Dae Park ,  Ho Yong Ryu ,  Soon Seok Lee ,  Byung Seo Kim

发明人： Jong Dae Park ,  Ho Yong Ryu ,  Soon Seok Lee ,  Byung Seo Kim

IPC分类号： H04L12/26

CPC分类号： H04W40/30 ,  H04L1/1607 ,  H04L1/20 ,  H04L45/28 ,  H04W24/00 ,  H04W84/18

摘要： A communication node detects a communication fault thereof, and when a communication fault is detected, the communication node determines whether the communication node is included in a transmission path of a data packet with reference to a routing table and transmits the stored communication fault notification message to peripheral communication nodes.

摘要翻译： 通信节点检测其通信故障，并且当检测到通信故障时，通信节点参考路由表确定通信节点是否包括在数据分组的传输路径中，并将存储的通信故障通知消息发送到 外围通信节点。

公开(公告)号：US08189467B2

公开(公告)日：2012-05-29

申请号：US12540687

申请日：2009-08-13

申请人： Jongtae Song ,  Soon Seok Lee ,  Bong Tae Kim

发明人： Jongtae Song ,  Soon Seok Lee ,  Bong Tae Kim

IPC分类号： H04J3/16

CPC分类号： H04L47/822 ,  H04L47/70 ,  H04L47/745 ,  H04L47/762 ,  H04L47/781 ,  H04L47/805 ,  H04L67/322

摘要： Provided are a network resource control method and apparatus for guaranteeing an admission rate of a high-priority service. In the method and apparatus, the admission rate of the high-priority service is increased by differentiating between the high-priority service and a low-priority service by either rejecting the low-priority service or reducing a bandwidth allocated to the low-priority service when the low-priority service has already been accepted.

摘要翻译： 提供了一种用于保证高优先级服务的准入速率的网络资源控制方法和装置。 在该方法和装置中，通过拒绝低优先级业务或减少分配给低优先级业务的带宽，高优先级业务与低优先级业务之间的差异化来提高高优先级业务的准入速率 当低优先级服务已被接受时。